BRI Capital Privacy & Data Protection

Summary

We collect personal data so we can deliver loan products, respond to enquiries, fulfil legal duties, and run our internet-enabled platforms (including social media).

This privacy notice explains the data we collect, why we collect it, who we share it with, and the rights available to you under the Nigeria Data Protection Act 2023 and GAID 2025.

Who This Applies To

Anyone who uses BRI Capital’s web or mobile platforms, applies for or uses our loan products, enters our premises, or otherwise interacts with us for business, contractual, or legal purposes.

Our services are not intended for children; we do not knowingly collect children’s data.

Other Websites

Third‑party websites linked to our platforms are not governed by this notice. Review their privacy statements before sharing data.

By using our platforms or services you acknowledge that you’ve read this privacy notice.

How We Collect Data

Directly from you via forms, applications, calls, visits, or digital interactions.

From third parties such as KYC/AML providers, employers, service providers, banks, and credit reference agencies.

Automatically via cookies, log files, web beacons, and similar tracking tools. See the cookies notice below.

Data We Collect

• Identity & Contact: names, BVN, IDs, images, addresses, phone numbers, email, employment details.
• Financial & Transaction: bank details, card info, payment history, loan records.
• Technical & Usage: IP address, device info, browser, login data, call/text metadata, app usage, preferences.
• Profile & Marketing: usernames, passwords, interests, survey responses, marketing preferences.
• Special Categories (when required): biometric data, KYC/AML documentation, CCTV footage.

How We Use Data

• Provide and manage loan products/services, run due diligence, support applications, and respond to enquiries.
• Operate, secure, and improve our platforms.
• Meet legal and regulatory obligations, manage risk, conduct audits, and pursue legitimate business interests.
• Handle marketing communications with opt‑out controls.

Legal Basis

• Consent (when expressly obtained).
• Performance of a contract or pre‑contract steps.
• Compliance with legal/regulatory obligations.
• Legitimate interests such as risk management, business continuity, and client support.
• Processing of sensitive data may also rely on legal claims, public interest, or regulatory requirements.

Disclosures

We may share data with service providers, professional advisers, regulators, law enforcement, banks, credit agencies, and prospective transaction partners. All third parties must protect your data and act on our instructions.

International Transfers

We rarely transfer data outside Nigeria. When we do, we rely on approved transfer mechanisms, ensure similar protection standards, or confirm the recipient country is on the NDPR whitelist.

Marketing Communications

We aim to obtain consent before sending marketing messages. Every marketing email contains an opt‑out link, or you can email dispute@bricapital.net.

Data Retention

We retain data only as long as necessary for the purpose collected, to meet legal/regulatory obligations, or for internal policies. Typical retention periods include: six months for unsuccessful job applicants, three years for help desk requests, six years after closing a customer account or resolving a complaint.

Retention periods may change based on law or business needs.

Change of Purpose

We only use data for the purpose collected unless another compatible reason exists. If we need to use data for an unrelated purpose, we’ll explain the legal basis or seek consent.

Security & Storage

• Layered technical controls: firewalls, encryption, antivirus, endpoint protection, monitoring.
• Administrative controls: staff training, need‑to‑know access, vendor due diligence.
• Physical controls: secure premises, staff passes.
• We store data on secure cloud services, on-premises systems, and encrypted backups.

Your Rights

You may request access, correction, deletion, restriction, objection to processing, data portability, or lodge a complaint with the Nigeria Data Protection Commission (https://ndpc.gov.ng). Contact dispute@bricapital.net to exercise these rights.

Data Breach

We notify the appropriate authority within 72 hours of any qualifying breach and inform affected individuals within seven days when their rights may be impacted.

Cookies Notice

We use essential cookies for security and functionality, plus optional analytics cookies (which you can decline).

Cookies help remember preferences, maintain sessions, and secure your account.

Updates

We may update this privacy notice; continued use of our platforms signifies acceptance. Last updated: June 2025.