2- Preamble AFRICA'LIF handles personal data concerning you in the context of the use of digital wallet services and its associated services which it offers to you via its mobile applications and web. It respects privacy and protects the personal data of users of the services it offers.
3- Purpose The purpose of this policy is to inform users, how to collect, process, and use their personal data and their rights regarding the protection of said data.
4.When do we process the data?
a- The data concerning you are notably collected or processed on occasion:
* when registering for the service and opening the account digital wallet;
* using the services and managing the digital wallet account;
* using the services of the FLASH'LIF account;
* accessing and management of your personal space;
* of your authentication on the application;
* of the processing of your requests, complaints;
* and the performance of our obligations in the fight against money laundering capital and terrorist financing.
b- Data is collected from you, at your request and when using the services.
5- What collected data do we process?
a- As part of the use of the services, several types of personal data may be collected.
b- We collect 8 (eight) types of data:
* Generic data iques: first name, age, city, and gender ;
* Identity and address data: this includes data such as civility, name, e-mail address, telephone number, date of birth, as well as certain supporting documents identity;
* Data relating to financial flow:
this is data, such as payment data (date, time, amount, location) and data relating to transactions ;
* Operating data for your digital wallet account: this data relates to the analysis of the user profile. Thus, it is data, such as the means of payment used, the balance of his account, and the data resulting from the analysis of the profile of the user, in particular relating to the management of fraud;
* Your identifier and the information collected from the mobile:
OS name, mac address, unique identifier for the phone;
* Your browsing history in the application.
* Transmitted Data:
name, location, date, time,
6.Why do we collect your data?
a- Depending on the data, it is processed in whole or in part for the main reasons following, necessary for the execution of the contract concluded with the user:
* the execution of the contract and the maintenance of digital wallet account;
* the management and the animation of the commercial relation ;
* evaluation, detection, management and consolidation of risks, management of linking users with partners and other users;
* managing proposals / making available services, promotions and awards;
* budget management and monitoring;
*management of activity reporting;
* security management;
* management of identification and authentication of service users;
* measurement of satisfaction and quality of services;
b- Data is also processed for purposes that result from legitimate interests of AFRICA'LIF, in order to improve the quality and relevance of the services provided to users:
* prospecting, commercial animation and advertising targeting based on information that you communicate to us or that which comes from the use of our services;
* customer relationship management, prospecting and commercial animation carried out by AFRICA'LIF through its applications and at the request of its partners;
* managing the prevention of unpaid debts and fraud.
c- Finally, the processing of certain data is made necessary by legal obligations to which AFRICA'LIF is subject, such as combating money laundering and the financing of terrorism.
7. your data is transmitted to whom?
a- The processed data is intended for the following persons:
* to the authorized services of the data controller;
* to the organizations or services authorized to have knowledge of this data, in because of their skills in the fight against money laundering, fraud and internal control.
b- The data may be communicated to any authority legally empowered to know in particular in the event of a judicial requisition from the judicial, police authorities or administrative.
7.1. Authorized services of the data controller
a- Access to the user's personal data is reserved for persons authorized by the data controller who must access it because of their mission and for the fulfillment of the latter. .
b- In addition, authorized persons are subject to strict confidentiality regarding all personal data relating to users of which they become aware during the exercise of their function.
7.2 . Our Providers
a- AFRICA’LIF may be required to entrust certain services to third parties in the context of its activities and the provision of services.
b-For the realization of these, AFRICA’LIF communicates personal data of the user to its service providers. The latter are called upon to scrupulously respect the confidentiality of the data provided to them.
c- In such circumstances, providers, taking into account the agreement which binds them with AFRICA'LIF, are obliged to respect security measures and confidentiality of data and undertake to implement appropriate technical and organizational measures so that the processing carried out meets all of the applicable regulations and guarantees the protection of your rights.
7.3. Relationship with bodies or departments competent in the area of anti-money laundering and internal control
a- AFRICA'LIF may be required to communicate the user's personal data to bodies or departments authorized and competent in matters anti-money laundering, fight against terrorism and internal control.
b- In such a case, if the said body is external to AFRICA'LIF, the latter is contractually obliged to respect an obligation of security and confidentiality of data.
8- How long is the data kept?
a- AFRICA'LIF keeps your data according to a retention period policy set so that the data is kept for a period proportional to the purpose for which they were collected.
b- Data relating to your identity will be kept for a period of 5 (five) years from the end of the contractual relationship with AFRICA'LIF.
9- What data Are data kept?
* Information relating to digital wallet transactions will also be kept for 5 (five) years from the transaction.
* The data necessary for the management of any disputes or disputes are also kept for a period of 5 (five) years, in accordance with the legal provisions in force.
