Privacy Policy
To comply with current laws and regulations on data protection, we hereby inform You
that Corestone Technology Nigeria Limited (hereinafter referred to as the "Company", "Hiwallet", or
"We") is a legally registered business entity with its registered address at PLOT 900B, GBOLAHAN
OWOLABI CRESCENT, OMOLE PHASE 1 GRA, OJODU, LAGOS STATE, 100213, and is responsible for the
processing of Personal Data. The Company has established a set of guiding principles for the
processing of Personal Data, which detail the legal basis and purposes of our data processing, as
well as the rights You hold as a data subject and the means to exercise these rights. To obtain the
Company's personal data processing policy, You may submit a written request to us via email at
[email protected], and we will provide You with the relevant information promptly.
Before
using Hiwallet's Services, you need to give explicit consent to this Privacy Policy and the data
collection terms by clicking the "Agree to the Privacy Policy" button or by continuing to use the
App. You may revoke Your consent at any time through Your Device settings or by contacting us.
Please note that revoking consent may affect Your ability to use certain Services.
In this Privacy Policy, capitalized terms shall have the following meanings, which apply to both singular and plural forms:
Account: refers to the exclusive account You create to access our Services or specific parts of the Services.
App: refers to Hiwallet, a software application developed by the Company and available for download on various platforms and electronic devices.
Cookies: refer to small data files stored on Your computer, smartphone, or other browsing devices by a website. These files record Your browsing behavior and the related information on the website.
Country: specifically refers to Nigeria.
Device: refers to any electronic device that can be used to access our Services, including but not limited to personal computers, mobile phones, or digital tablets.
Personal Data:refers to any information related to an identified or identifiable natural person.
Services:refer to our App, website, or a combination of both.
Service Provider: refers to any individual or legal entity that provides data processing services to the Company. This includes third-party companies or individuals commissioned by the Company, who may help operate the Services, provide Services on behalf of the Company, perform tasks related to the Services, or assist in analyzing the operation of the Services.
Usage Data: refers to data automatically collected through the use of the Services or service infrastructure, such as the duration of page visits.
You: refers to the individual who accesses or uses the Services, or the company or other legal organization that uses the Services on behalf of that individual (if applicable).
When You use Hiwallet's Services, we will clearly inform You of the Personal Data we collect. We assure you that we will strictly manage and protect Your Personal Data in accordance with Nigerian laws, regulations, industry guidelines, and other relevant standards. The collection and use of these data are intended to carry out credit risk assessments to ensure that our Services are both secure and reliable.
Our collection and use of Personal Data are detailed as below.
GPS
Our App Services are exclusively for users within Nigeria. To verify user's geographic location and ensure transaction security, we request access to Your GPS location data when You perform key operations (such as when You read the Privacy Policy and Permission Statement, log in, go through credit assessment, and apply for loans). We take strict security measures for such sensitive information to ensure that it is protected through advanced encryption technology during transmission and securely uploaded to our server (https://api.hiwalletng.com).
Camera
When You apply for credit assessment on Hiwallet, we need You to grant us permission to access the camera on Your Device. This request is to verify that the credit assessment application is initiated by You in person, thereby enhancing the security of Your Account and preventing unauthorized access. We guarantee that the collected photos are only used for identity verification during the assessment process and will not be used for any other purpose. In addition, all images captured through Your camera will be encrypted and uploaded to our server (https://api.hiwalletng.com).
Calendar
When You use the Hiwallet App to apply for a loan, we need to request permission to access Your calendar. The purpose of obtaining this permission is to automatically set up repayment reminders for You after You successfully obtain a loan, thereby avoiding the potential negative impact of overdue repayments on Your personal credit record. Reminders on repayment date are only added to Your calendar after Your loan is approved and You give us consent. You can delete these reminders anytime via the App or Device settings. In addition, we guarantee that all data obtained through calendar permission will be obtained and used in strict compliance with the data protection regulations in Nigeria and will be securely transmitted in an encrypted state to our server (https://api.hiwalletng.com).
