Global Privacy Policy
Last Updated: February 14, 2026
Global Scope: This Privacy Policy applies to all users of Flocent's services, regardless of location. However, specific provisions apply to users in the European Economic Area (EEA), United Kingdom (UK), Nigeria, and the United States as detailed below.
1. Data Controller
The entity responsible for the processing of your personal data ("Data Controller") depends on your location:
- For Users in the EEA and UK: The Data Controller is Flocent Global Ltd (or its appointed representative in the EU).
- For Users in Nigeria and Rest of World: The Data Controller is Flocent Technologies Ltd, located at Lekki Phase 1, Lagos, Nigeria.
2. Information We Collect
To provide our services, we collect data in the following categories:
2.1. Information You Provide
- Identity Data: Name, government-issued ID (Passport, NIN, Driver's License), date of birth, and facial biometrics for KYC verification.
- Contact Data: Residential address, email address, and mobile phone number.
- Financial Data: Bank account numbers, card details, and source of funds declarations.
2.2. Information Automatically Collected
- Technical Data: IP address, device model, operating system, and unique device identifiers (IMEI/UUID).
- Usage Data: Transaction logs, login timestamps, and in-app interactions.
- Location Data: Geolocation data to prevent fraud and comply with local banking regulations.
2.3. Information Collected via Verification Services
We may collect personal information about you from third-party identity verification or KYC services. This allows us to verify your identity, prevent fraud, and comply with legal obligations. This data includes:
- Personal Information: We collect your full name, Contact Information, Biometric information, Government ID number (from a national database)
- Verification Status: Confirmation of whether your provided details (like BVN or NIN) match government databases.
- Sanctions & PEP Screening: Results from checks against global sanctions lists (e.g., OFAC, UN) and Politically Exposed Persons databases.
- Fraud Scores: Risk assessments associated with your identity or device footprint provided by anti-fraud partners.
- Public Records: Information available from public registries or credit bureaus where lawful and necessary.
3. Legal Basis for Processing (EEA/UK Users)
If you are located in the EEA or UK, we process your personal data only when we have a valid legal basis. The table below outlines our purposes and the specific legal basis we rely on:
| Purpose of Processing | Legal Basis |
|---|---|
| Service Provision: Account creation, transfer processing, and card issuance. | Performance of Contract: Processing is necessary to fulfill our user agreement with you. |
| Regulatory Compliance: KYC checks, AML screening, and sanction checks. | Legal Obligation: Necessary to comply with EU, UK, and Nigerian financial laws. |
| Fraud Prevention: Monitoring transactions for suspicious patterns. | Legitimate Interest: Protecting our platform and users from financial crime. |
| Marketing: Sending newsletters and promotional alerts. | Consent: We only send marketing if you have explicitly opted in. |
4. International Data Transfers
Flocent operates globally. Your personal data may be transferred to, and processed in, countries other than the country in which you are resident.
4.1. Transfers from the EEA/UK
When we transfer data from the EEA/UK to Nigeria or the US, we ensure appropriate safeguards are in place, specifically:
- Standard Contractual Clauses (SCCs): We utilize the European Commission's approved model clauses for data transfers between our entities and third-party processors.
- Adequacy Decisions: Where applicable, we rely on adequacy findings by the European Commission or UK Government.
5. Disclosure to Third Parties
We share data with vetted partners to facilitate our services. We do not sell your data.
- Banking Partners: (e.g., Visa/Mastercard) to execute transactions.
- Identity Verification: (e.g., IdentityPass, Veriff) to confirm your identity.
- Cloud Infrastructure: (e.g., Google Cloud, AWS) for secure hosting.
- Regulatory Authorities: (e.g., FCA, CBN) when strictly required by law.
6. Data Retention
We retain your personal data only for as long as is necessary. For financial transaction records, we are legally required to retain data for a minimum of 5 to 7 years (depending on jurisdiction) after account closure to comply with Anti-Money Laundering (AML) laws.
7. Your Rights
Your rights regarding your data depend on your jurisdiction.
7.1. For Users in the EEA/UK (GDPR)
- Right to access and data portability.
- Right to rectification of inaccurate data.
- Right to erasure ("Right to be forgotten"), subject to mandatory legal retention periods.
- Right to restrict or object to processing.
- Right to lodge a complaint with a supervisory authority (e.g., the ICO in the UK).
7.2. For Users in Nigeria (NDPR)
- Right to request access to your personal data.
- Right to object to the processing of personal data for marketing purposes.
- Right to withdraw consent at any time.
- Right to lodge a complaint with the NITDA (National Information Technology Development Agency).
7.3. For Users in the United States
We do not sell personal data. Residents of California and other states may have the right to know what personal information is collected and to request deletion, subject to exemptions for financial institutions under federal law (GLBA).
8. Security
We employ bank-grade security protocols, including AES-256 encryption for data at rest and TLS 1.3 for data in transit. Access to personal data is restricted to employees and contractors who have a business need to know and are subject to strict confidentiality obligations.
9. Contact Us
If you have any questions regarding this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer (DPO):
Flocent Privacy Office
Email: [email protected]
For EEA/UK Representative queries, please indicate "EU Representative" in the subject line.