Privacy Policy for Raenest Limited 

1. ‍
2. Introduction

Raenest.com is provided by Raenest Technologies Solutions Service Limited (“Raenest”).

At Raenest, we value your privacy, and we are committed to safeguarding your personal information. All personal data that you provide us will be protected and kept confidential among our affiliates, representatives, and privies.

Throughout the website, the terms “we”, “us” and “our” refer to Raenest.

This Privacy policy is specifically designed for our Users who access the Services we provide in the Republic of Kenya. This policy explains how we collect, use, share and protect your personal data in connection with your use of our services as a User or Potential User. This policy also sets out your rights and whom you may contact for further information. You also agree to abide by the applicable laws of the Republic of Kenya concerning your use of the website and your agreements with us. You agree to this Privacy Policy by visiting our website and when you use our services.

‍

Your use of our services, and any dispute over privacy is subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.

Our website and services are not directed at you if we are prohibited by any law of any jurisdiction from making the information on our website available to you and is not intended for any use that would be contrary to local law or regulation.

‍

2. Definitions
   “consent”

means the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they (by a statement or by a clear affirmative action) signify their agreement to the processing of personal data relating to them;

“data subject”

means a living, identified, or identifiable individual about whom Raenest holds personal data;

“Data Protection Legislation”

means all applicable data protection and privacy laws including, but not limited to the Data Protection Act 2019, the Data Protection (General) Regulations 2021, the Data Protection (Compliance and Enforcement) Regulations 2021, the Data Protection (Registration of Data Controllers and Data Processors) Regulations 2021, and any successor legislation;

“personal data”

means any information relating to a data subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that data subject;

“personal data breach”

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

‍

3. Consent

1. Where the processing of your personal data is based on consent, we shall obtain the requisite consent at the time of collection of the personal information. In this regard, you consent to the processing of your personal information when you access our website, or use our services, content, features, technologies or functions offered on our website or other digital platforms. You can withdraw your consent at any time, but such withdrawal will not affect the lawfulness of the processing of your data based on consent given before its withdrawal.
2. Where your personal data is to be processed for a different purpose that is incompatible with the purpose or purposes for which that personal data was originally collected that was not disclosed to you when you first provided your consent, we will obtain your consent to the new purpose or purposes.

‍

4. Age Restriction

1. You affirm that you are over 18 years old and have the right to contract in your own name, and that you have read the above authorisation and fully understand its contents.
   
   
2. Individuals below 18 (eighteen) years of age are only allowed to sign up for our services or provide us with their information when an adult above the age of 18 (eighteen) is signing contracts in their stead.
   
   

4. Data Protection Principles

The Data Protection Legislation sets out the following principles with which anyone handling personal data must comply. We, our employees, agents, contractors and third-party service providers comply with the following principles when collecting or processing your personal data. All personal data must be:

1. processed lawfully, fairly, and in a transparent manner in relation to the data subject;
2. adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
3. accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is accurate, having regard to the purposes for which it is processed, is erased, or rectified without delay;
4. kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of the appropriate technical and organisational measures required by the Data Protection Legislation in order to safeguard the rights and freedoms of the data subject; and
5. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

6. Information We Collect.

In providing our services to you, we collect certain non-personal and personal data about you. Our policy is to keep this information confidential and strictly safeguarded and to use or disclose it only as needed to provide services to you, or as permitted or required by the Data Protection Legislation.

There are three categories of information we collect. We collect a variety of information from our users and visitors to our website. As described below, some information is automatically collected when you visit our website, some you provide to us when filling out a form or communicating with us, and some are provided to us by third-party integration Application Programming Interface (API).

‍

1. Information Collected Automatically: Whenever you visit our website, our web servers automatically collect non-personal information such as the domain name of the internet access provider, the internet protocol address used to connect the computer to the internet, the average time spent on our website, pages viewed, information searched for, access times, and other relevant statistics.

‍

2. Information You Provide Us: If you provide us with personal information, by contacting us, or signing up on our website, we collect the following personal information:

1. Name, phone number, gender, e-mail address, nationality, and employment history;
2. Information concerning your identity e.g., a valid government-issued identity card and your nationality;
3. Business information: e.g. business address, business contact information, the nature of services provided;
4. Payment information; and
5. Any other information you provide to us or direct us to collect.

‍

3. Other information which may be automatically collected from you when you visit our website include the domain name of your internet service provider, the internet protocol address used to connect the computer to the internet, the average time spent on our website, pages viewed, information searched for, access times, your geographical location, operating system, referral source, and other relevant statistics.

‍

7. Using Your Personal Data

1. We primarily collect your personal data to ensure that we provide the most efficient service to you, monitor the use and improve our website and other legitimate interests. Your information will solely be used and disclosed for the following purposes:

1. To help us verify your identity;
2. To carry out our obligations ensuing from any contracts entered into between you and us;
3. To provide you with the products, services and information you request from us, including sharing your information with third parties where we have legal basis to do so;
4. To assist you with enquiries and improve our customer service;
5. To allow us to communicate with you in any way (including e-mail, telephone, and text or multimedia messages);
6. For our billing and account purposes;
7. To help prevent and detect fraud or loss;
8. To update our records;
9. To send you personalised service or support messages, such as updates, security alerts, email notifications and /or newsletters;
10. To conduct security investigations and risk assessments; and
11. For compliance with legal and regulatory obligations.

‍

2. Employees, agents, contractors, or other parties working on behalf of Raenest shall collect your personal data only to the extent required for the performance of their job duties and only in accordance with this Policy. Excessive personal data shall not be collected.
3. Employees, agents, contractors, or other parties working on behalf of Raenest shall process your personal data only when the performance of their job duties requires it. Your personal data held by Raenest cannot be processed for any unrelated reasons.

‍

8. Data Accuracy

Your personal data must be accurate and kept up to date. In this regard, Raenest shall ensure that any data it collects and/or processes is accurate and not misleading in a way that could be harmful to you; make efforts to keep your personal data updated where reasonable and applicable; and make timely efforts to correct or erase your personal data when inaccuracies are discovered.

‍

9. Data Retention

We will retain your information for as long as your account is active or as needed to provide you with our services, comply with our legal and statutory obligations or verify your information with a financial institution.

‍

Raenest is statutory obligated to retain the data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud and in compliance with laws and regulatory guidelines applicable to us, our banking providers. Therefore, even after closing your Raenest account, we will retain certain data in order to comply with these obligations.

‍

Raenest shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.  In the case of your financial data, the purpose for which the data was collected is to provide you with our services. Unless Raenest is statutory bound to retain for a longer period of time or receives a valid request to erase your data, the data is retained for [insert length of time] after you actively stop using our services or products. This allows your record to be maintained.

‍

10. Data Confidentiality

Your information is regarded as confidential and will not be divulged to any third party, except under legal and/or regulatory conditions. You have the right to request copies of any and all information we keep on you, if such requests are made in compliance with applicable laws and other relevant enactments. While we are responsible for safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details, adherence with physical security protocols on our premises, dealing with only authorised officers of Raenest.

