Privacy Policy

Effective date: 3 May 2026

Our privacy policy

Consent and Scope

This Privacy Policy governs the manner in which Koins Microfinance Bank Limited ("Koins," "we," "our," and "us") collects, uses, stores and discloses information collected from our users ("customers"). This policy explains how personal information of our users ("customers") is securely collected, used, stored and disclosed to third parties based on our business requirements and conformity to regulatory requirements. This Privacy Policy applies to your use of our services regardless of means of access. You may access or use our services through desktop, laptop, mobile phone, tablet or other consumer electronic device. This Privacy Policy also applies to your offline interactions with Koins Microfinance Bank.

This Privacy Policy applies to the use of our website and all affiliated websites and applications owned and operated by us (collectively, the "Website"), applications, other online services and/or any related services, marketing, promotional and events, and social media activities. For our users, this Privacy Policy is part of our Terms of Use.

We may update this Privacy Policy from time to time to reflect current privacy practices. When we make changes to this policy, we will notify you by revising the "effective date" at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to the homepages of our mobile application or website). We therefore advise that you carefully read and understand this Policy to understand our business practices.

The Personal Data we collect is governed by the principles in the Nigerian Data Protection Regulation (NDPR) 2019, the Nigerian Data Protection Act (NDPA) 2023 and other applicable privacy and data protection laws regarding the processing of Personal Information. Koins Microfinance Bank adheres to the basic principles relating to the processing of Personal Information: transparency, lawfulness, data accuracy, purpose limitation, data minimization, storage limitation, confidentiality, accountability and integrity.

We may process your Personal Information under the requisite basis as recognized by data protection laws which include consent. By accessing or using our services or otherwise providing your personal data, you accept this Privacy Policy and consent to the terms of this Privacy Policy including processing and transfer of your personal data when you sign up, and use our website, mobile application including but not limited to related sites, applications, promotional activities and offline interactions or visits to our office(s) to utilize and serve you efficiently.

Personal Information Needed

We collect, process, use, keep and transfer personal information such as:

  • Identification Documents: Your full name, bank verification number (BVN), government-issued identity or NIN, and date of birth; other documents such as international passports, government-issued identity cards and other registration information to ascertain your eligibility to use our services. With these data, we can authenticate your identity and provide you with our services.
  • Contact Information: Information needed to contact you directly, such as house address, email address, phone number, billing details, etc.
  • Technical Information: When accessing Koins services, the server may automatically record information your browser sends whenever the website is visited, such as links clicked, time spent on certain pages, log-in information, location and certain device details.
  • Financial Information: External account number, date and amount of transaction, and information from financial institutions as needed.
  • Transactional Information: Information related to payment, payment processing services, and transactional interaction with product features.
  • Marketing and Communication Information: Records of your decision whether or not to subscribe to receiving marketing content from our third-party agents.
  • Records of conversations between Koins customer support and you when you contact us and when we contact you.

What Information We Collect

We collect information directly from you and, where lawful and reasonable, we may collect your personal information about you from third parties and publicly available sources electronically or manually. The information collected depends on the products and services but is not limited to fulfillment of our contractual obligations such as account opening packages, adverts and content, performance evaluations to improve communication, perform due diligence (legal and business) and develop new services for all our users.

We collect the personal data you provide to us depending on the products and services. This applies to opening a Koins Bank account or when you communicate with us about your Koins bank account. This includes processing information such as:

