Privacy Policy

GMB Microfinance Bank Limited ("GMB MFB", "we", "our", or "us") is a licensed microfinance bank regulated by the Central Bank of Nigeria (CBN) and the Nigeria Deposit Insurance Corporation (NDIC). We are committed to protecting the privacy and personal data of our customers, prospects, and website visitors in accordance with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR). This Privacy Policy explains how we collect, use, share, and protect your personal information when you interact with our services, including our website, mobile application, USSD channels, and banking platforms.

We collect the following categories of personal information: Personal Identification: Full name, date of birth, gender, nationality, BVN (Bank Verification Number), NIN (National Identity Number), and passport photographs. Contact Information: Home address, email address, phone number, and next-of-kin details. Financial Information: Account numbers, transaction history, income details, credit history, and loan repayment records. Device & Usage Data: IP address, browser type, device identifiers, pages visited, and interaction logs when you use our digital platforms. KYC Documentation: Utility bills, government-issued IDs, and other documents required for regulatory compliance.

We process your personal data on the following legal grounds as specified under the NDPA 2023: - Contractual necessity: To open and manage your account, process transactions, and deliver financial products and services. - Legal obligation: To comply with CBN directives, anti-money laundering (AML) regulations, the Financial Intelligence Unit (NFIU) requirements, and tax reporting obligations. - Legitimate interests: For fraud prevention, credit risk assessment, internal analytics, and security monitoring. - Consent: For marketing communications, optional surveys, and non-essential cookies (which you may withdraw at any time).

Your personal data is used to: - Open, operate, and manage your bank account(s) - Process deposits, withdrawals, transfers, and loan transactions - Conduct identity verification and credit assessments - Comply with CBN Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations - Detect and prevent fraud, unauthorized access, and financial crime - Send account alerts, statements, and transactional notifications - Respond to your enquiries, complaints, and support requests - Improve our products, services, and customer experience - Send promotional offers and financial education content (with your consent)

We do not sell your personal data. We may share it with: Regulatory Bodies: CBN, NDIC, NFIU, FIRS, and other government authorities where required by law. Service Providers: Payment processors (NIBSS, Interswitch), IT vendors, cloud providers, and credit bureaus (CRC, FirstCentral, CreditRegistry) under strict data processing agreements. Banking Partners: Correspondent banks and financial institutions necessary to process your transactions. Law Enforcement: Where we are legally compelled to disclose information to courts, law enforcement, or regulatory agencies. Group Companies: Where applicable, to affiliated entities under the GMB Group for administrative and operational purposes. All third parties are required to handle your data in compliance with the NDPA 2023 and applicable CBN guidelines.

We retain your personal data for as long as necessary to: - Maintain your banking relationship with us - Comply with CBN's minimum retention period of 5 years after account closure - Meet AML/CFT obligations (minimum 5 years post-transaction) - Resolve disputes and enforce our agreements After the applicable retention period, your data is securely deleted or anonymized.

We implement industry-standard technical and organizational measures to protect your data, including: - 256-bit SSL/TLS encryption for all digital transactions - Multi-factor authentication (MFA) for account access - Role-based access controls for staff - Regular security audits and penetration testing - PCI DSS compliance for card data handling - Secure data centres with physical access controls While we take every precaution, no system is completely immune to risk. You are encouraged to keep your PIN, passwords, and OTPs strictly confidential.

As a data subject, you have the following rights: Right of Access: Request a copy of the personal data we hold about you. Right to Rectification: Correct inaccurate or incomplete personal data. Right to Erasure: Request deletion of your data where there is no legal obligation to retain it. Right to Restriction: Request that we limit processing of your data in certain circumstances. Right to Data Portability: Receive your data in a structured, machine-readable format. Right to Object: Object to processing based on legitimate interests or for direct marketing. Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing. To exercise any of these rights, contact our Data Protection Officer (DPO) at privacy@gmbmfbank.com or visit any of our branches.

Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for full details on what we collect, why, and how to manage your preferences.

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from minors without verifiable parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take prompt action to delete it.

We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our practices. We will notify you of material changes via email, SMS, or a prominent notice on our website and mobile app. The "Last Updated" date at the top of this page indicates the most recent revision.

For privacy-related enquiries, complaints, or to exercise your rights, please contact: Data Protection Officer GMB Microfinance Bank Limited Community Plaza, Eke Market Square, Nibo, Anambra State Email: privacy@gmbmfbank.com Phone: 08061299041 You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpb.gov.ng if you are unsatisfied with our response.