‍

11. Disclosures

1. We will not sell, publish, or disclose to third parties your personal data collected on our website, through our servers or otherwise obtained by us, other than to provide our services and as set forth in this Policy.
2. We may share end-user opt-in data with our subcontractors or outsourced service providers where it is necessary to provide the products and services, or for any other purposes described in this Privacy Policy.
3. Your personal data may be provided as necessary to the following categories of recipients: security, insurance, professional advisory (including legal, accounting and auditing advice), banking, payment processing, facilitating credit arrangements, credit reporting, fraud checks, data storage, information processing, marketing, online communications technology services, and other trusted third parties with whom we have an agreement for the protection of your information, or government/regulatory/law enforcement agencies pursuant to legally binding order.
4. We will notify you as soon as we become aware of a harmful data breach which may result in a risk of your rights and freedom.
5. You have the right to request an erasure of your data at any time.
6. We will notify you if we are transferring your data.
7. You may request at any time that we halt further dissemination of your data or cease to use your data.
8. If you submit content in a public forum or a social media post, or use a similar feature on our website, that content is publicly visible.
9. We may disclose Personally Identifiable Information if required to do so by law or in the good faith belief that such action is necessary to (a) conform with the requirements of the law or comply with legal process served on us, or (b) act in urgent circumstances to protect the personal safety of users of our service or members of the public.
10. To the extent practicable and legally permitted, we will attempt to advise you prior to any such disclosure, so that you may seek a protective order or other relief limiting such disclosure.

‍

12. Transfer of Personal Data

1. Third Party Processor

We may engage the services of third parties in order to process your personal data. The processing by such third parties shall be governed by a written contract with Raenest to ensure adequate protection and security measures are put in place by the third party for the protection of your personal data in accordance with the terms of this policy and the Data Protection Legislation.

‍

2. International Transfers

1. Your information may be transferred to a foreign country or international organisation for the purpose of providing our service to you. We will ensure that there are adequate data protection laws in the recipient country or organisation before transferring your information. We shall, among other things, conduct a detailed assessment of whether the recipient country has adequate data protection laws or any other relevant authorities that exist and may come into existence in the jurisdictions where Raenest has offices.
2. Transfer of your personal data out of Kenya would be in accordance with the provisions of the Data Protection Legislation. Subject to obtaining your consent and confirming the existence of appropriate safeguards in the recipient country, we will only transfer your personal data out of Kenya on one of the following conditions:

1. for the performance of a contract between you and Raenest or implementation of precontractual measures taken at your request;
2. for the conclusion or performance of a contract concluded in your interest between us and a third party;
3. for any matter of public interest;
4. for the establishment, exercise or defence of a legal claim;
5. in order to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent; or
6. for the purpose of compelling legitimate interests pursued by Raenest which are not overridden by your interests, rights and freedoms.

3. Provided, in all circumstances, that you have been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this provision shall not apply to any instance where you are answerable in duly established legal action for any civil or criminal claim in another country.
4. We will take all necessary steps to ensure that your personal data is transmitted in a safe and secure manner.
5. Details of the protection given to your information when it is transferred outside Kenya shall be provided to you upon request.

‍

13. Your Rights

Subject to certain limitations and exceptions, you are entitled to the following principal rights under the Data Protection Legislation:

1. You have the right to be notified if we are transferring your personal information.
2. You have the right to request an erasure of your personal data at any time.
3. You have the right to request that we rectify inaccurate personal information.
4. You may request at any time that we halt further dissemination of your data or cease to use your personal information.
5. You have the right to request for copies of your personal information.

Please note that if you request for a copy of your personal data, you may be required to pay a fee. If you would like to exercise any of the above stated rights, you are required to send a written application stating the right you wish to exercise. Applications are to be submitted via email to hello@raenest.com.

As a customer centered business, we pride ourselves in efficient service delivery, and as such, we will endeavour to process all subject access requests within thirty (30) days and if any further extension is required for reasons beyond control, we will communicate same through the existing channels.

For more information on how to exercise your data protection rights, please contact our Data Protection Officer at [compliance@raenest.com].

14. Website Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as secure sockets layer (SSL) to safeguard and secure the information we collect online. We use encryption tools when accepting and transmitting delicate visitor information through our website. Some of the other safeguards we use are firewalls and physical access controls to our data centres, and information access authorisation controls.

‍

15. Training

We shall ensure that employees who collect, access and process your personal data receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this policy and the Data Protection Legislation with regard to the protection of personal data. On an annual basis, we shall develop a capacity building plan for our employees on data privacy and protection in accordance with the Data Protection Legislation.

‍

16. Use of Cookies

We use cookies to identify you as a user and make your user experience easier, customise our services, content and advertising, help you ensure that your account security is not compromised, mitigate risk and prevent fraud and to promote trust and safety on our website. Cookies allow our servers to remember your account log-in information when you visit our website, IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities. If your browser or browser add-on permits, you have the choice to disable cookies on our website; however, this may limit your ability to use our website.

‍

17. The Data we Retain

We will retain your information for as long as needed to provide you with our services, comply with our legal and statutory obligations or verify your information with a regulatory or financial institution.

We are statutorily obligated to retain the data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud and in compliance with laws and regulatory guidelines applicable to us.

‍

18. Data Breach Management Procedure

1. In the event where there is any accidental or unlawful destruction, processing, loss, alteration, unauthorised disclosure of, or access to your personal data, we shall:

1. notify you within 24 (twenty-four) hours of the occurrence of the data breach;
2. properly investigate the breach and take the necessary steps to mitigate such breach;
3. identify remediation requirements and track the resolution of such breach; and
4. notify the Office of the Data Protection Commissioner or any other regulatory authority, where necessary.

‍

2. All suspected breach of personal data shall be remedied within three months from the date of the report of the breach. If you know or suspect that a personal data breach has occurred, you should immediately contact us at [compliance@raenest.com]

‍

19. Links to Third Party Websites

1. Our website may contain links to third-party websites or services that are not owned or controlled by us.
2. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such websites or services.
3. We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.

‍

20. Limitation of Liability

We exercise reasonable efforts to safeguard the security and confidentiality of your personal data; however, we will not be liable for unauthorised disclosure of personal data that occurs through no fault of ours.

‍

21. Changes to this Privacy Policy

Changes may be made to this Privacy Policy from time. Whenever such changes are made, we will notify you. These changes will take effect immediately after you have been notified.

‍

22. Contact Us

If you would like more information or you have any comments or questions on our Privacy Policy, please contact us at [compliance@raenest.com].  

‍

This policy is effective as of 19/08/2023.  

‍

Last updated: 19/08/2023.

‍

Privacy Policy for Raenest Technology Solutions Limited

1. Introduction

https://www.raenest.com is provided by Raenest Technology Solutions Service Limited (“Raenest”).

At Raenest, we value your privacy, and we are committed to safeguarding your personal information. All personal data that you provide us will be protected and kept confidential among our affiliates, representatives, and privies.

Throughout the website, the terms “we”, “us” and “our” refer to Raenest.

