By providing your personal data to us, you have signified your acceptance of our Privacy Policy and agree that we may collect, use and disclose your personal information for specified purposes as described in this Policy.

According to the DPA and NDPR, this responsibility rests upon the “Data Controller”, namely:

Disputed Financial Transactions Advisory Services
62 Crown Street, London SW4 3TU, United Kingdom
Tel: +44 79 2252 0308
Email: support@diftas.co.uk

If you have any general questions or concerns about this Policy or the way in which we process your personal data, kindly contact our Data Protection Officer via the contact details above or this email address: support@diftas.co.uk

Personal data refers to any information that tells us something about you or that we can link directly to you. Typically, we will hold data about you that is relevant to the business relationship we have with you and how you interact with us.

We process any information we receive from you, including personal and financial information you provide to us in respect to onboarding you as our customer, when you apply for a job with us, when we employ you as our staff, when you enquire about our services, register to use and/or use any of our services and when you communicate with us through our social media sites, e-mail, our website or portal, telephone or any other electronic means.

Such information may include the following:

• Name and other contact data: We may collect your first, middle and last name; email address; phone number, and other similar contact data to process your request.
• Credentials: When you subscribe to any of our products, particularly our e-channels products, you may be required to provide a User ID, a password and similar security information used for authentication and account access. You may also be required or opt to use biometric identification to access your account and authenticate transactions.
• Usage Data: We may collect usage data sent by your browser whenever you access our online services or when you access our services through a mobile device. This usage data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our service that was visited, the time and date of the visit, the time spent on those pages, unique device identifiers and other diagnostic data.

We collect your personal data in order to facilitate and manage our relationship with you. Specifically, we collect your personal data for at least one of the following purposes:

• For the performance of a contract:

  In order for you to open and maintain an account with us, have access to our products and services or work with us, we will need to process your personal data. We may also need to process your personal data to take steps at your request prior to entering into a contract.

• For compliance with a legal obligation or acting in the public interest

  As a bank, we are subject to several statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for anti-money laundering purposes or to respond to investigations or disclosure orders from law enforcement agencies, our regulators, and tax or other public authorities.

• For the purposes of legitimate interests

  Where necessary, we will process your personal data to serve our legitimate interests or those of a third party. Such applicable cases include:

  • Customer Due Diligence
  • Know Your Employee checks
  • Responding to your complaints and inquiries
  • Assessment, improvement and development of our products and services
  • Information security and building security, such as the use of CCTV recording
  • Managing the risks and optimising the efficiency of our operations
  • Recording telephone calls and monitoring electronic communications for business and compliance purposes
  • Prevention and detection of fraud, money laundering and other financial crimes
  • Evaluating, bringing or defending legal claims
  • Assessment of proposed data subjects’ employability and other employees’ benefits-related purposes
  • Marketing of our products and services. We will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them. Additionally, you can withdraw your consent at any time and free of charge
  • Audits

We may obtain personal data through the following methods:

Direct collection source:

• Electronic means (emails, social media sites, website, telephone)
• Job application documentation
• Employee engagement forms
• Visitors register

Third-party data collection source:

• Individuals nominated and authorised by the data subject to engage us on his/her behalf. A copy of your consent given to the third party to transfer your data to DiFTAS shall suffice for our processing
• Government agencies
• Financial Institutions
• Publicly available sources e.g. newspapers, websites
• Vendors engaged to conduct screening checks on newly employed staff before confirmation of appointment.

Cookies are small files placed on your device’s browser that enables the website to identify your device as you view different pages. When you visit our website, we will use cookies to track your browsing history to improve your experience. We do not use cookies to collect any personally identifiable information about you.

In line with the record preservation requirement, we will retain your personal data for a period of five (5) years after your relationship with us has ended. This is to enable us fulfil the relevant purposes set out in this policy and to comply with our regulatory obligations. However, we may retain personal data for longer periods if it is in our legitimate business interests and required to comply with applicable laws. We will continue to use and disclose such personal data in accordance with this Privacy Policy.

