Introduction

Stellas Bank (“we”, “us”, “our”) takes your privacy seriously and we are committed to best practices in respect of your personal data and complying with data protection laws. This policy applies to Stellas as a whole; including our website and mobile app and is written for visitors to our website, our waitlist, and our customers. This policy also applies to various storage mediums including physical and digital.

Stellas Bank is a company registered in Nigeria with company registration number 1819985 (our registered name is Stellas Technology Services Limited). Our registered office is 164 Lagos/Abeokuta Expressway, Iyana Ipaja, Lagos, Nigeria. We deliver the Stellas product and service, including designing and developing the Stellas app, processing account applications, and providing ongoing customer support. You can email us at help@stellasbank.com

The data we collect and why

In order to offer our service which is to operate, maintain and support our current account we need to collect various personal data for various reasons. These reasons are:

• Contract: when you open and use our account you enter into a contract with us to provide our services.

  :

• Legal obligation: we are legally obliged to process your personal data e.g. for the prevention of fraud and to offer strong customer security.

  :

• Legitimate interests:providing our type of product requires in some cases that we process data e.g. for improving our service.

  :

• Consent:where applicable, such as communications preferences, we will ask for your consent

  :

The following table summarises which data is collected and on which bases it is processed.

Sources of personal data

Personal information will only be collected directly and voluntarily from you as part of the registration process or as a result of transactions relating to your Stellas account. Some personal information may be verified by us with the use of publicly accessible sources to fulfill customer due diligence.

Storage and recipients of personal data

We store your data however there are some aspects of operating our service that require us to share and store parts of your personal data with 3rd parties in Nigeria.

Where this is the case, we have ensured that we have the necessary agreements in place with those 3rd parties to the level expected by Nigerian data protection law.

Some of the kinds of 3rd parties that receive your personal data are in the areas of:

• Infrastructure (servers, databases, etc.)

• Identity checking

• Anti-money laundering

• Banking

• Address/account lookup

• System emails

• Update/marketing emails

• Text messages

• Push messages

• Error logging

• Customer support

• Product and marketing analytics

• Card manufacturers

• Card scheme

Security of data

We operate a “Secure by Design” approach to protecting your data. This involves the use of best practices such as intrusion detection systems, firewalls, access control, encryption and key rotation and policies that ensure only those who need access to data do.

3rd parties holding your personal data are expected to apply the same level of security and controls.

Whilst we issue notifications for key changes in your profile if you suspect anything suspicious please let us know.

If we become aware of unauthorized access to your data we will contact you promptly.

Selling Information

We do not and will never sell your personal data.

Data retention

Your personal data are retained so long as you remain an active customer of Stellas, i.e. you have an open account with us.

In the event that you wish to close your Stellas account, we don’t keep your information for longer than we need to, which is usually 7 years after the end of the relationship or upon the termination of the contract, unless we are required to keep it longer (for example due to a court order or investigation by law enforcement agencies or regulators). This is so that we meet our legal obligations, e.g. the Money Laundering Regulations.

After this time has elapsed your data will be deleted from all Stellas and 3rd parties systems.

Your rights

Automated decision making

3rd parties that we use in respect of identity checking and fraud prevention may offer us an automated result based on your personal data and special category data.

These results are only used in part of a manual decision process on whether we wish to offer a Stellas account to you.

It is our right to decide whether to offer an account or not.

Closing your account

It’s sad, but the expression of some of your rights such as erasure, restricting, and objection may lead to a need for you to close your account with us.

If you want to close your account for any reason, just write to us and we will get this processed for you. We’ll settle up any balance first. Once your account is closed, you will lose access to your account. We’ll talk you through how to export your records before closing your account.

Changes

This policy may change from time to time and is effective from the date of posting to our website and app. For significant changes, we will also let you know by email or through the Stellas app.