Cobble Website, Cookies and Consumer Services Privacy Policy

Cobble Technologies Limited (“Cobble”, “Our”, “We”, or “Us”) respects your privacy and is committed to protecting your personal data. You provide us with your personal data, when you use our internet-enabled platforms (“platforms”, which include social media channels). This privacy policy is designed to help you understand what information we gather about you, what we use that information for, and with whom we share that information. It also sets out your rights in relation to your information and who you may contact for more information or queries. Please read the following carefully to understand our processes and practices regarding your personal data and how we will treat it.

1. To whom this Privacy Policy applies and what it covers

   This Privacy Policy applies to all persons who use Cobble’s platforms, access Cobble’s products, or interact with Cobble in connection with any legal, contractual or business purpose. Essentially, this Privacy Policy applies to you if:

   We can be contacted by any of the following methods:

   • We provide products or services to you or our client;·
   • You visit or use our website; and/or·
   • Performing any other activities that form part of our business.

   Our platforms are not intended for children, and as such, we do not deliberately collect data relating to children.

2. Other Data Privacy Documents

   It is important that you read this Privacy Policy together with any other policy document, privacy statement or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data. This privacy policy supplements all such other notices and privacy policies and is not intended to override them.

   In this Privacy Policy, we may sometimes collectively refer to the handling, collecting, protecting and storing of personal data as “processing” of personal data.

3. Other Websites

   Please note that third-party websites that may be linked to this website/mobile application are not governed by this Privacy Policy. We encourage visitors to review the privacy policy on each of these other websites before disclosing any personal data.

4. Consent

   You are deemed to have accepted the contents of this Privacy Policy when you access our platforms; use our services, content, features, technologies or functions offered on our website or digital platforms; or otherwise, interact with us.

   Note that you can withdraw your consent at any time. Such withdrawal of consent would not affect the lawfulness of processing information done prior to the withdrawal of consent. Where such withdrawal of consent would prevent us from providing services to you, we will endeavour to inform you.

5. What information we collect

   In the course of providing products or services to you, performing due diligence checks in connection with our products or services, or in considering the possible products or services we may offer you, we generally collect personal data about you. We also typically collect personal data about you when you visit or use our platforms.

   We typically collect or obtain your personal data because you give it to us (for example, in a form on our website) or because other people give that information to us (for example, third-party service providers that we use to help operate our website). We may also collect or obtain personal data from you because we observe or infer that information about you from the way you interact with us. In order to improve your experience when you use our platforms and to ensure that it is functioning effectively, we (or our service providers) also use cookies (small text files stored in a user’s browser) and web beacons (small graphic images that are placed on a website and used to monitor a user’s interaction with that website) which may collect personal data.

   The personal data that we may collect depends on the specific services, activities or products we undertake but typically includes:

   1. Identity Data such as first name, maiden name, last name, username or similar identifier, gender, image, marital status, title, date of birth, BVN, passport number and other national ID numbers, employment details (for example, the organization you work for, your job title); and family circumstance.
   2. Contact Data such as address, email address, country of residence, and telephone numbers.
   3. Financial Data such as bank account and payment card details.
   4. Transaction Data such as details about payments to and from you and other details of products and services you have been provided by us.
   5. Technical Data such as internet protocol (IP) address, geographic location, contact lists, images and files, details of inbound and outbound calls, text messages, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
   6. Profile Data such as your username and password, profile picture, product or service requests made by you, your interests, preferences, feedback and survey responses.
   7. Usage Data such as details of how you use any product or service provided by Cobble, details of how you like to use our website or the interactive products, tools, other technology or services we provide to you or our clients, applications installed and used on your device websites that you visited before and after visiting our website, details of how you like to interact with us, and similar information.
   8. Marketing and Communications Data such as your preferences in receiving marketing from us and our third parties and your communication preferences.

   The types of personal data and ‘sensitive’ or ‘special categories’ of personal data that we collect will generally vary depending on the nature of the products and services that we provide to you and how you use our platforms. In some cases, the ‘sensitive’ or ‘special categories’ of personal data that we collect may include information collected as part of Know-Your-Customer (KYC) and Anti-Money Laundering (AML) checks that we must conduct before accepting you as a customer.

   In some rare circumstances, we will also gather other ‘special categories’ of personal data about you because you volunteer that data to us (for example, it appears in a copy of your resume/CV that you upload on our website). In some other circumstances, the personal data we collect from you is needed to meet our legal or regulatory obligations or to provide you with the products or services requested by you.

