Skip links
  • FRAUD ALERT DEAR VALUED CLIENT, PLEASE BE INFORMED THAT WE DO NOT DISBURSE LOANS THROUGH ANY MOBILE MONEY PLATFORM. KINDLY IGNORE ANY MESSAGES OR ADVERTS FROM FRAUDSTERS ASKING YOU TO SEND MONEY TO A MOBILE MONEY NUMBER TO BE ELIGIBLE FOR A LOAN. FOR ENQUIRIES ON OUR LOAN PRODUCTS, PLEASE CONTACT US DIRECTLY ON OUR TOLL-FREE NUMBER 0800850850 OR 0302610001. STAY VIGILANT.
  • DORMANT ACCOUNT ACTIVATION DEAR VALUED CLIENT, PLEASE BE INFORMED THAT IF YOUR ACCOUNT HAS BEEN INACTIVE (WITH NO TRANSACTIONS) FOR OVER TWO YEARS, IT IS CURRENTLY CLASSIFIED AS DORMANT. TO REACTIVATE YOUR ACCOUNT, KINDLY VISIT ANY OF OUR 38 BRANCHES WITH A VALID FORM OF IDENTIFICATION. WE LOOK FORWARD TO SERVING YOU AGAIN.
ONLINE BANKING
Opportunity International

Privacy Policy

1       Introduction

The Data Protection Act, 2012 is one of the most significant pieces of legislation affecting the way that OISL carries out its information processing activities. Significant fines are applicable if a breach is deemed to have occurred under the Data Protection Act, which is designed to protect the privacy of the individual and personal data by regulating the processing of personal information, to provide the process to obtain, hold, use or disclose personal information and for related matters. It is OISL policy to ensure that our compliance with the Data Protection Act and other relevant legislation is clear and demonstrable at all times.
In its everyday business operations OISL makes use of a variety of data about identifiable individuals, including data about:

  • Current, past and prospective employees
  • Customers
  • Users of its websites
  • Subscribers
  • Other stakeholders

In collecting and using this data, the organization is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.

The following policies and procedures are relevant to this document:

  • Information Classification Procedure
  • Information Labelling Procedure
  • Acceptable Use policy
  • Electronic Messaging Policy
  • Internet Acceptable Use Policy
  • ISMS Incident Response Procedure
  • ISMS Roles, Responsibilities and Authorities

1.1      Purpose and Objectives

This Privacy Policy describes how we collect, use, disclose, store and otherwise process information through our product and service platforms and through the products and/or services provided by or through other third-party partners supported by us as the back-end service provider. In addition, this privacy policy highlights how we control the collection, correction and/or deletion of information that personally belongs to customers. We will not use or share the information with anyone except as described in this Privacy Policy.

The purpose of this policy is to set out the relevant legislation and to describe the steps OISL is taking to ensure that it complies with it.

The objective of this policy is to ensure that OISL employees

  • Are aware of their roles and responsibilities for data privacy of OISL clients.
  • Safeguard client’s personal data

1.2      Scope

This Data Privacy Policy applies to personal information and other information collected by OISL or its service providers using OISL platform in part or in full through or about:

  1. Visitors to any OISL facilities, or users of, its products, websites;
  2. Existing customers that are using the services pursuant to a written agreement with OISL written physically or virtually (online);
  3. Prospective and or existing customers using the services pursuant to a browser wrap, or other online agreement;
  4. Other service providers and partners of OISL;
  5. Other third-parties that use any of OISL platform implemented on-site or Software-as-a-service (SaaS), including but not limited to the end users of prospective and existing customers.

Customer data is any identifiable personal information about a customer held in any format, such as national insurance numbers, address, date of birth, family circumstances, bank details and medical records. 

2       Importance of Data Privacy

  1. Customer data is a high value commodity for fraudsters and since service offerings of OISL require data from our customers in one form or another, securing it is also our responsibility.

2.1      Physical Security of Customers’ Data

  1. To ensure physical security of our customers’ data, we implement strict security protocols over our customers’ data, such as;
  • Restricting access to the office by use of door finger print scanners.
  • Monitoring all visitors to our office by recording access, using signing in books with departure times and ensuring all visitors are supervised at all times.
  • Regular staff training.
  • Keeping files/filing cabinets locked and only accessible to appropriate staff.
  • Maintaining a clear desk policy.
  • Not sharing passwords and ensuring periodic compulsory change of passwords.
  • Ensuring computer servers are secured at all times.

