Privacy Policy

Hi! We’re APIS. We put our Members at the heart of what we do. We want to build long-lasting relationships based on transparency and trust. Thus, we have developed this Privacy Policy to explain how we treat your data and privacy when you use our products and services or when you visit our website. Our Privacy Policy is divided into the following sections:

  • Who we are
  • APIS is your Data Controlle
  • APIS is also your Data Processor in some cases
  • When we are a ‘Data Processor’
  • Third party providers of services available via the APIS Platform
  • Personal data we collect
  • Where we collect personal data and who we share it with
  • Our key partners as Data Controllers
  • Sharing anonymised data
  • Third-party links
  • How long we keep your personal data
  • Transfer of your data out of the EEA
  • Cookies and other tracking technologies
  • Your rights
  • How to contact us and how to complain
  • How to withdraw your consent or opt-out of processing
  • Security
  • Keeping your data accurate
  • Updates to this Privacy Policy

Who we are

We’re APIS Platform Ltd, but you’ll know us better as APIS. We’re a company that respects your privacy and is committed to protecting your personal data – which is just what this privacy notice is for.

Personal data we collect from you will be held by APIS Platform Ltd, which is part of the APIS company group. The APIS company group is made up of our main legal entity in the UK – APIS Platform Ltd; it’s branch in Sofia; APIS Platform Private Limited (India) and other entities that are or may become part of the APIS company group, collectively referred to as “APIS”, “we” or “us”. We’ll let you know which APIS or non-APIS company you have a relationship with when you take out a product or service with us. More information about us can be found on Our Website.

We are registered with the Information Commissioner’s Office (registration no. ZA165305) and are authorised and regulated by the Financial Conduct Authority (FCA) in the UK (reference no. 718743).

We provide the APIS Products and Services which are all the products and services offered via our iOS and Android mobile applications available on the App Store and on Google Play (“Our App”) and via our website identified by the following Uniform Resource Locator (URL): www.apis.ng, including its subdomains (“Our Website”) (together, “the APIS Platform”).

APIS is your Data Controller

APIS is the Data Controller of your data, which means we’re responsible for your personal data processed in relation to your use of the products and services accessible via the APIS Platform. When you receive services via the APIS Platform we collect, process, use and are responsible for certain personal data about you. When we do so, we are regulated under the applicable laws on the protection of personal data, privacy and electronic communications, including but not limited to The Data Protection Act 2018 (the “DPA 2018”, the United Kingdom General Data Protection Regulation (the “UK GDPR”) and The Privacy and Electronic Communications Regulations (“PECR”).

For the purposes of these laws we are responsible as a ‘Data Controller’ for the processing of your personal data. If you have any queries about this Privacy Policy or how we or any other APIS Group company (may) collect, store or use your data, please contact us by email at hello@apis.ng.

Throughout this Privacy Policy the terms “Personal Data”, “Data Controller”, “Data Processor”, “Data Processing”, “Data Subject” and “Profiling” shall have the meaning assigned to them by the applicable data protection laws mentioned above.

APIS is also your Data Processor in some cases

When we process personal data you provide to us that is related to other individuals (such as your employees or customers), we may be acting as a Data Processor (discussed below).

When we are a ‘Data Processor’

When using some of our services and products, APIS is a ‘Data Processor’ and you are a ‘Data Controller’, which means we process personal data solely for the purposes of providing you with our APIS Products and Services and based on your instructions.

In particular, when you engage with APIS Products and Services, or those of our partners, that involve you providing your employee, customer or other third-party personal data, APIS will likely be acting as a Data Processor of that data. Such products and services include but are not limited to invoicing, bookkeeping, employee payroll and accountancy products and providers.

When we act as a Data Processor we are required to have a written agreement in place with you which outlines how we process the personal data we process on your behalf and that you provide to us in your capacity of a Data Controller. We will let you know if you are using APIS Products and Services for which you are a ‘Data Controller’ and where you shall review and enter into a Data Processing Agreement (‘DPA’) with us. By using those services, you will be deemed to have read, reviewed and agreed to our DPA with you. If you have any questions about the DPA, please get in touch with us at dpo@apis.ng.

Personal data we collect

We collect personal data for a variety of reasons, including to meet our legal obligations, manage our operations, improve our business and deliver our services and products to you.

