Mono and its affiliates and subsidiaries ("Mono" or "us" or "we") welcome you to our Site! The "Site" means www.mono.co and any successor URLs, mobile or localized versions, and related sub-domains, in whatever format they may be offered now or in the future. We may provide you with general information regarding our company, products, and services through the Site.

By using or accessing any part of the Site, you have agreed to these Terms of Use ("Terms"), our Privacy Policy, and all other policies or notices posted by us on our Site. Portions of the Site may be accompanied by additional terms that apply to specific features or areas of the Site. Those additional terms supplement these terms with respect to your use of those features or areas.

This privacy policy will explain how Mono Technologies Nigeria Limited uses the personal data we collect once You access and use the Mono widget.

• Introduction - Who we are
  Mono Technologies Nigeria Limited is a private limited liability company registered under the laws of the Federal Republic of Nigeria, RC - 1767615 (hereinafter referred to as Mono). Mono helps digital businesses to securely access financial data and process direct bank payments from their customers.
  We are an independent contractor for all purposes, providing this website and our services on an independent service provider basis. We do not have control or assume liability or legality for the products or services utilized or paid for with our service.

  Mono is committed to protecting your personal data and respects your privacy. By accessing and using Mono's Services You agree to the data processing practices described in this Privacy Policy.

• Terms used in this End-user Privacy Policy

  • 'Applicable data privacy laws' means any national or internationally binding data privacy laws or regulations that may be applicable at any time during the term of this Privacy Policy.

  • 'Data Controller' means the natural or legal entity/entities which determines the purposes and means of the processing of Personal Data;

  • 'Data Processor' means the legal entity processing Personal Data on behalf of the Data Controller(s);

  • 'Personal Data' means any information relating to an identified or identifiable natural person;

  • 'Processing' means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Account Information means information relating to Your payment accounts.

  • 'You' means You or the legal entity You represent.

  • 'Mono Partner' means a third party, for example, bank, credit institution or other service provider, which requires Account Information to provide You services.

• When do we collect your personal data?
  - When you use the Mono widget to share your financial data or make payments.

  - When you use our official website. Our website has a commercial nature showing you information about our company and enables you to contract our services. From our website, personal data can be collected in the following ways:

  • Through the contact form/chat service: our website has a contact form with the purpose of contacting us to request information about our services and/or make any requests, questions and/or consultations. With this form, we ask you to identify yourself and to provide us with contact details.

  • Upon agreement of a contractual relationship: when you decide to contract our services, we will request a series of information from your company in order to formalize the contract, among the requested data there is personal data of contact persons. You will find details on how we process the data within the framework of the provision of our services in the Client Terms of Service.

  • Cookies: Our website uses cookies that collect information about your browsing. Please, for more information about our cookies, read our Cookies Policy.

• How do you grant consent before your data is shared?

  It is only with your explicit consent that Mono would access and display any information relating to you on the Mono Dashboard and transmit such information to the Application Provider through which you have accessed our Services.

  Before you receive access to the services, you shall be required to authorize us and the Mono partner through which you have accessed our Services to enable the retrieval of your Account Information using Mono.

  If Mono successfully accesses your Account Information, it is understood that have given consent: This entails that you consent to us sharing the account Information we have accessed from your account provider with the Application through which you have accessed our Services, and with third parties as directed by that Application, provided you have explicitly consented to such sharing. This sharing enables the provision of products and services in accordance with the Terms of Service.

  You may withdraw or vary your consent at any time in accordance with our Privacy Policy.

• What are the main purposes for processing your data?
  When you send us data through the contact form and/or chat service, we will use your personal data to analyze and manage your requests, questions and consultations by contacting you with the purpose of giving you an answer and/or sending you any information requested by you.

  The data provided at the time of contracting our services shall be processed only to manage the formalization of the contract as indicated in the Client Terms of Service.

  If you have a contractual relationship with us, we will send you commercial or promotional communications regarding our own products and services that may be of interest to you.

  We also inform you we will anonymize your data for statistical use.

• How long do we store your data?
  The storing of your data will depend on the purpose of the processing:

  (1) if we use your data to analyze and manage your requests, questions and consultations, we will process and store your data as long as it takes us to answer your request, question and/or consultation;

  (2) if we process your daa as a consequence of our contractual relationship, we will store it until termination of this contractual relationship; and

  (3) if we process it for sending you commercial or promotional communications, we will store it until your objection. In all scenarios, once the storage period has concluded, the data will be stored dully blocked for the period legally required for the compliance of any contractual and/or legal obligations.

Mono Technologies Nigeria Limited is a private limited liability company registered under the laws of the Federal Republic of Nigeria, RC - 1767615 (hereinafter referred to as Mono). Mono helps digital businesses securely access financial data and process direct bank payments from their customers. Mono is committed to protecting your personal data and respects your privacy.