2.2      Recruiting the appropriate Staff

  1. As a company, it is imperative that we have the appropriate staff to work in our Company and whose responsibility it will be to manage data and implement security.
  2. When considering hiring staff, we operate a risk-based approach because, we believe by adopting this approach will help reduce the possibility of recruiting staff that may have been involved in perpetuating any form of financial crimes in the past, hence, we conduct extensive assessments and background checks including obtaining police clearance where necessary before recruiting staff into certain sensitive positions or departments in the company. This is imperative to ensure we recruit the best-fit at all times.
  • Our risk-based approach ensures we continue;
  • Recruiting appropriate staff with integrity, honesty, fit and proper for the role being recruited for.
  • Conducting credit and criminal record checks (not hiring staff with adverse financial history, criminal records or questionable character.
  • Hold monthly appraisals /one-to-one’s (which will help identify signs or any circumstances which could make staff more susceptible to financial crime).

2.3      Training

  1. We are aware that many firms simply rely on staff signing an annual declaration to confirm they have read policies and procedures but do not check whether staff understands them.
  2. OISL always educates, guides and raises awareness on security through;
  3. Group Discussions.
  4. Monthly one-2-one sessions.
  5. Sending periodic awareness emails to all staff within the company.
  6. Rewarding examples of good practices within the company.
  7. Display of posters within the office to raise awareness.

 

iii. These are simple, yet effective techniques to help our staff be vigilant and help company implement security.

2.4      IT Systems

  1. Some of our staff may require access to customer data in order to perform their jobs and duties, but this is limited to our staff having only “relevant access”. By this we mean that staff will not be able to access information that they do not require to perform activities within the scope of their job functions.

2.5      IT Rights

  1. When, and if, staff are required to change roles, their IT rights will be reviewed before they take on their new roles.

2.6      Random Checks

  1. Designated management personnel of the company are tasked to conduct random and periodic checks on the backend to ensure that staff are accessing only relevant information and customer data.

2.7      Deleting Data

  1. It is against company policy to delete customer data without written approval from the management.
  2. Disabling USB ports/drives, CD Rom on computers if staff do not need them to perform their jobs
  3. Clearing records/information in used laptops when being issued to new staff
  4. Staff to change passwords on a monthly basis.
  5. Ensuring staff do not exchange passwords with colleagues.
  6. Ensuring staff do not write down passwords.
  7. Check which staff take office computers home.
  8. Have a system in place to manage stolen computers.
  9. Data encryption at all times.  

3       Data Protection Policy  Statements

  1. OISL needs to keep certain information about its employees, customers and other users to allow it to monitor performance, achievements, and health and safety.
  2. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, OISL must comply with the Data Protection Principles.

In summary these states that personal and customers data shall: 

  1. be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met.
  2. be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
  • be adequate, relevant and not excessive for those purposes.
  1. be accurate and kept up to date.
  2. not be kept for longer than is necessary for that purpose.
  3. be processed in accordance with the data subject’s rights.
  • be kept safe from unauthorised access, accidental loss or destruction.
  • not be transferred to a country outside the area, unless that country has equivalent levels of protection for personal data.
  • OISL and all staff or others who process or use any personal information must ensure that they follow these principles at all times. In order to ensure that this happens, OISL has developed the Data Protection Policy below:

3.1      Status of the Policy 

  1. This policy does not form part of the formal contract of employment, but it is a condition of employment that employees will abide by the rules and policies made by OISL from time to time. Any failures to follow the policy can therefore result in disciplinary proceedings.
  2. Any member of staff, who considers that the policy has not been followed in respect of personal data about themselves, shall raise the matter with the HR Department. If the matter is not resolved it shall be raised as a formal grievance.

3.2      Notification of Data held and Processed 

  1. All staff and customers and other users are entitled to;
    1. know what information OISL holds and processes about them and why.
    2. know how to gain access to it.
  • know how to keep it up to date.
  1. know what OISL is doing to comply with its obligations
  2. OISL therefore provides all staff and customers and other relevant users with a standard form of notification. This will state all the types of data OISL holds and processes about them, and the reasons for which it is processed. OISL will ensure this is done at least once every three years.

3.3      Responsibilities of Staff 

All staff are responsible for: 

  1. checking that any information that they provide to OISL in connection with their employment is accurate and up to date.
  2. informing OISL of any changes to information, which they have provided i.e., changes of address
  • checking the information that OISL will send out from time to time, giving details of information kept and processed about staff.
  1. informing OISL of any errors or changes. OISL cannot be held responsible for any errors unless the staff member has informed OISL of them.

If and when, as part of their responsibilities, staff collect information about other people, (i.e., about customers course work, opinions about ability, references to other academic institutions, or details of personal circumstances), they must comply with the guidelines for staff, which are stated above. 

All staff are required to complete training in Data Protection as component of their Induction to employment at OISL. 

