PRIVACY POLICY

CoopSolve is a Software-as-a-Service (SaaS) cooperative information management system developed by Firstlincoln Technologies Limited. We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications (available on Google Play Store and Apple App Store) and our web platform (collectively, the “Platform”).

Effective Date: December 29, 2024 | Version 1.0 | Platforms: Mobile App (iOS & Android) and Web Platform

1. Introduction

Welcome to CoopSolve. This Privacy Policy applies to all users of the CoopSolve Platform, including cooperative administrators, executives, members, and any other authorized users. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

This Privacy Policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, the Central Bank of Nigeria (CBN) regulations, and other applicable data protection and financial services laws.

1.1 Data Controller

For the purposes of this Privacy Policy, the data controller is:

1.1 Data Controller

For the purposes of this Privacy Policy, the data controller is:

• Firstlincoln Technologies Limited – for Platform operations and system administration
• Your Cooperative Organization – for cooperative-specific data processing activities

2. Information We Collect

We collect various types of information to provide and improve our services. The categories of data we collect include:

2.1 Personal Identification Information

• Basic Identity: Full name, date of birth, gender, nationality, and photograph
• Contact Details: Email address, phone number(s), residential address, and work address
• Government-Issued IDs: National Identification Number (NIN), Bank Verification Number (BVN), International Passport, Driver’s License, or Voter’s Card (as required for verification)
• Employment Information: Employer name, occupation, work address, and employment status

2.2 Financial Information

• Banking Details: Bank account numbers, bank name, and account holder information for transactions
• Transaction Data: Savings deposits, withdrawals, loan applications, loan repayments, interest calculations, and contribution history
• E-Wallet Information: Wallet balance, transaction history, funding sources, and transfer records
• Payment Records: Payment method details, transaction references, and payment confirmations
• Credit Information: Loan history, repayment patterns, credit assessments, and guarantor information

2.3 Cooperative Membership Data

• Membership Details: Membership ID, registration date, membership type, and status
• Contribution Records: Monthly contributions, special savings, and share capital
• Beneficiary Information: Next-of-kin details, emergency contacts, and beneficiary designations
• Role Information: Position held (member, executive, administrator), access permissions

2.4 Technical and Device Information

• Device Data: Device type, model, operating system, unique device identifiers
• Network Information: IP address, mobile network carrier, and connection type
• Usage Data: Login times, features accessed, session duration, and interaction patterns
• Location Data: General location based on IP address (precise GPS location only with explicit consent)

2.5 Communication Data

• Support tickets and customer service interactions
• In-app messages and notifications
• Feedback and survey responses

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery and Operations

• Creating and managing your user account and profile
• Processing savings deposits, withdrawals, and transfers
• Facilitating loan applications, approvals, disbursements, and repayments
• Managing e-wallet operations and balance updates
• Processing payments and Value Added Services (VAS) transactions
• Generating statements, receipts, and transaction confirmations
• Maintaining membership records and contribution tracking

3.2 Financial Management and Compliance

• Calculating interest on savings and loans
• Assessing creditworthiness for loan applications
• Generating financial reports for cooperative management
• Complying with regulatory requirements (CBN, NDIC, tax authorities)
• Anti-money laundering (AML) and Know Your Customer (KYC) verification
• Fraud detection, prevention, and investigation

3.3 Communication and Support

• Sending transaction notifications and alerts
• Providing loan repayment reminders
• Communicating service updates and announcements
• Responding to inquiries and support requests
• Sending cooperative meeting notifications and updates

3.4 Platform Improvement

• Analyzing usage patterns to improve user experience
• Developing new features and services
• Conducting research and analytics
• Troubleshooting technical issues

3.5 Security and Protection

• Verifying user identity and authenticating transactions
• Protecting against unauthorized access and fraud
• Maintaining system security and integrity
• Enforcing our Terms and Conditions

4. Legal Basis for Processing (NDPR Compliance)

Under the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), we process your personal data based on the following legal grounds:

• Consent: Where you have given explicit consent for specific processing activities
• Contractual Necessity: Where processing is necessary to fulfill our service agreement with you and your cooperative
• Legal Obligation: Where processing is required to comply with Nigerian laws, including CBN regulations, tax laws, and anti-money laundering requirements
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms
• Vital Interests: Where processing is necessary to protect someone’s life or well-being
• Public Interest: Where processing is necessary for a task carried out in the public interest

5. Data Sharing and Disclosure

We respect your privacy and limit data sharing to necessary circumstances:

5.1 Within the Cooperative Structure

Your cooperative administrators and authorized executives may access relevant membership and transaction data to manage cooperative operations. Access is limited based on roles and responsibilities.