The Mono Terms of Service is an agreement between Mono Technologies Nigeria Limited. (“Mono”, “we”, “us”, “our”) and an application (“the Client”, “Client”, “You”) that wishes to use Mono’s services. The Terms of Service listed below are the fundamental provisions that will govern a legal relationship between Mono and a Client, not all the legal provisions. Should you wish to enter into an agreement with us, please email us at business@mono.co, and we shall send through the full agreement including schedules and fees.

1. The services we provide

Mono is a technology company whose main activity is the development and maintenance of a software platform (the “Platform”) and tool designed to connect consumers, financial institutions and developers (the “Tool”), and to provide such technology to partners (such as the Client) in order for them to offer end-users a wide range of financial services and tailored solutions in this field, on an on-demand basis (the “End-Users”). The Client wishes to make the Tool accessible to End-Users through the Client Website or Application in order to extract, systematise and access its End-Users’ financial data. The Agreement (the “Agreement” or the “Services Agreement”) shall govern Mono’s provision to the Client of an application programming interface (the “API”) from which the Tool can be integrated into, and accessed by End-Users via, the Client Website or Application.

1. Terms used in this Developer Policy and their definitions

   • “Account Information” means, in relation to an End-User, information on one or more Bank, Financial or Payment Accounts held by that End-User with a Bank, Financial or Payment Service Provider or with more than one Bank, Financial or Payment Service Provider, including (but not limited to) such information set out in Annex I.

   • “Agreement” means this Services Agreement as well as each of its annexes.

   • “API” means the application programming interface provided by Mono for purposes of enabling the Tool to be integrated into and accessed by End-Users, via the Client’s Website or application.

   • “Confidential Information” shall mean all scientific, technical, technological, regulatory, marketing, financial, legal, and commercial information or data, as well as trade secrets, whether communicated in written, oral, graphic, electronic or visual form, that is provided by one Party to the other Party under this Agreement. By way of example only, Confidential Information of Mono includes Mono’s Intellectual Property Rights and any invention disclosed by Mono to the Client, and Confidential Information of the Client includes any information to which Mono or the auditor appointed by Mono may have access under clause 8.

   • “End-User” means the Client’s end-users.

   • “Documentation” means the API integration user guides and SDKs, as amended by Mono from time to time.

   • “Intellectual Property Rights” shall mean all industrial and/or intellectual property rights of any kind existing in the world whether or not registered, such as copyrights, trademarks, service marks, trade secrets, trade names, software, domain names, moral rights, database rights, design rights, patents and other rights in goodwill, rights in know-how, trade secrets and other confidential information as well as other proprietary rights that are recognized under the Laws and shall include all re-examinations, reissues, extensions and any other post-issuance counterparts to any of the foregoing, and applications or registrations for any of the foregoing, including provisionals, new versions, developments, divisionals, substitutions and continuations (in whole or part).

   • “Platform” includes any data, images, text, and content, including but not limited to any Software, application program interfaces, tools or other information or materials provided, made available and/or integrated into the Client’s software by Mono and accessible by the Client through Mono’s website/app, API or SDK and by means of which the Services are rendered.

   • “Provider” shall mean the Party that discloses Confidential Information to the other Party under this Agreement.

   • “Recipient” shall mean the Party that receives Confidential Information from the other Party under this Agreement.

   • “SDK” shall mean Mono’s software development kit that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, operating system, or similar development platform.

   • “Services” means the services to be rendered by Mono, according to the terms set forth in this Agreement, as further described in Annex I.

   • “Software” means all software that is included in the Platform and used in order to provide the Services, including any present or future enhancements and extension thereof.

   • “Tool” means the tool provided by Mono that allows End-Users to access and share Account Information with the Client.

   • “Trademark” shall mean any word, name, symbol, colour, designation or device or any combination thereof that functions as a source identifier, including any trademark, trade dress, service mark, trade name, logo, design mark or domain name, whether or not registered.

2. Scope of the Agreement

   This Agreement sets forth the terms and conditions that shall govern the use of the Platform and the Services supplied by Mono to the Client.

   Any rights on Mono’s Intellectual Property Rights not expressly granted herein are reserved to Mono and expressly excluded from the scope of the Agreement.

   Nothing in this Agreement shall be deemed to grant to the Client any right to use the Trademark “Mono”, its corporate logo, or any other Trademark owned by Mono.

3. Services

   • Subject to the terms and conditions of this Agreement, Mono shall provide the Client with the services listed below and further defined in Annex I of this Agreement:

   • Make the Platform available to the Client through an integration process to be carried out by the Client with Mono’s support.

   • Connection through the Platform to extract, systematize and access the End-Users’ bank and financial data.

   • Maintenance of the technology that allows the Client to access the Platform and its updates, modifications, new features, new functionalities, upgrades or new versions implemented by Mono from time to time.