  • Account and Contact Information: Name, email address, postal address, residential address, phone number, date of birth, means of identification (identification document number, passport number and/or NIN as required); billing information, next of kin information, financial information, and any other information required to comply with regulatory requirements.
  • Financial Information: BVN, personal bank account number, credit card details, financial history (including information to determine your creditworthiness) and other information provided by financial institutions or merchants when we act on their behalf.
  • Biometric Information: Such as images of you, fingerprints, face recognition and speech recognition to identify you for any form of account or during interaction with our customer service team.
  • Transaction Information: Details about your transactions.
  • Device Information: Information on the devices with which you access our products, website or application.
  • Profile Information: Username, password, transaction history, your interests, feedback and survey information.
  • Usage Information: Your use of our products and services, record of correspondences with us online and offline, page response times, download errors, page interaction information and browser methods. We may use your usage information to aggregate the percentage of users accessing our products and/or specific website features.
  • Marketing and Communications Information: Your interaction with our social media accounts, content and marketing campaigns (including details provided for market surveys), our third parties and your communication preferences.
  • Views, opinions and preferences: Such as surveys, feedback regarding our products or services or online-based behavior. We may also collect, use, store and share aggregated data such as demographic or statistical data for any purpose.
  • Third-party Information: Information collected about you from other companies (such as credit bureau agencies and collection agencies to report account information as permitted by law, banking partners as required for credit/debit card association rules, law enforcement, government officials or other third parties pursuant to a subpoena, court order or other legal process applicable to us or one of our affiliates); information provided to our affiliates and other trusted businesses or persons to process for us based on our instructions and in compliance with our privacy policy and any other confidentiality and security measures—including service providers to help deliver our products and services, conduct due diligence and improve our internal business processes and offer additional support to customers (including personal information filled with next-of-kin).
  • Log Information: We may record or log information from your devices, their software and your activity accessing or using our services, including IP address, identification numbers associated with your devices, device event information such as crashes, system activity and hardware settings, system configuration information, date and time stamps of transactions and other interactions with our service.
  • Location Information: Regarding your current location disclosed by GPS technology and other sensor data from your device, offline address, IP address, information about things near your device such as Wi-Fi access points, cell towers, browser plug-in types and versions, system activity, crash reports, date, time and referrer URLs, clickstream including date and time of your request—with your prior consent. Any information collected via your use of Google Maps will be transmitted directly to Google and not collected by us. Please refer to Google's privacy policy for details about their collection, use and sharing of this information.

We may process your Personal Information on the grounds of legitimate interest such as fraud investigation, reporting and prevention, to safeguard our IT systems, and for user tailored marketing in compliance with applicable data protection laws.

We may process your Personal Information to fulfil our legal obligations in line with Nigerian laws. This includes employment data to comply with labor laws and payroll requirements. We may also process Personal Information to adhere to legal requests, court orders, and other regulatory requirements.

How We Use Your Personal Information

We use the personal information you provide us as follows:

  • Provide, maintain and improve our services.
  • Carry out our obligations arising from any contracts entered between you and us and provide you with the information, product and services that you request from us.
  • Notify you about changes to our service.
  • Personalize and improve services, provide content, advertisements or features that match your interests.
  • Send you technical notices, updates, text messages, two-factor authentication, security alerts, support and administrative messages.
  • Monitor and analyze trends, usage and activities in connection with our services.
  • Analyze internal operations, troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • Make suggestions and recommendations to you about our services that may interest you.
  • Carry out any other purpose for which the information was collected.

We will use the information provided by you to provide you—or permit selected third parties to provide you—with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you via electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, you may unsubscribe from promotional emails via a link provided in each email.

How We Share Information

You agree that we have the right to share your information and any other information you share with us:

  • If you request or authorize it.
  • If the information is provided to help complete a transaction for you.
  • For every business operation.
  • With any of our affiliated companies or service providers.
  • With non-financial companies such as email service providers that perform branding and marketing services, and fraud prevention service providers that use the information to provide services to us.
  • With a non-affiliated third party to access and transmit your personal and financial information according to the terms of their privacy policy.
  • With selected third parties including business partners and sub-contractors for the performance of any contractual relationship established with them or you.
  • In response to a request for information, if required or we believe disclosure is in accordance with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders or subpoenas or legal processes.
  • To protect our rights, property or safety or that of our users or others.
  • For publication of our events and competitions on digital and print media.
  • With law enforcement officials or third parties such as auditors, if we believe it's appropriate to investigate fraud.