This Privacy Policy (“Policy”) explains how we collect, use, share and protect your personal data in connection with your relationship with us as a user or potential user. It applies to all our clients, potential clients, consultants, partners and every other person we hold information about.

This Policy also sets out your rights and who you may contact for further information.

You agree to this Privacy Policy by visiting our website and when you use our services.

Your use of our services, and any dispute over privacy is subject to this Policy and our Terms of Service including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.

Our website and services are not directed at you if we are prohibited by any law of any jurisdiction from making the information on our website available to you and is not intended for any use that would be contrary to local law or regulation.

‍

2. Consent

Where the processing of personal information is based on consent, we shall obtain the requisite consent at the time of collection of the personal information. In this regard, you consent to the processing of your personal information when you access our website, or use our services, content, features, technologies or functions offered on our website or other digital platforms or visit any of our offices for official or non-official purposes. You can withdraw your consent at any time but such withdrawal will not affect the lawfulness of the processing of your data based on consent given before its withdrawal.

‍

3. Age Restriction

You affirm that you are over the age of 18 and have the right to contract in your own name, and that you have read the above authorisation and fully understand its contents.

‍

4. Information We Collect.

In providing our services to you, we collect certain non-personal and personal information about you. Our policy is to keep this information confidential and strictly safeguarded, and to use or disclose it only as needed to provide services to you, or as permitted or required by law. This Policy is applicable to information for current and former clients.

‍

We collect a variety of information from our users and visitors to our website. As described below, some information is automatically collected when you visit our website and some you provide to us when filling out a form or communicating with us. There are two categories of information we collect:

1. Information Collected Automatically: Whenever you visit our website, our web servers automatically collect non-personal information such as the domain name of the internet access provider, the internet protocol address used to connect the computer to the internet, the average time spent on our website, pages viewed, information searched for, access times, and other relevant statistics.
2. Information You Provide Us: If you provide us with personal information, by contacting us, or subscribing to our services we collect the following personal information:

1. Name, gender, date and place of birth; and your employment information;
2. Information concerning your identity e.g., a valid government-issued identity card and your nationality;
3. Payment information; and
4. Any other information you provide to us.

‍

5. Using Your Personally Identifiable Information

“Personally Identifiable Information” means any information that (a) identifies or can be used to identify, contact, or locate the person to whom such information pertains, or (b) from which identification or contact information of an individual person can be derived.

We primarily collect your information to ensure that we provide the most efficient services to you, monitor the use of and improve our website and other legitimate interests. Your information will solely be used and disclosed for the following purposes:

1. To help us verify your identity;
2. To carry out our obligations ensuing from any contracts entered into between you and us;
3. To provide you with the products, services and information you request from us;
4. To assist you with enquiries and improve our customer service;
5. To assist us in carrying out marketing analysis and customer profiling (including transactional information), conduct research, including creating statistical and testing information;
6. To allow us to communicate with you in any way (including e-mail, telephone, visit, and text or multimedia messages);
7. For our billing and account purposes;
8. To help prevent and detect fraud or loss;
9. To update our records;
10. To make recommendations and suggestions to you about services offered by us unless you have previously asked us not to do so;
11. To send you service or support messages, such as updates, security alerts, email notifications and /or newsletters;
12. To conduct investigations and risk assessments; and
13. For compliance with legal and regulatory obligations.

‍

6. Data Accuracy

Your personal data must be accurate and kept up to date. In this regard, Raenest shall ensure that any data it collects and/or processes is accurate and not misleading in a way that could be harmful to you; make efforts to keep your personal data updated where reasonable and applicable; and make timely efforts to correct or erase your personal data when inaccuracies are discovered.

‍

7. Other Information We Collect

We may also collect information from you using cookies and other analytical tools especially when you use our products and services. More details are provided below in our section on Cookies.

‍

8. Data Confidentiality

Your information is regarded as confidential and will not be divulged to any third party, except under legal and/or regulatory conditions. You have the right to request copies of any and all information we keep on you, if such requests are made in compliance with the Freedom of Information Act and other relevant enactments. While we are responsible for safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details and dealing with only the authorised officers of Raenest.

‍

9. Disclosures

1. We will not sell, publish, or disclose to third parties your personal data collected on our website, through our servers or otherwise obtained by us, other than to provide our services and as set forth in this Policy.
2. We may share end-user opt-in data with our subcontractors or outsourced service providers where it is necessary to provide the products and services, or for any other purposes described in this Privacy Policy.
3. Your personal data may be provided as necessary to the following categories of recipients: security, insurance, professional advisory (including legal, accounting and auditing advice), banking, payment processing, facilitating credit arrangements, credit reporting, fraud checks, data storage, information processing, marketing, online communications technology services, and other trusted third parties with whom we have an agreement for the protection of your information, or government/regulatory/law enforcement agencies pursuant to legally binding order.
4. We will notify you as soon as we become aware of a harmful data breach which may result in a risk of your rights and freedom.
5. You have the right to request an erasure of your data at any time.
6. We will notify you if we are transferring your data.
7. You may request at any time that we halt further dissemination of your data or cease to use your data.
8. If you submit content in a public forum or a social media post, or use a similar feature on our website, that content is publicly visible.
9. We may disclose Personally Identifiable Information if required to do so by law or in the good faith belief that such action is necessary to (a) conform with the requirements of the law or comply with legal process served on us, or (b) act in urgent circumstances to protect the personal safety of users of our service or members of the public.
10. To the extent practicable and legally permitted, we will attempt to advise you prior to any such disclosure, so that you may seek a protective order or other relief limiting such disclosure.

9. Transfer of Personal Data

1. Third Party Processor

We may engage the services of third parties in order to process your personal data. The processing by such third parties shall be governed by a written contract with Raenest to ensure that adequate protection and security measures are put in place by the third party for the protection of your personal data in accordance with the terms of this Policy and applicable data protection laws.

‍

2. International Transfers

Your information may be transferred to a foreign country or international organisation for the purpose of providing our service to you. We will ensure that there are adequate data protection laws in the recipient country or organisation before transferring your information. The country shall be among the NITDA (National Information Technology Development Agency) White List of countries with adequate data protection laws or any other relevant authorities that exist and may come into existence in the jurisdictions where the company has offices.

1. We will also only transfer your personal information where:

1. Your explicit consent has been obtained;
2. The transfer is necessary for the performance of a contract between you and Raenest;
3. The transfer is necessary to conclude a contract between Raenest and a third party in your interest;
4. The transfer is necessary for reason of public interest;
5. The transfer is for the establishment, exercise or defense of legal claims;
6. The transfer is necessary in order to protect your vital interests or the interests of other persons, where you are physically or legally incapable of giving consent.

‍

3. Provided, in all circumstances, that you have been manifestly made to understand the specific principle(s) of data protection that are likely to be relied on in the event of transfer to a third country, this provision shall not apply to any instance where you are answerable in a duly established legal action for any civil or criminal claim in another country.
4. We will take all necessary steps to ensure that your personal data is transmitted in a safe and secure manner. Details of the protection given to your information when it is transferred to a foreign country shall be provided to you upon request.
5. Where the recipient country is not on the White List and none of the conditions stipulated in clause 9.2.1 of this policy is met, Raenest will engage with NITDA and the Office of the Honourable Attorney General of the Federation (HAGF) for approval with respect to such transfer.