   In some cases, we may also collect personal data about you indirectly from third parties including but not limited to: (i) your employer; (ii) third parties such as providers of KYC and AML services which we use to help us meet our legal obligations and to help us verify your identity where we provide you with products or services; (iii) background check providers which we sometimes use to verify your identity when you apply to access our products; (iv) third-party service providers that help us to operate our platforms; (v) your banks and financial institutions; and (vi) credit reference organisations.

6. HOW WE USE INFORMATION ABOUT YOU

   1. Use of personal data to provide products and services

      We will use your personal data to provide you with products or services. As part of this, we may use your personal data in the course of correspondence relating to those products or services. Such correspondence may be with you, our customers, our service providers or public or judicial authorities with the necessary authorization.

      In many cases, we also use your personal data to conduct due diligence checks in advance of providing products or services to you and to process an application from you or a prospective client to receive products or services from us. If you are referred to us by an intermediary or similar third party, we also typically use your personal data to assess whether to accept or reject your referral to Cobble by that intermediary or a similar third party.

   2. Use of personal data collected via our platforms

      We generally use your personal data collected via our platforms:

      • to manage and improve any services provided via our website
      • to manage and improve our website (including by drawing up statistics on the usage of our website)
      • to tailor content of our website to provide you with a more personalised experience and draw your attention to information about products and services that may be of interest to you
      • to manage and respond to any request that you submit through our website
      • to help us learn more about you, the products and services that you receive from Cobble, and other products and services that you or your employer might be interested in receiving
      • to correspond with you in relation to services you use on our website or information you provide via our website. This correspondence is usually with you, our service providers, or public or judicial authorities with the necessary authorisation.

   3. Use of personal data collected via our platforms

      We generally also use your personal data collected via platforms for the purposes of, or in connection with:

      • applicable legal or regulatory requirements;
      • requests and communications from public or judicial authorities with the necessary authorization;
      • financial accounting, invoicing and risk analysis purposes;
      • prudent operational management (including credit and risk management, audit, training and similar administrative purposes);
      • client relationship purposes, which involve: (i) contacting you to receive feedback on Cobble products or services; and (iii) contacting you for other marketing or research purposes;
      • recruitment and business development purposes;
      • services we receive from our professional advisors, such as lawyers, accountants and consultants;
      • arrangements we have in place with intermediaries, brokers and other individuals and entities that partner with us;
      • protecting our rights and those of our customers; and
      • meeting our corporate and social responsibilities.

   4. Our Automated Loan Decisioning Policy

      Cobble operates a Mobile Data Extraction Programmme (MDEP) for mobile users. The programme involves extracting and aggregating metadata about your mobile activities. We use this programme to make holistic data-based decisions about your loan application and as an alternative to making loan decisions based on bank statements. Some of the metadata we extract can include geolocation data, short message service data, call log information, etc. We make decisions on your loan applications based on this metadata using an automated processing system which is based on clearly defined, flexible and human parameters.

   5. The legal grounds we rely on for processing personal data

      We will only use your personal data as allowed by law. Usually, we will use your personal data in the following circumstances allowed under relevant laws:

      • Where you consent to our use of your personal data;
      • Where it is necessary to perform contractual obligations that we owe towards you or to take pre-contractual steps at your request;
      • Where we need to comply with a legal obligation;
      • Where we need to protect your vital interest or the vital interest of another individual; or
      • Where it is in the interest of the general public to process your personal data.

      To the extent that we process any sensitive personal data relating to you for any of the purposes outlined above, we will do so either because: (1) you have given us your explicit consent to process that information; (2) the processing is necessary to enter into a binding contract with you or the performance of our obligations; (3) the processing is required for the protection of your vital interests or of others; (4) the processing is necessary for reasons of substantial public interest on the basis of applicable law (for example where we are required by law or regulatory requirements to process that information in order to ensure we meet our KYC and AML obligations); or (5) the processing is necessary for the establishment, exercise or defense of legal claims.

   6. To whom we disclose your information

      It may be necessary for us to share your personal data with third parties. These third parties may include persons or entities affiliated with our company, or external third parties such as our service providers, and business partners.

      We generally disclose details about you to professional advisors and third parties that provide services to us (such as IT systems providers, platform providers, financial advisors, consultants including lawyers and accountants) and other goods and services providers (such as providers of marketing services where we are permitted to disclose your personal data to them); competent authorities (including any national and/or international regulatory or enforcement body or court or other form of tribunal, where we are required to do so by applicable law or regulation at their request); a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Cobble’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; credit reference agencies or other organizations that help us detect criminal activity and incidence of fraud; and any federal, state or local government departments and other statutory or public bodies.

