Effective Date - April 30, 2021
What We Do
We use our proprietary technology to initiate bank transfers on behalf of End Users using publicly available internet banking platforms. Any application that integrates Transfers will be able to initiate a bank transfer from an End User's bank account, as long as the End User enters the credentials required to authorise such. By agreeing to pay with Transfers, End Users are giving the developer & Transfers the authority to act on their behalf to access & transmit the End User’s Information from the relevant bank.
Please note that we do not have any official affiliations whatsoever with any of the banks we support.
How We Do What We Do
Transfers is able to do what it does when you connect your financial accounts with a developer application, without storing user's passwords by doing something called Double Key Encryption:
- With Double Key Encryption, users' passwords are encrypted with a randomly generated encryption key stored on the user's device. We never have access to this encryption key.
- On our servers, we further encrypt the already encrypted password with our own encryption key, before saving that to our database.
- As such, the actual password can only be accessed if decrypted on the user's device, as a result of them giving such authorisation. This means we cannot ever sign in to a user's internet banking account without their permission.
It is important to note that Transfers does not store End Users' internet banking passwords. We don't have any access to the passwords and as such, cannot access their internet banking account without their explicit authorisation.
We can only initiate and authorise a transaction on behalf of an End User when they authorise this action by linking their bank account & entering their transaction pin or any such credentials. We do not control where the money is being transferred to, this is the responsibility or function of the developer/application that implements transfers.
Information We Collect and Store
The only data we collect is information used as an internet banking account identifier. This might be the End User’s email address, username, user ID, phone number or anything that their internet banking account requires for them to sign in or initiate a transaction. We can also read the End User’s account numbers and account balances. We also store account numbers and transfer information - like which amount of money was sent to which account number by the End User.
We do not store credentials used to authorise transactions like "transaction pins" or the End User’s 2-factor authentication/token OTPs.
The legal grounds for processing sensitive personal information outlined above are contained in the EU’s General Data Protection Regulation and the Nigeria Data Protection Regulation 2019.
How Long Do We Keep Your Personal Information
We will hold your personal information on Transfer’s systems for as long as is necessary to fulfill the purpose for which it was collected or to comply with applicable legal, regulatory or internal policy requirements.
Disclosing Your Personal Information
We may disclose your personal information with third parties including our affiliates, employees, officers, service providers, agents and subcontractors as may be reasonably necessary for the purposes set out in this Policy. Transfers will only share or disclose your personal information on one of the following conditions:
- The consent of the End User has been obtained. Transfers shall bear no liability for any breach which may occur from such authorisation by the End User;
- The disclosure is necessary to conclude a contract between Transfers and a third party in the interest of the End User;
- The disclosure is necessary for reason of public interest, and to detect, prevent or otherwise address fraud, security or technical issues;
- The disclosure is to satisfy any applicable law, regulation, legal process or enforceable governmental request;
- The disclosure is for the establishment, exercise or defense of legal claims;
- The disclosure is necessary in order to protect the vital interests of the End User or other persons, where the End User is physically or legally incapable of giving consent.
Transfers will take all necessary steps to ensure that Personal Information is transmitted in a safe and secure manner.
International Data Transfers
As a global product, Transfers will operate internationally, and may transfer information collected from the End User across international borders for processing and storage purposes. However, the End User’s information will only be processed as required by law or in accordance with this Policy.
Data Protection Rights
Subject to applicable laws, and subject to any limitations and exceptions provided by law, End Users who have personal information held by Transfers are entitled to the following rights:
- Right to request for and access any personal information collected and stored.
- Right to information on their personal information collected and stored;
- Right to objection or request for restriction with respect to the personal information;
- Right to request rectification and modification of the personal information which Transfers keeps;
- Right to request for deletion of their data; and
- Right to object to, and to request that Transfers restricts the processing of their information.
Changes To This Policy
We reserve the rights to update, amend or change this Policy at any time as required by law or technology. Any update, modification or amendment to this Policy will be posted on the Transfers’ website with the effective date updated.
If you do choose to disable cookies, it may limit your ability to use our website. Cookies allow our servers to remember IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities.
If you have any questions or complaints about this Policy, you can contact us at email@example.com