Legal Basis For The Processing Of Personal Information

We may process your Personal Data in the regular management of our business and where we have a legal basis to do so. We consider the legal basis for using your Personal Data as set out in the Nigeria Data Protection Regulation (NDPR) 2019, the Nigerian Data Protection Act (NDPA) 2023 and other applicable privacy and data protection laws. These include:

  • To process personal information/data upon your consent.
  • To perform a contract with you or take steps at your request before entering into a contract.
  • To protect your interest, the interest of other data subjects or to perform a task carried out in public interest or the legitimate interest of others.
  • To maintain, monitor, improve and develop our business policies, systems and controls.
  • To design, develop and test products, services and solutions.
  • To customize products, services and solutions, messaging and advertising.
  • To process and settle transactions and payments.
  • To meet record-keeping obligations.
  • To enable you to use value-added solutions and participate in reward programs.
  • To comply with integrity and business conduct checks required for compliance purposes including due diligence and onboarding processes, monitoring and assurance reviews and conduct sanctions screening against any sanctions list.
  • To comply with our legal and regulatory obligations.
  • To detect, prevent and report theft, money laundering, terrorist financing, corruption or other potentially illegal activity or activity that could lead to loss.
  • To conduct research and analysis (that may include assessing product suitability, credit quality, insurance risks, market risks and affordability, developing credit models and tools and obtaining related information).

Privacy By Design

When designing and implementing a new business or technological process involving the collection, use or disclosure of personal data, we will carefully consider the need for structured privacy planning for this process. For example, the Bank will assess the necessity of gathering solely the pertinent information essential for the initial business process.

Disclosure Of Personal Data

We may disclose any information we collect about current and former customers to affiliates as follows:

  • If you request or authorize it.
  • If the information is provided to help complete a transaction for you.
  • If the disclosure is required by authorized employees of Koins Bank for issues associated with the use of our services.
  • If the information is required to:

  • Publicize our events and products on digital and print media.
  • Examine data to enhance the optimization of our corporate and product website.
  • Comply with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders or subpoenas.
  • Enforce our terms of use and other agreements.
  • For everyday business purposes.
  • Protect our rights, property, or safety, or the rights of our users or others.
  • Share with delivery companies for dispatch of ATM cards upon your request.
  • Share with third-party payment processing services when you pay through our website or mobile application.

We refrain from sharing your personal information with any third parties for marketing purposes without consent.

Your Rights

You have the option of exercising any of the below rights with respect to your Personal Information:

  • Right to consent to this Privacy Policy and to withdraw your consent at any time. If you choose to withdraw your consent, we will stop processing your data unless there is a legal ground for us to continue doing so. In the event that we intend to continue processing your data under such circumstances, we will notify you accordingly.
  • Right to request correction to your Personal Information. You must notify us of any change in your Personal Information. If you are a user, you can change some Personal Information by updating your Koins account profile through our Services.
  • Right to transfer personal data received from us to another, and information on the use of your Personal Data, who it is shared with and how long it is retained by us. You will be reasonably charged for additional copies of such personal data in the case of unfounded and excessive requests.
  • Right to request access to your Personal Information. Before sending you any Personal Information, we will ask you to provide proof of your identity; we reserve the right to refuse to send you any Personal Information.
  • Right to legitimate interest. You will be explicitly provided the intended purpose and legal basis for your Personal Information.
  • Right to request partial or complete deletion of your Personal Information with us if it is retained beyond a certain period or if there is no legal basis for its processing. Additionally, in certain circumstances, you may request restrictions on the processing of your data.
  • Right to data portability. You can request to receive a copy of your Personal Information in a commonly used electronic format. This only applies to Personal Information that you provided to us or information gathered by monitoring your digital behavior, your consent or if the Personal Information must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically).
  • Right to file a complaint regarding the handling of your Personal Data with the Commission if you believe that the processing of your Personal Information violates data protection law.
  • Right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purpose or if we intend to disclose your Personal Data to any third party for such purposes. If you wish to exercise your rights, you may contact the office of our data protection officer at dataprotectionofficer@koinsbank.com.