‍

10. Your Rights

Subject to certain limitations and exceptions, you are entitled to the following principal rights under the Nigerian Data Protection Regulation (NDPR):

1. You have the right to be notified if we are transferring your personal information.
2. You have the right to request an erasure of your personal information at any time.
3. You have the right to request that we rectify inaccurate personal information.
4. You may request at any time that we halt further dissemination of your data or cease to use your personal information.
5. You have the right to request for copies of your personal information.

‍

11. Website Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as secure sockets layer (SSL) to safeguard and secure the information we collect online, we use encryption tools when accepting and transmitting delicate visitor information through our website; some of the other safeguards we use are firewalls and physical access controls to our data centres, and information access authorization controls.

‍

12. Training

We shall ensure that employees who collect, access and process your personal data receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this policy and the NDPR with regard to the protection of personal data. In compliance with our data processing obligation, we develop a capacity building plan for our employees on data privacy and protection in accordance with the provisions of the NDPR and relevant regulation.

‍

13. Use of Cookies

We use cookies to identify you as a user and make your user experience easier, customise our services, content and advertising, help you ensure that your account security is not compromised, mitigate risk and prevent fraud and to promote trust and safety on our website. Cookies allow our servers to remember your account log-in information when you visit our website, IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities. If your browser or browser add-on permits, you have the choice to disable cookies on our website; however, this may limit your ability to use our website.

‍

14. The Data We Retain

We will retain your information for as long as needed to provide you with our services, comply with our legal and statutory obligations or verify your information with a financial institution.

We are statutorily obligated to retain the data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud and in compliance with laws and regulatory guidelines applicable to us, our banking providers and credit card processors.

‍

15. Data Breach Management Procedure

1. In the event where there is any accidental or unlawful destruction, processing, loss, alteration, unauthorized disclosure of, or access to your personal data, we shall:

1. notify you within 24 (twenty-four) hours of the occurrence of the data breach;
2. properly investigate the breach and take the necessary steps to mitigate such breach;
3. identify remediation requirements and track the resolution of such breach; and
4. notify NITDA or any other regulatory authority, where necessary.

‍

16. Links to Third Party Websites

1. Our website may contain links to third-party websites or services that are not owned or controlled by us.
2. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such websites or services.
3. We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.

‍

17. Limitation of Liability

We exercise reasonable efforts to safeguard the security and confidentiality of your personal data; however, we will not be liable for unauthorised disclosure of personal data that occurs through no fault of ours.

‍

18. Changes to this Privacy Policy

Changes may be made to this Privacy Policy from time. Whenever such changes are made, we will notify you. These changes will take effect immediately after you have been notified.

‍

19. Contact Us

If you would like more information or you have any comments or questions on our Privacy Policy, please contact us at compliance@raenest.com

‍

This Policy is effective as of 19/08/2023.

‍

Last updated: 19/08/23.

‍

1. Introduction

This Privacy Policy applies to US residents who use Raenest services provided by Raenest Inc. and Raelic LLC (each doing business as Raenest). It explains how we collect, use, share, and protect your personal information, and describes your rights under applicable US federal and state privacy laws, including the Gramm-Leach-Bliley Act (GLBA) and the California Consumer Privacy Act (CCPA/CPRA).

By using our services, you agree to the terms of this Policy. This Policy is incorporated into and subject to our Terms of Service.

‍

2. Consent

Where we process your personal information based on consent, we obtain that consent at the time of collection. You consent to processing when you open an account, access our website, or use our services. You may withdraw consent at any time by contacting privacy@raenest.com; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

‍

3. Age Restriction

Our services are not directed at persons under 18 years of age. By using our services, you affirm that you are 18 or older and have the legal capacity to enter into contracts.

‍

4. Information We Collect

4.1 Information You Provide

When you open an account or use our services, we collect:

• Full name, date and place of birth, and employment information
• Government-issued identification (passport, driver's license, state ID)
• Social Security number or Individual Taxpayer Identification Number (ITIN)
• Account numbers, routing numbers, and wire transfer instructions
• Payment history, transaction history, and account balances
• Source of funds and income information
• Any other information you voluntarily provide

4.2 Information Collected Automatically

When you visit our website or use our app, we automatically collect:

• IP address and device identifiers
• Browser type, operating system, and usage data
• Pages visited, time spent, and access timestamps
• Cookie and tracking data (see Section 9)

4.3 Information from Third Parties

We may receive information about you from third parties including:

• Credit bureaus and consumer reporting agencies
• Identity verification providers (including biometric data)
• Fraud detection and compliance screening services
• Our banking and financial partners

‍

5. How We Use Your Information

We use your personal information to:

• Verify your identity and comply with Know Your Customer (KYC) obligations
• Open and maintain your account and process your transactions
• Detect, prevent, and investigate fraud and financial crime
• Comply with legal and regulatory obligations including BSA/AML requirements
• Respond to court orders, legal investigations, and regulatory requests
• Report to credit bureaus where applicable
• Communicate with you about your account, updates, and our services
• Improve our platform and conduct internal research and analytics
• Market our products and services to you (subject to your preferences)

6. Financial Privacy Notice 

Raenest Inc. and Raelic LLC (each doing business as Raenest) are required by the Gramm-Leach-Bliley Act (GLBA) to explain how we share your personal financial information.

Reasons we can share your personal information

For our everyday business purposes — to process transactions, maintain accounts, respond to legal orders, and report to credit bureaus

For our marketing purposes — to offer our products and services to you

For our affiliates' everyday business purposes — information about your transactions and experiences

To Limit Our Sharing

You may opt out of permissible data sharing at any time by:

• Emailing privacy@raenest.com with subject line "GLBA Opt-Out Request"
• Visiting: www.raenest.com/privacy-choices
• In-app: Settings > Privacy > Manage Sharing Preferences

Please note: If you are a new customer, we can begin sharing your information 30 days from account opening. When you are no longer a customer, we continue to share your information as described in this notice. You may contact us at any time to limit sharing.

‍

7. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights:

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected, used, disclosed, or sold about you
• Right to Delete — request deletion of your personal information, subject to certain legal exceptions
• Right to Correct — request correction of inaccurate personal information we hold about you
• Right to Opt Out — opt out of the sale or sharing of your personal information for cross-context behavioural advertising
• Right to Limit — limit the use and disclosure of sensitive personal information to necessary purposes
• Right to Non-Discrimination — we will not discriminate against you for exercising any of your privacy rights

To exercise these rights, contact us at privacy@raenest.com or visit www.raenest.com/privacy-choices. We will respond to a verifiable consumer request within 45 days. We do not sell your personal information.

