Privacy Policy

1. Scope Of This Policy

This Privacy Policy applies to personal data collected from: Customers and prospective customers; Website visitors and users of our digital platforms; Business partners, vendors, and contractors; Employees, consultants, and job applicants (where applicable).

2. Personal Data We Collect

We may collect and process the following categories of personal data:
Identification Data: Name, date of birth, gender, photograph;
Contact Data: Residential address, email address, telephone number;
Financial Data: Bank account details, transaction records, loan and repayment information;
Technical Data: IP address, device information, browser type, usage data;
KYC and Compliance Data: Means of identification, proof of address, biometric data (where legally required);
Employment Data: CVs, employment history, qualifications (for recruitment purposes).

3. Lawful Basis for Processing

We process personal data on one or more of the following lawful bases: Consent of the data subject; Performance of a contract or steps taken prior to entering into a contract; Compliance with legal and regulatory obligations; Legitimate interests pursued by Clan, provided such interests do not override the rights of data subjects.

4. Purposes of Processing

Personal data is processed for the following purposes: Provision and administration of our financial and innovation-related services; Customer onboarding, verification, and due diligence (KYC/AML); Loan administration, credit assessment, recovery, and enforcement; Communication with customers and stakeholders; Compliance with applicable laws, regulations, and court orders; Internal record keeping, audits, and risk management; Recruitment and human resource management.

5. Data Sharing and Disclosure

We may share personal data with: Regulatory authorities and law enforcement agencies where required by law; Professional advisers, auditors, and legal practitioners; Technology service providers and data processors acting on our instructions; Credit bureaus and financial institutions, subject to applicable laws.

All third parties are required to implement appropriate technical and organisational measures to protect personal data.

6. International Data Transfers

Where personal data is transferred outside Nigeria, Clan ensures that such transfers are carried out in compliance with the NDPA 2023 and NDPC/NDP ACT-GAID, using adequate safeguards including contractual clauses and data protection agreements.

7. Data Retention 

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including legal, regulatory, accounting, or reporting requirements. Thereafter, data is securely deleted or anonymised.

8. Data Subject Rights

Under the Nigeria Data Protection Act, data subjects have the right to: Access their personal data; Rectify inaccurate or incomplete data; Erase personal data (subject to legal limitations); Restrict or object to processing; Data portability; Withdraw consent at any time; Lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Requests to exercise these rights may be directed to the contact details below.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

10. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance user experience and analyse usage. Users may manage cookie preferences through their browser settings.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect regulatory changes, audit outcomes, or operational developments. Any changes will be published on our website or communicated through appropriate channels.

12. Contact Us

For questions, complaints, or requests relating to this Privacy Policy or our data protection practices, please contact:

Email: support@clan.africa.

Phone: 09155577731

Physical Address: 77 Samuel Adedoyin Street Victoria Island Lagos