   • The Client acknowledges that the rendering of the Services by the Company is subject to the Client’s information and collaboration (in particular during the integration of the Platform), and, on that basis, undertakes to provide Mono with such information and to facilitate further collaboration deemed essential in order to render the Services, in accordance with this Agreement.

   • Mono shall make the Documentation available to the Client. The Client shall comply with the Documentation in connection with the integration and use of the API. The Client shall keep all user IDs, passwords and other access codes pertaining to the Mono API confidential and secure from all unauthorised persons, according to the provisions set out in this Agreement.

   • Also note that by agreeing to these terms of use, you'll adhere to the service level agreement as contained here.

4. Fees

   • The fees payable by the Client for the Services rendered by Mono shall be calculated on a monthly basis in accordance with the service plan contracted by the Client.

   • As compensation for the rendering of the Services, Mono shall issue a monthly invoice detailing the services provided to the Client within that month, which shall be payable through the credit or debit card registered or provided by the Client. The invoices may be issued by Mono in electronic format and may be sent by email to the Client or made available through the Platform or through Mono’s website.

   • Alternatively, in the event that Mono and the Client agree, payments may be made by means of a transfer to the Company’s bank account within the first five (5) days of each month.

   • The total amount of monthly fees is VAT excluded. VAT shall be payable by the Client at the applicable rate, given the case, as indicated in the invoice provided by Mono on a monthly basis.

   • Mono shall have the right to suspend the performance of all or part of its obligations in case the Client is in default of its payment obligations and has not cured such default within five (5) days after the notice from Mono.

5. Intellectual Property Rights

   • The Client hereby acknowledges that all Intellectual Property Rights of the Platform and other related Mono’s Intellectual Property Rights are the proprietary information of Mono, which has the exclusive ownership of all enhancements, alterations, modifications, fixes, patches, workarounds and other additions to them.

   • Likewise, the Client acknowledges and agrees that the brand, name and all Intellectual Property in and to the Platform is the ownership of Mono, and that nothing in this Agreement shall be understood as to transfer, or is intended to operate or transfer, any right, title or interest in or to the Platform, except the use of the Platform by the Client in accordance with the terms and conditions set forth in this Agreement.

   • The rights granted to the Client under this Agreement are limited to the specific provisions with the extension defined herein. Every right not expressly granted to Client in this Agreement shall be understood to be retained by Mono.

   • The Client shall not, directly or indirectly, (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of any relevant element of the Platform; (ii) modify, translate, or create derivative works based on the Software; (iii) rent, lease, distribute, sell, resell, assign, or otherwise transfer rights to use the relevant elements of the Platform; (iv) use the Platform for purposes not related to the rendering of the services to End-Users; (v) remove or alter any proprietary notices from the Platform or otherwise any reference to the Mono brand or name and shall not otherwise rebrand or re-badge any relevant element of the Platform without Mono’s prior written consent and on payment of such additional charges as Mono may determine; (vi) publish or disclose to third parties any evaluation of the Platform without Mono’s prior written consent; or (vii) create any link to Mono’s website, the Platform or frame or mirror any content contained on, or accessible from, the Platform, or (viii) otherwise replicate or seek to replicate the functionality or look and feel of the Platform.

6. Client's Obligations

   Further to other undertakings set forth in this Services Agreement, the Client hereby agrees to undertake the following obligations:

   • The Client is responsible for obtaining and maintaining all computer hardware, software and communications equipment needed to access Mono’s website and the Platform;

   • The Client shall be solely responsible for its actions and the actions of its End-Users while using the Platform and the contents of Mono’s website, and otherwise for all actions carried out using its username, password, encryption keys and other identifications elements;

   • Not to use the Platform for illegal purposes;

   • Not to access information, features or other tools developed by Mono that the Client has not expressly been authorized to access;

   • To promptly notify Mono of any misuse of the Platform by the End-User, as well as of any current or potential security breach or unauthorized access to the Platform or to the Account Information;

   • Not to upload, post, promote or transmit through the Platform any unlawful, harassing, libellous, abusive, threatening, harmful, vulgar, obscene, hateful, racially, ethnically or otherwise objectionable material of any kind or nature;

   • Not to upload, promote, transmit or post any material that encourages conduct that could constitute a criminal offence or give rise to civil liability;

   • To comply with all regulations, policies and procedures of networks connected to the Platform, in particular with the applicable regulations in Personal Data Protection; and

   • To ensure that any End-User is aware of the terms of this Agreement.

7. Guarantees and Liability

   • Except as expressly provided to the contrary in this Agreement, the Platform is warranted to the Client to the extent of and in accordance with the conditions set forth herein.

   • The Platform is provided under this Agreement on an “as is” basis, without warranty of any kind, either expressed or implied, including, without limitation, warranties that the Software is free of defects, merchantable, fit for a particular purpose, non-infringing, capable of integrating with the system of the Client, non-interference and accuracy of informational content.