‍

8. Other US State Privacy Rights

Residents of the following states have additional privacy rights:

• Vermont — we will not share your information with nonaffiliates for marketing without your express consent
• Nevada — you may opt out of the sale of covered information
• Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA) — rights to access, correct, delete, and opt out of targeted advertising and profiling

To submit a request, email privacy@raenest.com with your state of residence and the right you wish to exercise.

‍

9. Disclosures to Third Parties

We do not sell your personal information. We may share your information with:

• Regent Bank (our banking partner) and Alpaca Securities LLC (our securities partner) for service delivery
• Identity verification and fraud screening providers
• Payment processors and settlement partners
• Legal, accounting, and compliance advisers
• Credit reporting agencies
• Government, regulatory, and law enforcement agencies pursuant to a legally binding order

All third-party processors are governed by data processing agreements that require them to maintain appropriate security and confidentiality standards.

‍

10. Cookies

We use cookies to identify you as a user, customise our services, prevent fraud, and improve our platform. Cookies allow our servers to remember your login, IP address, and usage patterns. You may disable cookies via your browser settings; however, this may limit certain features of our website or app.

11. Security

We use security measures that comply with applicable federal law, including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-party computation (MPC) custody for digital assets
• Physical and logical access controls to data centres
• Regular security audits, penetration testing, and employee privacy training

12. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal and regulatory obligations. Under US federal law (BSA/AML), we are required to retain certain transaction records for a minimum of five years. Specific retention periods vary by data type and applicable law.

13. Data Breach

In the event of a data breach that creates a risk to your rights or security, we will notify you and relevant regulatory authorities as required by applicable federal and state law. We will investigate the breach, take necessary steps to mitigate harm, and track resolution.

14. International Data Transfers

Your personal information may be transferred to and processed in countries outside the United States in connection with our global operations. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable US law and the data protection laws of the recipient country.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address or via in-app notification at least 30 days before changes take effect. The most current version is always available at www.raenest.com/privacy-policy/us.

16. Contact Us

For questions, privacy requests, or complaints:

• Email: privacy@raenest.com
• Web: www.raenest.com/privacy-choices
• Mail: Raenest Inc. / Raelic LLC (DBA Raenest), 7460 Warren Parkway, Suite 100, Frisco, TX 75034, USA

This Policy is effective as of October 2023.

‍

Last updated: March 2026.

‍

‍

Privacy Policy (India)

Issued Date: January 2026

Introduction

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when individuals access or use Raenest’s website, mobile application, and related products and services (collectively, the “Services”).

Raenest operates as a financial technology company and processes personal data in the course of providing regulated financial services. We are committed to protecting the privacy of individuals and to handling personal data in a lawful, fair, transparent, and secure manner, in accordance with the Digital Personal Data Protection Act, 2023 of India (the “DPDP Act”) and other applicable laws and regulations.

This Privacy Policy applies to users, prospective users, business customers, and visitors who access or use the Services from India. By accessing or using the Services, you confirm that you have read, understood, and agreed to the terms of this Privacy Policy.

Definitions

For the purposes of this Privacy Policy, “Data Principal” means an individual to whom personal data relates. “Data Fiduciary” refers to Raenest, as the entity that determines the purpose and means of processing personal data. “Data Processor” means any third party that processes personal data on behalf of Raenest. “Personal Data” means any data about an individual who is identifiable by or in relation to such data. “Processing” refers to any operation performed on personal data, whether automated or otherwise. “Consent” means a freely given, specific, informed, unconditional, and unambiguous indication of the Data Principal’s agreement to the processing of personal data.

Eligibility and Age Restrictions

Raenest’s Services are intended for individuals who are at least eighteen years of age and legally capable of entering into binding contracts. Where personal data relating to a minor is processed, such processing will occur only with verifiable consent from a parent or lawful guardian, in accordance with applicable Indian law.

Personal Data Collected

Raenest collects personal data strictly on a need-to-know basis and only to the extent necessary to provide its Services and comply with legal and regulatory obligations.

Personal data may be collected directly from you when you create an account, complete onboarding or KYC processes, transact on the platform, communicate with Raenest, or otherwise interact with the Services. This may include identifying information, contact details, government-issued identification, employment and source-of-funds information, business-related information, payment and transaction data, and correspondence with Raenest.

Raenest also collects certain information automatically when you access the website or mobile application. This may include device identifiers, IP address, browser and operating system information, access logs, usage data, approximate location data, and other technical information necessary for security, analytics, and service optimisation.

In addition, Raenest may receive personal data from third parties such as identity verification providers, banking and payment partners, fraud prevention and transaction monitoring vendors, or regulatory and law enforcement authorities, where such disclosure is lawful and necessary.

Purpose of Processing

Personal data is processed solely for lawful and legitimate purposes connected with Raenest’s operations as a financial services provider. These purposes include verifying identity and conducting KYC and AML checks, creating and managing user accounts, processing transactions and facilitating payments, preventing fraud and financial crime, managing risk and security, responding to enquiries and providing customer support, improving services and platform functionality, maintaining internal records and audits, and complying with legal, regulatory, and supervisory obligations.

Raenest does not process personal data for purposes that are incompatible with those disclosed in this Privacy Policy unless such processing is required by law or undertaken with the Data Principal’s consent.

Lawful Basis for Processing

Personal data is processed on the basis of consent, performance of contractual obligations, compliance with applicable legal or regulatory requirements, or other legitimate uses permitted under the DPDP Act, including processing necessary for fraud prevention, network and information security, and risk management.

Consent Management

Where processing is based on consent, Raenest will obtain such consent at the point of data collection in a clear and transparent manner. Consent may be withdrawn at any time; however, withdrawal of consent may result in Raenest being unable to continue providing certain Services where processing is necessary for legal, regulatory, or contractual reasons. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

Data Accuracy

Raenest takes reasonable steps to ensure that personal data processed is accurate, complete, and kept up to date. Users are encouraged to promptly notify Raenest of any changes or inaccuracies in their personal information.

Data Retention

Personal data is retained only for as long as necessary to provide the Services, fulfil contractual commitments, comply with legal and regulatory obligations, resolve disputes, and enforce agreements. Certain categories of data, particularly financial and transactional records, may be retained after account closure where required by applicable financial, tax, or anti-money laundering laws.

Data Sharing and Disclosure

Raenest does not sell personal data. Personal data may be disclosed to other Raenest group entities, third parties only where necessary to provide the Services or to comply with legal or regulatory obligations. Such recipients may include banking and payment partners, technology and infrastructure providers, KYC and fraud prevention vendors, professional advisers, auditors, and regulatory or law enforcement authorities.

All third parties with whom personal data is shared are required to implement appropriate technical and organisational measures to protect such data and to process it only in accordance with Raenest’s instructions and applicable law.

Cross-Border Data Transfers

Personal data may be transferred outside India where necessary for service delivery or regulatory compliance. In such cases, Raenest ensures that appropriate safeguards are in place in accordance with the DPDP Act, including contractual protections and risk assessments to ensure an adequate level of data protection.

