Afole Microfinance Bank Limited
1. Introduction
By accessing or using the services of Afole Microfinance Bank Limited ("AfoleMFB", "we", "us", or "our"), including through our website, digital banking channels, branches, agents, customer support platforms, and any other touchpoints we operate (together, the "Platforms" and "Services"), or by accepting our Terms and Conditions or any other agreement that incorporates this Privacy Policy, you agree—on your own behalf and on behalf of any organization you represent (together, "you", "User", or "Customer")—that you have read, understood, and accepted this Privacy Policy.
This Privacy Policy explains how AfoleMFB collects, uses, stores, shares, transfers, and protects your personal information in connection with our Services.
If you do not agree with this Privacy Policy, please do not access or use our Platforms or Services.
This Privacy Policy is incorporated into and forms part of our Terms and Conditions, Account Opening Terms, and other applicable agreements governing your relationship with AfoleMFB.
2. Who We Are
Afole Microfinance Bank Limited is a Tier 2 licensed microfinance bank incorporated in Nigeria, providing financial services including savings, loans, mobile and digital banking, domestic remittance, agency banking, and related products to individuals, micro-enterprises, and small businesses.
Registered/Head Office Address:
Beside Owa's Palace, Isale Idofin, Otan Ayegbaju, Osun State, Nigeria.
Website: https://afolemfb.ng
3. Data Protection Officer
For questions about this Privacy Policy, your personal data, or to exercise your privacy rights, contact:
Data Protection Officer (DPO)
Afole Microfinance Bank Limited
Beside Owa's Palace, Isale Idofin, Otan Ayegbaju, Osun State, Nigeria.
Email: privacy@afolemfb.ng
Phone: 0815 332 9527, 0805 621 1257
We will respond to verified requests within the timeframes required by applicable law.
4. Scope
This Privacy Policy applies to personal information we process when you:
- Open, maintain, or use an account with AfoleMFB;
- Use any of our banking channels, including branch services, agency banking, USSD, internet banking, mobile applications, ATMs, and other electronic channels we make available;
- Apply for loans, savings products, insurance, or other financial services;
- Perform transactions including transfers, bill payments, airtime and data purchase, and remittances;
- Interact with us through customer support, in-app or online chat, email, phone, social media, or in person at our branches or agent locations;
- Visit our website or interact with any digital platform operated by or on behalf of AfoleMFB.
This Policy does not apply to third-party websites, applications, or services that may be linked from our Platforms. Those are governed by their own privacy policies.
5. Your Privacy Rights
Under the Nigeria Data Protection Act, 2023 (NDPA), the Nigeria Data Protection Regulation, 2019 (NDPR) (where applicable), and other relevant laws, you have the following rights in relation to your personal data, subject to legal and regulatory exceptions:
- Right of access — to know whether we process your personal data and to obtain a copy;
- Right to be informed — to receive clear information about how we collect and use your data;
- Right to rectification — to correct inaccurate or incomplete personal data;
- Right to erasure — to request deletion of your personal data where legally permitted;
- Right to restrict processing — to limit how we use your data in certain circumstances;
- Right to object — to object to certain processing, including direct marketing where applicable;
- Right to data portability — to receive your data in a structured, commonly used format where technically feasible;
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time (this may affect our ability to provide some Services);
- Right to lodge a complaint — with the Nigeria Data Protection Commission (NDPC) or other competent supervisory authority.
Some rights may be limited where we are required by law to retain or process your information—for example, under CBN regulations, Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) laws, Know Your Customer (KYC) requirements, tax laws, fraud prevention obligations, or dispute resolution.
To exercise your rights, contact our DPO using the details in Section 3. We may need to verify your identity before fulfilling your request.
6. Personal Information We Collect
We collect personal information that you provide directly, that we obtain automatically through your use of our Services, or that we receive from third parties as permitted by law.