   • In no event shall Mono be liable for any consequential, indirect, exemplary, special, or incidental damages, including the loss of profit or revenue, arising from or relating to this Agreement. Mono’s total cumulative liability in connection with this Agreement, whether in contract or tort or otherwise, shall not exceed the amount effectively received by the Client as consideration of the Services set forth in Clause 4 within the last six (6) months.

   • This disclaimer of warranty constitutes an essential part of this Agreement, and no use of the Platform is authorized hereunder except under this disclaimer. The data provided at the time of contracting our services shall be processed only to manage the formalization of the contract as indicated in the Client Terms of Service.

8. Reports and Audit

   • The Client shall keep complete and accurate records and accounts pertaining to the use of the Services, the calculation of the use of the Services in sufficient detail to permit Mono to confirm the accuracy of all due fees made due hereunder for at least three (3) full calendar years following the end of the calendar year to which such records and accounts pertain. This obligation shall remain enforceable during the term of the Agreement and until the third anniversary of expiration or termination of the Agreement.

   • Mono shall have the right, once a month, to directly audit or cause an independent accountant reasonably acceptable to the Client to audit the Client’s records and accounts maintained to confirm the payment traffic of the Services and the applicable fees for a period covering the preceding three (3) full calendar years. Such audits may be exercised during normal business hours upon reasonable prior written notice to the Client. The auditor shall disclose to Mono only such information as is reasonably necessary to provide Mono with information regarding any actual or potential discrepancies between amounts reported and actually paid and amounts payable under this Agreement.

   • In the event that the results of the audit reveal any underpayment by the Client shall pay the amount of such underpayment to Mono within fifteen (15) days after receipt of the audit report. In the event that the results of the audit disclose an overpayment by the Client, then the Client shall deduct the amount of such overpayment from future payment of Royalties under this Agreement.

   • Mono shall bear the full cost of such audit unless such audit discloses an underpayment by the Client of more than ten per cent (10%) of the amount due for any calendar year, in which case, the Client shall bear the costs of the review or audit. If you have a contractual relationship with us, we will send you commercial or promotional communications regarding our own products and services that may be of interest to you.

9. Personal Data Protection

   • When applicable the Parties undertake to comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 (“GDPR”) or any other data protection regulations that may modify, develop, repeal or consolidate them, including, where appropriate, the guides and codes of practice issued by supervisory authorities. Each Party agrees to process the personal data provided under this Agreement only for the purposes set forth in this Agreement and for managing the contractual relationship.

   • The legal basis for the processing is the contractual relationship between the Parties and the compliance with legal obligations. The data will be kept until the termination of the contractual relationship and once it has terminated, it will be kept blocked for the period legally required for the compliance of any legal obligations.

   • The data may be disclosed to the Tax Agency and other government authorities for the fulfilment of legal obligations, as well as to banks and/or financial entities for the recovery and payment management.

   • The data subjects may exercise their rights of access, to rectification, erasure, restrict processing, data portability and object by writing to the addresses included in this

   • Agreement as the address of each party. If they haven’t obtained satisfaction in the exercise of their rights, they may file a complaint with the competent data protection authority.

   • Whereas, the Parties entered into a contractual relationship with this Agreement, which involves the processing of personal data, in compliance with the provisions of article 28 GDPR, the Parties enter into a Data Processing Agreement, attached as Annex II.

10. Term and Termination

    • This Agreement shall come into force upon its signature and shall remain in force until the same is terminated in accordance with clauses below.

    • The Agreement may be terminated at any time upon sixty (60) days written notice without cause or penalty by either the Company or the Client.

    • In case of automatic renewal, the Parties will negotiate in good faith an adjustment in the fees agreed in this Agreement for the Services to be provided by Mono.

    • Each Party shall have the right to terminate this Agreement upon written notice to the other Party if such other Party is in material default of any of the terms, obligations, conditions and undertakings of this Agreement and has not cured such default within a term of thirty (30) days from the receipt of the notice issued by the non-defaulting Party (by certified mail, by fax or by means of a Notary Public notification) requesting the cure of such default. Any such termination shall become effective at the end of the above mentioned period provided that (i) the defaulting Party had not cured its default prior to the end of such period and (ii) the non-defaulting Party had provided a subsequent notice of termination.

11. Confidentiality

    • The Parties acknowledge that each Party will have access to Confidential Information of the other Party. The Recipient shall not disseminate Confidential Information of the Provider and shall keep such information under strict confidentiality and secrecy. Notwithstanding the foregoing, the Recipient may share the Provider’s Confidential Information with those of its officers, directors, employees, consultants and other representatives that have a need to know such information for the purposes expressly authorized by this Agreement, have been advised by the Recipient of the Recipient’s confidentiality obligations under this Agreement, and are contractually or legally bound by obligations of nondisclosure and nonuse at least as stringent as those contained herein.