Rights of Data Principals

Subject to applicable law, Data Principals have the right to access information about their personal data, request correction or erasure, withdraw consent, seek grievance redressal, and nominate an individual to exercise rights in the event of incapacity or death. Requests relating to these rights may be submitted to compliance@raenest.com.

Cookies and Tracking Technologies

Raenest uses cookies and similar technologies to support platform functionality, enhance security, analyse usage patterns, and improve user experience. Users may manage cookie preferences through browser settings; however, disabling cookies may limit access to certain features of the Services.

Information Security

Raenest implements industry-standard technical and organisational safeguards, including encryption, access controls, monitoring systems, and incident response procedures, to protect personal data against unauthorised access, loss, misuse, or alteration.

Personal Data Breach Management

In the event of a personal data breach that poses a risk to Data Principals, Raenest will investigate and contain the incident, take appropriate remedial action, and notify affected individuals and relevant authorities where required by law.

Third-Party Websites

The Services may contain links to third-party websites or services that are not operated or controlled by Raenest. Raenest is not responsible for the privacy practices or content of such third parties, and users are encouraged to review their privacy policies independently.

Limitation of Liability

While Raenest takes reasonable steps to safeguard personal data, it shall not be liable for unauthorised disclosures or breaches arising from circumstances beyond its reasonable control.

Changes to This Privacy Policy

Raenest may update this Privacy Policy from time to time to reflect changes in legal requirements or business practices. Material updates will be communicated through appropriate channels and will take effect upon publication.

Contact Information

For any questions, concerns, or requests relating to this Privacy Policy or the processing of personal data, please contact the Data Protection Officer at compliance@raenest.com.

‍

‍

‍

Privacy Policy (Philippines)

Issued Date: January 2026

Introduction

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when individuals access or use Raenest’s website, mobile application, and related products and services (collectively, the “Services”).

Raenest operates as a financial technology company and processes personal data in the course of providing regulated financial services. We are committed to protecting personal data and upholding the rights of data subjects in accordance with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (the “Philippine Data Privacy Act”), its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC).

This Privacy Policy applies to users, prospective users, business customers, and visitors who access or use the Services from the Philippines. By accessing or using the Services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

Definitions

For purposes of this Privacy Policy, “Data Subject” refers to an individual whose personal data is processed. “Personal Information Controller” refers to Raenest, as the entity that controls the collection, holding, processing, or use of personal data. “Personal Information Processor” refers to any entity that processes personal data on behalf of Raenest. “Personal Data” or “Personal Information” means any information from which the identity of an individual is apparent or can be reasonably and directly ascertained, or where the identity can be determined by combining the information with other data. “Processing” refers to any operation performed upon personal data, whether automated or manual. “Consent” refers to any freely given, specific, informed indication of will by which the data subject agrees to the collection and processing of personal data.

Eligibility and Age Restrictions

Raenest’s Services are intended for individuals who are at least eighteen (18) years of age and legally capable of entering into binding contracts. Where personal data of a minor is processed, such processing shall occur only with the consent of a parent or lawful guardian, in accordance with the Philippine Data Privacy Act and applicable regulations.

Personal Data Collected

Raenest collects personal data only to the extent necessary to provide its Services and comply with legal, regulatory, and contractual obligations.

Personal data may be collected directly from you when you register for an account, complete onboarding and know-your-customer procedures, conduct transactions, communicate with Raenest, or otherwise interact with the Services. This may include identifying information, contact details, government-issued identification, employment and source-of-funds information, business-related information, payment and transaction records, and correspondence.

Raenest may also collect certain information automatically when you access the website or mobile application, including device identifiers, IP address, browser type, operating system, access logs, usage statistics, and other technical data required for security, analytics, and system administration.

In addition, Raenest may receive personal data from third parties such as identity verification providers, banking and payment partners, fraud prevention and transaction monitoring service providers, or government and law enforcement authorities, where such disclosure is lawful and necessary.

Purpose of Processing

Raenest processes personal data for legitimate and specified purposes consistent with its operations as a financial services provider. These purposes include identity verification and regulatory compliance, account creation and management, transaction processing and settlement, fraud prevention and risk management, customer support and communications, service improvement and platform optimisation, internal record keeping and audits, and compliance with applicable laws, regulations, and lawful directives of authorities.

Personal data shall not be processed for purposes incompatible with those stated in this Privacy Policy unless such processing is required by law or carried out with the consent of the data subject.

Lawful Basis for Processing

Personal data is processed based on the data subject’s consent, the necessity of processing for the fulfilment of a contract or legal obligation, compliance with regulatory requirements, or other lawful criteria recognised under the Philippine Data Privacy Act and related regulations.

Consent Management

Where consent is required, Raenest obtains such consent at the time of data collection through clear and appropriate means. Consent may be withdrawn at any time; however, withdrawal of consent may affect Raenest’s ability to provide certain Services where processing is necessary for legal, regulatory, or contractual reasons. Withdrawal does not affect the lawfulness of processing conducted prior to the withdrawal.

Data Accuracy

Raenest takes reasonable steps to ensure that personal data is accurate, complete, and kept up to date. Data subjects are encouraged to inform Raenest promptly of any changes or inaccuracies in their personal information.

Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce contractual rights. Certain data, including financial and transactional records, may be retained after account closure where required by applicable laws or regulations.

Data Sharing and Disclosure

Raenest does not sell personal data. Personal data may be disclosed to Raenest Group entities, third parties only where necessary to provide the Services or to comply with legal or regulatory obligations. Such third parties may include banking and payment partners, technology service providers, identity verification and fraud prevention vendors, professional advisers, auditors, and regulatory or law enforcement authorities.

All third parties that receive personal data are required to implement reasonable and appropriate safeguards to protect such data and to process it only in accordance with Raenest’s instructions and applicable law.

Cross-Border Data Transfers

Personal data may be transferred outside the Philippines where necessary for service delivery, operational efficiency, or regulatory compliance. In such cases, Raenest ensures that appropriate organisational, contractual, and technical safeguards are in place to provide a level of protection comparable to that required under Philippine law.

Rights of Data Subjects

In accordance with the Philippine Data Privacy Act, data subjects have the right to be informed, to access personal data, to object to processing, to request correction or erasure, to suspend or withdraw consent, and to seek damages where applicable. Requests relating to these rights may be submitted to compliance@raenest.com.

Cookies and Tracking Technologies

Raenest uses cookies and similar technologies to support website functionality, enhance security, analyse usage patterns, and improve user experience. Users may manage cookie settings through their browser; however, disabling cookies may limit certain features of the Services.

Information Security

Raenest implements reasonable and appropriate organisational, physical, and technical security measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures include access controls, encryption, monitoring, and incident response procedures.

Personal Data Breach Management

In the event of a personal data breach, Raenest shall promptly assess and contain the incident, take appropriate remedial action, and notify the National Privacy Commission and affected data subjects where required under applicable law.

Third-Party Websites

The Services may contain links to third-party websites or services not operated or controlled by Raenest. Raenest is not responsible for the privacy practices or content of such third parties, and users are encouraged to review their respective privacy policies.