6.1 Information you provide
When you register, onboard, or use our Services, we may collect:
- Identity and KYC information: full name, date of birth, gender, nationality, photograph, signature, Bank Verification Number (BVN), National Identification Number (NIN), government-issued ID (e.g., National ID, driver's licence, international passport, voter's card), residential and business address, and proof of address;
- Contact information: phone number, email address, and emergency or next-of-kin details where required;
- Financial information: account number, account type, transaction history, income, employment or business details, bank statements, and information required for loan assessment;
- Authentication credentials: username, password, PIN, security questions, OTP verification data, and biometric data where you enable biometric authentication;
- Communications: messages sent through our support channels, complaints, enquiries, and feedback;
- Loan and product application data: purpose of loan, collateral details, guarantor information, and credit-related disclosures you provide.
6.2 Information collected automatically
When you use our digital channels, we may automatically collect:
- Device and technical data: device ID, device model, operating system, application or browser version, IP address, mobile network information, and system or error logs;
- Usage data: login times, features used, session duration, and activity across our Platforms;
- Location data: approximate or precise location where you grant permission or where required for service delivery, fraud prevention, or regulatory compliance;
- Transaction metadata: timestamps, amounts, beneficiaries, payment channels, and transaction status.
6.3 Information from your device (with your permission)
Where you use a smartphone, tablet, or other connected device to access our Services, and where you grant permission through your device settings or during onboarding, we may access:
- Camera and photo gallery — for KYC document capture, profile photo, and image upload features;
- Contacts — to enable features such as airtime and data top-up, transfers to contacts, or beneficiary selection;
- SMS — only where required and permitted for transaction alerts, OTP delivery, or device binding;
- Notifications — to send account alerts, OTPs, and service messages;
- Biometric hardware — for fingerprint or facial recognition authentication where enabled.
You may deny or revoke these permissions through your device settings. Some features may not work without them.
6.4 Information from third parties
We may receive information about you from:
- NIBSS, BVN/NIN verification services, and identity databases for KYC and account validation;
- Credit bureaus and credit reference agencies for loan underwriting and credit reporting;
- Payment processors, switches, and banking partners involved in transaction processing;
- Regulatory and law enforcement authorities where required by law;
- Fraud prevention and AML screening providers;
- Service providers supporting onboarding, hosting, customer support, and analytics.
7. How We Use Your Personal Information
We use your personal information for the following purposes:
- Account opening and management — to verify your identity, create and maintain your account, and provide banking services;
- Transaction processing — to execute transfers, payments, remittances, airtime and data purchases, and other financial transactions;
- Loan and credit services — to assess creditworthiness, approve or decline applications, disburse loans, collect repayments, and manage delinquency;
- Customer support — to respond to enquiries, resolve complaints, and provide assistance across all channels;
- Security and fraud prevention — to authenticate users, detect suspicious activity, prevent fraud, and protect your account;
- Legal and regulatory compliance — to meet obligations under CBN regulations, NDPA/NDPR, AML/CFT laws, tax laws, NDIC requirements, and other applicable rules;
- Communication — to send transaction alerts, OTPs, service updates, policy changes, and important account notices;
- Product improvement — to analyze usage, improve performance, develop new features, and enhance customer experience;
- Marketing — to inform you about products and promotions you may be interested in, where permitted by law and your preferences;
- Dispute resolution and enforcement — to investigate incidents, enforce our terms, and protect our legal rights.
We will not use your personal information for purposes incompatible with those described above without informing you where required by law.
8. Lawful Basis for Processing
We process your personal information on one or more of the following lawful bases:
| Basis | Examples |
|---|---|
| Consent | Optional marketing, certain device permissions, optional product features |
| Contract | Opening and operating your account, processing transactions you initiate |
| Legal obligation | KYC/AML compliance, regulatory reporting, tax records, court orders |
| Legitimate interests | Fraud prevention, system security, service improvement, and protecting AfoleMFB and customers—balanced against your rights |
| Public interest | Where required to comply with public regulatory mandates |
Where consent is the basis, you may withdraw it at any time. Withdrawal does not affect processing already lawfully carried out.