Installed Application
When You use the Hiwallet App, we may request access to the list of applications installed on Your Device to collect their basic information such as app names and categories (excluding any in-app data). You can manage this permission at any time through Your Device settings. The collected information will be used to enhance our credit assessment models, where we can analyze app types and usage patterns to more accurately assess credit risk. It will also help detect abnormal device behavior to reduce the risk of fraud. We strictly comply with the data protection laws in Nigeria, and all the data will be transmitted through encryption technology and stored on our server (https://api.hiwalletng.com).
Device Information
When You use Hiwallet's Services, we may need to obtain some key information about Your Device, including but not limited to IMEI, device model, RAM, SSAID, Google Advertising ID, and SIM card information. The primary purpose of collecting this information is to enhance the security of Your Account by ensuring that only authorized users can access Your Account and reducing the risk of account compromise. Monitoring device information helps us identify suspicious activities and prevent fraudsters from using Your Account on other devices. In addition, device information will assist us in better assessing Your credit status. We guarantee that all collected device information will be transmitted through encryption technology and stored on our server (https://api.hiwalletng.com).
Storage
When You enjoy Hiwallet's Services, we may store necessary application data files on Your Device. This practice is intended to optimize Your user experience, ensuring the smooth and stable operation of the App. The stored data files help us monitor and optimize application performance. In addition, You have the right to manage the data files stored on Your Device, including viewing, modifying, or deleting these files.
Other Information
When You use Hiwallet's Services, we will collect and process certain key personal information including but not limited to Your full name, email address, phone number, BVN, and NIN. All personal information we collect is voluntarily provided by You. This data will primarily be used to supplement our credit assessment model to provide You with accurate credit limit assessment. We guarantee that all collected device information will be transmitted through encryption technology and stored on our server.
Definition of Personal Data
In this Privacy Policy, "Personal Data" is defined as any information that can directly or indirectly identify a specific individual. We clearly distinguish that anonymous information not involving a specific user identity does not fall within the scope of Personal Data.
Scope of Personal Data Collection
We may collect and process the following types of Personal Data:
Basic Information: Basic information You actively provide, such as Your full name, age, gender, email address, phone number, occupational information, residential address, emergency contact, etc.
Verification Information: Personal photos, BVN, NIN, bank account information, and bank cards You actively provide during the identity verification process.
Transaction Data: Transaction records generated when You use the Hiwallet App, including but not limited to the personal information You submit, detailed history of borrowing and repayment, and other Account-related information You provide.
Third-Party Information: Credit information, demographic data, and third-party credit rating reports about You that we may obtain from credit rating agencies within the scope allowed by law.
User Feedback Information: Personal information You actively share through Hiwallet App pages, customer service channels, chats, complaints, or social media.
Interaction Data: Information generated by Your interaction with our App, Services, content, and advertisements, including Google Advertising ID, IMEI, serial number, SSAID, SIM card information (such as network operator, Mobile Network Code, Mobile Country Code, etc.), geographic location, operating system, network connection information, browsing data, IP address, and network logs.
Local Storage Data: Information stored on Your Device, such as SMS messages, and other digital media content.
Communication Data: Details of Your access to the App, including traffic usage, WIFI connection data, location service data, and other communication-related data. Hiwallet's Services are not intended for minors under the age of 18. If we identify data submitted by a minor, we will promptly delete it. If You believe we have collected data from a minor, please contact us at [email protected].
Use of Personal Data
These data are primarily used for our credit assessment model and application service adjustment and optimization to provide You with accurate credit limit assessments and better Services.
Purpose Limitation: Hiwallet declares that we will strictly process Your sensitive Personal Data in accordance with the purposes stipulated in this Privacy Policy. We do not have the authority to process Your sensitive data beyond these purposes.
Data Protection Obligation: We recognize the importance of protecting Your Personal Data and commit to taking all necessary technical and organizational measures to ensure data security during processing.
Document Retention Policy: Given the specific needs of our industry, Hiwallet may retain copies of files related to Personal Data. We guarantee that these file copies will be subject to the same level of security protection as the original data.
Security Measures: We have implemented multi-level security measures, including encryption technology, access control, and network security protocols, to ensure that Your Personal Data is fully protected at the technical level.
Contact and Communication Data: When necessary, Hiwallet may collect Your contact list, and SMS records, but these data are only used to accelerate the KYC process and assess the feasibility of providing Services to the holder.
