Version 1.0 · July 2025
This Data Protection Policy outlines how DASH Microfinance Bank Limited (“the Bank”) complies with the Nigerian Data Protection Regulation (NDPR), Nigerian Data Protection Act (NDPA), GDPR, and other applicable data protection laws.
This Policy defines key terms such as Personal Data, Data Subject, Processing, Consent, Data Controller, Data Protection Officer (DPO), and Data Protection Laws as applicable under NDPR, NDPA, and GDPR.
This Policy applies to all personal data processed by the Bank, regardless of storage location or format. All staff, contractors, and third parties processing data on behalf of the Bank must comply.
Where no other legal basis exists, the Bank obtains explicit and informed consent before processing personal data. Consent may be withdrawn at any time.
The Bank collects personal data via physical and electronic channels including websites, mobile applications, emails, forms, and communications necessary for regulatory compliance and service delivery.
The Bank appoints a Data Protection Officer and implements organizational, technical, and administrative controls to ensure compliance with data protection laws. For any data protection inquiries, you may contact our Data Protection Officer (DPO) at compliance@dash-mfb.com.
We employ encryption, access controls, pseudonymization, audits, and staff training to protect personal data from unauthorized access, loss, or misuse.
All third-party processors must be approved, contractually bound, and compliant with applicable data protection laws.
The Bank maintains procedures for identifying, reporting, investigating, and remediating personal data breaches within legally required timelines.
Personal data may only be transferred outside Nigeria in compliance with NDPR, NDPA, and approvals from relevant authorities.
This Policy is reviewed every two years or as required by regulatory changes.