Share Your Perspective: EFInA Stakeholder Perception Survey 2025

Take the Survey

EFInA privacy policy

EFInA privacy policy

INTRODUCTION

Enhancing Financial Inclusion & Advancement (EFInA) is a Financial Sector Deepening (FSD) organization, established with support from the United Kingdom’s Foreign Commonwealth & Development Office (FCDO) in 2007 and has since 2009, received funding support from the Bill & Melinda Gates Foundation.

In Nigeria, EFInA is renowned in the financial sector, for providing thought leadership geared towards achieving financial inclusion and championing the unbanked. By funding and catalysing innovation, providing cutting-edge research, advocating for inclusive policies, and building capacity, EFInA’s Access to Financial Services in Nigeria’ surveys and other research have served as credible sources of information for policymakers and regulators, including the Central Bank of Nigeria (CBN), the National Insurance Commission (NAICOM), the National Pension Commission (NPC) and others, to formulate regulations and policies. EFInA has a strong focus on promoting digital financial services, and in recent years has taken a leading role in supporting an emerging FinTech sector in Nigeria.

Our work is garnered through advocacy and capacity building; digital financial services; innovation; and research. Data is critical to the work that we do at EFInA, it drives our research, gives direction to our advocacy, our capacity building and innovation efforts. In accessing and processing data, we are mindful of privacy and protection concerns, and compliance with extant legislation, such as – the Nigeria Data Protection Act 2023 (“NDPA”) and Nigeria Data Protection Regulation 2019 (“NDPR”) which set the standards for data protection practices in Nigeria.

This Privacy Policy (the “Policy”) is specifically in respect of personally identifiable information. It describes the sort of information we collect, what we do with it, how we protect it and the rights of the persons whose information we have processed. Please read the following carefully to understand our practices with respect to personal data and how we will treat it. We take the collection, usage and security of personal data seriously and only use personal data in accordance with the law and the consent of those whose personal data is on our custody.

1. DEFINITIONS

  • Data Subject

Is one who can be identified directly or indirectly – in particular, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity – and is the Subject of protection under this Policy.

  • Consent

It means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Characters, symbols, and binary inputs on which operations are performed by a computer. Which may be stored or transmitted in the form of electronic signals is stored in any format or any device.

  • Data Controller

EFInA

  • Data Processor

EFInA or third-party processors described in the Policy, with which EFInA shares such Data for the purpose of processing.

  • Personal Data

Any form of information concerning an identified or identifiable natural person. This means all information that directly or indirectly, alone or in combination, may identify a specific natural person, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as, but not limited to MAC address, IP address, IMEI number, IMSI number, SIM and others.

  • Processing

means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction. This includes any activity or series of activities by EFInA or involving the use of Personal Data, for fundraising, registration, systemization, changes, searches, surveys, compilation, and/or transfer or disclosure to persons, authorities, companies, etc. outside EFInA.

  • Sensitive Personal Data

Data relating to religious or other beliefs, sexual life, health, race, ethnicity, political views, trade union membership, criminal records, or any other sensitive personal information.

2. BASIS FOR PROCESSING PERSONAL DATA

EFInA can only process personal data on one or more of the following grounds:

  • when the Data Subject grants express consent,
  • in order to perform or fulfil an agreement that we have with a Data Subject or in order to satisfy the preconditions to a contract,
  • when processing is necessary for fulfilment/compliance with a legal obligation,
  • When EFInA or a third party has a legitimate interest, which is necessary and justified considering any possible risks to you,
  • when processing of personal data is necessary to protect the vital interest of the Data Subject or that of another person; or
  • when the processing is necessary to perform a task executed in the interest of the public or in the exercise of a public mandate vested in EFInA.

3.  DATA COLLECTION AND PROCESSING

3.1. The kind of data we collect:

The personal data we collect is dependent on the basis and reason for the collection of data. The data we collect includes the following below.

  • Name
  • Gender
  • Date of birth
  • Contact details
  • Customer relationship data
  • Financial information
  • profiles and social media information
  • Technical Information including internet protocol (IP) address, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system, and
  • Location data
  • Visual images and personal appearance
  • Information about your family, lifestyle, and social circumstances

3.2.  Collection of Sensitive Data

EFInA may collect sensitive information about some categories of persons and for specific purpose.Thismightincludeanyinformationoropinionaboutyourracialorethnicorigin,political opinions,politicalassociation,religiousorphilosophicalbeliefs,membershipofatradeunionor otherprofessionalbody,sexualpreferences,criminalrecord,orhealthinformation.

Where possible, we will give Data Subjects the option to interact with us anonymously, or by using a pseudonym. In responding to our request for personal data, a Data Subject is at liberty to decline. However, if a Data Subject chooses to deal with us in this mode or chooses not to provide us with relevant personal information, we may not be able to render services or otherwise interact optimally with such data subject, in which case, EFInA will be absolved of its responsibilities to the data subject to the extent of such inability.

