Hi! We’re APIS. We put our Members at the heart of what we do. We want to build long-lasting relationships based on transparency and trust. Thus, we have developed this Privacy Policy to explain how we treat your data and privacy when you use our products and services or when you visit our website. Our Privacy Policy is divided into the following sections:
We’re APIS Platform Ltd, but you’ll know us better as APIS. We’re a company that respects your privacy and is committed to protecting your personal data – which is just what this privacy notice is for.
Personal data we collect from you will be held by APIS Platform Ltd, which is part of the APIS company group. The APIS company group is made up of our main legal entity in the UK – APIS Platform Ltd; it’s branch in Sofia; APIS Platform Private Limited (India) and other entities that are or may become part of the APIS company group, collectively referred to as “APIS”, “we” or “us”. We’ll let you know which APIS or non-APIS company you have a relationship with when you take out a product or service with us. More information about us can be found on Our Website.
We are registered with the Information Commissioner’s Office (registration no. ZA165305) and are authorised and regulated by the Financial Conduct Authority (FCA) in the UK (reference no. 718743).
We provide the APIS Products and Services which are all the products and services offered via our iOS and Android mobile applications available on the App Store and on Google Play (“Our App”) and via our website identified by the following Uniform Resource Locator (URL): www.apis.ng, including its subdomains (“Our Website”) (together, “the APIS Platform”).
APIS is the Data Controller of your data, which means we’re responsible for your personal data processed in relation to your use of the products and services accessible via the APIS Platform. When you receive services via the APIS Platform we collect, process, use and are responsible for certain personal data about you. When we do so, we are regulated under the applicable laws on the protection of personal data, privacy and electronic communications, including but not limited to The Data Protection Act 2018 (the “DPA 2018”, the United Kingdom General Data Protection Regulation (the “UK GDPR”) and The Privacy and Electronic Communications Regulations (“PECR”).
For the purposes of these laws we are responsible as a ‘Data Controller’ for the processing of your personal data. If you have any queries about this Privacy Policy or how we or any other APIS Group company (may) collect, store or use your data, please contact us by email at hello@apis.ng.
Throughout this Privacy Policy the terms “Personal Data”, “Data Controller”, “Data Processor”, “Data Processing”, “Data Subject” and “Profiling” shall have the meaning assigned to them by the applicable data protection laws mentioned above.
When we process personal data you provide to us that is related to other individuals (such as your employees or customers), we may be acting as a Data Processor (discussed below).
When using some of our services and products, APIS is a ‘Data Processor’ and you are a ‘Data Controller’, which means we process personal data solely for the purposes of providing you with our APIS Products and Services and based on your instructions.
In particular, when you engage with APIS Products and Services, or those of our partners, that involve you providing your employee, customer or other third-party personal data, APIS will likely be acting as a Data Processor of that data. Such products and services include but are not limited to invoicing, bookkeeping, employee payroll and accountancy products and providers.
When we act as a Data Processor we are required to have a written agreement in place with you which outlines how we process the personal data we process on your behalf and that you provide to us in your capacity of a Data Controller. We will let you know if you are using APIS Products and Services for which you are a ‘Data Controller’ and where you shall review and enter into a Data Processing Agreement (‘DPA’) with us. By using those services, you will be deemed to have read, reviewed and agreed to our DPA with you. If you have any questions about the DPA, please get in touch with us at dpo@apis.ng.
We collect personal data for a variety of reasons, including to meet our legal obligations, manage our operations, improve our business and deliver our services and products to you.
Below is a list of types of personal data that we may collect and use when you apply for, or use, any of our products or services.
Type of personal data | Description | Purpose | Lawful basis |
Contact | Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you | Managing our relationship with you or your business.
Communicating with you about our and our business partners’ products and services. Delivering the APIS Products and Services to you, including to facilitate your use of the different APIS Services via single sign-on Developing and carrying out marketing or business development activities. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Transactional | Details about the transactions you carry out and the payments to and from your accounts with us | Making and managing customer payments.