    • The restrictions on the dissemination and use by the Recipient of the Provider’s Confidential Information shall not apply to information of public knowledge, or that becomes of public knowledge without the violation of this Agreement, or was already known by the Recipient at the time of receiving such information from the Provider, as evidenced by its preexisting written records, disclosed to Recipient by a third party, or independently developed by Recipient. The Recipient may disclose Confidential Information if such disclosure is required pursuant to an order of judicial or administrative nature, but shall duly inform the Provider before the dissemination and reasonably give Provider any assistance required in seeking an appropriate protective order or other remedy, and shall otherwise continue to perform its obligations of confidentiality set out herein.

    • In addition, the Recipient may disclose Confidential Information if, and to the extent that, such disclosure is reasonably necessary in the following instances:

    • Enforcing the Recipient’s rights under this Agreement; or

    • Prosecuting or defending litigation as permitted by this Agreement.

    • Except as otherwise provided in this Agreement, each Party agrees not to disclose to any third party the terms or existence of this Agreement without the prior written consent of the other Party hereto.

    • The obligations assumed under this clause shall remain enforceable and binding between the Parties during the term of the Agreement and for as long as the Confidential Information remains secret and confidential.

12. Notices

    • All notifications to a Party under this Services Agreement shall be processed in writing and sent to the addresses specified in the heading of the same, and shall be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or email; the day after it is sent, if sent for next day delivery by recognised overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested.

13. Entire Agreement, Modification; No Waiver

    • This Agreement contains the entire agreement between the parties with respect to the subject matter hereof and, unless otherwise provided herein, this Agreement can only be modified by a written document that references this Agreement and is duly signed by the persons authorized to sign agreements on behalf of Mono and the Client. No term or provision hereof shall be deemed waived and no breach excused, unless such waiver or consent is in writing and signed by the party who claimed to have waived or consented. Any consent by any party to, or waiver of, or breach by the other, whether express or implied, shall not constitute a consent to, waiver of, or excuse for any other different or subsequent breach.

14. Severability

    • If any provision or subpart of this Agreement is held to be void or unenforceable, it shall in no way effect the validity of enforceability of any other provision of this Agreement.

15. Force Majure

    • Neither Party shall be liable for its inability to perform any of the obligations assumed under this agreement provided that such inability is due to causes beyond its reasonable control such as, but not restricted to, fire, floods, strikes, labour disputes or other industrial disturbances, restrictions, the unavailability of fuel or power supply, accidents, war (declared or undeclared), an embargo, isolation, mutiny, insurrection or a change of government.

16. Governing Law and Jurisdiction

    This Agreement is governed by and construed under the laws of Delaware. The courts within the state of Delaware shall have exclusive jurisdiction to adjudicate and resolve any dispute arising out of this Agreement. The Client and Mono hereby expressly waive any other jurisdictions that may be deemed competent in accordance with international treatises or the applicable law.

Annex I

Services provided by Mono

The Services provided by Mono generally include access to End-user Account Information. This access shall be provided as further explained below:

1. Make the Platform available to the Client through an integration process to be carried out by the Client with Mono’s support

   • Documentation and a starting guide shall be provided so that the Client can seamlessly integrate with the Platform and take the necessary steps to make it compatible with its own infrastructure

   • In addition to Documentation, Mono shall provide SDKs and Widgets to ensure that the integration process is smooth. SDKs are to be provided in a series of programming languages and Widgets are intended to be placed inside the Client’s app or website so as to allow easy communication between a Client’s End-User and Mono.

   • Mono shall also provide integration examples and a sandbox environment so that the Client can run a test integration with simulated data prior to doing so directly in a production environment.

2. Connection through the Platform to extract and systematize access to the End-Users’ bank and financial data.

   • Once connected to the Mono API, the Client will be able to extract data and synchronise it on a recurring basis if it’s necessary for its particular use case.

   • The Client shall make a request to the Mono API with an End-User’s credentials set, captured via the Tool on its interface – all of which is encrypted with the highest degree of security – and Mono shall return all relevant data in a systematic and homogeneous format, regardless of the data source that is being checked.

   • This data can then be used by the Client according to its own internal requirements.

3. Maintenance of the technology that allows the Client to access the Platform and its updates, modifications, new features, new functionalities, upgrades or new versions implemented by Mono from time to time.

   • Mono shall conduct proper maintenance of the Platform and shall update and add data sources on a recurring basis

     Enhancements will be made from time to time and the Client will be notified via an appropriate channel.

   • Mono shall use reasonable endeavours, but shall not be under an obligation, to commit to uptime of 99% for the Service, except for Permitted Down Time, and unless a reduction in service level percentage occurs as a result of a third party’s negligence or a Force Majeure event. Uptime refers to services being available online.

