Privacy Policy
To comply with current laws and regulations on data protection, we hereby inform You that Corestone Technology Nigeria Limited (a legally registered business entity with its registered address at PLOT 900B, GBOLAHAN OWOLABI CRESCENT, OMOLE PHASE 1 GRA, OJODU, LAGOS STATE, 100213, hereinafter referred to as the "Company", "Hiwallet", or "We"), is responsible for the processing of personal data. The Company has established a set of guiding principles for the processing of personal data, which detail the legal basis and purposes of our data processing, as well as the rights You hold as a data subject and the means to exercise these rights. To obtain the Company's personal data processing policy, You may submit a written request via email, and we will provide You with the relevant information promptly.
In this Privacy Policy, capitalized terms shall have the following meanings, which apply to both singular and plural forms:
refers to the exclusive account You create to access our Services or specific parts of the Services.
refers to the software application developed by the Company for download on various platforms and electronic devices, named Hiwallet.
refer to small data files stored on Your computer, smartphone, or other browsing devices by a website. These files record Your browsing behavior and related information on the website.
specifically refers to Nigeria.
refers to any electronic device that can be used to access our Services, including but not limited to personal computers, mobile phones, or digital tablets.
refers to any information related to an identified or identifiable natural person.
refers to our Application, website, or a combination of both.
refer to any individual or legal entity that provides data processing services to the Company. This includes third-party companies or individuals commissioned by the Company, who may help operate the Services, provide Services on behalf of the Company, perform tasks related to the Services, or assist in analyzing the operation of the Services.
refers to data automatically collected through the use of the Services or service infrastructure, such as the duration of page visits.
refers to the individual who accesses or uses the Services, or the company or other legal organization that uses the Services on behalf of that individual (if applicable).
When You use Hiwallet's Services, we will clearly inform You of the Personal Data we collect. We assure you that we will strictly manage and protect Your Personal Data in accordance with Nigerian laws, regulations, industry guidelines, and other relevant standards. The collection and use of these data are intended to carry out credit risk assessments to ensure that our Services are both secure and reliable.
Our collection and use of Personal Data are detailed as below.
Our Application Services are exclusively for users within Nigeria. To verify user geographic location and ensure transaction security, we request access to Your GPS location data when You perform key operations (such as when You read this Privacy Policy and Permission Statement, log in, apply for credit limits, and take out loans). We take strict security measures for such sensitive information to ensure that it is protected through advanced encryption technology during transmission and securely uploaded to our server (https://api.hiwalletng.com).
When You apply for credit limits on Hiwallet, we need to request Your permission to access the camera on Your Device. This request is to verify that the credit application is initiated by You in person, thereby enhancing the security of Your Account and preventing unauthorized access. We guarantee that the collected photos are only used for identity verification during the credit application process and will not be used for any other purpose. In addition, all images captured through Your camera will be encrypted and uploaded to our server (https://api.hiwalletng.com).
In the Hiwallet Application, we need to request access to Your call log. We only access Your call log at critical operations (such as when we need to verify that You have received a voice verification call, when You apply for credit limits or loans, etc.) to ensure the continuity and security of the Services. The purpose of obtaining this permission is to verify whether You have successfully received the voice verification call we sent, and this data will help us analyze and optimize the voice verification service to provide a smoother and more reliable user experience. Moreover, call logs may be part of Your credit assessment process, which help us to assess Your credit status in a more accurate way, thereby ensuring that the credit limit granted is appropriate. We strictly comply with the data protection regulations in Nigeria, and Your call log information will be strictly encrypted and transmitted to our server (https://api.hiwalletng.com).
When You take out loans on the Hiwallet Application, we need to request permission to access Your calendar. The purpose of obtaining this permission is to automatically set up repayment reminders for You after You successfully obtain a loan, thereby avoiding the potential negative impact of overdue repayments on Your personal credit record. In addition, we guarantee that all data obtained through calendar permission will be obtained and used in strict compliance with the data protection regulations in Nigeria and will be securely transmitted in an encrypted state to our server (https://api.hiwalletng.com).