9. Governing Principles
AfoleMFB processes personal information in accordance with the following principles:
- Lawfulness, fairness, and transparency — we process data for specific, legitimate purposes and inform you appropriately;
- Purpose limitation — data is collected for defined purposes and not used incompatibly without notice or legal basis;
- Data minimization — we collect only data reasonably necessary for the stated purpose;
- Accuracy — we take reasonable steps to keep personal data accurate and up to date;
- Storage limitation — we retain data only as long as necessary for the purpose and as required by law;
- Integrity and confidentiality — we implement appropriate security measures against unauthorized access, loss, or misuse;
- Accountability — we maintain records and controls demonstrating compliance with data protection obligations.
10. Sharing and Disclosure of Personal Information
We do not sell your personal information. We may share your information with the categories of recipients below, subject to confidentiality, data protection, and security requirements:
10.1 Service providers and processors
Trusted third parties that process data on our behalf, including:
- Core banking and digital platform providers;
- Cloud hosting and data storage providers;
- Payment switches, processors, and settlement partners;
- KYC, identity verification, and biometric authentication vendors;
- SMS, email, and push notification providers;
- Customer support and contact center operators;
- Analytics, monitoring, and IT security vendors.
These parties are contractually required to process personal data only on our instructions and in line with this Privacy Policy and applicable law.
10.2 Financial and regulatory partners
- Other banks and financial institutions for transaction settlement;
- Credit bureaus for credit checks and reporting;
- NIBSS and other industry infrastructure providers;
- Insurance partners where you opt into micro-insurance or related products;
- Agency banking partners and authorized agents acting on our behalf.
10.3 Legal, regulatory, and compliance disclosures
We may disclose information where required or permitted to:
- The Central Bank of Nigeria (CBN);
- The Nigeria Data Protection Commission (NDPC);
- The Nigeria Deposit Insurance Corporation (NDIC);
- Law enforcement, courts, tribunals, or government agencies pursuant to valid legal process;
- AML/CFT reporting entities including the Nigeria Financial Intelligence Unit (NFIU) where applicable.
We may also disclose information where we believe in good faith that disclosure is necessary to investigate suspected illegal activity, protect the safety of users or the public, enforce our agreements, or defend AfoleMFB's legal rights.
10.4 Corporate transactions
If AfoleMFB undergoes a merger, acquisition, restructuring, or sale of assets, your information may be transferred subject to equivalent privacy protections and applicable notice requirements.
10.5 Aggregated or anonymized data
We may share aggregated or de-identified information that cannot reasonably identify you for reporting, analytics, or industry insights.
11. International Data Transfers
Your personal information is primarily stored and processed in Nigeria. However, to provide reliable Services—including cloud hosting, disaster recovery, fraud prevention, and technical support—your data may be transferred to or stored in secure data centers operated by reputable vendors in other countries.
Where personal data is transferred outside Nigeria, we implement appropriate safeguards such as:
- Contractual data protection clauses with recipients;
- Transfers only to jurisdictions with adequate protection or approved mechanisms;
- Technical measures including encryption and access controls.
We will take all reasonably necessary steps to ensure your data is handled securely and in accordance with this Privacy Policy and applicable Nigerian data protection law.
12. Security of Your Personal Information
AfoleMFB implements administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, loss, or destruction. These measures include, where appropriate:
- Firewalls, intrusion detection, and network segmentation;
- Encryption of data in transit (e.g., TLS/SSL) and at rest for sensitive fields;
- Multi-factor authentication, OTPs, PIN controls, and device binding;
- Role-based access controls and staff confidentiality obligations;
- Regular security monitoring, logging, and incident response procedures;
- Secure development and operational practices across our digital channels;
- Physical security at offices, branches, agent locations, and data handling facilities.
No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for keeping your login credentials, PIN, and devices secure. Notify us immediately if you suspect unauthorized access to your account.
If you create a username, password, PIN, or other security credentials as part of our access controls, such information will be treated as confidential and will not be disclosed to third parties except as described in this Policy or as required by law. AfoleMFB reserves the right to disable any access credentials if we reasonably believe you have failed to comply with our Terms or this Privacy Policy.