Below is a list of types of personal data that we may collect and use when you apply for, or use, any of our products or services.

Type of personal data Description Purpose Lawful basis
Contact Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you Managing our relationship with you or your business.

Communicating with you about our and our business partners’ products and services.

Delivering the APIS Products and Services to you, including to facilitate your use of the different APIS Services via single sign-on

Developing and carrying out marketing or business development activities.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Communicate with our customers.
  • Keep our records up to date.
  • Resolve issues and improve the service we provide to you.
  • Optimise your user experience
Transactional Details about the transactions you carry out and the payments to and from your accounts with us Making and managing customer payments.

Delivering our and our business partners’ products and services.

Managing fees, charges and interest due on customer accounts.

Collecting and recovering money that is owed to us.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Facilitate delivery of our services and products.
  • Develop products and services, our pricing for them and types of Members that may want to use them.
  • Develop and improve how we deal with financial crime, as well as discharging our legal duties in this respect.
Contractual Details about the products or services we provide to you Carrying out our obligations arising from and exercising our rights set out in our contracts.

Collecting and recovering money that is owed to us.

Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, and audit.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Understand and improve how we contract with our customers
  • Understand each party’s obligations and risks under any agreements
  • Be efficient about how we fulfil our legal and contractual duties.
Locational Data we get about where you are. This may come from the IP address assigned to your mobile phone or computer when you connect to the internet. It may also include locations where you used your APIS payment card or post codes. Delivering our and our business partners’ products and services.

Identifying, investigating, reporting and preventing fraud, security breaches, money laundering and other crime.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Be efficient about how we fulfil our legal and contractual duties.
  • Determine the risks that applicants for a APIS account may pose to APIS’s business and our Members.
  • Develop products and services, our pricing for them and types of Members that may want to use them.
Behavioural Details about how you use products and services offered on the APIS Platform from us and other organisations Studying how our Members use products and services from us and other organisations.

Delivering more personalised user experiences to our Members.

Developing and carrying out marketing or business development activities.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Work out which of our products and services may interest you and telling you about them.
  • Develop products and services, our pricing for them and types of Members that may want to use them.
Technical Details on the devices and technology you use, for example your website browser settings, marketing choices. Delivering our products and services to you.

Delivering our and our business partners’ products and services.

Identifying, investigating, reporting and preventing fraud, money laundering and other crime.

Developing and carrying out marketing or business development activities.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Be efficient about how we fulfil our legal and contractual duties.
  • Develop products and services, our pricing for them and types of Members that may want to use them.
Communication Any emails, calls or other communications you’ve sent to us or we’ve sent to you

What we learn about you from communications between us

Investigating and responding to your enquiries, complaints and feedback. Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Communicate with our customers.
  • Be efficient about how we fulfil our legal and contractual duties.
  • Resolve issues and improve the service we provide to you.
Public and third-party records Details about you that are in public records, such as the Electoral Register, Companies House, and data about you that is publicly available on the Internet. We also collect data about you which we receive from other companies, such as credit reference or fraud protection agencies like the CIFAS register. Identifying, investigating, reporting and preventing fraud, money laundering and other crime.

Registering you with a APIS account.

Developing and carrying out marketing or business development activities.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Determine the risks that applicants for a APIS account may pose to APIS’s business and our members.
  • Keep our records up to date.
  • Work out which of our products and services may interest you and telling you about them.
  • Develop products and services, our pricing for them and types of Members that may want to use them.
Usage data Data about how you use our products and services Studying how our Members use products and services from us and other organisations

Testing new products

Managing how we work with other companies that provide services to us and our Members

Developing and carrying out marketing or business development activities.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Work out which of our products and services may interest you and telling you about them.
  • Determine the risks that APIS Members may pose to APIS’s business and our Members.
  • Develop products and services, our pricing for them and types of Members that may want to use them.
Documentary data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driver’s licence, photographs or birth certificate. Identifying, investigating, reporting and preventing fraud, money laundering and other crime.