When You use the Hiwallet Application, we may request access to the list of installed applications on Your Device. We will collect basic data about the applications installed on Your Device, which will be used to optimize our credit assessment model and help us assess credit risk more accurately, thereby providing customized services. In addition, by analyzing the data of installed applications, we can identify and reduce potential fraudulent behavior in a more effective way, protecting You and our Services from harm. We guarantee that all such data will be obtained and used in strict compliance with the data protection laws in Nigeria and will be securely transmitted and stored in an encrypted state on our server (https://api.hiwalletng.com).
When You use Hiwallet's Services, we may need to obtain some key information about Your Device, including but not limited to IMEI, device model, RAM, SSAID, Google Advertising ID, and SIM card information. The primary purpose of collecting this information is to enhance the security of Your Account by ensuring that only authorized users can access Your Account, thereby reducing the risk of Your Account being compromised. Monitoring device information helps us identify suspicious activities and prevent fraudsters from using Your Account on other devices. In addition, device information will assist us in better assessing Your credit status. We guarantee that all collected device information will be transmitted through encryption technology and stored on our server (https://api.hiwalletng.com).
When You enjoy Hiwallet's Services, we may store necessary application data files on Your Device. This practice is intended to optimize Your user experience, ensuring the smooth and stable operation of the Application. The stored data files help us monitor and optimize application performance. In addition, You have the right to manage the data files stored on Your Device, including viewing, modifying, or deleting these files.
Definition of Personal Data
In this Privacy Policy, "Personal Data" is defined as any information that can directly or indirectly identify a specific individual. We clearly distinguish that anonymous information not involving a specific user identity does not fall within the scope of Personal Data.
Scope of Personal Data Collection
We may collect and process the following types of Personal Data:
Basic information You voluntarily provide, such as Your full name, age, gender, email address, phone number, occupational information, residential address, emergency contact, etc.
Personal photos, BVN, NIN, bank account information, and bank cards You voluntarily provide during the identity verification processTransaction Data.
Transaction records generated when You use the Hiwallet Application, including but not limited to the personal information You submit, detailed history of borrowing and repayment, and other Account-related information You provide.
Credit information, demographic data, and third-party credit rating reports about You that we may obtain from credit rating agencies within the scope allowed by law.
Personal information You actively share through Hiwallet Application pages, customer service channels, chats, complaints, or social media.
Information generated by Your interaction with our Application, Services, content, and advertisements, including Google Advertising ID, IMEI, serial number, SSAID, SIM card information (such as network operator, Mobile Network Code, Mobile Country Code, etc.), geographic location, operating system, network connection information, browsing data, IP address, and network logs.
Information stored on Your Device, such as call logs, SMS messages, and other digital media content.
Details of Your access to the Application, including traffic usage, WIFI connection data, location service data, and other communication-related data.
Use of Personal Data
These data are primarily used for our credit assessment model and application service adjustment and optimization to provide You with accurate credit limit assessments and better Services.
Hiwallet declares that we will strictly process Your sensitive Personal Data in accordance with the purposes stipulated in this Privacy Policy. We have no right to process Your sensitive data beyond these purposes.
We recognize the importance of protecting Your Personal Data and commit to taking all necessary technical and organizational measures to ensure data security during processing.
Given the specific needs of our industry, Hiwallet may retain copies of files related to Personal Data. We guarantee that these file copies will be subject to the same level of security protection as the original data.
We have implemented multi-level security measures, including encryption technology, access control, and network security protocols, to ensure that Your Personal Data is fully protected at the technical level.
When necessary, Hiwallet may collect Your contact list, call logs, and SMS message records, but these data are only used to accelerate the KYC process and assess the feasibility of providing Services to the holder.
You have the right to access Your Personal Data and request rectification or deletion of inaccurate information when necessary.
Tracking Technologies and Cookies
At Hiwallet, we use Cookies and other tracking technologies to monitor user activities on our Services and save related information so that we can improve and optimize the service experience. Below is a detailed explanation of the tracking technologies we use:
Cookies are small data files stored on user devices that help us remember Your preferences and provide a customized browsing experience. We use Cookies to ensure the convenience and personalization of the Services. You can choose to refuse all Cookies or receive notifications whenever a Cookie is offered in Your browser settings. Please note that if You choose to refuse Cookies, Your use of certain Service features may be affected.
Unless You adjust Your browser settings to refuse Cookies, our Services will use Cookies by default to provide a smoother user experience.
