INFORMATION AUTOMATICALLY COLLECTED FROM YOUR COMPUTER

1. We and our third-party service providers may collect and use other information in a variety of ways, including:

• Log files/IP addresses: When you visit the Site, our web server automatically records your IP address. This IP address is not linked to any of your personal information. We use IP addresses to help us administer the Site and to collect demographic information for aggregation purposes.
• Other technologies including pixel tags, web beacons, and clear gifs: These may be used in connection with some Site pages, downloadable mobile applications and HTML-formatted email messages to measure the effectiveness of our communications, the success of our marketing campaigns, to compile statistics about usage and response rates, to personalize/tailor your experience while engaging with us online and offline, for fraud detection and prevention, for security purposes, for advertising, and to assist us in resolving account holders’ questions regarding the use of our Site.
• You can accept or decline cookies by modifying your browser setting to declineAggregated and de-identified data: Aggregated and De-identified Data is data that we may create or compile from various sources, including but not limited to accounts and transactions. This information, which does not identify individual account holders, may be used for our business purposes, which may include offering products or services, research, marketing or analysing market trends, and other purposes consistent with applicable laws. cookies, if you prefer.
• Through your browser or device: Certain information is collected by most browsers and/or through your devices, such as your Media Access Control (MAC) address, device type, screen resolution, operating system version and internet browser type and version. We use this information to ensure Sites function properly, for fraud detection and prevention, and security purposes.

2. We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.

HOW WE USE THE INFORMATION YOU PROVIDE

• We use the information we collect for business and commercial purposes such as to operate, improve, and develop our Services and to verify your identity and the identities of other members of your company, we also use your information to bill developers for our Services and to transmit payment. We use your information to comply with law, such as for tax reporting purposes and to send you technical notices, updates, security alerts, and administrative messages; to respond to your comments, questions, inquiries, and customer service requests.
• We use your data to help personalize the Services experience for you to communicate with you about products, services, offers, and events offered or sponsored by OnePipe, and to provide news and other information we think may be of interest to you. Information that we collect is also used to monitor and analyze trends, usage, and activities in connection with our Services, to detect and prevent fraud, malicious activity, and other illegal activities. We use your data to protect the rights, privacy, safety, or property of OnePipe and others; and for any other purpose described to you when the information was collected.

HOW WE SHARE THE PERSONAL INFORMATION YOU PROVIDE

• We do not sell, trade or rent personal information to anyone. However, to enable us to render our Services to you on our platform, we may share your information with trusted third parties, such third parties include financial institutions, payment processors verification services, sanctions screening and identity verification services as well as any third parties that you have directly authorized to receive your Personal Information. Your Personal Information may be stored in locations outside our direct control, for instance, on servers or databases co-located with hosting providers.
• We may disclose your Personal Information in compliance with applicable law or a legal obligation to which we are bound. Please note that third-party sites you engage with through our Services will have their privacy policies, and we are therefore not responsible for their actions, including their information protection practices. The use of your information by such third parties will be subject to their applicable privacy policy, which you should carefully review.

TRANSFER OF PERSONAL INFORMATION

1. Third Party Processor within Nigeria

• We may engage the services of third parties in order to process the Personal Information of Data Subjects we collect. The processing by such third parties shall be governed by a written contract with us to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Information in accordance with the terms of this Privacy Policy.
• We may share your information with law enforcement agencies, public or tax authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
  ‍
  - comply with a legal obligation, process or request (including tax and related reporting requirements);
  - enforce our Terms of Service and other agreements, policies, and standards, including investigation of any potential violation thereof;
  - detect, prevent or otherwise address security, fraud or technical issues; or
  - protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
• Please see the list of third party processors we share your personal data with on our website (Should be clickable)

2. Transfer of Personal Information to Foreign Country

• Where Personal Information is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such Personal Information. In particular, we shall, among other things, confirm whether the country is on the National Information Technology Development Agency (“NITDA”) White List of Countries with adequate data protection laws.
• Transfer of Personal Information out of Nigeria would be in accordance with the provisions of the Nigeria Data Protection Regulation 2019 ("NDPR”). We will therefore only transfer Personal Information out of Nigeria on one of the following conditions:
  
  - The consent of the Data Subject has been obtained;
  - the transfer is necessary for the performance of a contract between us and the Data Subject or implementation of pre-contractual measures taken at the Data Subject’s request;
  - the transfer is necessary to conclude a contract between us and a third party in the interest of the Data Subject;
  - the transfer is necessary for reason of public interest;
  - the transfer is for the establishment, exercise or defense of legal claims;
  - The transfer is necessary in order to protect the vital interests of the Data Subjects or other persons, where the Data Subject is physically or legally incapable of giving consent.
• We will take all necessary steps to ensure that your Personal Information is transmitted in a safe and secure manner. Details of the protection given when your Personal Information is transferred outside Nigeria shall be provided to you upon request.

OUR LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

1. We will only use and process your personal data as permitted by the NDPR. We have set out below a description of all the legal bases we may rely on to process your personal data:

• where you have given us consent to the processing of your personal data for one or more specific purposes;
• where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
• where processing is necessary for compliance with a legal obligation to which we are subject;
• where processing is necessary in order to protect your vital interests or the vital interests of another natural person, and
• where processing is necessary for the performance of a task carried out in the public interest or in exercise of an official public mandate vested in us.

2. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us by sending an email to: (hello@tryduplo.com);  if you need details about the specific legal ground we are relying on to process your personal data where more than one ground may have been used to process your personal data.

