This Data Processing Agreement ("DPA") governs the processing of personal data by Blomgram on behalf of its users, in accordance with applicable data protection laws, including those in Nigeria and the United Kingdom. This DPA forms part of the Terms of Use and is intended to ensure compliance with relevant data protection regulations.
Purpose of Processing: Blomgram processes personal data to provide its Services, including onboarding, sign-up & login, KYC verification, wallet management, and transactions such as deposits and withdrawals. Personal data is collected, stored, and used to facilitate these functions and to ensure compliance with legal obligations.
Types of Personal Data: The personal data processed includes, but is not limited to, user identification information (e.g., name, email address, phone number), financial data (e.g., transaction details), and KYC information.
Security Measures: Blomgram implements appropriate technical and organizational measures to ensure the security of personal data. These measures include encryption, access controls, secure data storage, and regular security assessments to protect against unauthorized access, data breaches, and other security risks.
Incident Response: In the event of a data breach, Blomgram will promptly notify affected users and relevant authorities in accordance with applicable data protection laws. We will also take all reasonable steps to mitigate the impact of the breach.
Use of Sub-processors: Blomgram may engage sub-processors to assist in the processing of personal data. Sub-processors are third-party vendors that provide services such as cloud storage, payment processing, and customer support.
Due Diligence: Blomgram ensures that any sub-processors engaged are bound by contractual obligations that provide at least the same level of data protection as set out in this DPA.
Notification: Users will be informed of any changes to the list of sub-processors, and they will have the opportunity to object to the use of new sub-processors if they believe it affects the security of their personal data.
Access and Correction: Users have the right to access their personal data held by Blomgram and request corrections to inaccurate or incomplete data. Requests can be made through the user account settings or by contacting our support team.
Deletion and Restriction: Users may request the deletion or restriction of their personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if the data subject withdraws consent.
Objection: Users have the right to object to the processing of their personal data for specific purposes, including direct marketing. Blomgram will consider such objections and respond in accordance with applicable data protection laws.
Retention Period: Blomgram will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to enforce our agreements. Retention periods vary depending on the type of data and the applicable legal requirements.
Deletion: Once the retention period expires, personal data will be securely deleted or anonymized. Users can request the deletion of their data at any time, subject to legal and contractual obligations that may require data retention.
Copyright Blomgram ©2024