Credit Direct Finance Company Limited – Privacy Notice – Employees
Last updated: June 12, 2024.
Credit Direct Finance Company Limited (“Credit Direct”, “we”, “our” or “us”) is committed to protecting the personal data (“personal information”) of job applicants and its employees. This Notice sets out important information about how Credit Direct collects and uses your personal information during pre-employment exercise, the course of your employment and after your employment has ended. You should read this Notice carefully and raise any questions you may have with the People Management Division or Data Protection Officer.
1. WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
Personal information means any data which identifies you and relates to you as an individual. As a job applicant, employee, or ex-employee, Credit Direct will collect, use, and store your personal information for a wide variety of reasons in connection with the employment relationship. We have set out below the following categories of employee personal information which we process about you:
- personal contact information (including your name, home address, personal telephone number(s) and personal e-mail address);
- business contact information (including e-mail address and telephone number);
- job title and corporate grade;
- date of birth;
- gender;
- marital status;
- passport / portrait photographs;
- Regulatory ID (International Passport, Driver’s License, National Identity Card or Permanent Voters Card);
- tax and pension information;
- emergency contact information / next of kin details;
- bank account details;
- sensitive personal information from pre-employment medicals (including religion, blood group and genotype);
- documents gathered during the recruitment process (including cv, application form, interview forms, background checks, references, professional memberships and qualifications, and background vetting information)
- general employment records including details of training, disciplinary and grievance matters, benefits, holiday and other absences, loans, performance records (including appraisals) and salary history;
- information gathered through Credit Direct’s monitoring of its IT systems, building access records and CCTV recording; and
- personal information which you otherwise voluntarily provide, for example when using your company e-mail.
The personal information we collect is mandatory for us to administer an employment relationship and/or comply with statutory requirements relating to your employment. Failure to provide personal information may affect our ability to accomplish the purposes stated in this Notice and potentially affect our recruitment process, your employment and post-employment. The list set out above is not exhaustive, and there may be other personal information that Credit Direct collects, stores and uses. We will update this Notice from time to time to reflect any notable changes in the categories of personal information which we process.
2. HOW DO WE GET YOUR PERSONAL INFORMATION?
The personal information which we process will be collected in a variety of ways and from the following sources:
- directly from you;
- from notes made during your recruitment interview;
- from a recruitment agency;
- in some circumstances, your personal information may be provided by third parties, such as former employers, pension administrators, health providers from your medical test;
- CCTV images from our landlords or taken using our own CCTV systems; and
- from background checks and investigation.
3. WHY DOES Credit Direct PROCESS YOUR PERSONAL INFORMATION?
Credit Direct processes your personal information for a variety of purposes:
- in order to perform its obligations under your employment contract or take steps to enter into a contract with you;
- where we need to comply with a legal obligation or any statutory requirements;
- where we have a legitimate business interest or that of a third-party;
- where it is in your vital interest;
- where it is in the interest of the public; or for official purposes; or in furtherance of national security or investigation; and
- when we have obtained consent from you.
4. HOW DO WE USE YOUR PERSONAL INFORMATION?
Credit Direct will use your personal information for different purposes and when the law allows us to or in the following circumstances:
- administering job applications and, where relevant, offering you a role with us;
- carrying out due diligence checks on you, whether during the application process for a role with us or during your engagement with us, including by checking references in relation to your education and your employment history;
- once you are employed or engaged by us in any capacity, for the performance of the contract of employment (or other agreement) between you and us;
- to pay you and to administer benefits (including pensions) in connection with your employment or other engagement with us;
- monitoring your attendance (including absence) and your performance in your work, including in performance appraisals;
- publishing the work or product(s) you create while employed by or otherwise engaged to work for Credit Direct;
- for disciplinary purposes, including conducting investigations where required;
- for other administrative purposes, for example to update you about changes to your terms and conditions of employment or engagement, or changes to your pension arrangements, etc.;
- for internal record-keeping, including the management of any feedback or complaints;
- providing you with information about us and what it is like to work for us (where you have asked for this, most obviously before you have made a formal application to work for us);
- for security purposes, including by operating security cameras in various locations of Credit Direct and the production of photo ID cards;
- to enable relevant authorities to monitor Credit Direct’s performance and to intervene or assist with incidents as appropriate;
- to help us provide loans to customers (including the recording of audio/images);
- to administer and adhere to CBN’s regulations, codes of practice and policies;
- for the purposes of management planning and forecasting, research and statistical analysis and benchmarking;
- in connection with organising events and providing corporate and social responsibility (CSR);
- making travel arrangements on your behalf, where required;
- contacting you or your family members and ‘next of kin’ for business continuity purposes, to confirm your absence from work, etc.;
- publishing your image and likeness in connection with your employment or engagement with us;
- promoting Credit Direct’s services, events and resources;
- to monitor (as appropriate) use of the Credit Direct’s IT and communications systems in accordance with the Credit Direct’s IT Policy;
- to manage performance, including the conduct of annual appraisals;
- to consider eligibility for promotion or for alternative roles within Credit Direct;
- to protect Credit Direct’s confidential and proprietary information, and intellectual property;
- if a business transfer or change of ownership occurs;
- for tax purposes, including transferring personal information to Federal and State Inland Revenue Services to ensure that the appropriate amounts of tax was paid, and in respect to any relevant requirement;
- for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the Police, EFCC and other competent authorities;
- your physical or mental health or condition(s) (for example, where required to monitor and record sickness absences, or to make reasonable adjustments to your working conditions or environment – including as part of the recruitment process if necessary);
- it is necessary to protect your or another person’s vital interests, for example, where you have a life-threatening accident or illness in the workplace and we have to process your personal information in order to ensure you receive appropriate medical attention;
- it is necessary for the establishment, exercise or defence of legal claims; or
- we have your explicit consent to do so.
