PRIVACY POLICIES

Unity Forge Multi-Purpose Cooperative Society Data Protection Policy

This policy ensures compliance with Nigerian data protection laws while fostering trust and transparency in the Cooperative’s operations

These Aligned with: 

• Nigeria Data Protection Act (NDPA) 2023 
• Nigeria Data Protection Bureau (NDPB) Guidelines 
• Nigeria Data Protection Regulation (NDPR) 2023 

1. Introduction

Unity Forge Multi-Purpose Cooperative Society (“the Cooperative”) is committed to protecting the privacy and security of members’ and website/app users’ personal data in compliance with Nigerian data protection laws. This policy outlines how we collect, process, store, and secure personal data in line with legal requirements. 

2. Scope

This policy applies to: 

• All members, prospective members, and visitors using the Cooperative’s website/app. 
• Employees, administrators, and third-party service providers handling member data. 

3. Data Collection & Processing

3.1 Types of Data Collected

• Personal Identification Data: Name, address, phone number, email, BVN, NIN, occupation.
• Financial Data: Bank details, transaction history, savings, loan records.
• Technical Data: IP address, device information, browser type, cookies.
• Usage Data: Login history, activity logs, interactions with the platform.

3.2 Lawful Basis for Processing

Data is processed based on:

• Consent: Explicit permission from members for specific purposes (e.g., marketing).
• Contractual Necessity: Required to provide cooperative services (e.g., savings, loans).
• Legal Obligation: Compliance with regulatory requirements (e.g., tax, anti-fraud laws).
• Legitimate Interest: Improving services, fraud prevention, security.

4. Data Use & Purpose Limitation

Data is used for:

• Membership registration and verification.
• Processing savings, loans, and financial transactions.
• Sending notifications (loan approvals, payment reminders).
• Compliance with regulatory reporting (LASCOFED, NDPB).
• Internal analytics for service improvement.

5. Data Storage & Security

• Encryption: SSL encryption secures data transmission.
• Access Control: Role-based access for admins; strict authentication protocols.
• Data Retention: Personal data is retained only as long as necessary (max 6 years post-membership termination unless legally required).
• Breach Response: Immediate notification to NDPB and affected members in case of a breach.

6. Data Sharing & Third Parties

• Third-Party Processors: Payment gateways, cloud providers (with NDPR-compliant agreements).
• Regulatory Disclosures: Shared only when legally mandated (e.g., LASCOFED, law enforcement).
• No Sale of Data: Member data is never sold to external parties.

7. Members’ Rights

Members have the right to:

• Access: Request a copy of their stored data.
• Rectification: Correct inaccurate/incomplete data.
• Erasure (“Right to be Forgotten”): Request deletion where legally permissible.
• Restriction/Objection: Limit processing or opt out of marketing.
• Data Portability: Receive data in a structured, machine-readable format.

8. Consent & Withdrawal

• Consent is obtained explicitly during registration.
• Members may withdraw consent via written request.

9. Automated Decision-Making & Profiling

• Loan approvals may involve automated checks (credit scoring), but final decisions involve human review.
• Members can request manual intervention if dissatisfied.

10. Children’s Data

• The Cooperative does not process data of individuals below 18 years.

11. Training & Compliance

• Staff and admins undergo annual data protection training.
• A Data Protection Officer (DPO) oversees compliance with NDPA/NDPR.

12. Policy Updates

• This policy is reviewed annually or as required by law.
• Members will be notified of significant changes via email/app alerts.

13. Contact & Complaints

For data-related inquiries or complaints: