(hereinafter referred to as, the "Sites") provided by TeamApt Limited (“TeamApt”, “we”, “us”, “our”) , and other
products/services of TeamApt . This Policy discloses our data protection practices on our Sites, products and
subscriber-based services (“Services”), inclusive of the type of personal data that we collect, our method of
collection of personal data, use of personal data and procedures for sharing personal data with third parties.
The Sites covered by this Policy include our existing websites, mobile applications and all
other additional websites and mobile applications produced and managed by TeamApt. Details of existing Sites include
We value the trust you place in us and understand that your privacy is of utmost importance
to you. In light of this, we make use of the highest standards to ensure secure transactions and the privacy of
We are committed to protecting your personal data (i.e. any information you provide to us
through which you can be identified) in accordance with the provisions of the Nigeria Data Protection Regulation
By visiting the Sites (including all websites and mobile applications which may be added or
personal data processed in accordance with this Policy, please do not use or access the Sites or the Services.
We reserve the right, at our sole discretion, to alter and update this Policy from time to
time. We therefore invite you to review the current version of this Policy each time you return to the Sites.
The Sites and Services are intended solely for persons who, if they are natural persons,
are eighteen (18) years of age or older, and any registration by, use of or access to the Sites and Services by
natural person under eighteen (18) is unauthorised, unlicensed and in violation of this Policy.
By using the Sites, Services and by providing your personal data, you consent to the
collection and use of the information you disclose to us in accordance with this Policy, including but not
to your consent for sharing your personal data in line with the terms contained in this Policy. If we decide to
change this Policy, we will post those changes on this page so that you are always aware of what information we
collect, how we use it and under what circumstances we disclose it. If you do not agree to give consent to the
of personal data as described in this Policy, please do not use or access the Sites or Services.
In accordance with the provisions of the NDPR, prior to the processing of personal data
there must be in existence a legal basis for such processing. In compliance with the provisions of the NDPR, we
process your personal data in line with the following legal basis:
- Consent: where you have consented to our processing of your personal data for one or more
specific reasons. Such consent is given by you through your continuous use of the Services and the Sites.
- Performance of a contract: in order to perform a contract we have with you or a contract to which you
a party to and in order to take necessary steps at your request prior to entering into such a contract.
- Legal obligation: where processing of personal data is required by law. We are required by law to
certain account opening information and personal data of our customers beyond the date such customers cease
carry on business with us.
- Legitimate interest: in order to protect the vital interests of other data subjects, and in order to
carry out the purposes of our business. In addition to this, we have a legitimate interest to prevent fraud,
laundering and to verify identity of data subjects, in order to protect our customers and business, to
how people interact with our Sites, to provide communication which we think will be of interest to you and
determine the effectiveness of promotional campaigns and advertising.
- Public interest: such processing is necessary for the performance of a task carried out in the
of the public on in exercise of an official public mandate vested on us.
When you use the Sites or Services, we collect and store your personal data which is
provided by you from time to time.
Personal data/ information in this context shall include all data such as: any means of
information relating to an identified or identifiable natural person who can be identified by:
- a name;
- an identification number;
- location data, an online identifier;
- address, a photo, an email address;
- bank details;
- posts on social networking websites; and
- other unique identifiers such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM.
This is also applies to personal data/ information regarded as sensitive which could
- data relating to religious or other beliefs;
- race, ethnicity;
- political views;
- trade union membership,
- criminal records; or
- any other sensitive personal information.
For the purpose of accessing our Services, the personal data we may collect include: your
full legal names, marital status, title, date of birth, gender, business name, email address, mailing address,
telephone number, bank account number, payment card details, bank verification number, national identification
international passport number, means of identification, guarantors contact details, bank statements, usernames,
password, your preferences, interests, feedback and survey responses, preference in receiving marketing information
from us and our third parties and your communication preferences, etc.
Our primary goal in collecting the above stated personal data is to provide you with a safe,
efficient, smooth and customised experience. This allows us to provide Services and features that most likely meet
your needs, and to customise the Sites to make your experience safer and easier.
We collect information you provide directly to us, for example, we collect information
when you register or log on to the Sites, create an account, subscribe to a Service, participate in any
features on our Services, fill out a form, take part in surveys, post on our message boards, upload any
documentation, request customer support, make an enquiry, communicate with us by email, phone or post, interact
us on social media, etc.