Delivering our and our business partners’ products and services. Managing fees, charges and interest due on customer accounts. Collecting and recovering money that is owed to us. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Contractual | Details about the products or services we provide to you | Carrying out our obligations arising from and exercising our rights set out in our contracts.
Collecting and recovering money that is owed to us. Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, and audit. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Locational | Data we get about where you are. This may come from the IP address assigned to your mobile phone or computer when you connect to the internet. It may also include locations where you used your APIS payment card or post codes. | Delivering our and our business partners’ products and services.
Identifying, investigating, reporting and preventing fraud, security breaches, money laundering and other crime. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Behavioural | Details about how you use products and services offered on the APIS Platform from us and other organisations | Studying how our Members use products and services from us and other organisations.
Delivering more personalised user experiences to our Members. Developing and carrying out marketing or business development activities. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Technical | Details on the devices and technology you use, for example your website browser settings, marketing choices. | Delivering our products and services to you.
Delivering our and our business partners’ products and services. Identifying, investigating, reporting and preventing fraud, money laundering and other crime. Developing and carrying out marketing or business development activities. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Communication | Any emails, calls or other communications you’ve sent to us or we’ve sent to you
What we learn about you from communications between us |
Investigating and responding to your enquiries, complaints and feedback. | Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Public and third-party records | Details about you that are in public records, such as the Electoral Register, Companies House, and data about you that is publicly available on the Internet. We also collect data about you which we receive from other companies, such as credit reference or fraud protection agencies like the CIFAS register. | Identifying, investigating, reporting and preventing fraud, money laundering and other crime.
Registering you with a APIS account. Developing and carrying out marketing or business development activities. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Usage data | Data about how you use our products and services | Studying how our Members use products and services from us and other organisations
Testing new products Managing how we work with other companies that provide services to us and our Members |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Documentary data | Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driver’s licence, photographs or birth certificate. | Identifying, investigating, reporting and preventing fraud, money laundering and other crime.
Complying with laws and regulations. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Consents | Any permissions, consents or preferences that you give us | So we know what your preferences are in regards to marketing, automated decision-making and profiling (where this activity is based on your consent), cookies and any other relevant processing activities that you can opt-out of.
Developing and carrying out marketing or business development activities. |
Fulfilling our contract with you. When it is our legal duty. When you consent to it. When it is in our legitimate interest to:
|
Special category data and criminal offence data | Categories of data defined as ‘special category’ or ‘sensitive’ by applicable laws, including personal data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union members, genetic data, biometric data, health, sex life or sexual orientation. We may also process data about your criminal offence history.
In particular, we may collect data related to your health (such as disability data), biometric data (photos of you) and racial or ethnic origin (how you identify your ethnicity). |
Understanding our community and the type of Members we work with, including about ethnicity, gender and health.
Operating our business in a proper way, including corporate responsibility. |
Fulfilling our contract with you. When it is our legal duty. When you provide explicit consent. It is in the public interest. It is in your vital interest to protect yours or someone else’s life. |
Your customer or employee data | Any data that you provide us with about your employees or customers including contact details, personal details (e.g., name, date of birth, bank account information) in our capacity as your data processor. | Delivering our and our business partners’ products and services to you. | When you have instructed us to do so and by virtue of your existing contractual relationship with us. |
To make quicker and more consistent decisions, we may also conduct automated individual decision-making. This means that we may analyse information about you via technological means to assess your personal circumstances and thus predict risks or outcomes. For example, we perform automated decision making in the following cases:
When we take automated decisions that significantly affect you in those and any other circumstances, you can request a review of such a decision by APIS, express your point of view or contest the decision by contacting us at dpo@apis.ng or via Our App.
APIS may also conduct profiling for purposes of communicating effectively with you, for example, to send you relevant notifications or updates, according to the type of services usage, interests of different groups of Members. APIS may also use such profiling for targeted or direct marketing purposes (for example, to issue advertisements tailored to your usage or interests in APIS Products and Services or depending on your account information or usage of in-app or other app services).