      We require all third parties to respect the privacy and ensure security of your personal data, and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

   7. International transfers

      We do not routinely transfer your personal data outside of Nigeria. Whenever we transfer your personal data out of Nigeria, we ensure that a similar degree of protection is afforded to it in the country to which it is transferred. In any case, we may transfer data outside of Nigeria where the recipient country is on the data protection whitelist for the transfer of personal data as set out in the Nigeria Data Protection Regulation Framework 2020 or such other applicable regulations.

   8. Marketing communications

      We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Our marketing communications have opt-out links through which you can inform us to stop processing your data for such purposes. Ideally, we would endeavour to acquire your consent before we send such marketing communications in the first place. However, where for some reason we are unable to acquire your consent before sending marketing communications or where we inadvertently send marketing communications to you, we would provide you with the option to opt-out from receiving such marketing communications.

   9. How long do we keep your personal data

      We will hold your personal information on Cobble’s systems for as long as is necessary to fulfil the purpose for which it was collected or to comply with any legal, regulatory, tax, accounting, reporting requirements or internal policy requirements. We endeavour to dispose of your personal data once we have concluded that we no longer require your personal data in connection with the purpose for which it was collected and if disposing of such personal data would not expose us to any actions, sanctions or claims.

   10. Change of purpose

       We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

       If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

       Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

   11. Protection of your personal data

       We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a professional need-to-know basis. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

       We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

       We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

       • education and training of relevant staff to ensure they are aware of our privacy obligations when handling personal data as well as training around social engineering, phishing, spear phishing, and password risks;
       • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
       • technological security measures, including firewalls, encryption and anti-virus software;
       • physical security measures, such as staff security passes to access our premises;
       • endpoint security: anti-virus, portable storage device lockdown, restricted administrative privileges;
       • Real-time monitoring of data leakage controls;
       • Layered and comprehensive cybersecurity defences; and
       • Security incident reporting and management.
       • Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

   12. Storage of Your Data

       All personal data you provide to us may be stored on our secure cloud-based data storage as well as on our premises, off-site based locations and network accessible storage which include external drives only for authorized users. By providing your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

       We erase/delete personal data in the event of any of the following:

       1. The personal data is no longer necessary in relation to the purposes for which they were collected or processed;
       2. You withdraw your consent or object to the processing and there is no overriding lawful basis for the processing;
       3. The personal data was unlawfully collected or processed in the first place; or
       4. In compliance with lawful directives from government regulators.

   13. Your rights and how to contact us

       You have various rights in relation to your personal data. In particular, you have a right to:

       1. object to the processing of your personal data;
       2. request a copy of personal data we hold about you;
       3. ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
       4. ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data; an to
       5. withdraw consent to our processing of your personal data (to the extent such processing is based on consent)

       To exercise any of your rights, or if you have any other questions about our use of your personal data, please e-mail hi@getcobble.com or write to Cobble’s Data Protection Officer at 15 Orji Murray street, Lekki, Lagos, Nigeria. You may also use these contact details if you wish to make a complaint to us relating to your privacy.

       If you are unhappy with the way we handled your personal data or any privacy query or request that you have raised with us, you also have a right to complain to a data protection regulator in the place where you live or work, or in the place where you think an issue in relation to your data has arisen. NITDA’s website (https://nitda.gov.ng/) has a wealth of useful information in respect of your rights over your personal data.

   14. Breach / Privacy Violation

       In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data, we shall within 72 (seventy-two) hours of having knowledge of such breach report the details of the breach to the appropriate government agency.

       Where we ascertain that such breach is detrimental to your rights and freedoms in relation to your personal data, we shall within 7 (Seven) days of knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.

7. Cookies Policy

   We use cookies on our website to improve the user experience. We will assume you agree to accept the cookies that we use on our website if you do not disable or opt-out of them as described below.

   1. What are Cookies?

      Cookies are small text files. They are commonly downloaded to your computer or mobile device by websites that you visit. They enable the website to tag your device and recognize it as you move around the site (and potentially when you return at a later date) so that, for example, you do not have to re-enter your password each time you move between pages of the website.

   2. Can I turn off cookies?

      If you do not wish to receive cookies, you can set your web browser to disable cookies. As explained above, cookies help you to get the most out of our website. If you decide to disable cookies, you may find that certain aspects of our website do not work as expected. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allow you to decline the use of cookies.

   3. Changes to our Privacy Policy

      This Privacy Policy may be updated from time to time for any reason we deem appropriate. Your continued use of our products and platforms will be deemed to be acceptance of any updates made to this Privacy Policy.