We will also collect your information where you partially complete and/or abandon any
information inputted in the Sites and may use this information to contact you to remind you to complete any
Every computer connected to the internet is given a domain name and a set of numbers that
serve as that computer’s internet protocol “IP address”. When you use the Sites, our web servers automatically
recognize your domain name and IP address. The domain name and IP address reveals nothing personal about you
than the IP address from which you have accessed the Sites. We are able to see information relating to your
logs and other similar technologies. You can select your preference from the cookies settings on any of our
We may also collect technical data from third parties/ public sources such as analytics
providers, advertising networks, search information providers. We may obtain contact, financial and transaction
from providers of technical, payment, credit referencing and delivery services based both inside and outside
Nigeria. We utilise third-party service providers to secure information related to financial crime, fraud,
and politically exposed persons.
We do not own personal data provided and will only store such data for a period reasonably
needed and we will do our best to ensure that such personal data is secured against all foreseeable hazards and
breaches such as theft, cyber-attack, viral attack, unauthorised dissemination, manipulation of any kind, damage
rain, fire or exposure to other natural elements.
We will not sell, share, transfer or rent out any personal information to others in ways
different from what is disclosed in this Policy, and our terms and conditions of use. We may share generic
information not linked to any personal identification information regarding visitors and users with our business
partners, trusted affiliates and advertisers.
Providing us with information about others
If you provide us with personal data about someone else, you are responsible for ensuring
that you have provided the required notices and have obtained the individual’s explicit consent to provide us
the personal data and that you explain to them how we collect, use, disclose and retain their personal data or
direct them to read our Policy.
In order to provide you with access to the Services, or to provide you with better service
in general, we may combine information obtained from other sources (for example, a third-party developer whose
application you have authorised) and combine that with information we collect through the Sites.
The purpose of collecting your personal data is to give you an efficient, enjoyable,
secure and seamless customer experience.
We may use your personal data for the following purposes:
- To provide the requested Services and support to you;
- To process transactions and send notices about your transactions to requisite parties;
- To verify your identity;
- To resolve disputes and troubleshoot problems;
- To manage risk, detect, prevent, and/or remediate fraud or other potentially prohibited or illegal
- To detect, prevent or remediate violations of policies or applicable user agreements;
- To improve our services by implementing aggregate customer preferences;
- To manage and protect our information technology infrastructure;
- To contact you at any time through your provided telephone number, email address or other contact details;
- To notify you about activities on your account, troubleshoot problems with your account and collect fees or
- To monitor traffic patterns and usage of the Sites to help to improve the Sites design and layout;
- To record and store communications made via phone, skype or the website chat function;
- To personalise your experience on our Sites or communications/advertising;
- To provide customer service, including to respond to your enquiries and fulfill any of your requests for
- To send you important information regarding the services and/or other technical notices, updates, security
alerts, support and administrative messages;
- To poll your opinions through surveys or questionnaires; and
- As TeamApt believes to be necessary or appropriate:
- To comply with a legal obligation. This applies where the processing is necessary for TeamApt to comply with
- To enforce or apply this Policy; and
- To protect TeamApt’s legitimate interests, privacy, property or safety, and/or those of a third party as
long as your rights do not override those interests.
We may monitor and record our communications with you, including e-mails and phone
conversations for training, quality assurance purposes, and to meet our legal and regulatory obligations in general.
We may process your personal data on the basis that we have a legitimate interest to
prevent fraud and money laundering, and to verify your identity, in order to protect our business and to comply
laws that apply to us. Such processing is also a contractual requirement of the services you have requested.
We may carry out fraud prevention checks using a fraud prevention database. If false or
inaccurate information is provided, and/or fraud is identified, details will be passed to the Central Bank of
Nigeria and the Economic and Financial Crimes Commission. Additionally, law enforcement agencies may access and
We may use information generated and stored during your use of our Services for our
legitimate activities to enable us to give you the best service and/or solutions and the best experience. These
purposes include to:
- deliver advertising or information to you which may be useful to you, based on your use of preferences;
- carry out research and development to improve our Services;
- develop and provide new and existing functionality and Services (including statistical analysis,
and forecasting Services); and
- provide you with location-based Services (for example location relevant content) where we collect
data to provide a relevant experience.
Whenever we use your information for our legitimate interests, we will ensure that your
information is processed on a pseudonymised basis and displayed at aggregated levels, which will not be linked back
you or to any living individual.
You have the right to object to processing based on our legitimate activities but if you
object, this may affect our ability to provide certain Services and/or solutions for your benefit.
Your personal data is protected by legal rights enshrined in the NDPR. These rights
include the following:
- the right to be told how we use your personal data and obtain access to your personal data;
- the right to have your personal data rectified or erased or place restrictions on processing your personal data;
- the right to object to the processing of your personal data e.g. where the processing is based on our legitimate
interests. Please note that this may prevent us from continuing to provide Services to you;
- the right to have any information you provided to us on an automated basis returned to you in a structured,
commonly used and machine-readable format, or sent directly to another organisation, where technically feasible
- where the processing of your personal data is based on your consent, the right to withdraw that consent subject
to legal or contractual restrictions;
- the right to object to any decisions based on the automated processing of your personal data, including
- the right to lodge a complaint with the supervisory authority responsible for data protection matters.
