Credit Direct Finance Company Limited (“CDL”, “we”, “our”, “us” or “Credit Direct”) is committed to protecting the personal data of job applicants and its employees. This Notice sets out important information about how CDL collects and uses your personal data during pre-employment exercise, the course of your employment and after your employment has ended. You should read this Notice carefully and raise any questions you may have with the People Management Division or Data Protection Officer.

1. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

Personal data means any data which identifies you and relates to you as an individual. As a job applicant, employee, or ex-employee, CDL will collect, use, and store your personal data for a wide variety of reasons in connection with the employment relationship. We have set out below the following categories of employee personal data which we process about you:

• personal contact information (including your name, home address, personal telephone number(s) and personal e-mail address);
• business contact information (including e-mail address and telephone number);
• job title and corporate grade;
• date of birth;
• gender;
• marital status;
• passport / portrait photographs;
• Regulatory ID (International Passport, Driver’s License, National Identity Card or Permanent Voters Card);
• tax and pension information;
• emergency contact information / next of kin details;
• bank account details;
• sensitive personal data from pre-employment medicals (including religion, blood group and genotype);
• documents gathered during the recruitment process (including cv, application form, interview forms, background checks, references, professional memberships and qualifications, and background vetting information)
• general employment records including details of training, disciplinary and grievance matters, benefits, holiday and other absences, loans, performance records (including appraisals) and salary history;
• information gathered through CDL’s monitoring of its IT systems, building access records and CCTV recording; and
• personal data which you otherwise voluntarily provide, for example when using your company e-mail.

The personal data we collect is mandatory for us to administer an employment relationship and/or comply with statutory requirements relating to your employment. Failure to provide personal data may affect our ability to accomplish the purposes stated in this Notice and potentially affect our recruitment process, your employment and post-employment.   The list set out above is not exhaustive, and there may be other personal data that CDL collects, stores and uses. We will update this Notice from time to time to reflect any notable changes in the categories of personal data which we process.

2. HOW DO WE GET YOUR PERSONAL DATA?

The personal data which we process will be collected in a variety of ways and from the following sources:

• directly from you;
• from notes made during your recruitment interview;
• from a recruitment agency;
• in some circumstances, your personal data may be provided by third parties, such as former employers, pension administrators, health providers from your medical test;
• CCTV images from our landlords or taken using our own CCTV systems; and
• from background checks and investigation.

3. WHY DOES CDL PROCESS YOUR PERSONAL DATA?

CDL processes your personal data for a variety of purposes:

• in order to perform its obligations under your employment contract or take steps to enter into a contract with you;
• where we need to comply with a legal obligation or any statutory requirements;
• where we have a legitimate business interest or that of a third-party;
• where it is in your vital interest;
• where it is in the interest of the public; or for official purposes; or in furtherance of national security or investigation; and
• when we have obtained consent from you.

4. HOW DO WE USE YOUR PERSONAL DATA?

CDL will use your personal data for different purposes and when the law allows us to or in the following circumstances:

• administering job applications and, where relevant, offering you a role with us;
• carrying out due diligence checks on you, whether during the application process for a role with us or during your engagement with us, including by checking references in relation to your education and your employment history;
• once you are employed or engaged by us in any capacity, for the performance of the contract of employment (or other agreement) between you and us;
• to pay you and to administer benefits (including pensions) in connection with your employment or other engagement with us;
• monitoring your attendance (including absence) and your performance in your work, including in performance appraisals;
• publishing the work or product(s) you create while employed by or otherwise engaged to work for CDL;
• for disciplinary purposes, including conducting investigations where required;
• for other administrative purposes, for example to update you about changes to your terms and conditions of employment or engagement, or changes to your pension arrangements, etc.;
• for internal record-keeping, including the management of any feedback or complaints;
• providing you with information about us and what it is like to work for us (where you have asked for this, most obviously before you have made a formal application to work for us);
• for security purposes, including by operating security cameras in various locations of CDL and the production of photo ID cards;
• to enable relevant authorities to monitor CDL’s performance and to intervene or assist with incidents as appropriate;
• to help us provide loans to customers (including the recording of audio/images);
• to administer and adhere to CBN’s regulations, codes of practice and policies;
• for the purposes of management planning and forecasting, research and statistical analysis and benchmarking;
• in connection with organising events and providing corporate and social responsibility (CSR);
• making travel arrangements on your behalf, where required;
• contacting you or your family members and ‘next of kin’ for business continuity purposes, to confirm your absence from work, etc.;
• publishing your image and likeness in connection with your employment or engagement with us;
• promoting CDL’s services, events and resources;
• to monitor (as appropriate) use of the CDL’s IT and communications systems in accordance with the CDL’s IT Policy;
• to manage performance, including the conduct of annual appraisals;
• to consider eligibility for promotion or for alternative roles within CDL;
• to protect CDL’s confidential and proprietary information, and intellectual property;
• if a business transfer or change of ownership occurs;
• for tax purposes, including transferring personal data to Federal and State Inland Revenue Services to ensure that the appropriate amounts of tax was paid, and in respect to any relevant requirement;
• for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the Police, EFCC and other competent authorities;
• your physical or mental health or condition(s) (for example, where required to monitor and record sickness absences, or to make reasonable adjustments to your working conditions or environment – including as part of the recruitment process if necessary);
• it is necessary to protect your or another person’s vital interests, for example, where you have a life-threatening accident or illness in the workplace and we have to process your personal data in order to ensure you receive appropriate medical attention;
• it is necessary for the establishment, exercise or defence of legal claims; or
• we have your explicit consent to do so.

