- PRIVACY STATEMENT
This Statement provides information on how Express Exchange Financial S.A. (hereinafter “EEF”) approaches processing your personal data. Our focus and commitment to respecting your privacy and safeguarding your personal data remains stronger than ever.
1.1 Terms used in this Statement
Information that directly or indirectly identifies or says something about you is referred to as personal data. Examples include your name, your contact number and address, and information such as your income. Information relating to a sole trader, commercial partnership or professional partnership is also considered personal data.
Processing means anything that can be done with personal data. This includes the collection, storage, use, transfer and removal of data.
Whose Personal Data does EEF institutions Process?
We process personal data if we have, want to have, or have had a business relationship with you, or if we have had contact with you.
The people whose personal data we process includes:
- Existing EEF clients both domestic and foreigners
- Potential EEF customers
- People who show an interest in the EEF’s products and services people who are connected in another way with a business or organization with which we have, want to have, or have had a business relationship, such as third-party participants
- Security providers and guarantors
- WHICH DATA DOES THE MICROFINANCE PROCESS?
Types of Data
What kind of data might be involved
Examples of how the EEF uses the data
Information that allows an individual to be identified directly or indirectly
Name, address, telephone number, e-mail address, information provided in your identity documents to fulfill the microfinance’s Know your customer (KYC) requirements
For identification purposes, to draw up an agreement / contract or to contact you
Information relating to or used for agreements / contracts or financial statements
Information about your financial situation, the products you have. Information used for obtaining finance
To assess credit worthiness, or to assess whether a product is suitable for you
Payment and transaction data
When a payment is made, information about the person you paid or who paid you, when the payment took place and what the balance in your account is
To ensure correct / timely processing of funds is performed. Also, for anti-money laundering / counter terrorism financing and sanctions monitoring. For your security and ours.
Special categories of personal data/Criminal data
Information concerning your health, information about criminal convictions, data which reveal your ethnic origin or political inclinations, Bio metric data
The microfinance processes biometric data for identification purposes. In the context of combating terrorism and tax obligations, we are required to record information about your country of birth. In addition, we may record special categories of data such as Criminal data in the context of Anti-Money Laundering
Recorded calls, documentation of e-mails and physical access, CCTV
Cookies, IP address and data relating to the device on which you use our online services or our website.
To enable our online services to be used and to combat fraud. To improve our website. For displaying targeted adverts or banners. Identifying customers after they have logged in by storing a temporary reference number of cookies so that the EEF web server can conduct a dialogue with the customer while simultaneously dealing with other customers. Allowing customers to carry information across pages of our site and avoid having to re-enter same information. Enabling the microfinance to evaluate the effectiveness of its advertising and promotions. Enabling the EEF to produce statistical information (anonymous) which helps it to improve the structure and content of its web site.
Data we received from Third parties
Data may be obtained from Credit Reference Bureaus, Company Registry
We use this information to check Directors and credit rating details.
Data we share with Third parties
Financial information and transaction data upon request of the relevant enforcement agencies and regulator. Data we provide to other Businesses within the Companie’s that we engage to help us provide services. Data you have asked us to share with another party. Information required to meet our regulator or legal reporting commitments.
We are required to provide specific data to tax authorities and to the regulator. You may also ask us to share specific data with a third party. We may be required to share with the relevant authorities and regulatory bodies as part of compliance with the Anti-Money Laundering, Counter Terrorism Financing and Fraud prevention laws and/or regulations.
Data we require to combat fraud, to ensure your security and ours, and to prevent money laundering and the financing of terrorism
The data we keep in our internal and external referral registers, sanction lists, location information, transaction data, identity information, camera images and payment details, cookies, IP address and data relating to the device on which you use online services.
In order to comply with legal obligations and prevent you, the financial sector, EEF or our employees from becoming the victims of fraud, for security reasons and to protect the financial markets, we might check whether you appear in our external or internal referral registers and we have to check whether your name appears in sanction lists. We may use your IP address, device details and cookies to combat online fraud (DDoS attacks) and botnets.
2.1 How does EEF collect your Personal Data?
We receive your personal data when you provide it to EEF, examples include when opening an account, getting into a contract with us(Loan), data you send to us in order that we can contact you and data arising from any services that we provide.
We may also receive your data from business units within Express Exchange Financial Microfinance and associated partners or from other financial institutions in the context of combating fraud, money laundering or terrorism. We may also receive data from others, such as suppliers or other parties we work with, or because you have given another party consent to share data with us.
We may also receive data from others, such as public sources like newspapers, public registers and websites.