Our Services and emails sent by us may contain web beacons, which are small digital image files used to count the number of users visiting pages or opening emails. These beacons help us understand user preferences for certain content and ensure the stability and reliability of the system.
In addition to Cookies and web beacons, we may also use other tracking technologies, such as tags and scripts, which work together to collect and analyze user behavior data.
The data we collect is used to analyze user behavior, optimize Service content, enhance user experience, and ensure the security and stability of our Services. We promise to provide You with clear information about our use of tracking technologies and ensure that You can control the use of these technologies. We respect Your privacy settings and will adjust the use of Cookies and other tracking technologies according to Your choices in the browser.
At Hiwallet, we use two types of Cookies: Persistent Cookies and Session Cookies, which differ in their expiration period on Your Device.
These Cookies are stored on Your Device even after You close the browser. They help us remember Your preferences to provide a continuous experience during Your next visit.
These Cookies are automatically deleted when You end the browsing session and close the browser. They are mainly used to maintain the session state during Your browsing.
Below are the specific purposes for using these two types of Cookies:
Type: Session Cookies
Purpose: Session Cookies are essential for the normal operation of a website, which enable You to use the services and features on the website. For example, they help us with user identity verification, ensuring account security and preventing fraudulent activities. Without session Cookies, the Services You need cannot be provided normally.
Type: Persistent Cookies
Manager: Hiwallet
Purpose: Persistent Cookies are used to record whether You have read and accepted our Privacy Policy. They help us ensure that You have understood and agreed to our privacy terms before using our Services.
Type: Persistent Cookies
Manager: Hiwallet
Purpose: Persistent Cookies allow us to remember Your personal choices and preference settings, such as login credentials or language selection, to provide You with a more personalized browsing experience. Persistent Cookies enable us to remember Your preferences each time You visit, avoiding the need for repetitive input.
We guarantee that all Cookies will be utilized in compliance with the data protection regulations in Nigeria, and that strict encryption technology and management measures will be adopted in the collection, processing, and storage process to protect Your privacy.
Our Services may include links to other websites and applications that are not operated by the Company due to legal requirements, industry regulations, or third-party contracts. If You choose to visit other websites through these links, we recommend that You carefully read and understand the privacy policies of these websites. Please note that the data collection and privacy policies of these third-party websites may be inconsistent with this Policy, and we assume no responsibility for the privacy practices of third-party websites and cannot control their content.
Principle of Data Retention:
According to the data minimization principle, we retain Your Personal Data only for the period necessary to achieve specific, explicit, and legitimate purposes.
Legal Basis for Data Retention:
We retain Personal Data for legal obligations, including but not limited to tax, audit, and compliance with regulatory requirements.
Business Needs for Data Retention:
We may retain data based on business needs, such as processing transactions, providing customer service, ensuring network security, and improving Services.
Security of Data Transfer:
We ensure that encryption and security protocols are adopted during data transfer to protect data from unauthorized access or disclosure.
Compliance Assessment of Data Transfer:
Before data transfer, we assess the data protection measures of the recipient to ensure their compliance with applicable data protection standards.
User Consent for Data Transfer:
Your consent is a prerequisite for our data transfer, and we will clearly inform You of the purpose, scope, and recipient before the transfer.
Exercise of Data Subject Rights:
We ensure that You can exercise Your data subject rights, including accessing, rectifying, and deleting Your Personal Data after the data transfer.
Updates and Notifications on Data Protection Policy:
We guarantee to inform You promptly when the privacy policy is updated and provide the necessary information to help You understand the changes.
Right of Data Deletion Request:
You have the right to request the deletion of Personal Data we hold about You. This is one of Your fundamental rights as a data subject, which we fully respect and support You in exercising.
Channels to Make a Deletion Request:
You can make a request for the deletion of Your Personal Data in many ways. You can contact us through our customer service email [email protected] or, if You wish to delete part of Your personal information, You can also log in to our Application and perform the deletion operation on it.
Scope and Limitations of Deletion Requests:
Your deletion request will be based on the Personal Data we currently hold about You. However, please note that due to business operation reasons such as compliance with legal requirements, dispute resolution, fulfillment of contractual obligations, or maintenance of security and compliance, some data may not be immediately or completely deleted
Data retention is required for compliance with legal regulations, maintanance of operational security, assurance of service integrity, and execution of our service agreements. Thus, it may hinder the complete deletion of data.