 

Complying with laws and regulations.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Be efficient about how we fulfil our legal and contractual duties.
  • Develop and improve how we deal with financial crime, as well as doing our legal duties in this respect.
  • Determine the risks that applicants for a APIS account may pose to APIS’s business and our Members.
Consents Any permissions, consents or preferences that you give us So we know what your preferences are in regards to marketing, automated decision-making and profiling (where this activity is based on your consent), cookies and any other relevant processing activities that you can opt-out of.

Developing and carrying out marketing or business development activities.

Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

  • Keep our records up to date.
  • Ask for your consent when we need it to contact you.
Special category data and criminal offence data Categories of data defined as ‘special category’ or ‘sensitive’ by applicable laws, including personal data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union members, genetic data, biometric data, health, sex life or sexual orientation. We may also process data about your criminal offence history.

In particular, we may collect data related to your health (such as disability data), biometric data (photos of you) and racial or ethnic origin (how you identify your ethnicity).

Understanding our community and the type of Members we work with, including about ethnicity, gender and health.

Operating our business in a proper way, including corporate responsibility.

Fulfilling our contract with you.

When it is our legal duty.

When you provide explicit consent. It is in the public interest. It is in your vital interest to protect yours or someone else’s life.
Your customer or employee data Any data that you provide us with about your employees or customers including contact details, personal details (e.g., name, date of birth, bank account information) in our capacity as your data processor. Delivering our and our business partners’ products and services to you. When you have instructed us to do so and by virtue of your existing contractual relationship with us.

 

Automated decision-making and profiling

To make quicker and more consistent decisions, we may also conduct automated individual decision-making. This means that we may analyse information about you via technological means to assess your personal circumstances and thus predict risks or outcomes. For example, we perform automated decision making in the following cases:

  • When you sign up for an account on the APIS Platform.
  • When you apply for credit services via the APIS Platform.
  • When we monitor transactions on the APIS Platform to detect and prevent financial crime.

When we take automated decisions that significantly affect you in those and any other circumstances, you can request a review of such a decision by APIS, express your point of view or contest the decision by contacting us at dpo@apis.ng or via Our App.

APIS may also conduct profiling for purposes of communicating effectively with you, for example, to send you relevant notifications or updates, according to the type of services usage, interests of different groups of Members. APIS may also use such profiling for targeted or direct marketing purposes (for example, to issue advertisements tailored to your usage or interests in APIS Products and Services or depending on your account information or usage of in-app or other app services).

Where we collect personal data and who we share it with

We may collect personal data about you (or your business) from other APIS Group companies and any of these sources:

Information from you

This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf, among others:

  • When you apply for our products and services
  • When you talk to us on the phone
  • When you use Our Website or Our App
  • In emails, web chats and letters
  • In surveys
  • If you take part in our competitions or promotions.
Type of third party Description Collect Share
Members of the APIS Group Our affiliated companies
Clear Bank and PPS Our key service partners.
Credit reference agencies (CRAs) We carry out credit checks when you apply for a product or services for your business. We may use domestic or international CRAs or other to help us with this.

If you use some of our products or services, from time to time, we may also search or use data that the CRAs have, to help us manage those accounts and to comply with our legal and other obligations. We will also share your personal data with CRAs and they will give us data about you for the same reasons stated in this Privacy Policy. This data may include data about settled accounts or any debts not fully repaid on time.

The identities of the CRAs, and the ways in which they use and share personal data are explained in more detail at TransUnion, Equifax and Experian.

Fraud prevention agencies We share and collect data with fraud prevention agencies like CIFAS to prevent fraud and money-laundering and to verify your identity. These verifications for purposes of fraud prevention can result in refusal of services or credit products.
Support tools and operational partners These include analytics, search engine service providers, customer experience support platforms to optimise and improve our services, as well as subcontractors we may use to supplement our customer support resources. X
Hosting and IT service providers IT vendors, including cloud storage providers, to securely store your personal data. X
APIS card manufacturers and delivery providers Card manufacturing, personalisation and delivery companies. X
Payment processing partners and vendors Financial services providers, including card issuers, payment processors and banking partners to facilitate payment transactions. These third parties may be part of Open Banking, which means they may be able to send information they hold about your account and transactions to us (based on your consent).
Identity and other information verification providers We work with third parties to verify the information you provide to us, for example your identity and address.
Partner platforms, providing business services We work with partners to offer you ‘add-ons’ to our service and products. Such products and services may include invoicing, bookkeeping, employee payroll and accountancy products and providers.
Social networks and other online platforms providers Social media sites, for the purposes of conducting market research, marketing campaigns, targeted and retargeted marketing and understanding the success of our marketing activities.

