SohCahToa Payout BDC Privacy Policy

Effective Date: [TBD]     Last Updated: [TBD]

License Type: Tier 1 Bureau De Change (BDC)

Regulatory Body: Central Bank of Nigeria (CBN)

1. Introduction

Sohcahtoa Payout BDC Ltd ("Company", "we", "us", "our") is a Tier 1 Bureau De Change duly licensed and regulated by the Central Bank of Nigeria (CBN). We are committed to safeguarding your personal data and ensuring it is processed lawfully, fairly, transparently, and securely in accordance with:

  • The Nigeria Data Protection Act (NDPA) 2023
  • CBN AML/CFT Regulations
  • CBN Consumer Protection Framework
  • Other applicable laws of the Federal Republic of Nigeria

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you:

  • Visit our website
  • Use our digital platforms
  • Visit our branches
  • Engage our foreign exchange services

By using our services, you acknowledge and consent to the practices described in this Policy.

2. Information We Collect

To comply with regulatory obligations and provide secure FX services, we collect the following categories of data:

A. Identity Information

  • Full name
  • Date of birth
  • Bank Verification Number (BVN)
  • National Identification Number (NIN)
  • International Passport

B. Contact Information

  • Residential address
  • Email address
  • Telephone number

C. Financial & Transaction Information

  • Bank account details
  • Currency transaction details
  • Payment records
  • Supporting documentation (travel ticket, admission letter, invoice, etc.)

D. Technical & Usage Information

  • IP address
  • Browser type and device information
  • Log-in data
  • Website interaction data account details transaction details

E. CCTV & Security Monitoring

Where you visit our physical branches, CCTV footage may be collected for security and fraud prevention purposes.

3. Legal Basis for Processing

We process your personal data under one or more of the following lawful bases:

  • Compliance with legal and regulatory obligations (CBN, AML/CFT laws)
  • Performance of a contract (execution of FX transactions)
  • Your explicit consent
  • Legitimate business interests (fraud prevention, service improvement)

4. How We Use Your Information

We use your information to:

  • Conduct Know Your Customer (KYC) verification
  • Process and document foreign exchange transactions
  • Fulfil regulatory reporting obligations
  • Detect and prevent fraud, money laundering, and terrorist financing
  • Respond to complaints and inquiries
  • Improve our digital platforms and customer experience
  • Maintain internal risk and compliance records of a contract (execution of FX transactions)

We do not process personal data for unrelated commercial purposes.

5. Disclosure of Information

We may share your data with:

  • CBN, EFEE, NFIU or other regulators
  • Law enforcement agencies
  • Courts or regulatory bodies
  • Partner banks and payment processors
  • Compliance auditors and professional advisers
  • Technology service providers under strict confidentiality agreements.
  • Service providers supporting operations
  • Authorities, when required to comply with Nigerian law.

We do not sell, trade or rent your personal data to third parties.

6. Data Retention

In line with CBN regulations and AML/CFT laws:

  • Transaction and KYC records are retained for a minimum of five (5) years or as otherwise required by law.
  • CCTV footage is retained for security purposes in accordance with internal policy.
  • Data will be securely deleted or anonymized once retention periods expire and deletion is legally permissible.

7. Your Data Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion (subject to regulatory retention obligations)
  • Restrict or object to processing
  • Withdraw consent where applicable
  • Request data portability
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
  • Requests may be submitted using the contact details below. and document foreign exchange transactions regulatory reporting obligations internal risk and compliance records of a contract (execution of FX transactions)

8. Data Security Measures

We implement appropriate technical and organizational safeguards, including:

  • Encrypted digital storage systems
  • Restricted access controls
  • Firewalls and intrusion detection systems
  • Staff confidentiality agreements
  • Periodic security audits
  • Role-based data access

Data Protection Impact Assessment (DPIA)

To protect your privacy, we evaluate the potential impacts of data processing activities on your rights and freedoms. In compliance with the Data Protection Laws, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that may pose significant privacy risks. This process allows us to identify and address risks before processing begins, implementing measures to protect your personal data. If any identified risks cannot be sufficiently mitigated, we will consult with the relevant supervisory authority, as required.

These safeguards help protect your data from unauthorized access or misuse while it is being transferred electronically.

9. Cookies & Tracking

We use cookies and/or other tracking tools to improve functionality, monitor performance and analyze usage patterns. Disabling cookies may affect certain features. Please read our cookies policy here.

10. Third party links

Our website may contain links to external websites, including partner websites. We are not responsible for their privacy policy practices content of external platforms. Users are advised to review the privacy policies of such websites before providing personal information.

11. Policy Updates

We reserve the right to update this Privacy Policy to reflect regulatory changes or operational improvements. The updated version shall be posted on our website with a revised "Last Updated" date. Continued use of our services constitutes acceptance of the updated policy.

12. Contact Us

Have questions or want to exercise your rights? Contact us at: