2.1.1 Business name and address

2.1.2 Corporate Affairs Commission (CAC) registration details and documents

2.1.3 Tax Identification Number (TIN)

2.1.4 SCUML certificate (where applicable)

2.1.5 Bank account details

2.1.6 Contact details of authorised representatives (name, phone number, email)

2.1.7 Business website and description of services

2.1.8 License to operate (where applicable)

2.1.9 Other regulatory documents as may be required

2.2.1 Transaction ID, date, and amount

2.2.2 Payment method (card, account transfer, etc.)

2.2.3 Customer payment details (masked PAN, transaction reference, etc.)

2.2.4 Merchant and customer device information

2.2.5 IP address, browser type, and session logs

2.2.6 Location data and time zone for transaction verification (where applicable).

2.2.7 Error and dispute logs to support troubleshooting and service recovery.

2.3.1 Cookies and web analytics data. Cookies and analytics data are used only to the extent necessary for service delivery, fraud prevention, and user experience improvement

2.3.2 API usage logs and integration performance metrics

2.3.3 Fraud detection and risk monitoring data

3.1 Globus Bank uses the collected information for the following purposes:

3.1.1 To verify merchant identity and onboard merchants onto the Gateway.

3.1.2 To process and authorize customer transactions securely.

3.1.3 To perform settlements and reconciliations.

3.1.4 To prevent, detect, and investigate fraud, money laundering, or other illegal/unauthorised activities.

3.1.5 To communicate updates, system alerts, and service notifications.

3.1.6 To comply with legal, regulatory, and reporting obligations.

3.1.7 To analyse system performance and improve the quality of our services.

3.1.8 To respond to inquiries, disputes, and chargebacks.

3.1.9 To personalize user experience and interface settings.

3.1.10 To perform internal testing, research, and product development in a manner consistent with data minimization principles.

Globus Bank does not sell, lease, or commercially exploit your personal data. Any disclosure to third parties is strictly in accordance with data protection laws and for the purposes disclosed in this policy

4.1 We process your data based on one or more of the following legal grounds:

4.1.1 To perform our obligations under the Payment Gateway Agreement.

4.1.2 To comply with applicable laws and regulations, including anti-money laundering and terrorist financing. For fraud prevention, service improvement, consumer protection, and audit purposes.

4.1.3 For specific uses such as marketing communication (where applicable).

4.2 Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of prior processing

5.1 We may share your data only where necessary, lawful and secure under the following conditions:

5.1.1 With Regulators and Authorities like CBN, NFIU acting under lawful request or mandate.

5.1.2 With Third-Party Service Providers like Payment processors, card schemes, and financial networks (e.g., Visa, Mastercard, Verve, NIBSS etc.), IT service providers supporting platform operations, and Fraud and risk monitoring solution providers

5.1.3 Within the Globus Bank to facilitate internal compliance, audit, or operational efficiency purposes.

5.1.4 With professional advisers, auditors, and consultants under confidentiality obligations.

5.1.5 All third-party recipients are bound by strict confidentiality and data protection obligations consistent with this Policy.

6.1 Merchant onboarding and transaction records are retained for a minimum of seven (7) years in line with CBN record-keeping requirements.

6.2 Data may be retained longer where required by law, regulations or for ongoing investigations or dispute resolution.

6.3 When data is no longer required, it is securely deleted, anonymised, or archived in accordance with Globus Bank’s data retention policy and NDPC guidelines.

7.1 We employ robust physical, technical, and organizational measures to protect your data, including:

7.1.1 End-to-end encryption of sensitive data (e.g., cardholder information)

7.1.2 Secure Socket Layer (SSL) connections

7.1.3 Role-based access controls and authentication

7.1.4 Regular vulnerability assessments and PCI-DSS compliance audits

7.1.5 Data backup, disaster recovery, and incident response mechanisms

While Globus Bank applies industry-standard security and encryption measures to protect your information, no online platform is entirely risk-free. Accordingly, Globus Bank shall not be liable for any data breach, loss, or unauthorized access arising from circumstances beyond its reasonable control, including, but not limited to, negligence, compromise, or security lapses on the part of the merchant, user, or third-party network providers

8.1 Where data must be transferred outside Nigeria (for example, to international card schemes or processors), such transfers shall comply with the NDPA, GAID and applicable cross-border data transfer safeguards, including:

8.1.1 Transfers to countries with adequate data protection laws; or

8.1.2 Execution of data protection agreements with third parties ensuring equivalent safeguards.

9.1 As a merchant using the Web Payment Gateway, you agree to:

9.1.1 Collect, process, and store customer data in compliance with the NDPA and other data privacy laws.

9.1.2 Obtain appropriate consent from customers before collecting or transmitting their data.

9.1.3 Not retain, store, or reuse customer card or payment credentials beyond what is permitted by law.

9.1.4 Report any suspected or actual data breach or unauthorized access to the Bank immediately.

9.2 Failure to comply with these obligations may lead to suspension or termination of your access to the Gateway.

10.1 Under the NDPA, you have the following rights regarding your personal data:

10.1.1 Right to Access: Request copies of your personal data held by the Bank.

10.1.2 Right to Rectification: Request correction of inaccurate or incomplete data.

10.1.3 Right to Erasure: Request deletion of your data, subject to legal and regulatory requirements

10.1.4 Right to Restrict Processing: Request limitation of processing in specific circumstances.

10.1.5 Right to Data Portability: Receive your data in a structured, commonly used format.

10.1.6 Right to Object: Withdraw consent or object to certain processing activities.

10.2 Requests relating to data protection can be made by contacting our Data Protection Officer.

11.1 Our Gateway may use cookies or similar technologies to:

11.1.1 Authenticate users and maintain session states;

11.1.2 Enhance user experience and measure usage patterns;

11.1.3 Prevent fraudulent activities.

11.2 Merchants can manage cookie preferences via their browser settings; however, disabling cookies that are strictly necessary may affect service functionality

12.1 In the event of a data breach that compromises personal information, Globus Bank shall:

12.1.1 Notify affected merchants and regulatory authorities within 72 hours of confirmation;

12.1.2 Provide details of the breach, affected systems, and mitigation measures;

12.1.3 Support affected parties to minimize potential impact.

For inquiries, complaints, or data protection requests, please contact:

Data Protection Officer

Globus Bank Limited Registered Office: Plot 722 Akinbo Savage Street, Victoria Island, Lagos

Email: [Insert DPO Email Address]

Phone: [Insert Contact Number]

Website: www.globusbank.com