5.2 Service Providers

We engage trusted third-party service providers who assist in operating our Platform:

• Payment Processors: Banks and payment gateways (e.g., Paystack, Flutterwave, 9PSB) for transaction processing
• Cloud Services: Secure hosting and data storage providers
• SMS/Email Providers: For sending notifications and alerts
• Identity Verification: KYC and BVN verification service providers
• Analytics Services: For understanding platform usage (with anonymized data where possible)

5.3 Regulatory and Legal Disclosures

We may disclose your information when required by law or to:

• Comply with Central Bank of Nigeria (CBN) directives
• Respond to valid legal process (court orders, subpoenas)
• Report suspicious activities to relevant authorities (NFIU, EFCC)
• Fulfill tax reporting obligations (FIRS)
• Cooperate with law enforcement investigations

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the business transaction, subject to continued protection under this Privacy Policy.

6. Financial Data Protection

Given the sensitive nature of financial data processed through CoopSolve, we implement enhanced protections:

6.1 Payment Card Industry Compliance

We adhere to Payment Card Industry Data Security Standard (PCI-DSS) requirements. We do not store complete card numbers, CVV codes, or PINs on our systems.

6.2 Bank Verification Number (BVN)

BVN data is collected solely for identity verification as required by CBN guidelines. BVN data is encrypted and handled with the highest level of security.

6.3 Transaction Security

• All financial transactions are encrypted end-to-end
• Multi-factor authentication for high-value transactions
• Real-time transaction monitoring for fraud detection
• Secure session management with automatic timeout

6.4 E-Wallet Security

• PIN/password protection for wallet access
• Transaction limits and velocity checks
• Instant alerts for all wallet activities
• Secure fund transfer protocols

7. Data Security Measures

We implement comprehensive technical and organizational measures to protect your data:

7.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest, TLS 1.2+ for data in transit
• Access Controls: Role-based access control (RBAC) with principle of least privilege
• Authentication: Multi-factor authentication (MFA), biometric login options
• Infrastructure: Secure cloud infrastructure with redundancy and disaster recovery
• Monitoring: 24/7 security monitoring, intrusion detection systems
• Backups: Regular encrypted backups with secure offsite storage

7.2 Organizational Measures

• Regular security training for all employees
• Background checks for personnel with data access
• Confidentiality agreements and data handling policies
• Regular security audits and penetration testing
• Incident response procedures and breach notification protocols

7.3 User Security Responsibilities

You are responsible for:

• Maintaining the confidentiality of your login credentials
• Using strong, unique passwords
• Enabling available security features (MFA, biometric login)
• Reporting any suspected unauthorized access immediately
• Logging out from shared devices

8. Data Retention

We retain your data for as long as necessary to fulfill the purposes outlined in this Policy, subject to legal and regulatory requirements. When data is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.

• Account Information: Duration of membership + 7 years (regulatory compliance)
• Transaction Records: Minimum 10 years (CBN/NDIC requirements)
• Loan Records: 7 years after loan closure (financial regulations)
• KYC Documents: 7 years after account closure (AML regulations)
• Support Communications: 3 years (operational purposes)
• Technical Logs: 1 year (security and troubleshooting)

9. Your Rights Under NDPR

Under the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation on how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC)

10. Cookies and Tracking Technologies

Our web platform uses cookies and similar technologies to enhance your experience. You can control cookies through your browser settings.

10.1 Types of Cookies Used

• Essential Cookies: Required for Platform functionality, authentication, and security
• Performance Cookies: Help us understand how users interact with the Platform
• Functional Cookies: Remember your preferences and settings
• Security Cookies: Support security features and detect suspicious activity

10.2 Mobile App Technologies

Our mobile applications may use device identifiers for security, push notification tokens for alerts, analytics SDKs for usage statistics, and crash reporting tools for quality improvement. You can manage permissions through your device settings.

11. Third-Party Services

Our Platform integrates with third-party services including payment partners (9PSB, banks, payment gateways), Value Added Services providers (airtime, data, bill payment aggregators), and verification services (NIBSS, NIMC). These third parties have their own privacy policies governing their handling of your data. We encourage you to review their policies.

12. Children’s Privacy

CoopSolve is designed for adult users (18 years and above) participating in cooperative financial activities. We do not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@coopsolve.com, and we will take steps to delete such information. Where cooperatives offer youth savings programs, parental or guardian consent is required, and additional safeguards are implemented.

13. International Data Transfers

Your data is primarily stored and processed in Nigeria. However, some of our service providers may be located outside Nigeria. When we transfer data internationally, we ensure adequate protection through standard contractual clauses, ensure recipients comply with equivalent data protection standards, implement additional technical and organizational safeguards, and ensure transfers comply with NDPR/NDPA requirements for cross-border transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Effective Date,” notify you through the Platform, email, or push notification, and for significant changes, we may require you to acknowledge the updated Policy. We encourage you to review this Policy periodically. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

This Privacy Policy was last updated on December 29, 2024. © 2024 Firstlincoln Technologies Limited. All Rights Reserved.