Welcome to use Wekash. As the operating entity of Wekash and the provider of platform services, Wekash Loan Nigeria Company (hereinafter referred to as "Wekash" or "we") will mainly explain to you through the "Wekash Privacy Policy" (hereinafter referred to as "this Policy")
THIS PRIVACY POLICY (THIS AGREEMENT/ PRIVACY POLICY) SETS FORTH THE MODES OF COLLECTION, USE AND DISCLOSURE OF YOUR INFORMATION GATHERED ON THE PLATFORM (DEFINED BELOW). THIS PRIVACY POLICY APPLIES ONLY TO PERSONAL INFORMATION COLLECTED ON THE PLATFORM. THIS PRIVACY POLICY DOES NOT APPLY TO INFORMATION COLLECTED BY US IN OTHER WAYS, INCLUDING INFORMATION COLLECTED OFFLINE. PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CONTINUING TO USE THE SERVICES, OR ACCESS THE PLATFORM YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY NOT AVAIL THE SERVICES.
This Privacy Policy constitutes a legally binding agreement between you and us and therefore, we hereby specifically remind you to read carefully and fully understand all the terms of this Privacy Policy, especially such terms that disclaim or relieve our liabilities, terms that restrict your rights, terms of dispute resolution and governing law etc. The terms that may exclude or limit our liabilities are marked in bold or underlined for your special attention. Please read this Privacy Policy prudently and choose whether or not to accept this Privacy Policy and please cease to use or access to this Platform if you disagree with this Privacy Policy.
We will collect personal information within the scope required by law, and we will promptly notify you each time we collect personal information. You expressly authorize that we collect and process data in accordance with this privacy agreement. We respect your privacy and we will not provide for any purpose. Your information won’t be shared with unauthorized third-party.
If you do not wish to be bound by these terms, you may not be able to access.
We collect your data to facilitate the provision of services to you, to verify your identity and to create a credit score to determine which loans can be provided to you. The data will be upload to our server.The information you provide includes:
Contact list
We will request permission to read contacts on the Select Contact page and Submit Application page. After your authorization, we will obtain all your contact information, including name, mobile phone number and time of adding, and encrypt and transmit this information to the server (https://api.wekashh.com). Contact data is only used to analyze your loan eligibility and recommend suitable loan products to you, verify user authenticity and prevent fraud. It also helps you quickly fill out contact information pages. We will protect your contact data and we will never share data with third parties. If you no longer use this product, you can contact us to delete your data.
SMS
We will apply for permission to read SMS messages on the order confirmation interface, obtain all SMS messages, and encrypt and upload SMS data (content, number, sending time) to the server (https://api.wekashh.com). SMS list data will help us identify the various accounts you hold and the cash flow patterns you hold, assist us in conducting credit risk assessments, and be able to determine your risk profile. The credit rating analysis provided for you helps you more easily obtain corresponding services from regulated financial entities and platforms, as well as financial services from other service providers. We strictly protect data and will never share data with third parties. If the user does not use it for a long time, he can request to delete the data.
Collection of installed applications
We collect and upload a list of metadata from installed applications to the server (https://api.wekashh.com), which includes the application name, package name, installation of each installed application on your device Time, update time, version name and version to assess your credit eligibility and enrich your profile, approved custom loan offers. We will keep this application information in our system database and will not share it with others.
Camera
We require camera access to scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields.
As a part of our KYC journey, we require access to your camera to enable you to initiate your KYC process. This permission allows us or our authorised agents to perform your Video KYC while also taking screenshots of your original Officially Verified Documents that you present during your Video KYC journey. Video KYC enables you to complete your KYC digitally, smoothly and efficiently. Your video shall be recorded and retained for regulatory purpose along with screenshots of original Official Verified Documents.
Device information and application permissions
To provide you with better service, we need permissions related to device activity, such as Location, SMS, Calendar, Phone, Contacts, Contact list, Camera, Storage. We’ll use these permissions to collect your device information and upload the information to our server. This information will be used for our scoring system and all data will be protected and encrypted.
Location
Collect and monitor device location data to ensure maintainability and reduce application-related risks.
Phone
Collect specific information about your device to uniquely identify the device and prevent unauthorized access to your loan data.
In the event that we share your personal information, we shall comply with the following principles:
Authorization and Consent: we shall not share your personal information without your consent unless the shared information has been de-identified and the recipient cannot re-identify the data subject. If the purposes of third party using personal information exceed the original scope of your authorization and consent, they shall further obtain your consent to their use of your personal information.
Legitimacy and Necessity: data sharing must have legitimate purpose and the scope of sharing shall be limited to such categories and amount of personal information necessary to achieve the purposes.
Prudence and Diligence: we will prudently evaluate the purposes of third parties’ use of our shared personal information and will conduct a comprehensive assessment of such third parties’ security capability and require them to comply with relevant cooperation agreement for information sharing. We will also conduct rigorous security monitoring of software development kit (SDK) and application programming interface (API) used by the third parties to obtain information in order to protect data security.
