Current as of 20 Jan 2024

Privacy Policy

ThriveAgric is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, application, and any services provided by ThriveAgric. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the platform.

1. Who We Are

ThriveAgric Limited (“ThriveAgric” or “Us” or “We” or “Our”) is an agricultural technology company based in Abuja, Nigeria, with Our registered address at 31, 441 Crescent CITEC Villas, Gwarinpa, Abuja, Nigeria. Our business involves providing financing, guaranteed off-takers and farm management software to smallholder farmers across Nigeria (Our “Services”). Our Privacy Policy has been prepared to meet the requirements of the Nigeria Data Protection Act (the “NDPA”). We are committed to protecting the confidentiality and privacy of personally identifiable information (“Personal Data”) entrusted to Us through this website and/or Our mobile applications (“Website”). Our Privacy Policy, together with our Terms of Use, explains when and why We collect Personal Data, how We use the Personal Data, conditions under which We may disclose Personal Data to others and the efforts We take to keep Personal Data secure. The terms ‘you' and ‘your' means you as an individual accessing this Website, and applying for or utilising Our Services. Where We make decisions on how Personal Data is used in connection with Our Services, We are acting as a Data Controller and will be responsible for the obligations of a Data Controller under the NDPA in connection with the processing of Personal Data. For example, We use this Privacy Policy and other notices to provide you with information about Our use of Personal Data, as required by the NDPA. Where We only use Personal Data requested by other Data Controllers, We would be acting as Data Processors and those other Data Controllers are similarly responsible for the obligations of a Data Controller under the NDPA in connection with the processing of those categories of Personal Data. If you are using Our Services through those other Data Controllers, you should contact them if you have questions or concerns about the processing of your Personal Data or compliance with the NDPA and other applicable laws.

We may update and modify this Privacy Policy from time to time, so please do return to the Website and review this Privacy Policy regularly. Unless otherwise stated, any updates to this Privacy Policy become effective when We post the updates on the Website. Your continued use of the Website for Our Services following an update to the Privacy Policy means that you are aware of the updated Privacy Policy and have no objections to any such updated Privacy Policy. Please read the following carefully to understand Our views and practices regarding the processing of your Personal Data.

2. Personal Data We Collect

We may collect the following information from you as part of the process of providing the Services. The categories of Personal Data We may collect from you includes:

  1. Basic Personal Data which may include your full name, citizenship, country of residence, state and local government of residence, date of birth, gender, highest level of education, next of kin, and valid means of identification;
  2. Your contact details such as postal address, home address, delivery address, email address, and phone number;
  3. Bank details, including account number, National Identity Number (NIN) and Bank Verification Number (BVN)
  4. Other Personal Data like pictures and videos of you and your farm
  5. Information that you provide by filling in forms on the Website
  6. Identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address and other information about your visits to the Website
  7. Work details – such as job title, department, company name, company address, personal information of employees who may act as your agents, work email address, and office phone number
  8. Log in details – such as organisation key, username and password
  9. Usage Information and Browsing History - such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, content, and advertising interactions)
  10. Location Information. We may collect or infer your general location information when you use Our Services. We may also collect additional information involving your opinion of Our Services and your preferences regarding other services such as newsletter subscription
  11. Any other Personal Data that you choose to provide on the Website or in your communications with Us. Please note, call recordings of conversations may be retained for monitoring and training purposes.

Information that we may obtain from third parties

In some circumstances, We may collect Personal Data about you from Our partners or from publicly available websites to help Us better understand Our audience and enhance the relevance of Our content. We may collect Personal Data about you from third parties, such as:

  1. Some organisations and others with whom you have a relationship that provide or publish Personal Data related to you, such as from Our customers when they arrange access to Our Services for you or from others when they create, post, or submit user content on Our Services that may include your Personal Data.
  2. Professional or industry organisations and certification / licensure agencies that provide or publish Personal Data related to you.
  3. Third parties and affiliates who resell or integrate with Our Services.
  4. Service providers and business partners who work with Us in relation to Our Services and that We may utilise to deliver certain content, products, or services or to enhance your experience.
  5. Marketing, sales generation, and recruiting business partners.
  6. Government agencies and others who release or publish public records. Other publicly or generally available sources, such as social media sites, public and online websites, open databases, the corporate affairs commission, and data in the public domain.
  7. We may obtain information about complaints from a regulator, if you make a complaint.