We may collect personal data about you (or your business) from other APIS Group companies and any of these sources:
This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf, among others:
Type of third party | Description | Collect | Share |
Members of the APIS Group | Our affiliated companies | ✓ | ✓ |
Clear Bank and PPS | Our key service partners. | ✓ | ✓ |
Credit reference agencies (CRAs) | We carry out credit checks when you apply for a product or services for your business. We may use domestic or international CRAs or other to help us with this.
If you use some of our products or services, from time to time, we may also search or use data that the CRAs have, to help us manage those accounts and to comply with our legal and other obligations. We will also share your personal data with CRAs and they will give us data about you for the same reasons stated in this Privacy Policy. This data may include data about settled accounts or any debts not fully repaid on time. The identities of the CRAs, and the ways in which they use and share personal data are explained in more detail at TransUnion, Equifax and Experian. |
✓ | ✓ |
Fraud prevention agencies | We share and collect data with fraud prevention agencies like CIFAS to prevent fraud and money-laundering and to verify your identity. These verifications for purposes of fraud prevention can result in refusal of services or credit products. | ✓ | ✓ |
Support tools and operational partners | These include analytics, search engine service providers, customer experience support platforms to optimise and improve our services, as well as subcontractors we may use to supplement our customer support resources. | X | ✓ |
Hosting and IT service providers | IT vendors, including cloud storage providers, to securely store your personal data. | X | ✓ |
APIS card manufacturers and delivery providers | Card manufacturing, personalisation and delivery companies. | X | ✓ |
Payment processing partners and vendors | Financial services providers, including card issuers, payment processors and banking partners to facilitate payment transactions. These third parties may be part of Open Banking, which means they may be able to send information they hold about your account and transactions to us (based on your consent). | ✓ | ✓ |
Identity and other information verification providers | We work with third parties to verify the information you provide to us, for example your identity and address. | ✓ | ✓ |
Partner platforms, providing business services | We work with partners to offer you ‘add-ons’ to our service and products. Such products and services may include invoicing, bookkeeping, employee payroll and accountancy products and providers. | ✓ | ✓ |
Social networks and other online platforms providers | Social media sites, for the purposes of conducting market research, marketing campaigns, targeted and retargeted marketing and understanding the success of our marketing activities.
These social media sites may check if you hold an account with them and, based on the characteristics they have about you, provide targeted advertising to you (for example, to show you tailored advertisements on their social media platforms, depending on your potential interest in APIS Products and Services). |
✓ | ✓ |
Public data sources | Companies House, LinkedIn and other public data sources. | ✓ | X |
Marketing, business development and sales partners | Third parties that help us generate sales and marketing leads, and create and deliver our marketing activities. | ✓ | ✓ |
Data services third parties | Such as data analytics and insight firms, for example to test the quality of our data, to improve the effectiveness of our crime prevention controls, etc. | X | ✓ |
Government and regulatory organisations | Government, law enforcement agencies, authorities and regulatory bodies when APIS has to comply with its legal obligations. | X | ✓ |
In addition to the above ways in which we process and share your personal data, APIS also shares this data with companies who are integral in allowing us to offer our products and services to members.
The companies listed below become Data Controllers in relation to your personal data shared with them. This means that if you would like to exercise any of the rights afforded to you by the personal data protection laws applicable to your case, these companies must be contacted separately from APIS. The following ways describe how and why we share your data with them:
In addition to the data sharing listed above, we may share some data to other companies outside the APIS Group, but only when it is converted so that no person’s identity can be known or found out and is no longer considered personal data under the law (anonymised data).
Occasionally, at our reasonable discretion, we may include or offer products or services to you from our business partners (third parties). These are independent service providers whose services are made available to you or promoted via the APIS Platform (for example invoicing, accounting, payment processing, direct debit and credit loan providers).
