Kora Legal
Privacy Notice
Terms & Conditions
Privacy Notice
Cookies Policy
Merchant Service Agreement
Consumer & Protection Policy

Ver 5.0   Last updated 6th September, 2024.



Privacy Notice

1. General Information

This data privacy, protection and cookie policy (“Privacy Notice”) describes your privacy rights regarding how Kora and its Affiliates (“Kora”, “we”, “us”) collect, process, use, store, and share your personal data when you use our website and all related sites, applications, and services.

As Africa’s leading payments infrastructure company, offering simplified payments solutions to businesses across the continent, our role may interchange between being a controller or a processor of your personal data across the lifecycle of your personal data with us. Our direct customers are the businesses who provide the last mile services, on whose behalf we collect, use and share Personal Information as authorised. You may reach out to them directly on specific questions on how they use or handle your personal data. 

Where we collect information directly from you, or, as the case may be, determines the purpose for which your personal data will be used, the controller is the Kora entity listed on our Merchant Service Agreement as providing the service, or the entity directly involved in the processing. In the case that we collect and process your personal data by virtue of your being a shareholder or director of one of our merchants, we have further detailed our data protection obligations in the data processing agreement signed with the merchant. You may, however, reach out to us if you have any questions regarding your data with us, via: [email protected]

We always ensure to handle personal data in our care in strict compliance with applicable data privacy and protection laws.

2. How we collect personal data

We may be in possession of your personal data through any of the following ways:

  • Merchants:
    a. You are a shareholder, director, staff or partner of any of our merchants
    b. You are a customer of any of our merchants
  • Recruitment/Employment
    a. You participated in our recruitment process - either successfully or otherwise. For employees, you are advised to refer to our employee privacy policy.
    b. You are an ex-staff of Kora
  • Partner
    a. You are a member of staff of any of our partners.
  • Sales/Marketing
    a. You shared your contact with any member of our wonderful sales team;
    b. You signed up for our newsletters;
    c. You gave your details to us at an event
    d. You commenced our onboarding process without completing it.
  • Referral
    a. You were referred to us by a third party.

Please note that we continue to upload as more possibilities arise.

3. The Information We Collect

a. Personal Information
We collect certain types of information, such as name, telephone numbers, email address, physical address, financial information, and other information relevant for us to carry out our know your customer (KYC) or due diligence on them. This due diligence may be carried out during and/or after onboarding with us. We may retain this information for a period of time after use. This timeline is guided by our data retention policy, data protection laws, and industry regulations and guidelines applicable to us.

In addition to using your Personal Information for KYC and due diligence, we may also use them for the following purposes:

  • Provide you with the required services, including opening a user account, carrying out necessary monitoring ongoing compliance and reporting to regulators.
  • Respond to your questions or requests.
  • Address inappropriate use of our website.
  • Prevent, detect and manage risk against fraud and illegal activities using internal and third party screening tools.
  • Verify your identity and the information you provide in line with Kora’s statutory obligations using internal and third party tools.
  • Resolve disputes that may arise, including investigations by law enforcement or regulatory bodies.
  • Any other legal obligation which we may have with respect to the provision of our services.

We may retrieve additional Personal Information about you from third parties, such as our merchants or partners which you deal with, and other identification/verification services. 


b. Transaction Data
During a payment transaction, we collect certain data from you depending on which of our products you are using. This information is collected and processed on an absolute necessity basis as required by law and industry standards to which we are mandated to comply. This may include your name, email address, primary account number, and card details. Being compliant with the PCI-DSS, we store your card information strictly in accordance with the requirements of the PCI-DSS, for instance, we do not store your full card details; we only store such parts of it as is necessary to process your payment and deal with any post transaction issue.

c. Recruitment/Employment Data
When you participate in our recruitment exercise, we collect certain information which includes professional or employment-related information, including applicant and CV data, such as education and work history; information about qualifications for the position, such as skills and credentials; personal information, such as contact information, residential address, email address, phone number, etc.; if you succeed during our recruitment exercise, information relating to your criminal records to determine your suitability for employment; professional interests and goals; and references.

d. Other Information
Analytics - we analyse our relationship and transactional information to derive unique data. For example, we may generate propensities, attributes and/or scores for marketing, security or fraud purposes.