Please note that if you request for a copy of your personal data, you may be required to pay
If you would like to exercise any of the above stated rights, please follow the following
- put your request in writing and send it to us through your usual registered channel (e.g. by registered email).
- specify the right you wish to exercise.
- You can also access the Data Subject Access Request (DSAR) portal on our website.
For more information or to exercise your data protection rights please, please contact our
Data Protection Officer at [email protected]
We will endeavour to process all subject access requests within thirty (30) days and if any
further extension is required, we will communicate same through existing consented channels – at no cost. However,
please note that you may continue to receive existing communications for a transitional period whilst we update your
We will not retain your personal data for longer than is necessary for the purposes for
which such personal data is processed. This means that your personal data will only be retained for as long as
still required to provide you with the Services or is necessary for legal reasons. When calculating the
retention period of your personal data we consider the nature and sensitivity of the personal data, the purposes
which we are processing such personal data, and any applicable statutory/regulatory retention periods. Using
criteria, we regularly review the personal data that we hold and the purposes for which such is held and
Our Payment Card Industry Data Security Standard (“PCIDSS”) obligation means that we are obliged to retain
data for a minimum of ten (10) years from the end date of our business relationship with you.
When we determine that personal data can no longer be retained (or where you request that
we delete your personal data in accordance with your rights contained in the NDPR) we ensure that such personal
is securely deleted, anonymized or destroyed. However, please note that, in some circumstances we may decide to
retain your personal data as may be reasonably necessary in accordance with the provisions of the NDPR. In such
circumstances, we will anonymize your personal data before retaining same.
Please see details of our data retention and disposal process below:
|Type of data
|Electronic storage on database
||10 years (regulatory reasons)
||Programmatic (automatic) process to remove, at least on a quarterly basis, personal data that exceeds
business retention requirements/reviews conducted at least on a quarterly basis
|Hardcopy data (receipts/faxes)
||Cross-cut shredded/incinerated, pulped
|Hard drives (back-up)
||Secure wipe program/degauss
|Tape Media (back-up)
|System and network logs
On at least a quarterly basis, we systematically remove and destroy all cardholder data that
has exceeded its retention period, and review and ensure the remaining stored cardholder data remains within the
formal retention requirements.
Wherever the primary account number (“PAN”) is stored, whether electronically or on paper,
it is masked. The first six and last four digits are the maximum number of digits that may be displayed. Certain
members of the operations and Service delivery units have a legitimate business need when dealing with
customer/cardholder enquiries to access the PAN. Wherever the PAN is stored (including in logs, removable media,
etc.), it is made unreadable by means of one-way hashes. Cardholder data is never stored on removable media and when
removable physical storage media (including documents, faxes, and electronic media) are no longer required (i.e.
have passed their retention periods), they are destroyed.
It is important that the personal data TeamApt holds about you is accurate and current.
Please keep TeamApt informed if any aspect of your personal data changes at any time during your relationship
us. On our customer facing products, you can easily update your personal data yourself or alternatively contact
Data Protection Officer via [email protected] when
want to exercise your right of rectification.
In order to protect your personal data, we have put in place appropriate organisational
and technical security measures. These measures include storing data on a dedicated and secure server with at
256-bit encryption, restricting access to your personal data to certain employees, ensuring that our internal
information technology systems are suitably secure, and implementing procedures to deal with any suspected data
In the unlikely event of a data breach, TeamApt will take steps to mitigate any loss or
destruction of data and, if appropriate, will notify you and any applicable authority of such a breach.
Due to the fact that we operate in a regulated environment, we cannot ensure that all your
private communications and other personally identifiable information will never be disclosed in ways not
described in this Policy. By way of example (without limiting the foregoing), we may be forced to disclose
information to the government, regulatory bodies, law enforcement agencies, and third parties for the
a task carried out in the interest of the public, for the protection of your vital interest, for the performance
a contract which you are a party to and also where you have expressly given us written consent to disclose same.
We may need to pass your information to third party service providers which maintain,
administer or develop the Sites on our behalf and the information will only be provided for such limited
and as detailed below. Additionally, we may provide aggregate statistics about our customers, sales, traffic
patterns and related website information to reputable third-parties, but these statistics will include no
TeamApt may transfer your personal data to third parties of the following types:
- companies providing identity or financial validation services;
- financial product providers;
- payment services companies acting on your, or our behalf;
- companies providing analytics services;
- data, service and software providers;
- companies collecting and publishing customer reviews;
- marketing services companies; and
- Regulatory and law enforcement bodies.
