INTRODUCTION

OVERVIEW
This Privacy Policy describes the customer’s privacy rights regarding how and when we collect, use, store, share and protect your information across our website, payment platforms, APIs, software applications (“Apps”), notifications and tools regardless of how you use or access them.
This Privacy Policy is applicable to all of the Website, software applications (“Apps”) and/or payment platforms (“Platforms”) offered by Sage Grey or affiliated companies collectively referred to as Sage Grey “services”.
“Sage Grey”, “we” “us” or our” in this privacy statement means the Sage Grey entity that is responsible for processing your personal information.
Questions or Concerns? Regarding this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, kindly refrain from using our services. If you still have any questions or concerns, please contact us at info@sage-grey.com

DEFINITION OF SOME TERMS
Cookies: A cookie is a small data file that is transferred to your computer or mobile device. It enables us to remember your account log-in information, IP addresses, web traffic, number of times you visit, browser type and version, device details, date and time of visits.
Sage Grey Finance Limited: means Sage Grey
Personal Information: Any information that can be used to identify a living person including email address, company name, password, payment card, financial information such as bank account number, and other banking details etc.), Government- issued Identity card, and/or taxpayer identification it may also include anonymous information that is linked to you, for example, your internet protocol (IP), log-in information, address, location, device or transaction data.
Sites: means any platform including but not limited to mobile applications, websites and social media platforms.
User: means an individual who uses the Services or accesses the Sites and has agreed to use the end services of Sage Grey.
Special Categories of Personal Data means details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data.

OBJECTIVE
This Privacy Policy statement is to provide all persons and organizations whose Personal Data we hold with description of the types of Personal Data we collect, the purposes for which we collect that Personal Data, the other parties with whom we may share it and the measures we take to protect the security of the data.

Accordingly, we have developed this privacy policy in order for you to understand how we collect, use, communicate, disclose and otherwise make use of personal information. We have outlined our privacy policy below.

PRIVACY POLICY
Sage Grey focuses on the following core principles:
To Empower the Individual: Sage Grey wants you to be in charge of your Personal Information and to make your own voluntary choices about your Personal Information.
To keep and secure personal information: Sage Grey does not take your trusting us with your information for granted. We take full responsibility to ensuring that appropriate security measures are put in place and your personal information is protected.
To be transparent and to educate users: For you to know what personal information is, how we collect personal information, for what purpose and how we secure personal information;
To abide by local laws: Sage Grey is a global company with local privacy expertise. Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. Specific privacy notices may apply to some of our products and services. Please visit the webpage or digital asset of the specific product or service to learn more about our privacy and information practices in relation to that product or service;
To collect and store personal information on the “need to collect” basis: Sage Grey collects personal information to perform its services for you. We work to have measures in place to prevent collecting and storing personal information beyond what we need.

CONTENT OF THE PRIVACY POLICY
1. Personal Data we may collect about you
2. How we get your Personal Information and Why we have it
3. How we may use your Personal Information
4. Data Security and Retention
5. Disclosing your Personal Information
6. Marketing
7. Your Data Protection Rights and Choices
8. Cookies
9. Use by Minors
10. International Transfers
11. Data Protection Officer
12. Training
13. Updates to our Privacy Policy
14. Contact Us

1. PERSONAL INFORMATION WE MAY COLLECT ABOUT YOU
We may collect, use, process, store, or transfer personal data such as:
• Identity Data: Information such as, your full name(s), your government-issued identity number, and your date of birth. This data is to enable us to verify your identity in order to offer our services to you;
• Contact Data: This is data that is needed to reach out to you, such as your contact address, email address, telephone number, details of the device you use and billing details;
• Identification documents :(such as your passport or any Government-issued identity card), a photograph (if applicable) and any other registration information you may provide to prove you are eligible to use our services and in compliance with regulatory requirements on Know Your Customer (KYC);
• Log/Technical information: When you access Sage Grey services, our cloud-based servers automatically records information that your browser sends whenever you visit a website, links you have clicked on, length of visit on certain pages, unique device identifier, log-in information, location and other device details.
• Application Data: If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
➢ Mobile Device Access. We may request access or permission to certain features from your mobile device’s camera, storage, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
➢ Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.
• Marketing and Communications Data: This includes both a record of your decision to subscribe or to withdraw from receiving marketing materials from us or from our third parties.
• Records of your discussions with us, if we contact you and if you contact us.
• We may also collect, store, use and transfer non-personal information or anonymized data such as statistical or demographic data.
This information is primarily needed to maintain the security and operation of our application(s) for troubleshooting, and for our internal analytics and reporting purposes. This Privacy Policy applies to Sage Grey services only. We do not exercise control over the sites displayed or linked from within our various services. These other sites may place their own cookies, plug-ins or other files on your computer, collect data or solicit personal information from you. Sage Grey does not control these third-party websites and we are not responsible for their privacy statements. Please consult such third parties’ privacy statements and set appropriate controls from your setting when using any third-party services.