Again, this list is not exhaustive, and we may undertake additional processing of personal data in line with the purposes set out above. We will update this Notice from time to time to reflect any notable changes in the purposes for which it processes your personal data.

5. WHO HAS ACCESS TO YOUR PERSONAL DATA?

Personal data is stored in a range of different places, including in your personnel file in the People Management and Human Resource Management System (HRMS) and in other IT systems.

Access to your personal data is permission controlled. Your information will be shared internally, including with members of the People Management, Finance and Administration Division, the Executive Board, Managers in the business area in which you work and IT staff, if access to the data is necessary for performance of their roles.

CDL may share your data with third parties to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks where necessary.

CDL may share your personal data with third parties that process data on its behalf, in connection with payroll, the provision of benefits, the provision of occupational health services, the provision of outsourced IT services and software, and the provision of training.

CDL may share limited personal data, such as name, job title, qualifications and experience with third parties in the process of winning work for the business.

6. SECURITY OF YOUR PERSONAL DATA

We have implemented technical and organisational security measures in an effort to safeguard the personal data in our custody and control. Such measures we have implemented include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for the purposes described in this Notice.

While we endeavour to always protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

7. RETENTION OF YOUR PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for the personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, and the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. YOUR PERSONAL DATA RIGHTS

You may have the following rights in relation to your personal data:

• Right of withdrawal of Consent – To withdraw your consent for the processing of your personal data if we are relying on consent and have no other legal grounds for processing your personal data, you can withdraw your consent.
• Right of Access – To request a copy of the personal data processed in relation to you.
• Right of Correction – To request that we correct your personal data. You have a right to request an update to any of your personal data that is out of date or incorrect.
• Right to Object– To object to how we process your personal data. If you have any concerns about how we process your personal data.
• Right to Restriction of processing – To restrict how we process your personal data. This enables you to ask us to suspend the processing of personal data about you.
• Right to Portability –To request a copy of the personal data you have given to us in a machine-readable format. However, it is expected that you shall have taken all steps to ensure the security and safety of the medium of receiving the data and CDL shall not be liable for any disclosure of your personal data provided that same was not as a result of the negligence or willful misconduct of CDL.
• Right to Erasure – To ask us to delete your personal data, for example if we no longer have a valid reason to process it. This may be subject to extant relevant legislations requiring retention of personal data.

9. COMPLAINTS

If you have a complaint in relation to the processing of your personal data and you are not happy with the way we deal with it, please discuss this at our office or with our People Management Team or contact the Data Protection Officer (DPO).

You also have the right to complain to the Nigeria Data Protection Commission (NDPC).

10. REMEDIES AND CONTACTING US

In the event of a breach of personal data, CDL shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NDPC. Furthermore, where we ascertain that such a breach is detrimental to your rights and freedoms in relation to your personal data, we shall take reasonable steps to inform you of the breach incident.

Where you have concerns relating to the processing of your personal data or require any clarification on this Notice, please notify us through or contact details provided below:

cdldataprotection@fcmb.com

CDLPeopleMgt@fcmb.com

Credit Direct Finance Company Limited
48/50 Isaac John Street, GRA,
Ikeja, Lagos, Nigeria

We will respond to your concerns within one month of receiving your notice.

11. CHANGES TO THIS PRIVACY NOTICE

This Privacy Notice may be updated from time to time, and you are advised to visit this site regularly to check for any amendments.