We may share information about you with a range of third parties for our business purposes or as permitted/required by law. Such third parties may include: our service providers and agents; professional advisors; Government agencies; background screening providers; health maintenance organisations; customer address verification companies; financial institutions;, exchanges; regulators; law enforcement agencies; courts; public authorities; and potential purchasers of elements of our business. These third parties could be located outside UK and Nigeria.

We will only disclose information about you with your consent, where necessary, and in line with the provisions of the DPA and NDPR.

Where necessary, in line with the purposes described in section 8 above, information relating to you may be transferred to countries outside UK and Nigeria i.e. third countries. However, if we use service providers in a third country, they will be obligated to apply the same level of protection to your data as would be necessary in the UK and Nigeria. We enforce this through the inclusion of standard data protection clauses in our agreements with them and conducting vendor security assessments. More importantly, we will not transfer your personal data to a third country in a way that is not permitted under the DPA and NDPR.

Under the DPA and NDPR, you are entitled to the following rights:

• Access Request

  You have the right to access personal data relating to you. This enables you to receive a copy of the personal data we hold about you in electronic form, unless you want a paper copy which will attract a fee.

• Rectification Request

  You have the right to ask us to correct your personal data if it is inaccurate and to have incomplete personal data updated without undue delay.

• Erasure Request

  You have the right to ask us to erase your personal data if:

  • Your personal data are no longer necessary for the purpose(s) they were collected for
  • Your personal data have been unlawfully processed
  • Your personal data must be erased to comply with a regulation
  • You withdraw your consent for the processing of the personal data (and if this is the only basis on which we are processing your personal data)
  • You object to processing that is based on our legitimate interests, provided there are no overriding legitimate grounds for continued processing, or
  • You object to processing for direct marketing purposes.

  If we have made the personal data concerned public, we will also take reasonable steps to inform other data controllers processing the data so they can seek to erase links to or copies of your personal data.

• Request to Object

  You have the right to object at any time to the processing of your personal data if we process it based on our legitimate interests or on the basis that we are acting in the public interest. This includes any so-called “profiling”. Our Privacy Policy informs you when we rely on legitimate interests to process your personal data. In these cases, we will stop processing your personal data unless we can demonstrate compelling legitimate reasons for continuing the processing. We may reject your request if the processing of your personal data is needed to establish, exercise or defend legal claims.

  Additionally, you have the right to object at any time if we process your personal data for direct marketing purposes. You may also object at any time to profiling supporting our direct marketing. In such cases, we will simply stop processing your personal data when we receive your objection or opt out in the case that we do not require to process your data.

• Request to Restrict

  You have the right to ask us to restrict the processing of your personal data if:

  • You contest the accuracy of your personal data and we are in the process of verifying the Personal Data we hold
  • The processing is unlawful and you do not want us to erase your personal data
  • We no longer need your personal data for the original purpose(s) of processing, but you need them to establish, exercise or defend legal claims and you do not want us to delete the Personal Data as a result, or
  • You have objected to processing carried out because of our legitimate interests while we verify if our legitimate grounds override yours.

• Request for Portability

  You have the right to ask that we transfer any personal data that you have provided to us to another third party in a commonly used electronic format. Once transferred, the other party will be responsible for safeguarding such personal data.

• Request to Object to Automated Decisions

  Typically, you have the right to object to any decision producing a legal effect concerning you or which otherwise significantly affects you if this is based solely on the automated processing of your personal data. This includes automated decisions based on profiling. We may refuse your request if the decision in question is:

  • Necessary to enter a contract with you, or for the performance of your contract with us, or
  • Permitted by regulations

  To exercise any of these rights, please write to the Data Protection Officer via the contact details given in section 1 above.

We maintain strict physical, electronic, and procedural security measures designed to provide reasonable protection for your personal data in order to mitigate against loss, misuse, damage, or unauthorised access.

The security measures include: physical access controls to our premises, CCTV cameras for public safety and quality control, cybersecurity controls as well as information access authorization controls. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and profile registration information and verifying that the personal data we maintain about you is accurate and up to date.

We will duly inform you of any breaches which may pose threat to your personal data.