These social media sites may check if you hold an account with them and, based on the characteristics they have about you, provide targeted advertising to you (for example, to show you tailored advertisements on their social media platforms, depending on your potential interest in APIS Products and Services).

Public data sources Companies House, LinkedIn and other public data sources. X
Marketing, business development and sales partners Third parties that help us generate sales and marketing leads, and create and deliver our marketing activities.
Data services third parties Such as data analytics and insight firms, for example to test the quality of our data, to improve the effectiveness of our crime prevention controls, etc. X
Government and regulatory organisations Government, law enforcement agencies, authorities and regulatory bodies when APIS has to comply with its legal obligations. X

 

Our key partners as Data Controllers

In addition to the above ways in which we process and share your personal data, APIS also shares this data with companies who are integral in allowing us to offer our products and services to members.

The companies listed below become Data Controllers in relation to your personal data shared with them. This means that if you would like to exercise any of the rights afforded to you by the personal data protection laws applicable to your case, these companies must be contacted separately from APIS. The following ways describe how and why we share your data with them:

Sharing anonymised data

In addition to the data sharing listed above, we may share some data to other companies outside the APIS Group, but only when it is converted so that no person’s identity can be known or found out and is no longer considered personal data under the law (anonymised data).

Third-party links and third-party providers of products and services available via the APIS Platform

Occasionally, at our reasonable discretion, we may include or offer products or services to you from our business partners (third parties). These are independent service providers whose services are made available to you or promoted via the APIS Platform (for example invoicing, accounting, payment processing, direct debit and credit loan providers).

As a APIS member, you can opt to make use of these services, such that your data may be shared with the third-party providers or we may redirect you to the third-party provider. The personal data we may share and collect in those cases may include, depending on the service involved, and by way of example, the name and contact details of your business, your employees’ data and payroll data, invoicing data, your customer data and any other data that the provider may require to deliver the product or service requested by you.

Business partners may act as data processors to APIS or as data controllers. When business partners act as Data Processors to APIS, they will process your personal data solely to deliver the APIS Products and Services that you have requested and as described in this Privacy Policy. When business partners act as separate Data Controllers – they will have their own and independent privacy policies that apply when you use their products and services or visit their website. We (and any other APIS Group company; or any of our APIS company directors, officers, agents, contractors, sub-contractors or workers) have no responsibility or liability (however so caused) for the content, activities, data processing and services relating to those service providers or their linked websites. You can contact those third-party business partners for more data on how they may use your data.

How long we keep your personal data

We will keep your personal data as long as you are a customer of APIS.

We may keep your personal data after you stop being a customer. The reasons we may do this are:

  • To respond to a question or complaint, or to show whether we gave you fair treatment
  • To establish, exercise or defend our legal claims
  • To study customer data as part of our own research when this will not cause harm to your privacy and personal data protection rights
  • To comply with legal rules that apply to us about keeping records or information in which case we will retain your data for a minimum of six years after your account has been terminated or longer depending on domestic laws.

We may also keep your data if certain laws that APIS is subject to stipulate that we cannot delete it for legal, regulatory or technical reasons.

Cookies and other tracking technologies

We may use cookies to distinguish you from other users of our products or services when you visit Our Website or use Our App. This helps us provide you with a good experience, allows us to improve our products or services, keep Our Website and Our App safe and present you with advertising content that is relevant to you. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device when you visit Our Website or use Our App. Cookies send data back to the originating website or app on each subsequent visit, or to another website which recognises that cookie. Cookies also make it easier for you to log in and use the APIS Platform.

We may use the following cookies:

  • Strictly necessary cookies required for the operation of our products or services (including, for example, cookies that enable you to log into secure accounts and use interactive features);
  • Analytical/performance cookies that allow us to recognise and count the number of visitors and users and see how they use our products or services (e.g., to help us improve the way our products or services work or are provided, by ensuring that users easily find what they are looking for);
  • Functionality cookies to help us recognise you when you return to Our Website (this enables us to e.g., personalise our content for you, greet you by name and remember your preferences, such as choice of language or region);
  • Targeting cookies to record your visit to Our Website, the pages you have visited and the links you have followed. We may use this data to make our products and services and the data displayed on it, which we reasonably think is more relevant to your interests. We may also share this data with third parties for this purpose. In some instances, with respect to targeting cookies we act as joint controllers with third parties, such as social media platform TikTok.