Data Access and Rectification: You have the right to access Your Personal Data and request rectification or deletion of inaccurate information when necessary.
Tracking Technologies and Cookies
Explanation of Tracking Technologies
At Hiwallet, we use Cookies and other tracking technologies to monitor user activities on our Services and save related information so that we can improve and optimize the service experience. Below is a detailed explanation of the tracking technologies we use:
Cookie Collection and Purpose
At Hiwallet, we use two types of Cookies: Persistent Cookies and Session Cookies, which differ in their expiration period on Your Device.
Below are the specific purposes for using these two types of Cookies:
Type: Session Cookies
Purpose: Session Cookies are essential for the normal operation of a website, which enable You to use the services and features on the website. For example, they help us with user identity verification, ensuring account security and preventing fraudulent activities. Without session Cookies, the Services You need cannot be provided properly.
Type: Persistent Cookies
Manager: Hiwallet
Purpose: Persistent Cookies are used to record whether You have read and accepted our Privacy Policy. They help us ensure that You have understood and agreed to our privacy terms before using our Services.
Type: Persistent Cookies
Manager: Hiwallet
Purpose: Persistent Cookies allow us to remember Your personal choices and preference settings, such as login credentials or language selection, to provide You with a more personalized browsing experience. Persistent Cookies enable us to remember Your preferences each time You visit, avoiding the need for repetitive input.
We guarantee that all Cookies will be utilized in compliance with the data protection regulations in Nigeria, and that strict encryption technology and management measures will be adopted in the collection, processing, and storage process to protect Your privacy.
Minors' Data Protection
The Hiwallet service is not intended for minors under the age of 18, and we do not actively collect personal data from minors. If we discover that data has been submitted by a minor, we will immediately delete the data and terminate related services. If you believe we have inadvertently collected data from a minor, please contact us at [email protected], and we will handle the matter promptly.
Our Services may include links to other websites and applications that are not operated by the Company due to legal requirements, industry regulations, or third-party contracts. If You choose to visit other websites through these links, we recommend that You carefully read and understand the privacy policies of these websites. Please note that the data collection and privacy policies of these third-party websites may be different from this Policy. We are not responsible for the privacy practices of third-party websites, nor do we have control over their content.
Cross-Border Data Transfer Statement:
Your data may be stored on servers located outside Nigeria (e.g., [country/region, e.g., the UK]). We ensure secure cross-border transfers through encryption (e.g., SSL) and data protection protocols, in compliance with Nigeria’s Data Protection Act and international data security standards.
Principle of Data Retention:
According to the data minimization principle, we retain Your Personal Data only for the period necessary to achieve specific, explicit, and legitimate purposes.
Legal Basis for Data Retention:
We retain Personal Data to comply with legal obligations, including but not limited to tax, audit, and compliance with regulatory requirements.
Business Needs for Data Retention:
We may retain data based on business needs, such as processing transactions, providing customer service, ensuring network security, and improving Services.
Security of Data Transfer:
We ensure that encryption and security protocols are adopted during data transfer to protect data from unauthorized access or disclosure.
Compliance Assessment of Data Transfer:
Before data transfer, we assess the data protection measures of the recipient to ensure their compliance with applicable data protection standards.
User Consent for Data Transfer:
Your consent is a prerequisite for our data transfer, and we will clearly inform You of the purpose, scope, and recipient before the transfer.
Exercise of Data Subject Rights:
We ensure that You can exercise Your data subject rights, including accessing, rectifying, and deleting Your Personal Data after the data transfer.
Updates and Notifications on Data Protection Policy:
We guarantee to inform You promptly when the privacy policy is updated and provide the necessary information to help You understand the changes.
Right of Data Deletion Request:
You have the right to request the deletion of Personal Data we hold about You. This is one of Your fundamental rights as a data subject, which we fully respect and support You in exercising.
Channels to Make a Deletion Request:
You can make a request for the deletion of Your Personal Data in many ways. You can contact us through our customer service email at [email protected] or, if You wish to delete part of Your personal information, You can also log in to our App and perform the deletion operation on it.