2. HOW WE GET YOUR PERSONAL INFORMATION AND WHY WE HAVE IT
The Personal Information we have about you is directly made available to us when you engage the following:
• Sign up for a Sage Grey Account
• Use any of our services
• Contact our customer support team
• Fill our online forms
• Contact us
The lawful basis we rely on for processing your Personal Information are:
➢ Your consent: Where you agree to us collecting your Personal Information by using our Services.
➢ A Contractual obligation: Without your Personal Information, we cannot provide our Services to you.
➢ A Legal obligation: To ensure we are fully compliant with all applicable financial legislations such as Anti-Money Laundering and Counter Terrorist Financing Laws, we must collect and store your Personal Information. We protect against fraud by checking your identity with your Personal Information.

3. HOW WE MAY USE YOUR PERSONAL INFORMATION
We may use your Personal Information we collect to:
• Create and manage any accounts you may have with us, verify your identity, provide our services, and respond to your inquiries.
• Protect against and prevent fraud, unauthorized transactions, claims and other liabilities.
• Provide, administer and communicate with you about products, services, offers, programs and promotions from Sage Grey.
• Evaluate your interest in employment and contact you regarding possible employment with Sage Grey.
• Evaluate and improve our business, including developing new products and services;
• To target advertisements, newsletter and service updates;
• As necessary to establish, exercise and defend legal rights;
• As may be required by applicable laws and regulations, including for compliance with Know Your Customers and risk assessment, Anti-Money Laundering, anti- corruption and sanctions screening requirements, or as requested by any judicial process, law enforcement or governmental agency having or claiming jurisdiction over Sage Grey
• Utilize data analytics to improve our website, products or services, user experiences and to optimize service.
• For other purposes for which we provide specific notice at the time of collection.

4. DATA SECURITY AND RETENTION
The security of your Personal Information is important to Sage Grey Finance Limited. We are committed to protecting the information we collect. We maintain administrative, technical and physical controls designed to protect the Personal Information you provide, or we collect against loss or theft, as well as against any unauthorized access, risk of loss, disclosure, copying, misuse or modification.
Other security measures include but not limited to, secure servers, firewall, data encryption and granting access only to employees in order to fulfil their job responsibilities.
Where you use a password for any of your Accounts, please ensure you do not share this with anyone, and the password is kept confidential at all times.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of your Personal Information is protected and maintained. Transmitting information online is not entirely secure. As such, we cannot guarantee that all information provided online is secure. We would take all reasonable steps to ensure that your Personal Information is secured and well protected.
We will only retain personal information on our servers for as long as is reasonably necessary as long as we are providing services to you. Where you close your Account, your information is stored on our servers to the extent necessary to comply with regulatory obligations and for the purpose of fraud monitoring, detection and prevention. Where we retain your Personal Data, we do so in compliance with limitation periods under the applicable law.

5. DISCLOSING YOUR PERSONAL INFORMATION
We may disclose or share your Personal Information with third parties which include our affiliates, employees, officers, service providers, agents, suppliers, subcontractors as may be reasonably necessary for the purposes set out in this policy.
Sage Grey only shares personal information with External Third parties in the following limited circumstances:
• We have your consent. We require opt-in consent for the sharing of any personal information. We share Personal Information with third parties directly authorized by you to receive Personal Information, such as when you authorize a third-party application provider to access your account. The use of your Personal Information by an authorized third party is subject to the third party’s privacy policy and Sage Grey shall bear no liability for any breach which may arise from such authorization by you.
• We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
a. We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or enforceable governmental request,
b. Enforce applicable Terms of Service, including investigation of potential violations thereof,
c. Detect, prevent, or otherwise address fraud, security or technical issues, or
d. Protect against imminent harm to the rights, property or safety of Sage Grey, its users or the public as required or permitted by law.
• If Sage Grey becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

6. MARKETING
We may process your Personal Information in order to contact you or send you marketing content and communication about our products, services or surveys. You may exercise your right to object to such contact from us or opt out from the marketing content. Please note however that if you opt-out of marketing content, we may still send you messages relating to transactions and our Services related to our ongoing business relationship.
We may ask you for permission to send notifications to you. Our Services will still work if you do not grant us consent to send you notifications.