Limitation of Liability

While Raenest takes reasonable steps to safeguard personal data, it shall not be liable for unauthorised disclosures or breaches arising from circumstances beyond its reasonable control.

Changes to This Privacy Policy

Raenest may update this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, or business practices. Material changes will be communicated through appropriate channels and shall take effect upon publication.

Contact Information

For questions, concerns, or requests relating to this Privacy Policy or the processing of personal data, please contact the Data Protection Officer at compliance@raenest.com.

‍

Privacy Policy for Raenest Limited

1. Introduction

Raenest.com is provided by Raenest Technologies Solutions Service Limited (“Raenest”).

At Raenest, we value your privacy, and we are committed to safeguarding your personal information. All personal data that you provide us will be protected and kept confidential among our affiliates, representatives, and privies.

Throughout the website, the terms “we”, “us” and “our” refer to Raenest.

This Privacy policy is specifically designed for our Users who access the Services we provide in the Republic of Kenya. This policy explains how we collect, use, share and protect your personal data in connection with your use of our services as a User or Potential User. This policy also sets out your rights and whom you may contact for further information. You also agree to abide by the applicable laws of the Republic of Nigeria concerning your use of the website and your agreements with us. You agree to this Privacy Policy by visiting our website and when you use our services.

‍

Your use of our services, and any dispute over privacy is subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.

Our website and services are not directed at you if we are prohibited by any law of any jurisdiction from making the information on our website available to you and is not intended for any use that would be contrary to local law or regulation.

‍

2. Definitions
   “consent”

means the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they (by a statement or by a clear affirmative action) signify their agreement to the processing of personal data relating to them;

“data subject”

means a living, identified, or identifiable individual about whom Raenest holds personal data;

“Data Protection Legislation”

means all applicable data protection and privacy laws including, but not limited to the Data Protection Act 2019, the Data Protection (General) Regulations 2021, the Data Protection (Compliance and Enforcement) Regulations 2021, the Data Protection (Registration of Data Controllers and Data Processors) Regulations 2021, and any successor legislation;

“personal data”

means any information relating to a data subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that data subject;

“personal data breach”

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

‍

3. Consent

1. Where the processing of your personal data is based on consent, we shall obtain the requisite consent at the time of collection of the personal information. In this regard, you consent to the processing of your personal information when you access our website, or use our services, content, features, technologies or functions offered on our website or other digital platforms. You can withdraw your consent at any time, but such withdrawal will not affect the lawfulness of the processing of your data based on consent given before its withdrawal.
2. Where your personal data is to be processed for a different purpose that is incompatible with the purpose or purposes for which that personal data was originally collected that was not disclosed to you when you first provided your consent, we will obtain your consent to the new purpose or purposes.

‍

4. Age Restriction

1. You affirm that you are over 18 years old and have the right to contract in your own name, and that you have read the above authorisation and fully understand its contents.
   
   
2. Individuals below 18 (eighteen) years of age are only allowed to sign up for our services or provide us with their information when an adult above the age of 18 (eighteen) is signing contracts in their stead.
   
   

4. Data Protection Principles

The Data Protection Legislation sets out the following principles with which anyone handling personal data must comply. We, our employees, agents, contractors and third-party service providers comply with the following principles when collecting or processing your personal data. All personal data must be:

1. processed lawfully, fairly, and in a transparent manner in relation to the data subject;
2. adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
3. accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is accurate, having regard to the purposes for which it is processed, is erased, or rectified without delay;
4. kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of the appropriate technical and organisational measures required by the Data Protection Legislation in order to safeguard the rights and freedoms of the data subject; and
5. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

6. Information We Collect.

In providing our services to you, we collect certain non-personal and personal data about you. Our policy is to keep this information confidential and strictly safeguarded and to use or disclose it only as needed to provide services to you, or as permitted or required by the Data Protection Legislation.

There are three categories of information we collect. We collect a variety of information from our users and visitors to our website. As described below, some information is automatically collected when you visit our website, some you provide to us when filling out a form or communicating with us, and some are provided to us by third-party integration Application Programming Interface (API).

‍

1. Information Collected Automatically: Whenever you visit our website, our web servers automatically collect non-personal information such as the domain name of the internet access provider, the internet protocol address used to connect the computer to the internet, the average time spent on our website, pages viewed, information searched for, access times, and other relevant statistics.

‍

2. Information You Provide Us: If you provide us with personal information, by contacting us, or signing up on our website, we collect the following personal information:

1. Name, phone number, gender, e-mail address, nationality, and employment history;
2. Information concerning your identity e.g., a valid government-issued identity card and your nationality;
3. Business information: e.g. business address, business contact information, the nature of services provided;
4. Payment information; and
5. Any other information you provide to us or direct us to collect.

‍

3. Other information which may be automatically collected from you when you visit our website include the domain name of your internet service provider, the internet protocol address used to connect the computer to the internet, the average time spent on our website, pages viewed, information searched for, access times, your geographical location, operating system, referral source, and other relevant statistics.

‍

7. Using Your Personal Data

1. We primarily collect your personal data to ensure that we provide the most efficient service to you, monitor the use and improve our website and other legitimate interests. Your information will solely be used and disclosed for the following purposes:

1. To help us verify your identity;
2. To carry out our obligations ensuing from any contracts entered into between you and us;
3. To provide you with the products, services and information you request from us, including sharing your information with third parties where we have legal basis to do so;
4. To assist you with enquiries and improve our customer service;
5. To allow us to communicate with you in any way (including e-mail, telephone, and text or multimedia messages);
6. For our billing and account purposes;
7. To help prevent and detect fraud or loss;
8. To update our records;
9. To send you personalised service or support messages, such as updates, security alerts, email notifications and /or newsletters;
10. To conduct security investigations and risk assessments; and
11. For compliance with legal and regulatory obligations.

‍

2. Employees, agents, contractors, or other parties working on behalf of Raenest shall collect your personal data only to the extent required for the performance of their job duties and only in accordance with this Policy. Excessive personal data shall not be collected.
3. Employees, agents, contractors, or other parties working on behalf of Raenest shall process your personal data only when the performance of their job duties requires it. Your personal data held by Raenest cannot be processed for any unrelated reasons.

‍

8. Data Accuracy

Your personal data must be accurate and kept up to date. In this regard, Raenest shall ensure that any data it collects and/or processes is accurate and not misleading in a way that could be harmful to you; make efforts to keep your personal data updated where reasonable and applicable; and make timely efforts to correct or erase your personal data when inaccuracies are discovered.

‍

9. Data Retention

We will retain your information for as long as your account is active or as needed to provide you with our services, comply with our legal and statutory obligations or verify your information with a financial institution.

‍

Raenest is statutory obligated to retain the data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud and in compliance with laws and regulatory guidelines applicable to us, our banking providers. Therefore, even after closing your Raenest account, we will retain certain data in order to comply with these obligations.

‍

Raenest shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.  In the case of your financial data, the purpose for which the data was collected is to provide you with our services. Unless Raenest is statutory bound to retain for a longer period of time or receives a valid request to erase your data, the data is retained for [insert length of time] after you actively stop using our services or products. This allows your record to be maintained.

