ArcPay Investments

Who we are

1.0 Background

This policy describes what information we collect about you, how we collect and use the information you share with us, and with whom we share that information. You don’t have to share any information with us, but to use our services, we’ll need some information from you.

This privacy policy applies to the website and mobile application (hereinafter referred to as, the “Sites”) provided by Prospect Microfinance Bank Limited and our affiliate companies (“Prospect MFB” ‘we’, ‘our’, ‘us’) and other products/services of under the name Prospects MFB. We’re registered with the Corporate Affairs Commission with the number RC7046002. This policy is designed to provide information regarding our privacy practices and help you understand how we handle your data. This policy also contains information about when we share your personal information with third parties (such as our service providers and credit bureaus).

We reserve the right, at our sole discretion, to alter and update this Policy from time to time. We therefore invite you to review the current version of this Policy each time you return to the Sites.


We collect and use any information you supply when you interact with any of our touch points. When you open an account with us, you share details like your names, Bank Verification Number (BVN), identification documents, address and pictures. By using our card or any prospects Application to transact, you also share details of your transactions with us. Additionally, we may request explicit permission to see other information like your address book, location, photos and data from your phone camera. Other details we collect and what we do with them are discussed below


Sign-up information: When you register to use the services offered on our digital platform, we will collect Personal Data as necessary to offer and fulfill the service you request. Depending on the service you choose, we may require that you provide us with your name, email address, mobile number and debit card details to create an account. We may also require you to provide additional, necessary personal details as you use our services.

Transaction information: When you use our digital platform to send and receive money, make purchases from merchants, pay bills, deposit & withdraw cash, we collect information about the transaction, as well as other associated information as necessary to offer and fulfill the service (like transaction receipt, account statement) that we are obliged to; such as: the amount sent or received, amount paid for products or services, merchant information – including information about your device and geolocation.

Participant Personal Data: When you use our services, we may collect Personal Data about the other participants associated with the transaction, including your phone contacts with your consent, so you can easily transact with your friends and contacts and enable instant messaging (IM). We collect Personal Data such as name and financial account information about the participant who is receiving money from (or sending money to) you, when you send or receive money through the Services.

Image Information: We may collect your image (upload, storage, and use) information to support account opening, such as uploading your portrait. We may also collect information from your images when you use our customer support to upload evidence such as statements and checks. In addition, we may collect your image information in connection with regulatory KYC (Know Your Customer) purposes.

Information from other sources: We may collect information from other sources, such as our social media platforms when you reach out to us to lodge a complaint about our services. However, we will only ask for information relevant to the help required of us to you.

Other information we collect related to your use of our website or Services: We may collect additional information from or about you when you communicate with us, contact our customer support teams, respond to a survey or use functionality offered by third-party service providers through our Platform. For instance, when you initiate third-party applications through ArcPay mobile application, with your prior consent, your SMS may be collected and monitored to help third-party service providers reduce risks associated with your application through the relevant model/system to provide customized services.

When you apply for a job with us: We may request Personal Data about your education, employment and state of health. As part of your application, you will be asked to provide your express consent to our use of this information to assess your application and any monitoring activities which may be required of us under applicable laws as an employer. We may also carry out screening checks (including reference, background and criminal record checks). We may exchange your Personal Data with academic institutions, recruiters, health maintenance organisations, law enforcement agencies, referees and your previous employers. Without your Personal Data, we may not be able to process your application for positions with us.

We collect information you provide directly to us, for example, we collect information when you register or log on to the Sites, create an account, subscribe to a Service, participate in any interactive features on our Services, fill out a form, take part in surveys, post on our message boards, upload any documentation, request customer support, make an enquiry, communicate with us by email, phone or post, interact with us on social media, etc.

We will also collect your information where you partially complete and/or abandon any information inputted in the Sites and may use this information to contact you to remind you to complete any outstanding information.