3.4      Data Security 

  1. All staff are responsible for ensuring that: Any personal data which they hold is kept securely. Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party.
  2. Staff are aware that unauthorised disclosure and/or failure to adhere to the requirements set out in “C to G” inclusive below will usually be a disciplinary matter, and may be considered gross misconduct in some scenarios. Personal and customer information shall be; kept in a locked filing cabinet; or in a locked drawer; or if it is computerized, must be password protected; or when kept or in transit on portable media the files which must be password protected. 
  3. Personal and customer data shall never be stored at staff members’ homes, whether in manual or electronic form, on laptop computers or other personal portable devices or at other remote sites,
  4. Ordinarily, personal and customer data shall not be processed at staff members’ homes, whether in manual or electronic form, on laptop computers or other personal portable devices or at other remote sites. In cases where such off-site processing is felt to be necessary or appropriate, the agreement of the relevant Data Controller in OISL must be obtained, and all the security guidelines given in this document must still be followed. Data stored on portable electronic devices or removable media is the responsibility of the individual member of staff who operates the equipment. It is the responsibility of this individual to ensure that: 
    • Suitable back-ups of the data exist
    • Sensitive data is appropriately encrypted
    • Sensitive data is not copied onto portable storage devices without first consulting a Data Controller, in regards to appropriate encryption and protection measures.
    • Electronic devices such as laptops, mobile devices and computer media (USB devices etc.) that contain sensitive data are not left unattended when offsite.

vii. For some information the risks of failure to provide adequate security may be so high that it shall NEVER be taken home. This might include payroll information, addresses of customers and staff, disciplinary or appraisal records or bank account details. Exceptions to this may only be with the explicit agreement of Executive Management. 

3.5      Customer Obligations 

  1. Customers must ensure that all personal data provided to OISL is accurate and up to date. They must ensure that changes of address, etc. are notified to our office.

3.6      Rights to access Information 

  1. Staff, customers and other users of OISL products and services have the right to access any personal data that is being kept about them either on computer or in certain files.
  2. In order to gain access, an individual may wish to receive notification of the information currently being held. This request shall be made in writing, in the first instance to OISL IT Security/Data Protection Officer or through electronic means to be provided.
  • OISL could possibly charge a fee on each occasion that access is requested, although OISL have discretion to waive this.
  1. OISL aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within the internal policy in place.

3.7      Subject Consent 

  1. In many cases, OISL can only process personal data with the consent of the individual. In some cases, if the data is sensitive, express consent must be obtained. Agreement to OISL to processing some specified classes of personal data is a condition of acceptance of a customer onto any service, and a condition of employment for staff. This may include information about previous criminal convictions.
  2. OISL may also ask its staff members for information about particular health needs, such as allergies to particular forms of medication, or any conditions such as asthma or diabetes.
  • OISL will only use the information in the protection of the health and safety of the staff member but will need consent to process in the event of a medical emergency, for example.
  1. All prospective staff and customers will be asked to sign a consent form to process data, regarding particular types of information when an offer of employment or a course place is made. A refusal to sign such a form can result in the offer being withdrawn.

3.8      Processing Sensitive Information 

  1. Sometimes it is necessary to process information about a person’s health, criminal convictions, race and gender and family details.
  2. This may be to ensure OISL is a safe place for everyone, or to operate other policies of the company such as the sick pay policy or equal opportunities policy.
  • Because this information is considered sensitive, and it is recognised that the processing of it may cause particular concern or distress to individuals. Staff will be asked to give express consent for OISL to do this.
  1. During a recruitment process, offers of employment may be withdrawn if an individual refuses to consent to this, without good reason.

3.9      The Data Controller 

  1. OISL as a Corporate entity is the ultimate data controller and the Board is therefore ultimately responsible for implementation. However, there are designated data protection supervisors who deal with day-to-day activities.
  2. The institution shall have a designated one data protection supervisor who will be the primary point of contact for all data breaches.

3.10   Breach Notification

  1. In the event of breach of client’s data, OISL shall contact the client’s resource person in the next 48hrs. This will be managed in accordance with our Incident Response Procedure which sets out the overall process of handling information security incidents.
  • Disciplinary Statement

Non-compliance with this policy could have a significant effect on the efficient operation of OISL and may result in financial loss and inability to provide necessary services to our customers. If any user is found to have breached this policy, they will be subject to disciplinary procedure.  If a criminal offence is considered to have been committed further action may be taken to assist in the prosecution of the offender(s).

  • Exceptions

All waivers and exceptions to any portion of this policy statements must be duly approved by OISL’s CEO.

POLICY AMENDEMENTS AND REVISION

This policy can be changed modified, revised or rescinded completely by the company at any time with appropriate approvals.

Call Us
Open Account
Get A Loan