Children's Privacy

Our services are not directed or intended for children under the age of eighteen (18). We do not knowingly collect Personal information from children under the age of eighteen (18). If we become aware that we have collected Personal Data from anyone without verification of parental consent, we take appropriate steps to remove that information from our servers. Please contact us as provided in the "Contact Us" section below for further assistance.

Where We Store Your Data

We transfer and store your personal information in our offices and authorized computer systems within Nigeria. By submitting your data, you consent to this transfer, storage, and/or processing. We have implemented appropriate measures to ensure the secure treatment of your data in accordance with this Privacy Policy.

All the personal information you provide is stored on our secure servers. For added security, all transactions are encrypted using Secure Sockets Layer (SSL) technology.

Retention Of Information

Subject to applicable laws, which may from time to time authorize us to store your Personal Information for a certain period of time, we will retain your Personal data to achieve the purposes for as long as it is active or necessary to fulfil the purposes for collection, including complying with legal, accounting or reporting requirements.

Security Of Data

We have implemented thorough measures to safeguard your personal information from accidental loss, unauthorized access, or misuse by third parties. These measures include appropriate technical and organizational procedures and security protocols. Our processes are designed to protect your data from unauthorized access, unlawful processing, accidental loss, damage, or destruction—including restricting access to your personal data to only those employees, agents, and third parties who have a legitimate business need to access it.

As part of our standard procedures, Koins adheres to global Information Security Management Systems (ISMS) protocols and integrates both digital and physical security measures to mitigate or eliminate the risk of data privacy breaches. Nevertheless, we strongly advise against sharing confidential information, including passwords, with anyone.

Despite our efforts to maintain a secure online environment, we cannot ensure 100% safety on the internet. We urge you to protect your Koins account login username and password, refrain from sharing it with others and access our services within a secure setting. If we receive instructions using your Koins account login information, we will interpret this as authorization for those instructions. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Personal Information. If we receive instructions using your Koins account login information or other Koins account security information, we will consider that you have authorized the instructions. You agree to promptly notify us of any unauthorized use of your Koins account or any other security breaches.

Breach Of Data Privacy

While Koins takes reasonable precautions to minimize the occurrence and impact of personal data breaches, the risk cannot be completely eliminated. Therefore, if there is reasonable suspicion or awareness of a personal data breach or compromise of personal data integrity or confidentiality, Koins will promptly, within 72 hours of such knowledge, report the details of the breach to the Commission.

In cases where it is determined that such a breach poses a risk to your rights and freedom, Koins will, within 7 days of such knowledge, take steps to inform you of the breach incident. This communication will include details of the breach, the potential risks to your rights and freedom resulting from the breach, and any recommended course of action to remedy the situation.

Deletion Of Personal Data

We store data until it is no longer necessary to provide our services and Koins financial products, or until your account is deleted, whichever occurs first. This differs per case, depending on the nature of the data, why it is collected and processed and relevant legal or operational retention needs. When you delete your account, we delete all financial transactional history, communications and you will not be able to retrieve this information later. Note that this policy does not apply to account deactivation.

Training

Koins Bank ensures comprehensive training on data privacy and protection for all employees involved in collecting, accessing, and processing personal data. This training is aimed at equipping them with the necessary skills, knowledge, and competence to effectively handle the compliance framework outlined in this privacy policy and the Nigeria Data Protection Regulation (NDPR).

Additionally, Koins develops an annual capacity-building plan to enhance its employees' understanding of data privacy and protection, aligning with the requirements of the Nigeria Data Protection Act.

Changes To Our Privacy Policy

We may update this Privacy Policy from time to time to reflect current privacy practices. When we make changes to this policy, we will revise the "effective date" of this policy and notify you by posting a notice on our website.

You are advised to review this privacy policy periodically for any changes.

Contact Us

If you have questions, complaints or suggestions relating to the processing of your personal information or this privacy policy, please contact us at info@koinsbank.com.

Why use Koins?

Insured by
Regulated by