Every computer connected to the internet is given a domain name and a set of numbers that serve as that computer’s internet protocol “IP address”. When you use the Sites, our web servers automatically recognize your domain name and IP address. The domain name and IP address reveals nothing personal about you other than the IP address from which you have accessed the Sites. We are able to see information relating to your browsing patterns and technical data about the equipment you use to access the website through the use of cookies, server logs and other similar technologies. You can select your preference from the cookie’s settings on any of our websites.

We may also collect technical data from third parties/ public sources such as analytics providers, identity verification providers, advertising networks, search information providers. We may obtain contact, financial and transaction data from providers of technical, payment, credit referencing and delivery services based both inside and outside Nigeria. We utilise third-party service providers to secure information related to financial crime, fraud, sanctions and politically exposed persons.

We do not own personal data provided and will only store such data for a period reasonably needed and we will do our best to ensure that such personal data is secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, unauthorised dissemination, manipulation of any kind, damage by rain, fire or exposure to other natural elements.

We will not sell, share, transfer or rent out any personal information to others in ways different from what is disclosed in this Policy, and our terms and conditions of use. We may share generic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers.

Providing us with information about others

We do not collect the information of minors.

If you are under the age of 18, you are not eligible to use the service offered on our digital platform.


Suggested text:

The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.

We may use your personal data for the following purposes:

    To provide the requested Services and support to you;

    To process transactions and send notices about your transactions to requisite parties;

    To verify your identity;

    To resolve disputes and troubleshoot problems;

    To manage risk, detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;

    To detect, prevent or remediate violations of policies or applicable user agreements;

    To improve our services by implementing aggregate customer preferences;

    To manage and protect our information technology infrastructure;

    To contact you at any time through your provided telephone number, email address or other contact details;

    To notify you about activities on your account, troubleshoot problems with your account and collect fees or monies owed

4.0 Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers. If you believe we may have information from or about anyone under the age of 13, please contact us using the information provided in the CONTACT section below.

5.0 Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. You have the right to request deletion of the data we have collected about you. However, we will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

6.0 Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

7.0 How We Use Cookies

Cookies are small files placed on your device’s browser that enable the website to identify your device as you view different pages. Like most interactive websites, our website uses cookies to enable us track of your activity for the duration of a session. Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the browser. Session cookies do not collect information from your device. They will typically store data in the form of a session identification that does not personally identify you. Certain aspects of our website are only available through the use of cookies, so your use of our website may be limited or not possible if you choose to disable or decline cookies.

8.0 Your Rights

You have rights under data protection laws in relation to your personal data. These include rights to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios If you want us to establish the data’s accuracy Where our use of the data is unlawful but you do not want us to erase it Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at such time when you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us using the information provided in section 11

9.0 How Do We Protect Your Personal Data?


We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our premises and quality control, as well as information access authorization controls.


Your Personal Data is regarded as confidential and will not be divulged to any third party, except under legal and/or regulatory conditions. You have the right to request sight of, and copies of any and all information we keep on you, if such requests are made in compliance with the Freedom of Information Act and other relevant enactments.

While we are dedicated to securing our systems and services and safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as securing and maintaining the privacy of your password(s) and account/profile registration information, adherence with physical security protocols on our premises, verifying that the Personal Data we maintain of you is accurate and current.

We will inform you of any breaches which may affect your Personal Data.

10.0 Governing Law

This Privacy Policy is made according to the Nigeria Data Protection Regulation Act 2023 or any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.


If you have any questions, comments and requests regarding your privacy and rights, please let us know how we can help.

We have appointed a Data Protection Officer (DPO) who is responsible for dealing with all such concerns, in addition to overseeing questions relating to this Policy and handling requests in relation to the exercise of your rights. If you have any concerns or questions, please contact the Data Protection Officer using the details set out below.

Data Protection Officer


314, Ikorodu Road, Anthony, Lagos State, Nigeria

Powered by


119 Oron Road, Uyo , Awka Ibom State, Nigeria

This document will be reviewed on a yearly basis, or more frequently if occasioned by changes or amendment to applicable data protection regulations. If we make any changes, we’ll add a note to this page and if there are significant changes, we’ll let you know by email.

Last Updated: 28 February 2024