10- Transfer of data
a- The processed data is stored on servers of a service provider located in the United States and on another server located in Cameroon.
b- AFRICA'LIF contractually obliges its service provider to comply with the practices and with the present personal data protection policy and compliance with authorities' prescriptions regarding the internet and related freedoms.
11- What are your rights?
- You have the right to access to data concerning you. If you exercise this right, AFRICA'LIF will provide you with a copy of the characteristics of the processing of your personal data (such as the categories of data concerned, the purposes, the recipients, etc.).
b- If you submit your request, AFRICA'LIF will provide you with the required information in a form suitable for everyday use. However, you have the option of requesting that this information be provided to you in the form of your choice.
c- AFRICA'LIF may require the payment of fees based on the administrative costs generated by any request for an additional copy.
d- You have a right to the portability of the personal data that you have transmitted. This allows you to receive this data in a commonly used and machine-readable structured format. You also have the right to request that this data be transmitted to another data controller, when this is technically possible.
e- You also have the right to object on legitimate grounds that your data personal data are subject to processing, and a right to object to this data being used for prospecting purposes, including possible profiling insofar as it is linked to said prospecting. As soon as you object to the processing, your data will no longer be processed for these purposes.
f- You also have the right to have your data rectified, completed and updated when it is inaccurate, incomplete, ambiguous or outdated.
g- You have the right to obtain the limitation of processing in the following cases:
* You dispute the accuracy of your personal data;
* Processing is illegal and you wish to obtain the limitation of this processing instead of erasing your personal data;
* AFRICA'LIF no longer needs your personal data but these are still necessary for you to establish, exercise or defend a legal right.
h- Finally, you have the right to obtain the erasure of your personal data in the following cases:
* You have objected to the processing of your personal data for commercial prospecting purposes;
* Your personal data has been subject to unlawful processing;
* Your Personal data must be erased in order to comply with a legal obligation provided for by Cameroonian law.
i- However, you cannot obtain the erasure of your data when the processing is necessary for the exercise of the right to freedom of expression and information, the establishment, exercise or defense of legal rights, or to comply with a legal obligation to which AFRICA'LIF is subject.
12. How to exercise your rights? Customer requests are sent physically to the various AFRICA'LIF agencies.
a- In the interests of confidentiality and protection of personal data, the controller must ensure the identity of the user before responding to his request. Also, any request for the exercise of these rights must be accompanied by a copy of a signed identity document.
b- As soon as you make a request for exercise of your rights, we undertake to respond to you within a maximum of one month from the receipt of your request. However, this period may be extended if your request is particularly complex or taking into account the number of requests. In this case, you will be notified of the reasons for the extension and of the new deadlines.
c- If we are unable to comply with your request, we will inform you within a reasonable time, specifying the reasons.
d- You are informed that in the event of manifestly unfounded or excessive requests, in particular because of their repetitive nature, we may refuse to comply with your requests or require the payment of fees to take into account the administrative costs incurred in responding to your requests.
13- Technical information collected from the user's Smartphone.
The main technical information collected are the following:
- the name of the OS;
- the version of the OS;
- the unique identifier of the phone. IP address of the computer
14- What are the security measures implemented?
14.1- Security measure of the application in general
a- Concerned about guaranteeing the security of the data of its users, we take all the useful precautions that they are physical, logical, administrative or organizational, in view of the nature of the data that we process and the risks presented by the various treatments, to preserve the security of the data and, prevent it from being distorted, damaged or that third parties not have access to it.
b- P among these measures are notably:
- the management of authorizations for data access;
- enhanced authentication of access to the ELRO'CASH application;
- the confidentiality of exchanges ensured by an SSL protocol.
c- In case of subcontracting of part or all of a processing of personal data, we contractually impose on our subcontractors guarantees of security and confidentiality of personal data through technical measures to protect this data and appropriate human resources.
14.2- Security measures specific to the data of cardholders. A reinforced security system is implemented in the context of transactions that can be carried out via the ELRO’CASH service.
15- Social networks, and site and applications of third parties
a- Links on the ELRO'CASH application may direct the user to other applications and / or sites.
b- The user's attention is drawn to the fact that Personal data protection policies of these different applications and / or sites may be different from this policy.
c- In this context, it is recommended that the user in all cases, take note of the personal data protection policy for each of the sites and / or applications.
d- In any event, our responsibility cannot be sought in the event that the content of one of the sites and / or applications would contravene the legal and regulatory provisions in force.
16- Update of the data protection policy
a- The confidentiality policy is likely to be modified or adapted to any moment.
c- Last modification: on-06 / May / 2020