   • Permitted Down Time shall be limited to the suspension of the Service necessary:

   • To enable us or our Agents to comply with an order or request from the Government, any competent regulatory body or other competent administrative authority; or

   • To enable us or our Agents to carry out work relating to the maintenance or upgrade of the Service.

Account Information shall include, but not be limited to, the following Financial and Personal Information:

Personal information: name, date of birth, full address(es), email address, phone number, gender;

Bank account information:

Account type;

Account name;

Account number (both local and international);

Currency;

Account balance information:

Current balance;

Available balance ;

Transactions:

Time;

Description;

Amount;

Metadata (arbitrary data that banks associate with a transaction); and/or

Additional data which Mono may collect in the future:

Loans data;

Insurance data; and/or

Investments data

Fiscal and third-party provider (E.g. Utilities) information

Annex II

Data Processing Agreement

The Parties enter into the following data processing agreement (the “Data Processing Agreement”) in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) or any other data protection regulations that may modify, develop, repeal or consolidate them.

1. Scope

   This Data Processing Agreement is part of the AGREEMENT (the “Main Agreement“) which governs the service provided by Mono technologies Nigeria Limited'. (“Mono” and/or “Data Processor”) for the Client (the “Client” and/or “Data Controller”).

   For the purpose of the Data Processing Agreement, the Client and Mono agree that the Client shall be the Data Controller of its personal data and from its own End-Users and/or end-users, and that Mono shall be Data Processor of those data, except that (a) the Client acts in the capacity of Data Processor, then Mono acts as sub-processor, or (b) if otherwise agreed between the Parties.

   Hereafter, each party will be referred to as “Party” and jointly as the “Parties”.

2. Data Processing

   2.1. Purpose of the processing

   Mono is authorized to process, on behalf of the Client, personal data to the extent that it is or becomes necessary to provide the service in accordance with the Main Agreement, and as specified in this Data Processing Agreement.

   Mono undertakes to process personal data only in order to provide to the Client the services in accordance with the Main Agreement and, for purposes compatible with the provision of such services. Mono shall not process such personal data for any purpose other than that stipulated in this Data Processing Agreement.

   Personal data will also be used for technical security and diagnostic purposes of the services, and for improving its machine learning algorithms and technology, as for statistical reasons, in an anonymized form.

   2.2 Description of the Data Processing

   The nature of the processing activities carried out by Mono are: collection, structuring, use, access, organization, consultation, combination and interconnection.

   The categories of data subjects are the Data Controller End-Users, Users and/or End-Users.

   The categories of personal data types being processed are: identifying data; personal characteristics; goods and services transactions, social circumstances and/or economic and financial data.

   2.3 Sharing Personal Data

   Mono shall not disclose or otherwise reveal any personal data covered by the Data Processing Agreement, except (1) as instructed by the Client and/or (2) as required by law, court or official authority.

   When data processed under this Data Processing Agreement is transferred from a country within the European Economic Area (EEA) to a country outside the EEA, the Data Processor shall ensure that the personal data are adequately protected. To achieve this, the Data Processor shall unless agreed otherwise, rely on European Union approved standard contractual clauses for the transfer of personal data.

3. Data Controller Responsibilities

   The Client, as Data Controller, undertakes to (1) ensure that the data processor complies with all the obligations set out in this Data Processing Agreement; (2) comply with its obligations as data controller according to the regulations in force.; and (3) provide to its clients, users and/or end-users the necessary information required by article 13 GDPR.

4. Data Processor Responsibilities

   Mono, as Data Processor, undertakes to:

   4.1. Record of processing activities

   Mono shall keep in writing a record of all the categories of processing activities carried out on behalf of the Controller in compliance with article 30.2 GDPR, and as long as it is applicable to the processing of personal data carried out on behalf of the Client, Mono shall make such record available to the Client on request.

   4.2. Rights of data subjects

   Mono shall assist the Client in fulfilling its duty of answering requests from data subjects in the exercise of their rights of access, rectification, erasure and objection, restriction of processing and data portability. In the unlikely event that Mono receives a request from a data subject exercising its rights, Mono shall send it to the Client without undue delay, and in any case within five (5) working days after receipt.

   4.3. Reporting personal data breaches

   Mono shall notify the Client before the maximum period of seventy-two (72) hours and through the e-mail address indicated by the Client, any know personal data breach, together with all relevant information to document and report the incident. This notification shall contain, at least, the information required by article 33.3 GDPR.

   4.4. Assistance

   Mono shall immediately inform the Client if there’s a belief that any of the instructions violate the GDPR or any other applicable data protection provision.

   Mono shall make available to the Client on request all information necessary to demonstrate compliance with this Data Processing Agreement, and shall allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client in relation to the processing of done by Mono on behalf of the Client.