EFInA will not process, or permit a data processor to process on its behalf, any Sensitive Personal Data, unless the —

  1. data subject has given and not withdrawn consent to the processing for the specific purpose or purposes for which it will be processed.
  2. processing is necessary for the purposes of performing EFInA’s obligations or exercising the rights of the data subject under employment or social security laws or any other similar laws.
  3. Processing is necessary to protect the vital interests of the data subject or of another person, where the data subject is physically or legally incapable of giving consent.
  4. processing is carried out in the course of our legitimate activities, with appropriate safeguards, and the —

(i) processing relates solely to our members or former members, or to persons, who have regular contact with us in connection with our purposes, and

(ii) sensitive personal data is not disclosed outside of EFInA without the explicit consent of the data subject.

  1. processing is necessary for the establishment, exercise, or defense of a legal claim, obtaining legal advice, or conduct of a legal proceeding.
  2. processing is necessary for reasons of substantial public interest.
  3. processing is carried out for purposes of medical care or community welfare.
  4. processing is necessary for reasons of public health and provides suitable and specific measures to safeguard the fundamental rights, freedoms and interests of the data subject; or
  5. processing is necessary for archiving purposes in the public interest, or historical, statistical, or scientific research, on the basis of a law.

3.3. How we collect Personal Data

  • Directly

We collect personal data directly from Data Subjects when they:

  • interact with us over the phone, in person, or online
  • participate in surveys or fill questionnaires
  • attend an EFInA event
  • subscribe to EFInA’s mailing list
  • apply for a position with us as an employee, contractor, or volunteer
  • are appointed as a member of the Board of Directors; or
  • are selected as a

3.3.2.  Indirectly

We collect personal data indirectly when Data Subjects use our websites or services. We may receive data including device details, location, IP address, browser and browsing history.

3.3.3.  Third Party Collection

We may receive data from other sources, such as from our donors, affiliates, government agencies, law enforcement and fraud prevention agencies, regulatory bodies, third-party entities or our other partners for the purpose of carrying out our work.

3.4.  What we use Personal Data for

We use personal data for many purposes in connection with our functions and activities, including the following purposes:

  • To carry out our obligations arising from any
  • To provide Data Subjects with information or services, upon
  • Internal administrative purposes; and
  • Marketing and research

3.5.  Third Party Disclosures

We may disclose personal data to third parties in accordance with this Policy, in circumstances where the Data Subject would reasonably expect us to disclose such information. We will never sell, trade, or license the use of personal data to others; however, we may share personal data with selected third parties, including:

  • Donors, collaborators, suppliers, and subcontractors, for the performance of any
  • financial institutions in performance of our role to support with economic crime information sharing initiatives; providing services for our members, or where we are otherwise directed by the Data Subject to share information with them.
  • fraud prevention agencies who require it to prevent fraud and money-laundering, and to verify

a Data Subject’s identity.

  • marketing, market research, advertisers and advertising networks that require the data to select and serve relevant adverts to a Data Subject and others.
  • analytics and search engine providers that assist us in the improvement and optimization of our website.
  • any entity affiliated with us for the purposes set out above; and
  • if we buy or sell any business or assets, including the sale of an individual website owned by us, in which case, we may disclose Personal Data to the prospective seller or buyer of such business or assets.

      Note that EFInA website(s) may contain links to websites operated by third parties. If you access a third-party website through our website(s), Personal Data may be collected by that third-party website. We make no representations or warranties in relation to the privacy practices of any third-party provider or website and we are not responsible for the privacy policies or the content of any third-party provider or website. Third-party providers websites are responsible for informing you about their own private practices and we encourage you to read their privacy policies. Third parties include search engines, providers of measurement and analytics services, social media networks and advertising companies.

4.  COOKIES

A cookie is a small file of letters and numbers that we put on your computer with your consent, which enables a web server to collect information from your web browser.

Cookies allow us to distinguish you from other users of our website, which helps us to provide you with enhanced browsing experience. For example, we use cookies for the following purposes:

  • Recognizing and counting the number of visitors and seeing how visitors move around our website when they are using it (this helps us to improve the way our website works, for example by ensuring that users can find what they are looking for);
  • Identifying your preferences and subscriptions g. language settings, saved items, items stored in your basket and Prime membership.
  • Ensuring the security of your
  • Mitigate the risk of fraud; and
  • Sending you newsletters and commercial/advertising messages tailored to your

You can find our Cookie Policy here.

5.   TRANSFER

5.1.  Transfer of Personal Information Overseas

Some of the third parties we disclose personal information to may be based in or have servers located outside of Nigeria, including other overseas countries where third parties are located / have servers]. Where we disclose your personal data to third parties overseas, we will take reasonable steps to ensure that data security and appropriate privacy practices are maintained. We will only disclose to overseas third parties if:

  • you have given us your consent to disclose personal information to that third party; or
  • we reasonably believe that the overseas recipient is subject to a law, or binding Policy that is substantially similar to the NDPR and is enforceable.