Information derived from your use of our website and other technical products this includes information regarding your interactions with our websites, applications or advertisements, including IP address, device identifiers, settings, characteristics, advertising ID, browsing history, web server logs, server log records, activity log records, keystroke timing and other information collected using cookies and similar technologies. We may also use such data to improve features, website content and analyse data to develop products and services.

Audio and Visual Information this includes audio, electronic, visual or similar information relating to your interactions with us, including photographs, video images, CCTV recordings, call centre recordings, call monitoring records and voicemails.

Government-Issued Identification Numbers – whether as an employee or a shareholder or director of any of our merchants, we may request a government issued ID to carry our verification of your identity. We may use third party services for this verification.

4. Purposes and Lawful Basis for Processing Personal Information

We may rely on one of more of the following lawful basis to process your personal data:

Purpose of Collecting and Processing
Categories of Data Collected
Lawful Basis
KYC Verification and Onboarding
Personal Data; Government-Issued Identification Numbers; Information derived from your use of our website and other technical products
  • Your Consent
  • Lawful purpose - we are required by our regulators to collect this information
  • To fulfil the terms of the contract which you sign with us at the point of onboarding
  • Legitimate interests (ours and those of others) such as to protect you, us, or others from threats (such as security threats or fraud); to enable or administer our business, such as for quality control, compliance, consolidated reporting and customer service; to manage corporate transactions, such as mergers or acquisitions; and to understand and improve our business or customer relationships generally
Transaction Processing and Monitoring
Transaction Data; Government-Issued Identification Number; Geolocation Information;
  • Lawful purpose - we are required by our regulators to collect this information
  • To fulfil the terms of the contract which you sign with us at the point of onboarding
  • Legitimate interests (ours and those of others).
Issues Resolution
Personal Data; Transaction Data
  • To fulfil the terms of the contract which you sign with us at the point of onboarding
Sales and marketing
Personal Data
  • Your consent
Recruitment/Employment
Personal Information; Government-Issued Identification Numbers; Recruitment/Employment Data
  • Your consent;
  • For our legitimate interests or those of others;
  • To fulfil the terms of your employment contract;
  • To comply with labour laws applicable to us.
Generating de-personalized information for product development and improvement
Analytics data
  • For our legitimate interests or those of others
Fraud Monitoring, Chargebacks and Dispute Resolution
Transaction Data, Personal Data
  • For our legitimate interests or those of others;
  • To fulfil the terms of your employment contract;
  • To comply with labour laws applicable to us.

5. Purpose Limitation

Kora collects Personal Information only for identified purposes and for which consent has been obtained. Such Personal Information cannot be reused for another purpose that is incompatible with the original purpose, except consent is obtained for such purpose.

6. Data Minimization

Kora limits Personal Information collection and usage to data that is relevant, adequate, and absolutely necessary for carrying out the purpose for which the data is processed.

Kora will evaluate whether and to what extent the processing of Personal Information is necessary and where the purpose allows, anonymized data will be used.

7. Cookies

We use cookies to identify you as a User and make your user experience easier, customise our services, content and advertising, amongst others. Please read our Cookies Policy here.

8. Age Restriction

Our website and Services are not directed to children under 18. We do not knowingly collect information from, or conduct business with, children under 18. If as a parent or guardian, you become aware that your child or ward has provided us with any information without your consent, please contact us through the details provided in this Privacy Notice.

9. How We Protect your Information

Kora shall establish adequate controls in order to protect the integrity and confidentiality of Personal Information, both in digital and physical formats and to prevent Personal Information from being accidentally or deliberately compromised.

Kora is committed to managing your Personal Information in line with global industry best practices. We protect your Personal Information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration, we also use industry recommended security protocols to safeguard your Personal Information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files and only granting access to Personal Information to only employees who require it to fulfil their job responsibilities. Any Personal Information processing undertaken by an employee who has not been authorised to carry such out as part of their legitimate duties is unauthorised.

