Logo

CASA MICROFINANCE BANK - PRIVACY POLICY

Last Updated: 20th June 2025

At Casa Microfinance Bank (“Casa”, “we”, “our”, or “us”), your privacy is a top priority. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile app, website, and other digital banking services. By using Casa's digital platform, you agree to the terms of this Privacy Policy.

1. What Information We Collect

We collect the following types of personal and transactional information:

a. Personal Information

  • Full name
  • Phone number and email address
  • Date of birth
  • National Identification Number (NIN), BVN
  • Government-issued ID (e.g., driver's license, international passport)
  • Residential address and utility documents
  • Biometric data (e.g., facial recognition, fingerprint - where applicable)

b. Financial & Transactional Data

  • Bank account and wallet details
  • Transaction history
  • Loan applications and repayment behavior
  • Card usage information (if applicable)

c. Device & Usage Data

  • IP address and device identifiers
  • Location data (with permission via your device)
  • Contacts (with permission via your device)
  • App usage logs and activity patterns
  • Cookies and similar technologies on our website

d. Third-Party Data

We may also collect information from third parties such as:

  • Credit bureaus
  • Payment service providers
  • Identity verification services
  • Partner banks or fintech platforms

2. How We Use Your Information

We use your data to:

  • Open and manage your bank account
  • Authenticate your identity and perform KYC checks
  • Process your transactions and card payments
  • Provide customer support
  • Assess creditworthiness and underwrite loans
  • Communicate important service-related updates
  • Prevent fraud, comply with AML/CFT laws, and fulfill regulatory obligations
  • Improve the functionality and security of our platform

3. Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Your consent (e.g., during registration or when you opt into services)
  • Contractual necessity (to provide banking services to you)
  • Legal obligations (compliance with CBN, NDPA,NDPR, AML/CFT regulations)
  • Legitimate interest (e.g., fraud prevention, service improvement)

4. Third-Party Integrations

To deliver our services, we securely share limited data with licensed third-party partners, including:

  • Identity verification providers
  • Payment processors and card issuers
  • Credit bureaus and credit scoring agencies
  • Technology vendors and cloud service providers

We ensure that all third parties comply with relevant data protection and banking regulations.

5. Data Sharing and Disclosure

We may disclose your data:

  • To regulators such as the Central Bank of Nigeria (CBN), NFIU, or NDIC, when required
  • In response to legal requests or court orders
  • In the event of a business merger, acquisition, or restructuring
  • To fraud prevention agencies or law enforcement where necessary

We do not sell your personal information.

6. Your Rights

Under the Nigeria Data Protection Regulation (NDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Withdraw consent for data processing (where applicable)
  • Request data deletion (subject to legal and regulatory obligations)
  • Object to processing for marketing purposes
  • Request data portability (where applicable)

To exercise these rights, contact us at privacy@mycasabank.com

7. Data Retention

We retain your personal information only as long as necessary:

  • To provide you with services
  • To comply with legal and regulatory obligations
  • To resolve disputes or enforce agreements

Inactive or closed accounts may have data retained for up to 7 years or as required by law.

8. Data Security

We implement robust administrative, technical, and physical safeguards to:

  • Encrypt sensitive data in transit and at rest
  • Monitor systems for unauthorized access
  • Enforce strict access controls for employees and service providers
  • Conduct regular security audits and penetration testing

Despite these efforts, no digital system is completely immune to threats. We urge users to secure their devices and accounts.

9. Cookies and Analytics

Our website may use cookies to:

  • Improve user experience
  • Track browsing behavior
  • Analyze service performance

You can manage cookie preferences through your browser settings.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from minors.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in law, technology, or our services. You will be notified of material changes via email, in-app alerts, or website announcements. Continued use of our services after updates constitutes your acceptance of the revised policy.

12. Contact US

If you have questions, concerns, or complaints about this Privacy Policy or your personal data, please contact:

Email: privacy@mycasabank.com

Phone: +2349024166584

Address: Shop 279 & 280, Road 4 Ikota Shopping Complex

You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) if your rights are violated.

By using Casa Microfinance Bank's services, you acknowledge that you have read and agreed to the terms of this Privacy Policy.