2.2 How long does EEF Retain your Data?
We do not keep your data for any longer than necessary to fulfil the purposes for which we collected the data for. We have adopted a data retention policy. This policy specifies how long we keep data. In general we will keep your data for ten (10) years following the termination of the relevant agreement or the ending of your business relationship with EEF, unless there is a legal obligation to preserve the data longer e.g. if the regulator asks us to keep specific data for longer in the context of risk models. In some cases, we use shorter retention periods.
In specific situations, we may also keep data for longer than we are required by the retention period fixed by us. We will do this if, for example, the judicial authorities request camera images, in which case we will keep the images for longer than we usually do, or if you have submitted a complaint, in which case the underlying data must be kept for longer.
Once we no longer require the data for the purposes described before, we may keep the data for archiving purposes, in the event of legal proceedings, or for historic or scientific research purposes or statistical purposes.
2.3 Processing of special category of Data at EEF
We process special categories of personal data where this is permitted by law and consent is acquired, this may include use of Biometrics, criminal convictions etc. If you give us consent to record special categories of personal data relating to you, or you have made this information public yourself, we will only process the information if this is necessary so that we can provide our services. If you have given us consent to record special categories of personal data, you may withdraw that consent at any time. To do this, please contact your Relationship Manager or the contacts listed below.
2.4 Does EEF use Automated Individual Decision-making including Profiling?
We will only decide based solely on automated processing including profiling which produces legal effects concerning you or significantly affects you, in case it is allowed by law and we have gained consent.
We do not envisage that any decisions will be taken about you that produces legal effects or significantly affects you.
2.5 Who at EEF has access to your Data?
Within EEF Microfinance, your personal data can be accessed only by individuals who need to have access owing to their role and for official business purposes. All these people are bound by a duty of confidentiality.
2.6 Does EEF use your Personal Data for any other Purpose?
If we want to use information for any purpose other than the purpose for which it was obtained, we may do this if the two purposes are closely related.
If there is not a sufficiently strong correlation between the purpose for which we obtained the data and the new purpose, we will ask you to give your consent. If you have given us consent, you may withdraw that consent at any time. To do this, please contact your Relationship Manager or the contacts listed below.
2.7 Does the EEF Transfer your data to other countries outside Cameroon?
Within Express exchange financial S.A. Your personal data may be shared by Group Businesses and partners, for example because you ask us to do this, or because you also purchase a product from a different division of the microfinance. Information that has been used to establish your identity may also be used by another division of EEF with which you want to do business.
Outside EEF We also transfer data if this is necessary in order to perform our agreements with you. For example, we use third parties such as Remittance partners to enable you to make payments. Other Branches or Companies in EEF (i.e. EE (Express Exchange), its subsidiaries and affiliates), any regulatory, supervisory, governmental or quasi-governmental authority with jurisdiction over EEF members, any agent, contractor or third-party service provider, professional adviser or any other person under a duty of confidentiality to EEF, credit reference agencies and, in the event of default, debt collection agencies, any actual or potential participant or sub-participant in, assignee or transferee of, any of EEF’s rights and/or obligations in relation to you. These third parties are subject to supervision by their regulators.
If we transfer your data to other parties outside Cameroon, we take additional measures to protect your data. EEF may leverage on technologies such as Cloud, which may result in your data being shared and stored in different jurisdictions. However, in such cases the highest level of protection will always be embedded to safeguard your data.
2.8 Customer Data Rights at EEF
- a) Right to Access
You may ask through the branch or relationship manager to access all the information that we have and process in relation to you. The data protection office shall respond to such requests within 30days.
- b) Right to be Forgotten
You may request that we erase data concerning yourself that we have captured, for example if you object to the processing of your personal data. Your interest must also be greater than the EEF’s interest in processing the data.
- c) Right to Data Portability
You have the right to request EEF to supply you with data that you previously provided to EEF in the context of a contract with us or with your consent, in a structured, machine-readable format, or that we transfer such data to another party. If you ask us to transfer data directly to another party, we can do this only if this is technically feasible.
- d) Right to Rectification
If you believe your personal data has been processed incorrectly or incompletely, you may request that we change or supplement the data.
- e) Right to restriction of processing
You may request that we restrict the personal data relating to you that we process. This means that we will process fewer personal data relating to you.
- f) Right to object to Direct Marketing
You have the right to request EEF to stop sending marketing communication. You can place your request to the Contact center or branch.
2.9 Whom to contact to place a complaint or log in an inquiry regarding Personal Data
If you have any questions related to how we used your personal data, please kindly reach us through:
Tel +237 651 154 409 / 699 999 829
email: [email protected]
In the case of matters concerning the exercising of your rights and other questions about the processing of your personal data kindly email us through [email protected]
For request concerning deleting your data from our database, kindly contact [email protected]