Information that may be generated during the course of your relationship with us, for example:

  1. Account reference details on Our system; and
  2. We may collect information about your interactions with the Website using cookies and similar technologies. Cookies are small files placed on your computer's hard drive that enable the Website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferences in order to present contents, options or functions that are specific to you. Like most interactive websites, Our Website may use cookies to enable the tracking of your activity for the duration of a session. We may also use cookies (and similar technologies) and analytics tools to collect information about you. This information can be used to improve the performance of the site, make advertising more relevant and enhance your user experience, such as Your location – We use cookies to display information that is most relevant to your location. Your usage – We use cookies to understand how Our customers use Our Website and interact with Our communications. For example, We use technology on Our Website, which record user movements, including page scrolling, clicks and text entered. (It does not record payment details.) This helps Us identify usability issues and improve the assistance We can provide to users and is also used for aggregated and statistical reporting purposes. Your device – We use cookies to understand what type of device you are using to show you the best version of the site. For instance, if you visit Our Website on a mobile device, Our technology will ensure that you see a version that is optimised for mobile viewing and interaction. Your engagement with advertisements – We use cookies to understand what advertisements you have been shown, or clicked on, to bill Our advertising partners, and to present you with advertisements that are more relevant to you.

3. How We Use Personal Data‍

We may store and use your Personal Data for the following purposes:

  1. Search for and subscribe to Our Services.
  2. Use Our Services or otherwise interact with Us.
  3. Create or maintain a profile or account with Us.
  4. Purchase, use, or otherwise interact with content, products, or services from third-party providers who have a relationship with Us.
  5. Create, post, or submit user content on Our Services.
  6. Register for or attend one of Our events or locations.
  7. Improve features and website content and analyse data to develop products and services.
  8. Request or sign up for information.
  9. Communicate with Us by phone, email, chat, in person, or otherwise.
  10. Complete a questionnaire, survey, support ticket, or other information request form.
  11. When you express an interest in working with Us or apply for a job or position with Us.
  12. Address any inappropriate use of Our Website. (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  13. Prevent, detect and manage risk against fraud and illegal activities using internal and third-party screening tools. (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  14. Verify your identity. (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  15. Carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  16. Undertaking statistical analysis, including analysing your use of Our Website. This allows Us to develop new, or improve existing products and services (as is necessary for Our legitimate interests); and fulfilling Our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  17. Our “legitimate interests” as referred to above, include Our legitimate business purposes and commercial interests in operating Our business in a customer-focused, efficient, and sustainable manner, in accordance with all applicable legal and regulatory requirements. Your Personal Data is not used for the purposes of solely automated decision making or profiling.

4. How We Share Personal Data‍‍

  1. We may share your Personal Data with Our associated companies and with certain third parties including:
  2. Third parties that assist Us in preparing or sending any communications to you, or to assist Us in connection with any of Our administrative or business functions, or in the provision of any of Our services to you, or to third parties acting as Our agents.
  3. If We are unable to make contact with you, We may employ third party companies to trace your whereabouts and re-engage with Us. We may also employ third parties to enforce Our rights under any agreement with you.
  4. If We or Our assets are potentially to be acquired by a third party, or if We consider restructuring, Personal Data held by Us about Our customers (including borrowers and investors) will be one of the transferred assets and may be shared during the potential transaction or restructuring process or as part of a mergers & acquisition transaction. Anyone to whom We transfer or may transfer Our rights and duties under any agreement with you.
  5. Legal and regulatory bodies, including fraud prevention agencies or when We have a legal obligation to do so.
  6. Our auditors, solicitors, professional advisors, sub-contractors who have agreed to treat your Personal Data as confidential.

5. How We Protect your Personal Data

We employ all reasonable efforts to keep your Personal Data secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing of Personal Data and against its accidental loss, destruction or damage. We are committed to managing your Personal Data in line with the NDPA and best practices. We protect your Personal Data using physical, technical, and organisational measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We also use industry-recommended security protocols to safeguard your Personal Data. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to Our buildings and files.

6. Grounds for Processing your Personal Data

We may process your Personal Data for anyone of the lawful basis specified below in accordance with the NDPA. If you are unsure as to the lawful basis for processing any category of your Personal Data which We process, please reach out to Us via[email protected]
  1. the Data Subject has given consent to the processing of his/her Personal Data for one or more specific purposes
  2. the processing is necessary for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering into a contract
  3. processing is necessary for compliance with a legal obligation to which We are subject
  4. processing is necessary for legitimate interests pursued by Us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of Personal Data; and o processing is necessary for the performance of a task carried out in the public interest or in exercise of an official public mandate vested in Us.