Curity precautions
The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.
Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in Sri Lankan as per applicable law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.
In addition, the Website and App have been certified for the following security certifications:
1. ISO 9001: being the international standard that details requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements with the requisite security protections.
2. ISO 27001 (formally known as ISO/IEC 27001:2005): is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
3. We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
a. We use encryption to keep your data private while in transit;
b. We offer security feature like an OTP verification to help you protect your account;
c. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
d. We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
e. Compliance & Cooperation with Regulations and applicable laws;
f. We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.
g. Data transfers;
h. We ensure that NIC number is not disclosed in any manner.
i. We or our affiliates maintain your information on servers located in Nigeria. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder
j. When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
Governing statute
This Privacy Policy is construed and governed by the laws of the Republic of Nigeria.
Cookies
We may set cookies to track your use of the Platform. Cookies are small encrypted files, that a site or its service provider transfers to your device’s hard drive that enables the sites or service provider’s systems to recognize your device and capture and remember certain information. By using the Application, you signify your consent to our use of cookies.
Disclosures
We do not sell, rent, lease your Personal Information to anybody and will never do so. Keeping this in mind, we may disclose your Personal Information in the following cases:
Security of your personal information
Confidentiality of your Personal Information is of utmost importance to us. We will use all reasonable efforts to protect and secure your Personal Information against access, collection, use or disclosure by unauthorized persons and against unlawful processing, accidental loss, destruction and damage or similar risks. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Information, you acknowledge that we cannot guarantee the integrity and accuracy of any Personal Information which you transmit over the Internet, nor guarantee that such Personal Information would not be intercepted, accessed, disclosed, altered or destroyed by unauthorized third parties, due to factors beyond our control. You are responsible for keeping your Account details confidential and you must not share your password with anyone and you must always maintain the security of the Mobile Device that you use.
How we save and protect your personal information
To meet regulatory requirements, provide you with services, and facilitate you to query your loan and repayment records, we will save the necessary information submitted or generated during your application or use of the service. We will use a physical or logical isolation mechanism to store your general personal information separately from your personal sensitive information. If personal sensitive information is involved, we will use security measures such as encryption to give special protection.
(1) Information preservation
Your personal information that we collect and generate within the territory will be stored in the territory. If you need to handle cross-border business and transmit your personal information to overseas agencies, we will, in accordance with laws and regulations and relevant regulatory authorities, conduct security assessment in advance of the purpose of the exit, type of personal information involved, identity and data security capability and possible security risks, and clarify the obligations and responsibilities of all parties by signing agreements, supervision and verification, and require overseas institutions to keep the personal information obtained, except for cross-border personal information prohibited by laws and regulations.
To guarantee your rights and interests, unless otherwise specified by laws and regulations, we will retain your personal information for the shortest necessary period necessary to achieve the purposes stated in this Policy. When your personal information is deleted or anonymized for your personal information.
(2) Information protection
1. We have used industry-standard security safeguards that serve to protect your personal information from unauthorized access, public disclosure, use, modification, damage, or loss of data. We will take everything reasonably feasible to protect your personal information. For example, we will take confidentiality and security measures that meet the requirements of laws and regulations; involving personal sensitive information, we will take encryption measures to transfer, store, adopt data access control and audit control measures.
2. We collect, use, and share your information within your authorization solely for the express purposes of this Policy. We use various security technologies and programs to protect the personal information you provide to avoid our access, storage of your information from unauthorized access, tampering, disclosure, or destruction. We establish an information security protection system that is compatible with business development, including strict data security and privacy protection system, as well as a matching information security protection system.
3. We have established a monitoring and audit mechanism to track and identify operating processes such as data acquisition, storage, analysis, use, and sharing, to avoid unauthorized operations. At the same time, conduct irregular safety training for employees to improve their awareness of data protection and avoid the risk of information and data leakage. In strict accordance with the requirements of the regulatory authorities, take legal technical measures and means to ensure your information security.
Declaration of the third party liability
Please note that our website or Wekash App may integrate products and services provided by third parties, links to and/or display marks or content of third parties, and we recommend that you carefully read the relevant agreements and privacy policies corresponding to the third party products and services before using, viewing web pages created by third parties or using third party developed applications. We will make commercially reasonable efforts to require these subjects to take protection against your personal information, but we cannot guarantee that these subjects will take protection as we require, and please contact them directly for details of their privacy policy.
Changes to this policy
We may update this Privacy Policy without notice to you. This Privacy Policy is effective upon publication and apply to all users. You are encouraged to check this Privacy Policy on a regular basis to be aware of the changes made to it. Continued use of the Services and access to the Platform shall be deemed to be your acceptance of this Privacy Policy.
Contact us
If you have questions, concerns or grievances regarding this Privacy Policy, you can email us at our grievance email-address: wekash@gmail.com.