In pursuance of a Data Subject’s right to request a transfer of personal data, if you wish to transfer your data to a country deemed to have inadequate data protection mechanisms, EFInA in seeking to obtain express consent from you, will inform you of the potential risks, upon which you can base your decision.

6.  PROTECTION

6.1. How We Protect Personal Data

EFInA has put measures in place to ensure compliance with extant legislation and regulations on the processing of personal data in Nigeria and the UK, including the NDPA and NDPR. Follow link to learn more. https://ndpr.nitda.gov.ng/Content/Doc/NigeriaDataProtectionRegulation.pdf

6.2. Data Processing Principles

In collecting and processing personal information we uphold the principles below. All Personal Data will be:

  •  
  • processed in a fair, lawful and transparent manner.
  • collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes.
  • adequate, relevant, and limited to the minimum necessary for the purposes for which the Personal Data was collected or further processed.
  • retained for not longer than is necessary to achieve the lawful bases for which the Personal Data was collected or further processed.
  • accurate, complete, not misleading, and, where necessary, kept up to date having regard to
  • the purposes for which the Personal Data is collected or is further processed; and
  • processed in a manner that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful processing, access, loss, destruction, damage, or

any form of data breach.

In addition, EFInA deploys the following organizational and technical measures:

  • having robust physical security of our premises and databases /
  • restrict access to personal data to personnel on a need-to-know
  • conducting data protection impact assessments and risk assessments; and
  • having technological measures in place (for example, anti-virus software, firewalls).

7.  RETENTION OF PERSONAL INFORMATION

We will not keep a Data Subject’s Personal Data for longer than we need to. In most cases, this means that we will only retain personal information for the duration of the Data Subject’s relationship with us, unless we are required to retain the personal data to comply with applicable laws, for example, record-keeping obligations.

8. YOUR RIGHTS

The Rights of a Data Subject include the following:

  • To be informed about how Personal Data is stored and used
  • To request the rectification, amendment, or correction of personal data
  • To request the deletion of Personal Data
  • To request access to Personal Data
  • To be informed about how we obtain Personal Data
  • To be informed about appropriate safeguards when personal data is transferred to another country
  • To request the restriction of the processing of Personal Data
  • To revoke consent to process Personal Data
  • To lodge a complaint with our Data Protection Officer and the Nigeria Data Protection Commission (NDPC).

EFInA will endeavor to keep your personal information accurate, complete and up to date. If you wish to make a request to access and / or correct the personal information we hold about you, you should make a request by contacting us at EFInADPO@efina.org.ng.

To Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular data, we hold on you. Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use.

9.   EFInA’s RESPONSIBIILITIES

Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural people, EFInA shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that

processing is performed in accordance with this Policy. Those measures shall be reviewed and updated where necessary. To ensure data protection and privacy of Data Subjects, EFInA shall:

  • Protect the privacy and confidentiality of personal data and assets against unauthorized access and be accountable for acts or omissions in respect thereof.
  • Obtain the written consent of Data Subjects to collect and process their personal data for specific purposes and provide them with the option to withdraw the consent at any time;
  • Not transfer personal data of Data-Subjects to a third party without their express consent, except in compliance with a legal obligation.
  • Inform consumers whenever their data is exchanged with an authorized third party, stating details of the exchange
  • Review data processing and privacy procedures to ensure that the purpose(s) for which initial consent was granted remained valid; and
  • Keep accurate and updated data of Data

10. CONTACT US

Questions, comments and requests regarding this privacy Policy are welcomed and should be addressed to EFInADPO@efina.org.ng .

If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us at –EFInADPO@efina.org.ng.

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority at info@ndpc.gov.ng.

Stay informed by subscribing to our newsletter.

Join our community to receive a wealth of information, stories, and highlights about our work and impact.

“We respect your privacy. Review our full Privacy Policy for details on data protection, including confidentiality limits and asset safeguards. © 2026 EFInA.”.

Instagram Linkedin Youtube Facebook X-twitter
Privacy
RC 723455
© 2026 Enhancing Financial Inclusion and Advancement (EFInA). All rights reserved.

Access to Finance

Comprehensive tracking of financial inclusion

Gender Center of Excellence

A strategic resource centre

Inclusion for All

Removing barriers to financial inclusion

Research

Reliable data and analysis

⁠⁠Partnership and Innovation

To promote financial sector development

⁠⁠Advocacy

A tool for facilitating emergence

Systems Strengthening

To expand the access and reach

BlogSpot

Opportunity

Publication

News

Events

Explainer Series

The EFInA Podcast

Our new identity
Talk to us