7. Transfers of Personal Data outside Nigeria‍

The Personal Data that We collect from you may be transferred to, and stored at, a destination outside Nigeria. Where your Personal Data is transferred outside Nigeria, We will take all steps reasonably necessary to ensure that your Personal Data is transferred to a country on the Adequacy Whitelist published by the NDPC and, generally, in accordance with the provisions of the NDPA. We will take reasonable steps to use contractual terms which ensure that any such category of Personal Data is adequately protected or that the country to which the data is being transferred has reasonably adequate data protection laws in place.

8.Data Retention‍

We retain the Personal Data processed by Us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In accordance with Our retention policy, We may retain your Personal Data for a minimum of 6 (six) years from the end of Our business relationship with you. That is, when your account is closed‍

9. Security of Information‍

We are aware of the importance of protecting the Personal Data We collect from you and therefore We store data in encrypted form on computers and control access via secure web pages. We employ firewalls and other security technologies to protect Our servers from external attacks. We train Our employees in the proper handling of Personal Data and when We use other companies to provide services for Us, We require them to protect the confidentiality of Personal Data they receive. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your Personal Data, We cannot guarantee the security of your data transmitted to Our Website; any transmission is at your own risk. Once We have received your Personal Data, We will use strict procedures and security features to try to prevent unauthorised access.‍

10. Your Rights Under the NDPA

Your Personal Data is protected under the NDPA, and you have a number of data protection rights (explained below) which you can seek to exercise. Please contact us at [email protected]if you wish to do so or if you have any queries regarding your rights. If you seek to exercise your rights, we will explain whether or not the right applies to you; these rights do not apply in all circumstances. Please be aware that if your request is manifestly unfounded or excessive, we may refuse to deal with it in accordance with the NDPA. We may also charge a reasonable fee for handling such requests.

(a) Right to Access Personal Data

You have the right to access the Personal Data we hold about you and to obtain certain prescribed information about how we process it, as well as the source of the Personal Data. This is commonly known as submitting a ‘Data Subject Access Request.' We may request proof of your identity before sharing such information.

(b) Right to Rectify or Erase Personal Data

If you discover that the Personal Data we hold about you is inaccurate or incomplete, you have the right to have this information corrected. You may also request the deletion of your Personal Data in certain circumstances. This right is not absolute and may not apply in all situations, for example, if we have an ongoing relationship or are required to retain information to comply with legal obligations.

(c) Right to Withdraw Consent

Where we have relied on consent as the lawful basis to process your Personal Data, you may withdraw your consent by notifying us immediately.

(d) Right to Object to Processing

You may not object to the processing of your Personal Data when it is based on our legitimate interests. However, you may object to the processing of your Personal Data for direct marketing and profiling related to direct marketing.

(e) Right to Restrict Processing

In some cases, you may have the right to restrict the processing of your Personal Data. For example, where you contest the accuracy of your Personal Data, it may be restricted until the accuracy is verified.

(f) Right to Data Portability

You have the right to receive, move, copy, or transfer your Personal Data to another controller, also known as ‘data portability.'

(g) Right to Complain

You have the right to submit a complaint to the Nigeria Data Protection Commission (NDPC).

(h) Right to Object to Automated Decision-Making

You have the right to object to any automated decision-making related to your Personal Data. Automated decision-making involves decisions based solely on automated processing without human involvement. We may still process your Personal Data by automated means where such processing is (a) necessary for entering into or performing a contract between the data subject and a data controller; (b) authorized by written law with suitable measures to safeguard your fundamental rights; or (c) authorized by you. In such cases, we will take reasonable steps to implement suitable measures to protect your rights and interests.

11. Complaints‍

If you have any complaints about Our use of Personal Data, please send an email with the details of your complaint to[email protected]or use the contact details above. We will investigate and respond to any complaints We receive. You also have the right to lodge a complaint with the NDPC. For further information on your rights and how to complain to the NDPC, please refer to the NDPC Website.‍

12. Data Controller and Contact Information

  1. REMEDIATION AND CONTACT INFORMATION Data subjects are encouraged to report any concerns regarding their data privacy to the Data Protection Officer (DPO) through [email protected], or this Address: 31 441 Crescent, Citec villa, Gwarimpa Abuja. The DPO will address grievances within seven (7) working days. If additional time is required, the data subject will be informed, and appropriate measures will be taken to safeguard their rights and interests.