We guarantee to employ the highest standard of security measures for data that cannot be deleted to ensure the security of such data and prevent unauthorized access or misuse.
Respect for Data Subject Rights:
We will respond promptly and handle Your deletion request upon receipt, ensuring that Your request is properly considered and executed.
Disclosure in Business Transactions:
In the event of business activities such as mergers and acquisitions or asset sales, Your Personal Data may be transferred to a new entity or acquirer as part of a transaction. We will notify You in a timely manner before such transfers occur and ensure that Your data continues to be protected by appropriate privacy policies.
Disclosure under Legal Enforcement Requirements:
According to the laws of Nigeria and other relevant jurisdictions, or at the legitimate request of courts, government agencies, and other public authorities, we may need to disclose Your Personal Data.
Disclosure under Other Legal Requirements
We may disclose Your Personal Data to meet the following requirements:
To comply with legal obligations and ensure the legality of company operations;
To protect the legitimate rights and interests and assets of the Company and prevent potential legal risks;
To protect the personal safety of Service users or the public and prevent emergencies;
To ensure that the Company adheres to legal regulations in handling company affairs, thereby preventing the assumption of unnecessary legal liabilities;
Legality and Necessity of Disclosure:
We only discloseExplanation of Personal Data Transfer Your Personal Data when legally allowed and necessary, ensuring the legality and reasonableness of the disclosure.
User Notification Before Disclosure:
Before Your Personal Data is disclosed, we will notify You to the extent possible, unless doing so is prohibited by law or would hinder the accomplishment of disclosure purpose.
Disclosure Under Legal Requirements:
Hiwallet may transfer Your Personal Data at the request of the competent authorities, or in accordance with Articles 10 and 37 of the law, and when allowed by laws and/or regulations, without Your prior consent.
Data Sharing Within the Group Company:
We may transfer Your Personal Data to our holding companies, subsidiaries, and/or affiliated companies in accordance with the same privacy standards, processes, and internal policies as Hiwallet.
Data Storage and Processing:
The Personal Data You provide to Hiwallet will be compiled and securely stored in our proprietary database, and used only for the purposes specified in this Privacy Policy.
Credit Services and Third-Party Service Providers:
Given that credit services rely on a extensive network of Service Providers, we may transfer some of Your information to third parties for processing and computation. Such data transfers will be encrypted and protected in accordance with the requirements of this Policy.
Data Sharing with Third-Party:
Your data may be transmitted to third parties through technical means such as APIs or SDKs. We strictly adhere to the data security requirements in Nigeria and enter into data confidentiality agreements with third parties to ensure the security of Your data.
Security of Data Transfer:
We guarantee to take all necessary measures during the data transfer process to ensure data security and prevent data leakage or loss.
User Access Rights:
You have the right to access Your Personal Data held by us. You can directly access, update, or request deletion of this information through the account settings. If You need further assistance, we are always ready to help and provide a copy of the Personal Data we hold about You.
User Right to Rectification:
If You find that the information we hold about You is incomplete or inaccurate, You have the right to request its rectification.
User Right to Object:
If we process Your Personal Data based on legitimate interests and You wish to object to such processing due to specific circumstances, You have the right to do so. Additionally, You have the right to object to our processing of Your Personal Data for direct marketing purposes.
User Right to Erasure:
When we no longer have a justifiable reason to process Your Personal Data, You have the right to request its deletion or removal.
Data Portability Right:
You have the right to request that we provide Your Personal Data to You or a third party designated by You in a structured, commonly used, and machine-readable format. This right applies to automated information You provided to us based on consent or the performance of a contract.
Exercise of User Rights:
You can exercise these rights by contacting our customer service email at [email protected]. We will respond promptly upon receiving Your request and provide the necessary support.
We encourage You to contact us at any time if You have any questions about our Privacy Policy or the processing of personal information. We commit to making the text of our Privacy Policy public and accessible so that You can easily review the relevant information before contacting us. After receiving Your inquiry, we will respond as soon as possible and provide the necessary assistance to ensure that Your questions are resolved promptly.
Email: [email protected]