Employees may have access to Personal Information only as is appropriate for the type and scope of the task in question and are forbidden to use Personal Information for their own private or commercial purposes or to disclose them to unauthorised persons, or to make them available in any other way.

10. Transfer of Personal Information

  • Third Party Processor within Nigeria
    Kora may engage the services of third parties in order to process your Personal Information collected by us. The processing by such third parties shall be governed by a written contract with Kora to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Information in accordance with applicable laws and regulatory standards.
  • Transfer of Personal Information to Foreign Country
    We use third party services which may be located outside of the country in which the Kora entity which collected or is processing your data is located. We ensure that when we share your personal data with such third party service providers, we ensure to put in place appropriate safeguard mechanisms, in accordance with best practices and applicable data protection law, to ensure the protection of your personal data.

11. Choices and Rights

Individuals who have Personal Information held by Kora may exercise any of the rights listed below:

  • Right to request and access their Personal Information collected and stored. Where data is held electronically in a structured form, such as in a database, you have a right to receive that data in a common electronic format;
  • Right to information on their personal information collected and stored;
  • Right to objection or request for restriction;
  • Right to object to automated decision making;
  • Right to request rectification and modification of Personal Information which Kora keeps;
  • Right to request for deletion of your data;
  • Right to request the movement of data from Kora to a third party; this is the right to the portability of data; and
  • Right to object to, and to request that Kora restricts the processing of their information.

Such requests will be reviewed by Kora’s Data Protection Officer and carried out except as restricted by law or Kora’s statutory obligations. You may decline to provide your personal Information when it is requested by Kora, however, certain services or all the services may be unavailable to you. You may review your account settings and update your Personal Information directly or by contacting us.

12. Updates, Modifications & Amendments

We may need to update, modify or amend our Privacy Notice as our technology evolves and as required by law. We reserve the right to make changes to this Privacy Notice from time to time and notify Users of material changes. The Privacy Notice will apply from the effective date provided on our website at the time of publishing the updates.

We advise that you check this page often, referring to the date of the last modification on the page. If a User objects to any of the changes to this Privacy Notice, the User must cease using this website or any of our Services. Where such User continues to use this website and/or any of our Services, it shall continue to be bound by the terms of this Privacy Notice.

13. Contact

If you have any questions relating to this Privacy Notice or would like to find out more about exercising your data protection rights, please reach out to us via email at [email protected]”.

Business Address - 180, Admiralty way, Lekki Phase 1, Lagos, Nigeria

On This Page

General Information
How we collect personal data
The Information We Collect
Purposes and Lawful Basis for Processing Personal Information
Purpose Limitation
Data Minimization
Cookies
Age Restriction
How We Protect your Information
Transfer of Personal Information
Choices and Rights
Updates, Modifications & Amendments
Contact
DPO
6th September, 2023
6th September, 2024
Version 4.0
DPO
6th September 2024
6th September 2025
Version 5.0

This document is owned by the undersigned. He is responsible for ensuring that the policy is reviewed  annually in line with the requirements of the organization.

Department
Kora Compliance
Initial Publication
18th August 2020
Date of Next Review
6th September 2021
Version 1.0


This Framework is to be reviewed annually to ensure it remains relevant to Korapays business and  continues to align with its strategic goals.

Documentation

Learn about Kora’s tools and APIs

API Reference

Use Kora APIs to build
payment solutions

Contact Sales

Talk to our team, let’s build together

Help Center

Get instant help from
our support team
kora logo
77 King St W Suite 400, Toronto, ON M5K 0A1.
Toronto, Canada.
Innovation Birmingham, Holt St, Birmingham B7 4BB.
Birmingham, UK.
180 Freedom Way, Lekki Phase 1.
Lagos, Nigeria.
Footprints:
Nigeria flagCanada flagflagkenya flagghana flagsouth-africa flagtanzania flaglithuania flagzambia flag
Show All 9
Made with ❤️ from Africa
KoraHQ © 2022 All rights reserved.