We are Touch and Pay Technologies Limited (‘we’, ‘our’, ‘us’) We are registered with the Corporate Affairs Commission with the number RC1419578. We have developed an application called “COWRY” to provide financial technology services

This policy describes what information we collect about you, how we collect and use the information you share with us, and with whom we share that information. You don’t have to share any information with us, but to use our services, we’ll need some information from you.

Touch and Pay has a zero-tolerance attitude towards data mismanagement and any latitude of such, can damage the reputation of the Company. Accordingly, any violation of this Policy may result in disciplinary action, up to and including dismissal in appropriate circumstances. It is therefore extremely important that you familiarize yourself with this Policy and strictly adhere to it. If you have any questions, please consult the Head of Operations/ Data Protection Officer.

Identity Data

includes first name, last name, maiden name, username or similar identifier, marital status, title, date of birth, gender

Contact Data

includes billing address, delivery address, email address and telephone numbers

Financial Data

includes bank account and payment card details

Transaction Data

includes details about your transactions

Device Data

includes information on the devices with which you access the platform

Profile Data

includes your username and password, picture, transaction history, your interests, preferences, feedback and survey responses

Usage Data

includes details of your use of our services

Marketing and Communications Data

includes your preferences in receiving marketing from us and our third parties and your communication preferences

Location Data

includes your current location disclosed by GPS technology or any other location territory

This Privacy Policy describes your privacy rights regarding our collection, use, storage, sharing and protection of your personal information. It applies to the Touch & Pay applications, services, tools and physical contact with us regardless of how you access or use them. If you have created a username, identification code, password, pin code or any other piece of information as part of our access security measures, you must treat such information as confidential.

You accept this Privacy Policy when you give consent upon access to our platforms, or use our services, content, features, technologies or functions offered on our mobile application or visit any of our offices for official or non- official purposes. This Policy governs the use of Touch & Pay services and intervention projects by our users and stakeholders unless otherwise agreed through written contract.

For certain information, we’ll ask for your consent. We’ll ask for your consent to:

• View your contact list for wallet to wallet transfers

We may receive, use, store and transfer different kinds of personal data about you including the Identity Data, Contact Data, Financial Data, Transaction Data, Device Data, Profile Data, Usage Data, Marketing and Communications Data, Location Data. We access your contact information but we do not share with a third party or save to a remote data source, we do so to provide you with an optimized user experience

We collect certain data from you to fulfill the contract we have with you, or to enter into a contract with you. We use this data to:

• Give you the services we agreed to in line with our terms and conditions.
• Investigate and resolve complaints and other issues through the Information you give us when you contact us through other channels

If you contact us via other means than the in-app chat, we collect the following information so we can answer your questions or take action.

• The phone number you’re calling from and the information you give us during the call.
• The email address you use and the contents of your email (and any attachments) sent to us.
• Public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.

• The mobile network operator and the operating system that you use,
• Your IP addresses and device ID
• Your phone contacts so you can make wallet to wallet transfers on cowry

We keep your information as long as you are a cowry customer and for any additional period as required under applicable law or regulations.

This is information we receive about you if you use any of the other Platforms we operate.

When you create an account with us, we may collect information, including nonpublic personal information, about you from third party service providers in order to verify your identity and for fraud prevention, including your prior addresses and names.

Cookies are small files placed on device that enables the mobile application to identify your device as you view different pages. Cookies allow mobile applications to store your preferences in order to present contents, options or functions that are specific to you. Like most interactive mobile applications, our mobile application uses cookies to enable the tracking of your activity for the duration of a session. Our mobile application uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the application. They will typically store information in the form of a session identification that does not personally identify the user.

This helps us to provide you with a good experience when you access our Platform and allows us to improve our site.

You can set your browser to refuse all or some browser cookies or to alert you when Platforms set or access cookies. If you disable or refuse cookies, please note that some parts of this Platform may become inaccessible or not function properly.

The Nigerian Data Protection Regulations 2019 (NDPR) requires that we have a lawful basis for processing your personal information. At least one of the following lawful basis must apply before we process your personal information: contractual or legal obligations, legitimate interest of the data controller, public interest, vital interest of the data subject or consent. The information that we collect from you. We may use information held about you in the following ways:

to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;

to ensure that content from our mobile application is presented in the most effective manner for you and to notify you about changes to our service;

to administer our application and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and

to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

Information we receive from other sources

We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

You agree that we have the right to share your personal information:

with any of our affiliated companies and service providers;

with financial service providers, including the financial institutions identified in your cardholder bank agreement that provide banking services in connection with your account;

with non-financial companies, such as email service providers that perform marketing services on our behalf, and fraud prevention service providers that use the information to provide services to us;

with a non-affiliated third-party to access and transmit your personal and financial information from a relevant financial institution. You grant the third-party the right, power, and authority to access and transmit this information according to terms of their privacy policy;

with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;

with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or alternatively, acquire all or parts of their businesses;

in response to a request for information, if we are required by, or we believe disclosure is in accordance with, any applicable law, regulation or legal process; and

with relevant law enforcement officials or other third parties, such as investigators or auditors, if we believe it is appropriate to investigate fraud

We may provide other users with your personal information to complete a transaction. Such information may include your name, account identity, contact details or such additional information required information for the transaction.

We work with third parties, including, E-Tranzact, NIBSS and other financial institutions to enable an efficient system.

Our Platform may, from time to time contain links, to and from the Platforms of our partner networks, advertisers and affiliates. Please note that these Platforms and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data, such as contact and location data, which may be collected through these Platforms or services. Please check these policies before you submit any personal data to these Platforms or use these services.

It is imperative that your data with us is current and accurate. You may request for the rectification of any personal data that we hold about you so as to enable you to correct any incomplete or inaccurate data we hold about you. We may, however, need to verify the accuracy of the new data you provide to us.

We deploy strict physical, electronic, and administrative security measures to protect your information from access by unauthorised persons, against unlawful processing and foreseeable hazards and breaches when online.

We will retain your data for as long as necessary for the said purpose of the processing, and after that, we will keep your data as long as the law requires and or lawful purposes.

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data’s accuracy.

Where our use of the data is unlawful but you do not want us to erase it.

Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

This Privacy Policy is made pursuant to the Nigeria Data Protection Regulation (2019) or any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria. Where any provision of this Policy is deemed inconsistent with a law, regulation or convention, such provision shall be subject to the overriding law, regulation or convention.

We may periodically update this Policy without notifying you, but we will display a conspicuous notice on this Platform to inform you of any significant changes to our Policy.

Please check back frequently to see whether there are any updates or changes to this Policy.

If you have any questions about this privacy policy or our privacy practices, please contact our customer service through any of the following ways:

Full name of legal entity: Touch and Pay Technologies Limited
Email address: hello@touchandpay.me
Postal address: 5 th floor, SAPETRO Towers, Adeola Odeku Street, Victoria Island, Lagos
Telephone number: +2348035870063

This policy was last updated on 11 th of November 2023