You further acknowledge that the Sites may contain information which is designated
confidential by us and that you shall not disclose such information without our prior written consent. Your
information is regarded as confidential and therefore will not be divulged to any third party, unless if legally
required to do so to the appropriate authorities. We will not sell, share, or rent your personal data to any
party nor use your email address for unsolicited mail. Any emails sent by us will only be in connection with the
provision of agreed Services.
We take all necessary precautions to protect your personal information both online and
off-line. It is important for you to protect against unauthorised access to your password, your mobile phone or
computer. Be sure to log off from the Sites when you are using a shared phone/computer. We also protect your
personal data off-line. Access to your personal data is limited to employees, agents or partners and third
with whom we are working who we reasonably believe will need that information to provide the Services to you.
We use data collection devices such as ‘cookies’ on certain pages of the Sites. Cookies
are small files stored on your hard drive that assist us in providing Services customised to your requirements
tastes. We also offer certain features that are only available through the use of a ‘cookie’. Cookies can also
us provide information, which is targeted to your interests. Cookies may be used whether you choose to register
Us or not.
Most cookies are ‘session cookies’, meaning that they are automatically deleted from your hard drive at the end
session. You are always free to decline our cookies if your browser permits, although in that case you may not
able to use certain features on the Sites and you may be required to re-enter your password more frequently
session. A cookie cannot read data off your hard disk or read cookie files created by other sites. Use of a
is in no way linked to any personally identifiable information while on the Sites. Once you close your browser,
cookie simply terminates. For instance, by setting a cookie on your browser, you would not have to log in a
more than once, thereby saving time while on the Sites.
You can choose whether to accept cookies by changing the settings of your browser. You can
reset your browser to refuse all cookies or allow your browser to show you when a cookie is being sent. If you
reject the cookies on the Sites, you may still be able to use the Sites, but it shall be limited to certain
functionality. The only drawback to this is that you may be limited to some areas of Sites or limited to certain
functions of the Sites.
If you apply for a job at TeamApt, you will be asked to submit information to TeamApt such
as your name, contact details, information about your education and work history and any other background
information that might be relevant to your application or that you choose to share with us. If you do not
this information to us, we might not be able to process your application.
We will use this information to assess your application and candidacy for the position you
have applied for. Without limiting the generality of the foregoing, this may include:
- Evaluating your skills and experience in relation to the qualification required for the job you have applied
- Tracking feedback and interactions, we have with you throughout the recruiting process. We may also use your
information when analysing our internal recruitment processes to determine:
- Which recruitment sources to focus on;
- How to improve integration and training programs for new hires with different educational backgrounds and
work experience; and
- How to enhance our interview model to improve hiring quality.
The information you provide may also be used to communicate with you about TeamApt’s events
and to send you publications that we think may be of interest to you.
We might share your personal data with other companies in our group as well as with third
parties such as recruitment service providers, background check providers and information technology system
These TeamApt group companies and third parties might be located in a different country than your country of
We will keep your application data for up to one (1) year. If you no longer wish for TeamApt
to process your personal data or if you wish to exercise any of your rights as a data subject, please contact [email protected]
We will keep your information secure by taking appropriate technical and organisational
measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
will do our best to protect your personal data, but we cannot guarantee the security of your personal data which
transmitted to other websites via an internet or similar connection. If we have given you (or you have chosen) a
password to access certain areas of the Sites please keep this password safe, we will not share this password
As a user of the Services, you understand and agree that you assume all responsibility and
risk attached to safeguarding your account with us. You shall at no time whatsoever disclose your password to
anyone, nor shall you allow anyone make use of your account.
We are constantly trying to improve our Sites and Services, so we may need to change this
Policy from time to time as well. We will alert you of material changes by, for example, placing a notice on our
websites and/or by sending you an email (if you have registered your e-mail details with us) when we are
do so by applicable law. We reserve the right to update this Policy as we deem fit, from time to time, without
intimation to you and your continued use of the Sites will signify your acceptance of any amendment to these
Our updated terms will also be displayed on our websites (www.teamapt.com, www.moniepoint.com, www.monnify.com). It is your responsibility to check this Privacy
Policy from time
to time to verify such updates.
If you believe at any time that we have not handled your personal data in accordance with
this Policy, please contact our Data Protection Officer.
We have appointed a Data Protection Officer (DPO) who is responsible for dealing with all
such concerns, in addition to overseeing questions relating to this Policy and handling requests in relation to the
exercise of your rights. If you have any concerns or questions, please contact the Data Protection Officer using the
details set out below.
Data Protection Officer
12, Wole Ariyo, Lekki Phase 1, Lagos, Nigeria
If you have any questions, comments and requests regarding your privacy and rights,
please let us know how we can help.
Last Updated: 9th November 2022.