Scope and Limitations of Deletion Requests:
Your deletion request will be based on the Personal Data we currently hold about You. However, please note that due to business operation reasons such as compliance with legal requirements, dispute resolution, fulfillment of contractual obligations, or maintenance of security and compliance, some data can not be immediately or completely deleted.
Data retention is required for compliance with legal regulations, maintanance of operational security, assurance of service integrity, and execution of our service agreements. Thus, it may hinder the complete deletion of data.
We guarantee to employ the highest standard of security measures for data that cannot be deleted to ensure the security of such data and prevent unauthorized access or misuse.
Respect for Data Subject Rights:
We will respond promptly and handle Your deletion request upon receipt, ensuring that Your request is properly considered and executed.
Disclosure in Business Transactions:
In the event of business activities such as mergers and acquisitions or asset sales, Your Personal Data may be transferred to a new entity or acquirer as part of a transaction. We will notify You in a timely manner before such transfers occur and ensure that Your data continues to be protected by appropriate privacy policies.
Disclosure under Legal Enforcement Requirements:
According to the laws of Nigeria and other relevant jurisdictions, or at the legitimate request of courts, government agencies, and other public authorities, we may need to disclose Your Personal Data.
Disclosure under Other Legal Requirements
We may disclose Your Personal Data to meet the following requirements:
Legality and Necessity of Disclosure:
We only disclose Your Personal Data when legally allowed and necessary, ensuring the legality and reasonableness of the disclosure.
User Notification Before Disclosure:
Before Your Personal Data is disclosed, we will notify You to the extent possible, unless doing so is prohibited by law or would hinder the accomplishment of disclosure purpose.
Disclosure Under Legal Requirements:
Hiwallet may transfer Your Personal Data at the request of the competent authorities, or in accordance with Articles 10 and 37 of the law, and when allowed by laws and/or regulations, without Your prior consent.
Data Sharing Within the Group Company:
We may transfer Your Personal Data to our holding companies, subsidiaries, and/or affiliated companies in accordance with the same privacy standards, processes, and internal policies as Hiwallet.
Data Storage and Processing:
The Personal Data You provide to Hiwallet will be compiled and securely stored in our proprietary database, and used only for the purposes specified in this Privacy Policy.
Credit Services and Third-Party Service Providers:
Given that credit services rely on a extensive network of Service Providers, we may transfer some of Your information to third parties for processing and computation. Such data transfers will be encrypted and protected in accordance with the requirements of this Policy.
Data Sharing with Third-Party:
Your data may be transmitted to third parties through technical means such as interfaces or SDKs. We strictly adhere to the data security requirements in Nigeria and enter into data confidentiality agreements with third parties to ensure the security of Your data.
Security of Data Transfer:
We guarantee to take all necessary measures during the data transfer process to ensure data security and prevent data leakage or loss.
User Access Rights:
You have the right to access Your Personal Data held by us. You can directly access, update, or request deletion of this information through the Account settings. If You need further assistance, we are always ready to help and provide a copy of the Personal Data we hold about You.
User Right to Rectification:
If You find that the information we hold about You is incomplete or inaccurate, You have the right to request its rectificatio.
User Right to Object:
If we process Your Personal Data based on legitimate interests and You wish to object to such processing due to specific circumstances, You have the right to do so. Additionally, You have the right to object to our processing of Your Personal Data for direct marketing purposes.
User Right to Erasure:
When we no longer have legitimate grounds for processing Your Personal Data, You have the right to request its deletion or removal.
Data Portability Right:
You have the right to request that we provide Your Personal Data to You or a third party designated by You in a structured, commonly used, and machine-readable format. This right applies to automated information You provided to us based on consent or the performance of a contract.
Exercise of User Rights:
You can exercise these rights by contacting our customer service email at [email protected]. We will respond promptly upon receiving Your request and provide the necessary support
.When there is an update on this Policy, we will publish the changes on the App launch page and our official website. For material changes, we will notify You via email. Your continued use of our Services constitutes acceptance of the updated policy
We encourage You to contact us at any time if You have any questions about our Privacy Policy or the processing of personal information. We commit to making the text of our Privacy Policy public and accessible so that You can easily check the relevant information before contacting us. We will respond as soon as we receive Your inquiry and provide the necessary assistance to ensure that Your questions are addressed promptly.
Email: [email protected]