DocumentsRSSRSS 2.0 AFC respects your privacy. This privacy policy (the policy) describes how we process personal data, which personal data we collect and why we collect it, with whom we share this personal data, how we protect it, and the choices you can make about how we use your personal data.

This policy applies to any personal data collected, held or processed by or on behalf of AFC, its affiliated companies and subsidiaries (hereinafter together referred to as AFC) relating to any individual in their dealings with AFC.

The scope of this policy also includes all the websites, applications, mobile sites, and social media platforms that are owned by AFC, where personal data is processed. If you chose not to provide us with your personal information, in most cases, we will not be able to provide you with our services or information about them.

AFC may amend this policy at any point in time. Please check this policy periodically at africafc.org to inform yourself of any changes.
 

1.Definitions

In this Policy, the following terms shall have the following meanings:
  1. AFC- means Africa Finance Corporation and its affiliated companies and subsidiaries:  AFC Equity AFC Power; Anergie Holdings Limited.  
  2. Personal data- means any information relating  to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular reference to an identifier such as name, an identification number, location data, an online identifier or one or more factors specific to the physical ,physiological, genetic, mental, economic, cultural or social identity of that natural person. 
  3. Data Subject(s)- means any living individual who is using AFC’s services and is the subject of Personal data.
  4. Data Controller – means a the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data: where the purposes and means of such processing are determined by Union or Member State Law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.  
  5. Data Processor- means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  6. Processing- means any operation or set of operations which is performed upon personal data, such as the collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data.
  7. Data Protection Officer (DPO)- means the data protection officer appointed by AFC in the relevant jurisdiction. DPO’s assist and monitor internal compliance, inform and advise on AFC’s data protection obligations and act as a contact point for data subjects and the supervisory authority.
  8. European Union (EU)- means the group of 28 countries within Europe that operates as a cohesive economic and political block.

  2.Key policy principles

We value the personal data entrusted to us and we are committed to processing personal data in a fair, transparent and secure way. The key principles of this policy are as follows:
  1. Data collection: we will only collect personal data by fair, lawful and transparent means.  
  2. Data minimisation: we will limit the collection of personal data to what is directly relevant and necessary for the purposes set out in this policy
  3. Purpose limitation: we will only process your personal data for specified, explicit and legitimate purposes and not further process your personal data in a way incompatible with those purposes.Accuracy: we will keep your personal data accurate and up to date.
  4. Data security: we will implement appropriate technical and organisational measures to ensure an appropriate level of security in relation to the risks represented by the processing and the nature of the personal data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of processing. 
  5. Access and rectification: we will process your personal data in line with your privacy rights.
  6.  Retention: we will retain your personal data in a manner consistent with the applicable data protection laws and regulations. In any event, we will not keep your personal data longer than is necessary for the purposes set out in this policy.
  7. International transfers: we will ensure that any personal data transferred outside the European Union (EU) is adequately protected.
  8.  Third parties: we will ensure that access to and transfers of personal data to third parties are carried out in accordance with the applicable laws and regulations and with suitable contractual safeguard
  9. Direct communications and cookies: where we send you information or place cookies on your computer, we will ensure that we do so in accordance with the applicable laws.
 

3.What Personal Data We Can Collect and Process

 
AFC collects personal data that you voluntarily provide to us when expressing an interest in obtaining information about us or our services, when participating in activities on the sites or otherwise contacting us.
 
The personal data that we collect varies and is dependent on the context of your interactions with us and our sites, the choices you make and the services and features you use. The personal information we collect can include the following:
 
  1. Name and Contact data- we collect your first and last name, e-mail address, state, province, ZIP/ postal code, phone number, and other similar contact data.
  2. Information automatically collected- we automatically collect certain information when you visit, use or navigate the sites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our site and other technical information. This information is primarily needed to maintain the security and operation of our sites, and for our internal analytics and reporting purposes.
  3. Information from other sources- we may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as Facebook & twitter), as well as from other third parties. Examples of the information we receive from other sources include social media profile information (your name, gender, birthday, email, current city, state and country, user identification numbers for your contacts, profile picture URL and any other information that you choose to make public); marketing leads and search results and links, including paid listings (such as sponsored links)
 