   Audits shall be carried out upon notification during normal working hours and without interruption of Mono s business activity and operations.

   Mono shall provide reasonable assistance to the Client when carrying out any Data Protection Impact Assessment (“PIA”), and in prior consultations with Supervising Authorities or other competent Data Privacy Authorities, when appropriate.

   4.5. Destination of the personal data

   Upon the termination of the provided service and the processing-related services, Mono shall erase all personal data, including any media or document regarding the personal data.

   Notwithstanding the foregoing, Mono may retain the personal data duly blocked during the period in which responsibilities may arise from its relationship with the Client, in compliance with the applicable regulations in force.

5. Sub-processors

   Mono requires subcontracting third parties who will process the personal data under the responsibility of the Client. Some of these subcontracts are necessary in order to provide the service, since the functioning and operativity of Mono systems and the provision of certain services depend on them. Specifically, the services are listed as follows:

   Company: Digital Ocean

   Contracted service: Digital Ocean Cloud Services and products.

   With all of them, Mono maintains an agreement in which data protection obligations are set out, providing sufficient guarantees to implement appropriate technical and organizational measures to the processing. The Client hereby authorizes those subcontracting and sub-processors in the current terms.

   Mono shall notify the Client, previously and in writing, if there’s an intention of replacing or engaging with a new sub-processor. Mono shall indicate the processing activities that will be subcontracted and clearly identify the company which will be sub-processor. Subcontracting may be carried out provided that the Client has not objected to it within ten (1) working days after notification.

6. Liability

   The Parties undertake to indemnify, keep indemnified and hold harmless each other from and against any type of administrative sanctions imposed by the corresponding authorities and third-party loss, harm, cost (including reasonable legal fees and expenses), expense and liability that may suffer, arise or incur as a result from the other Party’s non-compliance with its obligations under data protection regulation and/or its responsibilities under this Data Processing Agreement.

   If one of the Parties has to pay an amount of money by way of penalty, sanction, indemnification and damages for the non-compliance of the other Party, the Party that hasn’t complied shall pay and/o reimburse to the other Party the corresponding amounts.

7. Term and Termination

   This Data Processing Agreement is valid for as long as Mono is processing personal data on behalf of the Client under the Main Agreement and this Data Processing Agreement.

About this policy

Mono Technologies Nigeria Limited (”Mono”) is committed to maintaining and improving information security, business continuity, and service management operations by implementing an integrated management system that complies with all necessary rules and industry requirements in order to meet and exceed the expectation of its stakeholders.

This publication establishes a framework for integrating the ISO 27001:2022, ISO 22301:2019, and ISO 20000:2018 standards.

Business Continuity Objectives

1. Ensure uninterrupted availability of all key business resources required to support essential (or critical) business activities.

2. Reduce the number of business continuity high priority risks on Mono’s risk register.

3. Provide for an orderly and expedited recovery/continuity of critical business processes after a disruptive incident within twenty-four (24) hours.

4. Provide training in business continuity for key resources

Information Security Management System Objectives

1. Reduce or avoid information security breaches and related loss.

2. Ensure compliance with Mono’s contractual, regulatory, and legal requirements and minimise information security-related regulatory sanctions/penalties.

3. Ensure Information collected, held, and used by Mono is appropriately protected and available in line with our business requirements.

4. Ensure information security culture and consciousness in Mono are at the highest standards.

Service Management System Objectives

1. Achieve 95% of Information Technology (”IT”) services delivery target in line with business requirements.

2. Achieve 99% of IT services uptime in line with business requirements.

3. Ensure 95% optimization of IT assets, resources, and capabilities leveraging on maximized utilization and availability of our critical service assets.

4. Improve IT service agility by ensuring 90% successful changes.

Our goal with this Policy is to provide a simple and straightforward explanation of what information Mono collects from and about End-Users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information.

1. The Basics

   Why is this important?

   Privacy and security are very important to us at Mono. This document is meant to help you understand how we at Mono collect, use, and share End-User information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this carefully.

   Some background

   Our mission at Mono is to power the next generation of internet business in Africa through financial and identity data. Our technology provides an easy way for you (the “End-User”) to connect your bank account and other financial accounts to software applications that can help you do things like simplify your accounting, onboarding, manage your spending or streamline credit applications. These software applications are built and provided by our Partners and powered by Mono. By delivering access to high-quality, usable financial account data that we’ve translated and standardised, we enable our developers to focus on building experiences that benefit you.

2. Information we collect

   Information you provide: When you connect your financial accounts with a developer application or otherwise connect your financial accounts through Mono, we collect login information required by the provider of your account, such as your username and password, answers to challenge questions or a security token. In some cases, we also collect your phone number to help verify your identity before connecting your financial accounts. When providing this information, you give the developer and Mono the authority to act on your behalf to access and transmit your information from the relevant financial institution and other financial service provider.