7. YOUR DATA PROTECTION RIGHTS AND CHOICES
Based on your location and applicable laws, below are the rights you have as a user in relation to your personal data:
• Right to be informed.
• Right to request access or copies to your Personal Information by signing into your Account or contacting us.
• Right to request that Sage Grey erase your Personal Information. You have the right to ask us to erase your Personal Information. Please note that this is a limited right which applies where the data is no longer required, or the processing has no legal justification. The exceptions to this right is where the applicable law requires Sage Grey to retain a historical archive or where we retain a core set of your personal data to ensure we do not inadvertently contact you in future where you object to your data being used for marketing purposes.
• Right to correct or rectify any Personal Information that you provide which may be incorrect, out of date or inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Right to object to the processing of your Personal Information for marketing purposes. You have a right to ask us not to contact you for marketing purposes by adjusting your notification preference on the settings page or by opting out via the unsubscribe link in marketing emails we send you.
• Right to object to processing: You have the right to object to the processing of your Personal Information in certain circumstances. Please note that where you object to us processing your Personal Information, we might be unable to provide the services to you.
The basis of we processing your Personal Information is your consent. You also have the choice at any time to withdraw consent which you have provided.
You also have a choice to deactivate your Account at any time. You may contact us should you wish to de-activate your Account at any time via the Contact Us segment below or send us an email.
If you wish to exercise any of the rights set above, please contact us using the contact information provided in the Contact Us segment below. Where we are unsure of your identity, we might ask you for proof of your identity for security reasons before dealing your request.

8. COOKIES
Like many other websites, we use cookies to distinguish you from other users and to customize and improve our services.
Some browsers may automatically accept cookies while some can be modified to decline cookies or alert you when a website wants to place a cookie on your computer. If you choose to disable cookies, it may limit your ability to use our website. For detailed information on the cookies and how we use them refer to our Cookie Policy.

9. MINOR
Sage Grey’s websites and applications are not directed at persons under the age of eighteen (18) and we do not collect any Personal Information knowingly or directly from minors who fall within this category.
Where you have any belief that Sage Grey has mistakenly or unknowingly collected information from a minor, please contact us using the information provided under the Contact Us section to enable us investigate and restrict such data.

10. INTERNATIONAL DATA TRANSFERS
Where Personal Information is to be transferred to a country outside Nigeria, Sage Grey shall put adequate measures in place to ensure the security of such Personal Information and to ensure same is done securely and in accordance with the Nigerian Data Protection Regulation.

11. DATA PROTECTION OFFICER
Sage Grey shall appoint a Data Protection Officer(s) (DPO) responsible for overseeing the Company’s data protection strategy and its implementation to ensure compliance with the Nigerian Data Protection Regulation (NDPR) requirements. The DPO shall be a knowledgeable person on data privacy and protection principles and shall be familiar with the provisions of the NDPR.
The main tasks of the DPO include:
a) Administering data protection policies and practices of Sage Grey;
b) Monitoring compliance with the NDPR and other data protection laws, data protection policies, awareness-raising, training, and audits;
c) Advise the business, management, employees and third parties who carry on processing activities of their obligations under the NDPR;
d) Acts as a contact point for Sage Grey;
e) Monitor and update the implementation of the data protection policies and practices of Sage Grey and ensure compliance amongst all employees of Sage Grey;
f) Ensure that Sage Grey undertakes a Data Protection Impact Assessment and curb potential risk in Sage Grey’s data processing operations
g) Maintain a database of all Sage Grey’s data collection and processing operations of Sage Grey.

12. TRAINING
Sage Grey shall ensure that employees who collect, access and process Personal Information receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this Policy and the Nigerian Data Protection Regulation (NDPR) with regard to the protection of Personal Information and Data. On an annual basis, Sage Grey shall develop a capacity building plan for its employees on data privacy and protection in line with the NDPR.

13. DATA PROTECTION AUDIT
13.1 Sage Grey shall conduct an annual data protection audit through a licensed Data Protection Compliance Organization (DPCOs) to verify Sage Grey’s compliance with the provisions of the NDPR and other applicable data protection laws.
13.2 The audit report will be certified and filed by the DPCO to NITDA as required under the NDPR.

14. DISPUTE RESOLUTIONS AND FILING A COMPLIANT
If you have any complaints regarding this Privacy Policy, please contact us at info@sage-grey.com We will investigate and work on resolutions for complaints and disputes regarding use and disclosure of personal information within thirty (30) days in accordance with this Privacy Policy and in accordance with the Nigerian Data Protection Regulation.

15. UPDATES TO OUR PRIVACY POLICY
From time to time, we may change, amend or review this Privacy Policy from time to time to reflect new services or changes in our Privacy Policy and place any updates on our website page. All changes made will be posted on this page and where changes will materially affect you, we will notify you of this change by placing a notice online or via mail. If you keep using our Services, you consent to all amendments of this Privacy Policy.

16. CONTACT US:
All access requests, questions, comments, complaints and other requests regarding the privacy policy should be sent to info@sage-grey.com
We may request additional details from you regarding your complaints and keep records of your requests and resolution.