3. For the purpose of this Privacy Policy, consent means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, through a statement or a clear affirmative action, signify their agreement to the processing of Personal Information relating to them.

ADVERTISEMENT AND INFORMATION ABOUT OTHER PRODUCTS AND SERVICES

1. From time to time we may send you information about other financial products and services offered by the Company that we think may be of interest to you.

2. The Company advertises online (e.g., pages within our Sites and mobile apps, through the Company’s managed social media presence, and on other sites and mobile apps not affiliated with Duplo) and offline (e.g. in banking centres, through call centres, and direct marketing). In order to understand how our advertising performs, we may collect certain information on our Sites and other sites and mobile apps through our advertising service providers using cookies, IP addresses, and other technologies. The collected information may include the number of page visits, pages viewed on our Sites, search engine referrals, browsing activities over time and across other sites following your visit to one of our Sites or Apps, and responses to advertisements and promotions on the Sites and on sites and apps where we advertise.

3. The Company uses the information described in this Policy to help advertise our products and services. We use such information to:

• Present tailored ads to you, including;
  - Banner ads and splash ads that appear as you sign on or off of your online accounts on our Sites, within mobile banking and other mobility applications;
  - E-mail, postal mail, and telemarketing;
  - On other sites and mobile apps not affiliated with Brass
• Analyse the effectiveness of our ads; and
• Determine whether you might be interested in new products or services

4. You can tell us to stop this at any time by sending an email to (hello@tryduplo.com)

5. Advertising on third party sites and mobile apps: We contract with advertising companies to advertise our products and services on sites and mobile apps not affiliated with us. We may use Aggregated and De-identified Data and information provided by you to these third-party sites and mobile apps to select which of our advertisements or offers may appeal to you, display them to you and monitor your responses. Third-Party Sites and mobile apps are not subject to our Privacy Policy. Please visit the individual sites and mobile apps for additional information on their data and privacy practices and opt-out policies.

CHOICES AND RIGHTS

• Once your Personal Information is held by us, you are entitled to reach out to us to exercise the following rights:
  
  - Request access to your personal data (commonly known as a “data subject access request”): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may notify you of our refusal to comply with your request in these circumstances. Where we have reasonable doubts concerning the identity of the natural person making the request for information, we may request the provision of additional information necessary to confirm the identity of the Data Subject. Where data is held electronically in a structured form, such as in a Database, as the Data Subject, you have a right to receive that data in a common electronic format.
  
  
  - Right to request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  
  - Right to request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  
  - Right to object to the processing of your personal data: Where we are relying on a legitimate interest (or those of a third party) there may be something about your particular situation which could justify an objection to processing on this ground as you may feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  
  - Right to request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  
  A. If you want us to establish the data’s accuracy;
  ‍
  B. Where our use of the data is unlawful but you do not want us to erase it;
  ‍
  C. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  
  D. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  
  - Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  
  - Withdraw consent at any time where we are relying on consent to process your personal data: This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. You may decline to provide your Personal Information when it is requested by us, however, certain Services or all the Services may be unavailable to you. You may review and update your Personal Information directly or by contacting us on (hello@tryduplo.com)

AGE RESTRICTION

• Our Services are not directed to children under 18. We do not knowingly collect information from children under 18.
• If you access our Services or Platform and you are below 18 years, you represent and warrant that you have obtained consent from your parent(s) or legal guardian(s). If you have inadvertently provided personal data of a child to us, please notify us (hello@tryduplo.com) and we will delete such personal data. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy.

COMPLIANCE WITH LOCAL AND INTERNATIONAL REGULATORY BEST PRACTICES

• We confirm that we comply with the NDPR on data collection, transmission, usage and protection. We also, for best practices, adopt pertinent best practices per the General Data Protection Regulation (2016/679) (GDPR) to the extent that they do not conflict with Nigerian data protection regulations and laws.
  

CHANGES TO PRIVACY POLICY

• We reserve the right to update, modify, change or revise this Privacy Policy from time to time. This could be due to a change in law or to comply with new best practices. The changes will not be retroactive, and the most current version of this Privacy Policy which will always be on this page and will continue to govern our relationship with you. We advise that you check this page often, referring to the date of the last modification on the page. We will also try to notify you of any material changes which could be done via email associated with your account or service notification. By continuing to use our Services after the changes become effective, you agree to be bound by the revised Privacy Policy.
  

COMPLAINTS AND REMEDIES

• You may file a complaint in accordance with this Privacy Policy if you believe that any provision of this Privacy Policy or your privacy rights have been violated in respect of your personal information or if your access to our Services have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Information. All complaints must be addressed to the company by sending an email to our Data Protection Officer using the following contact details: (hello@tryduplo.com)
  
• Please note that, the complaint and resolution procedure is not prejudicial to your right to complain to the data protection authorities (in this case, the National Information Technology Development Agency (NITDA)) using the following contact details:
  Address:  No. 28, Port Harcourt Crescent, Off Gimbiya Street, P.M.B 564, Area 11 Garki, Abuja, Nigeria.
  Email: info@nitda.gov.ng
  
• We will notify you of any breach and also notify National Information Technology Development Agency (NITDA) within 72 hours of becoming aware of such breach.
  
• You may also seek redress in a court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authorities. Kindly contact us in the first instance by sending an email to: (hello@tryduplo.com)
  

QUESTIONS AND ENQUIRIES

• Questions, comments and requests relating to this Privacy Policy are welcome or if would like to find out more about exercising your data protection rights. All questions, comments and requests regarding this Policy should be addressed to (hello@tryduplo.com)
  
• If you are in (insert location of office), we can also be reached at(Insert office address)