As a APIS member, you can opt to make use of these services, such that your data may be shared with the third-party providers or we may redirect you to the third-party provider. The personal data we may share and collect in those cases may include, depending on the service involved, and by way of example, the name and contact details of your business, your employees’ data and payroll data, invoicing data, your customer data and any other data that the provider may require to deliver the product or service requested by you.
Business partners may act as data processors to APIS or as data controllers. When business partners act as Data Processors to APIS, they will process your personal data solely to deliver the APIS Products and Services that you have requested and as described in this Privacy Policy. When business partners act as separate Data Controllers – they will have their own and independent privacy policies that apply when you use their products and services or visit their website. We (and any other APIS Group company; or any of our APIS company directors, officers, agents, contractors, sub-contractors or workers) have no responsibility or liability (however so caused) for the content, activities, data processing and services relating to those service providers or their linked websites. You can contact those third-party business partners for more data on how they may use your data.
We will keep your personal data as long as you are a customer of APIS.
We may keep your personal data after you stop being a customer. The reasons we may do this are:
We may also keep your data if certain laws that APIS is subject to stipulate that we cannot delete it for legal, regulatory or technical reasons.
We may use cookies to distinguish you from other users of our products or services when you visit Our Website or use Our App. This helps us provide you with a good experience, allows us to improve our products or services, keep Our Website and Our App safe and present you with advertising content that is relevant to you. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device when you visit Our Website or use Our App. Cookies send data back to the originating website or app on each subsequent visit, or to another website which recognises that cookie. Cookies also make it easier for you to log in and use the APIS Platform.
We may use the following cookies:
You can block or disable cookies by activating the setting on your website browser that allows you to refuse the setting of all or some cookies or through the banner on Our Website and in the “Cookie Settings” page in the footer of Our Website. All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the ‘settings’, ‘preferences’ or ‘options’ menu of the browser you are using, but you could also look for a ‘help’ function or contact the browser provider. However, if you set your browser settings to block or disable all cookies (including essential cookies) you may not be able to access all or parts of the APIS Platform for which we require the use of cookies.
Under the DPA 2018 and the UK GDPR, you are entitled to the following rights:
For further data on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the GDPR .
Please note that your specific rights may vary depending on the country you are established in.
If you would like to exercise your rights, please contact us at hello@apis.ng or at:
APIS Platform Ltd
5th Floor
1 Appold Street
London
EC2A 2UT
United Kingdom
We hope that our Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your data. You can write to our DPO at dpo@apis.ng or at APIS Platform Ltd, 5th Floor, 1 Appold Street, London, EC2A 2UT, United Kingdom.
You also have the right to complain to the regulator. The supervisory authority in the UK is the Information Commissioner’s Office (ICO). You can find out how to report a concern on their website – https://ico.org.uk/.
You can withdraw your consent to our processing of your data at any time. Please contact us if you want to do so at hello@apis.ng.
This will only affect the way we use data when our basis for processing your data is your consent. See the section ‘Your Rights’ and more specifically your right to restricting use of your data.
You may also opt out of some forms of data processing we are conducting, such as:
If you withdraw your consent and/or opt-out, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, changed, shared or accessed in a way it shouldn’t be. We will employ adequate technical and organisational security measures to protect your personal data. These methods include:
We will also limit access to your personal data to employees, agents, contractors and other third parties who have a strict need to see it in order to perform their business functions. They will only process your personal data on a ‘need-to-know’ basis, pursuant to our instructions and they will keep your personal data confidential.
We have put in place procedures to deal with any suspected personal data breach and will let you and any applicable regulator know of a breach when we have to by law.
We will use reasonable efforts to ensure that your personal data is accurate, complete and up-to-date. Please ensure you notify us without undue delay of any changes to the personal data that you have provided to us by updating your details on the APIS Platform or by contacting us at the details provided in this Privacy Policy.
We may update this Privacy Policy from time to time to ensure that it remains accurate. Please check back from to time to time for updates.
This Privacy Policy was last updated on 8 November 2021.
© 2022 APIS. All Rights Reserved | Terms of Use | Privacy Policy
Subscription Request Successfully placed!
Your Message successfully sent!