‍

10. Data Confidentiality

Your information is regarded as confidential and will not be divulged to any third party, except under legal and/or regulatory conditions. You have the right to request copies of any and all information we keep on you, if such requests are made in compliance with applicable laws and other relevant enactments. While we are responsible for safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details, adherence with physical security protocols on our premises, dealing with only authorised officers of Raenest.

‍

11. Disclosures

1. We will not sell, publish, or disclose to third parties your personal data collected on our website, through our servers or otherwise obtained by us, other than to provide our services and as set forth in this Policy.
2. We may share end-user opt-in data with our subcontractors or outsourced service providers where it is necessary to provide the products and services, or for any other purposes described in this Privacy Policy.
3. Your personal data may be provided as necessary to the following categories of recipients: security, insurance, professional advisory (including legal, accounting and auditing advice), banking, payment processing, facilitating credit arrangements, credit reporting, fraud checks, data storage, information processing, marketing, online communications technology services, and other trusted third parties with whom we have an agreement for the protection of your information, or government/regulatory/law enforcement agencies pursuant to legally binding order.
4. We will notify you as soon as we become aware of a harmful data breach which may result in a risk of your rights and freedom.
5. You have the right to request an erasure of your data at any time.
6. We will notify you if we are transferring your data.
7. You may request at any time that we halt further dissemination of your data or cease to use your data.
8. If you submit content in a public forum or a social media post, or use a similar feature on our website, that content is publicly visible.
9. We may disclose Personally Identifiable Information if required to do so by law or in the good faith belief that such action is necessary to (a) conform with the requirements of the law or comply with legal process served on us, or (b) act in urgent circumstances to protect the personal safety of users of our service or members of the public.
10. To the extent practicable and legally permitted, we will attempt to advise you prior to any such disclosure, so that you may seek a protective order or other relief limiting such disclosure.

‍

12. Transfer of Personal Data

1. Third Party Processor

We may engage the services of third parties in order to process your personal data. The processing by such third parties shall be governed by a written contract with Raenest to ensure adequate protection and security measures are put in place by the third party for the protection of your personal data in accordance with the terms of this policy and the Data Protection Legislation.

‍

2. International Transfers

1. Your information may be transferred to a foreign country or international organisation for the purpose of providing our service to you. We will ensure that there are adequate data protection laws in the recipient country or organisation before transferring your information. We shall, among other things, conduct a detailed assessment of whether the recipient country has adequate data protection laws or any other relevant authorities that exist and may come into existence in the jurisdictions where Raenest has offices.
2. Transfer of your personal data out of K would be in accordance with the provisions of the Data Protection Legislation. Subject to obtaining your consent and confirming the existence of appropriate safeguards in the recipient country, we will only transfer your personal data out of Nigeria on one of the following conditions:

1. for the performance of a contract between you and Raenest or implementation of precontractual measures taken at your request;
2. for the conclusion or performance of a contract concluded in your interest between us and a third party;
3. for any matter of public interest;
4. for the establishment, exercise or defence of a legal claim;
5. in order to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent; or
6. for the purpose of compelling legitimate interests pursued by Raenest which are not overridden by your interests, rights and freedoms.

3. Provided, in all circumstances, that you have been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this provision shall not apply to any instance where you are answerable in duly established legal action for any civil or criminal claim in another country.
4. We will take all necessary steps to ensure that your personal data is transmitted in a safe and secure manner.
5. Details of the protection given to your information when it is transferred outside Nigeria shall be provided to you upon request.

‍

13. Your Rights

Subject to certain limitations and exceptions, you are entitled to the following principal rights under the Data Protection Legislation:

1. You have the right to be notified if we are transferring your personal information.
2. You have the right to request an erasure of your personal data at any time.
3. You have the right to request that we rectify inaccurate personal information.
4. You may request at any time that we halt further dissemination of your data or cease to use your personal information.
5. You have the right to request for copies of your personal information.

Please note that if you request for a copy of your personal data, you may be required to pay a fee. If you would like to exercise any of the above stated rights, you are required to send a written application stating the right you wish to exercise. Applications are to be submitted via email to hello@raenest.com.

As a customer centered business, we pride ourselves in efficient service delivery, and as such, we will endeavour to process all subject access requests within thirty (30) days and if any further extension is required for reasons beyond control, we will communicate same through the existing channels.

For more information on how to exercise your data protection rights, please contact our Data Protection Officer at [compliance@raenest.com].

14. Website Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as secure sockets layer (SSL) to safeguard and secure the information we collect online. We use encryption tools when accepting and transmitting delicate visitor information through our website. Some of the other safeguards we use are firewalls and physical access controls to our data centres, and information access authorisation controls.

‍

15. Training

We shall ensure that employees who collect, access and process your personal data receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this policy and the Data Protection Legislation with regard to the protection of personal data. On an annual basis, we shall develop a capacity building plan for our employees on data privacy and protection in accordance with the Data Protection Legislation.

‍

16. Use of Cookies

We use cookies to identify you as a user and make your user experience easier, customise our services, content and advertising, help you ensure that your account security is not compromised, mitigate risk and prevent fraud and to promote trust and safety on our website. Cookies allow our servers to remember your account log-in information when you visit our website, IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities. If your browser or browser add-on permits, you have the choice to disable cookies on our website; however, this may limit your ability to use our website.

‍

17. The Data we Retain

We will retain your information for as long as needed to provide you with our services, comply with our legal and statutory obligations or verify your information with a regulatory or financial institution.

We are statutorily obligated to retain the data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud and in compliance with laws and regulatory guidelines applicable to us.

‍

18. Data Breach Management Procedure

1. In the event where there is any accidental or unlawful destruction, processing, loss, alteration, unauthorised disclosure of, or access to your personal data, we shall:

1. notify you within 24 (twenty-four) hours of the occurrence of the data breach;
2. properly investigate the breach and take the necessary steps to mitigate such breach;
3. identify remediation requirements and track the resolution of such breach; and
4. notify the Office of the Data Protection Commissioner or any other regulatory authority, where necessary.

‍

2. All suspected breach of personal data shall be remedied within three months from the date of the report of the breach. If you know or suspect that a personal data breach has occurred, you should immediately contact us at [compliance@raenest.com]

‍

19. Links to Third Party Websites

1. Our website may contain links to third-party websites or services that are not owned or controlled by us.
2. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such websites or services.
3. We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.

‍

20. Limitation of Liability

We exercise reasonable efforts to safeguard the security and confidentiality of your personal data; however, we will not be liable for unauthorised disclosure of personal data that occurs through no fault of ours.

‍

21. Changes to this Privacy Policy

Changes may be made to this Privacy Policy from time. Whenever such changes are made, we will notify you. These changes will take effect immediately after you have been notified.

‍

22. Contact Us

If you would like more information or you have any comments or questions on our Privacy Policy, please contact us at [compliance@raenest.com].  

‍

This policy is effective as of 19/08/2023.  

‍

Last updated: 19/08/2023.

‍