4. How we collect your information

  1.   Visitors to our websites - We collect IP addresses, cookies, moments of connection from visitors to our websites, which are analysed by Google Analytics, who collect standard internet log information and details of visitor behaviour patterns. We do this to identify the number of visitors to the various sections of the site. This information is not used to identify anyone. Both AFC and Google do not make any attempt to discover the identities of visitors to our website.
 For further information about our use of cookies and on how to decline them, please consult our cookie policy.
  1. Newsletters-  We will collect your name and email address if you choose to subscribe to our newsletter. We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our newsletter. For more information, please see:  Mailchimp's legal policies
  2.  General enquiries - When you submit an enquiry, we will collect your: email address and comments, we will also collect your first name, surname and the nature of the request if you choose to provide us with this information. Where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
  3. Events - The information you provide will be used to process your event booking. We will also use it to contact you regarding your booking. We may also contact you to undertake post-event evaluation
  4. Investment proposals-  When you submit an investment proposal, we will collect your: first name, surname, email address, comments and any attached documents you choose to provide us with. We will only use the information supplied to us to review the proposal, interact with the submitter throughout the review process, and to provide a final response.
  5. People who participate in our surveys - We may contact you to participate in optional surveys from time to time. We will only do this if we have your consent or a legitimate and lawful basis to do so. We use a third-party provider, Survey Monkey to deliver, manage and produce reports relating to the survey. We may collect names, contact details and other information relevant to the survey. We will be transparent when we collect personal data through our surveys and will explain the purposes for which we are collecting it
  6. People who call our contact points - When you call AFC, we collect Calling Line Identification (CLI) information which may include your telephone number. We use this information to help improve our efficiency and effectiveness. We do not record phone conversations.
  7. People who email us - When you send an email address to us, we may collect your IP address, email address and other data you have provided within the email or attachments. The information will only be used to address the purposes of your request, it will be recorded in our email and email security systems and may be recorded in a ticketing system to manage and respond to the request. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with security best practices. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
  8. Identity data and verification of identity - In some instances, we will need to verify your identity (e.g. access requests, know your customer (KYC), or for other project screening purposes). We will always be transparent and explain the purposes for collecting identity data from you prior to processing. Identity data can include: IDs assigned by us, passport, driving license, or a copy of ID (passport, driver’s licence or comparable identity document), utility bills. This data will only be used for verification of identity relating to the purposes it was requested for.
  9. Photos and videos at AFC events - At special events organised by AFC we may take – with your permission –photos and videos of you. This includes image recordings such as films, photographs, video recordings, digital photos.
  10. Personal data we receive from third parties-  We may obtain the same categories of personal data about you from third parties, other AFC, carefully selected business partners who provide services on behalf of us, and any other third party who may lawfully pass to us information about you.
  11. Shortlisting- Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.
  12. Assessments -We might ask you to participate in assessment days, complete tests or complete occupational questionnaires, and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by the AFC. If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise. 
 

5. How we use your information

AFC will only process your personal data to achieve the purposes it was collected for, or for any other legitimate and lawful purpose. AFC will notify the processing of personal data to the relevant authorities to the extent required under all applicable data protection laws and regulations. AFC uses data subjects personal data in the following ways:
 
  1. For direct communication purposes- AFC will only use your personal data to send communications via electronic means (e.g. email, SMS or MMS) if we have obtained your prior consent or have a legitimate and lawful interest to do so. You can withdraw your consent or object to communications at any point in time, by following the unsubscribe instructions included in the communications or by contacting the us at dataprotection@africafc.org
  2. To keep accounts - AFC will use your personal data in order to keep accounts relating to any business and activity carried out. This includes keeping records of investment purchases, sales and transactions.
  3. For Safety and Security- Any method, system or process used by AFC to protect its physical and intellectual property, its economic and financial interests and to protect the integrity of its directors, employees, investees and stakeholders.
  4. For IT support and development- AFC uses personal data provided and process it as part of security event logging and monitoring of systems, business continuity planning and disaster recovery.
  5. Compliance and legal claims- AFC uses the information we collect to  ensure that it is in  compliance with legal obligations or establishing, exercising or defending legal claims;
  6. For Scientific, historical and statistical research- AFC may collect and process your personal data for statistical surveys (or necessary to reach statistical results), analyzing earlier events, and establishing patterns and rules of conduct.
  7. Mergers and acquisitions- AFC may use your personal data to prepare for and carry out a merger, take-over, transfer of an undertaking, transfer of assets or any other type of corporate transaction.
  8. Any other purpose- described and communicated to you prior to using your personal data for such other purpose.
 

6.Accurate Data

It is important for us to maintain accurate and up to date records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible by contacting the DPO at dataprotection@africafc.org. We will take reasonable steps to make sure that any inaccurate or out-of-date data is deleted, destroyed or amended accordingly.
 

7.Access and rectification

You have the right to access the personal data we hold about you and, if such personal data is inaccurate or incomplete, to request the rectification or erasure of such personal data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact the DPO at dataprotection@africafc.org.
 

8.Timely processing

We shall retain your personal data in a manner consistent with the applicable data protection laws and regulations. We will only retain your personal data for as long as necessary to comply with the applicable laws and regulations or for the purposes for which we process your personal data.  For guidance on how long certain personal data is likely to be kept before being destroyed, please contact the DPO at dataprotection@africafc.org.
 

9.Data security

We shall ensure that appropriate technical and organisational security measures are taken against unlawful or unauthorised processing of personal data, and against the misuse, destruction, disclosure, acquisition, accidental loss of, or damage to personal data. Personal data shall only be processed by a third-party processor if they can demonstrate adequate compliance or certification to relevant information security standards and practices.
 