13. Data Retention
We retain your personal information only for as long as necessary to:
- Provide Services to you;
- Meet legal, regulatory, and accounting obligations (including CBN record-keeping and AML retention periods);
- Resolve disputes and enforce agreements;
- Support fraud monitoring, detection, and prevention after account closure.
When data is no longer required, we will securely delete, anonymize, or archive it in accordance with our retention schedule and applicable law.
14. Cookies and Similar Technologies
When you visit our website or use web-based components of our Platforms, we may use cookies, session tokens, web beacons, and similar technologies to:
- Maintain your session and remember preferences;
- Understand usage patterns and improve performance;
- Support security and fraud detection.
Session cookies terminate when you close your browser. Persistent cookies may be used to store login identifiers (but not passwords) to simplify return visits. You can manage cookie preferences through your browser or device settings. Disabling certain cookies may limit some functionality.
15. Marketing and Communications
We may send you information about products, promotions, and services we believe may interest you via SMS, email, push notifications, or other channels, where permitted by law.
You may opt out of marketing communications at any time by:
- Using the unsubscribe link in emails;
- Adjusting notification preferences in your account or device settings;
- Contacting customer support or our DPO.
You will continue to receive essential service and transactional messages (e.g., OTPs, debit and credit alerts, security notices) even if you opt out of marketing.
16. Children's Privacy
Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, contact our DPO and we will take appropriate steps to delete it.
17. Personal Data Breach Notification
AfoleMFB maintains procedures to detect, investigate, and respond to personal data breaches.
Where a breach is likely to result in a risk to your rights and freedoms, we will:
- Notify the Nigeria Data Protection Commission (NDPC) within the timeframe required by law;
- Notify affected Users without undue delay where required, unless encryption or other measures render the data unintelligible, subsequent measures eliminate the risk, or direct notification would involve disproportionate effort—in which case we may use public communication or equally effective measures.
If you believe your account or personal data has been compromised, contact us immediately using the details in Section 3.
18. Your Responsibilities
To help protect your privacy and security, you agree to:
- Provide accurate and complete information during onboarding and updates;
- Keep your password, PIN, OTP, and devices secure;
- Not share your credentials with anyone, including persons claiming to represent AfoleMFB;
- Log out or secure your session when not in use;
- Install updates to our applications and systems promptly where applicable;
- Notify us immediately if you suspect unauthorized access, loss of a device, or credential compromise.
AfoleMFB will never ask for your full PIN or password via unsolicited phone calls, SMS, or email.
19. Third-Party Links and Services
Our Platforms may contain links to third-party websites, payment gateways, or partner services. We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing personal information.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, or our Services.
When we make material changes, we will:
- Post the updated version on our website and make it available through our other channels;
- Update the "Last updated" date at the top of this Policy;
- Provide additional notice (e.g., SMS, email, or in-platform notification) where required.
Your continued use of the Services after the effective date of an updated Policy constitutes acceptance of the changes, unless applicable law requires your explicit consent.
The most current version of this Privacy Policy is available at https://afolemfb.ng/privacy-policy.html or by contacting our DPO.
21. Governing Law and Dispute Resolution
This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, including:
- Nigeria Data Protection Act, 2023;
- Nigeria Data Protection Regulation, 2019 (as applicable);
- Central Bank of Nigeria regulations and guidelines;
- Applicable AML/CFT and consumer protection laws.
Any disputes arising from this Policy shall first be addressed through our internal complaint process. Unresolved matters may be referred to the NDPC, CBN consumer protection channels, or the courts of competent jurisdiction in Nigeria, as applicable.
22. Contact Us
Afole Microfinance Bank Limited
Beside Owa's Palace, Isale Idofin, Otan Ayegbaju, Osun State, Nigeria.
Customer Care: 0815 332 9527, 0805 621 1257 / info@afolemfb.ng
Data Protection Officer: privacy@afolemfb.ng
Website: https://afolemfb.ng
© 2026 Afole Microfinance Bank Limited. All rights reserved.