Again, this list is not exhaustive, and we may undertake additional processing of personal information in line with the purposes set out above. We will update this Notice from time to time to reflect any notable changes in the purposes for which it processes your personal data.
5. WHO HAS ACCESS TO YOUR PERSONAL INFORMATION?
Personal information is stored in a range of different places, including in your personnel file in the People Management and Human Resource Management System (HRMS) and in other IT systems.
Access to your personal information is permission controlled. Your information will be shared internally, including with members of the People Management, Finance and Administration Division, the Executive Board, Managers in the business area in which you work and IT staff, if access to the data is necessary for performance of their roles.
Credit Direct may share your data with third parties to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks where necessary.
Credit Direct may share your personal information with third parties that process data on its behalf, in connection with payroll, the provision of benefits, the provision of occupational health services, the provision of outsourced IT services and software, and the provision of training.
Credit Direct may share limited personal information, such as name, job title, qualifications and experience with third parties in the process of winning work for the business.
6. SECURITY OF YOUR PERSONAL INFORMATION
We have implemented technical and organisational security measures in an effort to safeguard the personal information in our custody and control. Such measures we have implemented include, for example, limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Notice.
While we endeavour to always protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
7. RETENTION OF YOUR PERSONAL INFORMATION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for the personal information we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal data, and the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
8. YOUR PERSONAL INFORMATION RIGHTS
You may have the following rights in relation to your personal information:
- Right of withdrawal of Consent – To withdraw your consent for the processing of your personal information if we are relying on consent and have no other legal grounds for processing your personal information, you can withdraw your consent.
- Right of Access – To request a copy of the personal information processed in relation to you.
- Right of Correction – To request that we correct your personal information. You have a right to request an update to any of your personal information that is out of date or incorrect.
- Right to Object– To object to how we process your personal information. If you have any concerns about how we process your personal information.
- Right to Restriction of processing – To restrict how we process your personal information. This enables you to ask us to suspend the processing of personal information about you.
- Right to Portability –To request a copy of the personal information you have given to us in a machine-readable format. However, it is expected that you shall have taken all steps to ensure the security and safety of the medium of receiving the data and Credit Direct shall not be liable for any disclosure of your personal information provided that same was not as a result of the negligence or willful misconduct of Credit Direct.
- Right to Erasure – To ask us to delete your personal information, for example if we no longer have a valid reason to process it. This may be subject to extant relevant legislation requiring retention of personal information.
9. COMPLAINTS
If you have a complaint in relation to the processing of your personal information and you are not happy with the way we deal with it, please discuss this at our office or with our People Management Team or contact the Data Protection Officer (DPO).
You also have the right to complain to the Nigeria Data Protection Commission (NDPC).
10. REMEDIES AND CONTACTING US
In the event of a breach of personal information, Credit Direct shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NDPC. Furthermore, where we ascertain that such a breach is detrimental to your rights and freedoms in relation to your personal information, we shall take reasonable steps to inform you of the breach incident.
Where you have concerns relating to the processing of your personal information or require any clarification on this Notice, please notify us through or contact details provided below:
cdldataprotection@fcmb.com
CDLPeopleMgt@fcmb.com
Credit Direct Finance Company Limited
48/50 Isaac John Street, GRA,
Ikeja, Lagos, Nigeria
We will respond to your concerns within one month of receiving your notice.
- CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice may be updated from time to time, and you are advised to visit this site regularly to check for any amendments.