Maintaining data security means protecting the confidentiality, integrity and availability of the personal data:  
  1. Confidentiality: we will protect your personal data from unauthorised disclosure to third parties.
  2. Integrity: we will protect your personal data from being modified by unauthorised third parties.
  3. Availability: we will ensure that authorized parties are able to access your personal data when needed.
 
AFC has implemented an information security management system to protect the confidentiality, availability and integrity of our assets, including protection of information processing facilities and your personal data. 

 

10.Disclosure of personal data

1. Categories of recipients- For the above-mentioned purposes, we may disclose your personal data to the following categories of recipients:
  1. Authorised staff members of the AFC;
  2. Corporate affiliates and subsidiary companies of the AFC
  3. Our communication agencies, to help us deliver and analyse the effectiveness of our communications; 
  4.  Business partners - trusted companies that may use your personal data to provide you with the services and/or the information you requested and/or that may provide you with communications (if you have consented to receiving them). We ask such companies to always act in compliance with applicable laws and this privacy policy and to pay high attention to the confidentiality of your personal data.  
 
2 Service providers- Service providers are a core part of our IT strategy. AFC may share your personal data with external providers of IT related services (for example Microsoft, EACS, SAS, Spitfire, eFront, Mimecast):
 
 
3 Other parties when required by law or as necessary to protect AFC-   AFC may share your personal data with other third parties to:  
  1. comply with the law, regulatory requests, court orders, subpoena, or legal process;   
  2. verify or enforce compliance with AFC’s policies and agreements; and  
  3. protect the rights, property or safety of AFC and/or its clients.
 
4  Other parties in connection with corporate transactions - AFC may share your personal data with other third parties in the context of a divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, re-organisation or liquidation of all or part of AFC’s business.
 
5 Other parties with your consent or upon your instructionAFC may share your personal data with: 
  1. third parties when you consent to or request such sharing; and
  2. Any other third party communicated to you by AFC prior to sharing tour personal data with that third party.
 
Be aware that recipients as referred to above –especially service providers who may offer products and services to you through AFC applications or via their own channels– may separately collect data from you and, in these instances, are responsible for the control of your data. Your dealings with these service providers would fall under their own terms and conditions.
 

11.Use of social networks

AFC sometimes facilitates the publication of (personal) data via social media such as Twitter and Facebook. These social media have their own terms of use which you are required to consider and observe if you make use of them. Publication on social media may have (undesired) consequences, including for your privacy or that of persons whose data you share, such as the impossibility of withdrawing publication in the short term. You must estimate these consequences yourself, for you are taking the decision about the publication on these media. AFC does not accept any responsibility in that regard.
 

12.Disclosures outside the EU

Your personal data may be transferred to any of the recipients identified in this policy, some of which may be outside the EU and may be processed by us and any of these recipients in any country worldwide. The countries to which your personal data is transferred may not offer an adequate level of protection. In connection with any transfer of personal data to countries that do not offer the same level of protection as in the EU, AFC shall implement appropriate measures to ensure an adequate level of protection of your personal data.
 

13.Your choices and your rights

We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your information.

We can contact you by post and by phone, and if you give us your prior consent to do so, by email, SMS and other electronics means.
 
  1. Your choices - In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (e.g. email, mail, social media, etc.), for which purpose and how frequently, by contacting us at dataprotection@africafc.org or by following the unsubscribe instructions included in the communication.Please note that by default, if you don’t make a choice, you will receive our communications at the following frequency: at the date of publication.
  2. Your personal information - You may always contact us by post or email to find out what personal information we have concerning you, the origin of the data and to access or receive a copy of your data.
  3. Your corrections - If you find any mistake in your personal information or if you find it incomplete or incorrect, you can request that we correct it or complete it
  4. Your objections - You may also object to the use of your data for direct marketing purposes (if you prefer, you can also advise us on which channel and how frequently you prefer to be contacted by us) or to the sharing of your personal information with third party for the same purpose.
  5. Portability - You may request a copy of your personal data from us in a structured, commonly used and machine-readable format. You can also request that we transfer your personal data to another controller. Portability applies when we process your personal data in an automated means, either with your consent or for the performance of a contract.
  6. Erasure- You may request for us to erase any data concerning you (except in some cases, for example, where we are required to retain the data by law).
 

14.Contact

For any privacy issues, questions or complaints concerning the application of this policy or to exercise your rights within the context of this policy, you may contact AFC at dataprotection@africafc.org. Alternatively, you may write to us:

3a Osborne Road Ikoyi , Lagos Nigeria
T: +234 703 403 3645
T2 :+44 7773 993 889
DL: +234 1 2799628
email : lucy.savage@africafc.org
Web: www.africafc.org
Web2: www.afc-live.com
 

 

Share