You can block or disable cookies by activating the setting on your website browser that allows you to refuse the setting of all or some cookies or through the banner on Our Website and in the “Cookie Settings” page in the footer of Our Website. All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the ‘settings’, ‘preferences’ or ‘options’ menu of the browser you are using, but you could also look for a ‘help’ function or contact the browser provider. However, if you set your browser settings to block or disable all cookies (including essential cookies) you may not be able to access all or parts of the APIS Platform for which we require the use of cookies.

Your rights

Under the DPA 2018 and the UK GDPR, you are entitled to the following rights:

  • Question any data about you that you think is incorrect and have us take reasonable steps to correct it for you
  • To be told about how we process your data
  • Require the erasure of personal data concerning you in certain situations
  • Access personal data and copies (free of charge, where reasonable for us to do so at the time) concerning you collected by us in the course of our relationship with you
  • Object at any time to processing of personal data concerning you for e.g., direct marketing
  • Object to decisions being taken by automated means which produce legal effects concerning you or which similarly may significantly affect you
  • Object in certain other situations to our continued processing of your personal data
  • Otherwise, restrict our processing of your personal data in certain circumstances
  • The right to move, copy or transfer your personal data (where reasonable and proportionate for us to do so).

For further data on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the GDPR .

Please note that your specific rights may vary depending on the country you are established in.

If you would like to exercise your rights, please contact us at hello@apis.ng or at:

APIS Platform Ltd
5th Floor
1 Appold Street
London
EC2A 2UT
United Kingdom

How to contact us and how to complain

We hope that our Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your data. You can write to our DPO at dpo@apis.ng or at APIS Platform Ltd, 5th Floor, 1 Appold Street, London, EC2A 2UT, United Kingdom.

You also have the right to complain to the regulator. The supervisory authority in the UK is the Information Commissioner’s Office (ICO). You can find out how to report a concern on their website – https://ico.org.uk/.

How to withdraw your consent or opt-out of processing

You can withdraw your consent to our processing of your data at any time. Please contact us if you want to do so at hello@apis.ng.

This will only affect the way we use data when our basis for processing your data is your consent. See the section ‘Your Rights’ and more specifically your right to restricting use of your data.

You may also opt out of some forms of data processing we are conducting, such as:

    • Marketing, including email, phone and SMS marketing.
    • Social media and targeted marketing, including retargeting and curated audiences.
  • Non-essential cookie collection on Our Website. You may be unable to opt out of ‘necessary’ cookies as discussed above.
  • Non-essential profiling and automated decision-making, including those activities undertaken for marketing purposes.

If you withdraw your consent and/or opt-out, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, changed, shared or accessed in a way it shouldn’t be. We will employ adequate technical and organisational security measures to protect your personal data. These methods include:

  • The pseudonymisation and encryption of personal data, where possible.
  • Ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services via role-based access controls, confidentiality undertakings of our staff, etc.
  • The ability to restore the availability and access to personal data quickly in the event of or technical incident.
  • A process for regularly testing, assessing and evaluating the effectiveness of our technical and organisational measures.

We will also limit access to your personal data to employees, agents, contractors and other third parties who have a strict need to see it in order to perform their business functions. They will only process your personal data on a ‘need-to-know’ basis, pursuant to our instructions and they will keep your personal data confidential.

We have put in place procedures to deal with any suspected personal data breach and will let you and any applicable regulator know of a breach when we have to by law.

Keeping your data accurate

We will use reasonable efforts to ensure that your personal data is accurate, complete and up-to-date. Please ensure you notify us without undue delay of any changes to the personal data that you have provided to us by updating your details on the APIS Platform or by contacting us at the details provided in this Privacy Policy.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to ensure that it remains accurate. Please check back from to time to time for updates.

This Privacy Policy was last updated on 8 November 2021.

Subscription Request Successfully placed!

Your Message successfully sent!