   Information collected from your financial institutions: The information we receive from the financial institutions and other financial service providers that maintain your financial accounts varies depending on the specific Mono services our developers use to power their applications and websites, as well as the information made available by those institutions and providers. But, in general, we collect the following types of information from your financial institutions and other financial service providers:

   Personal information: name, date of birth, full address(es), email address, phone number, gender;

   Bank account information:

   Account type (E.g. Current, Saving, Investment, Credit Card);

   Account name;

   Account number (both local and international);

   Currency;

   Account balance information:

   Current balance;

   Available balance;

   Transactions:

   Time;

   Description;

   Amount;

   Information received from your devices: Our technology is generally embedded in our developers’ applications. When you use your device to connect to our services through a developer application, we receive information about that device, including IP address, hardware model, operating system, and other technical information about the device. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services; you can find more information about how we use cookies and your related choices in our Cookies Policy.

   Information we receive about you from other sources: We also receive information about you directly from the relevant developer or other third parties, including service providers and identity verification services. For example, our developers may provide information to us about you, such as your full name, email address, phone number, or information about your account transactions.

3. How we use your information

   We use the information we collect to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your information:

   To operate, provide, and maintain our services;

   To improve, enhance, modify, add to, and further develop our services;

   To protect you, our developers, our partners, or Mono from fraud, malicious activity, and other privacy and security-related concerns;

   To develop new services;

   To provide customer support to you or to our developers, including to help respond to your inquiries related to our service or our developers’ applications;

   To investigate any misuse of our service or our developers’ applications, including violations of our Client Terms of Service, criminal activity, or other unauthorised access to our services; and

   For any other purpose with your consent.

4. How we store your information

   We take deliberate steps designed to protect End-User information in our possession. These steps include maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry standards internally and by independent security auditors.

   We do not sell or rent End-User information to marketers or other third parties. But we do share End-User information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We also share your information:

   With your consent;

   With our service providers, partners, or contractors in connection with the services they perform for us or our developers;

   If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);

   In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganisation, or bankruptcy);

   Between and among Mono and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership; or

   As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our developers, our partners, or Mono.

   We may collect, use, and share information in an aggregated or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or anonymized data based on the collected information to develop new services and facilitate research.

   We retain the information we collect about you for as long as necessary to fulfil the purposes for which we collected it, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using an application or terminate your account with one of our developers, we may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy.

5. International Data Transfers

   We operate internationally, and as a result, the information we collect about you may be transferred, used, or stored in any country where we have operations or where we engage service providers. That means that your information may be transferred to a different country than where it was collected and which may not provide equivalent levels of data protection as your home jurisdiction.

6. Our Legal Basis For Processing

   Mono’s legal basis for processing your information largely depends on the nature of the information and the context in which we collected or processed it. Mono will normally only collect and process your information in the following instances:

   You have given your consent to do so;

   We need to fulfil our responsibilities and obligations in any contract or agreement with you (for example, to comply with our services agreements);

   To comply with our legal obligations under applicable law;

   The processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to safeguard our services; to communicate with you; or to provide or update our services).

7. Your Rights as a User

   Individuals who have Personal Information held by Mono are entitled to reach out to Mono to exercise the following rights:

   Right to request for and access any Personal Information collected and stored by Mono;

   Right to be informed regarding their Personal Information;

   Right, to object to automated decision-making;

   Right to request rectification and modification of Personal Information which Mono keeps;

   Right to request the deletion of their data;

   Right to revoke consent;

   Right to object to the processing of Personal Information for direct marketing, and to request that Mono ceases processing of their information;

   Right to institute civil proceedings and seek compensation through the Courts; and

   Right to submit a complaint to the Data Protection Commission.

   Your request will be reviewed and answered by Mono’s Data Protection Supervisor within a 21-day period upon receipt of the request.

8. Modification to this Privacy Policy

   We may need to update, modify, or amend our Privacy Policy as our technology evolves and as required by law. If we materially change the ways in which we use or share Personal Data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law. The Privacy Policy will apply from the effective date provided on our website.

MONO TECHNOLOGIES NIGERIA LIMITED (INCLUDING ITS AFFILIATES & SUBSIDIARIES) POPULARLY KNOWN AS "MONO" HAVE NO CONNECTION OR AFFILIATION WITH THE COMPANY CALLED MONODIRECTFC/MONOBANK.

We hereby inform our partners, users and the general public that We have no direct or indirect ties or affiliations with any of the companies called "Monodirectfc” or "Monobank" and every other company bearing a partial name similarity with us, by a prefixed or suffixed addition of the word "Mono”.

Furthermore, we wish to inform the general public that in order to identify Mono Technologies Nigeria Limited or any of its subsidiaries, popularly known as "Mono”, reference can be made to the following:

1. Carrying out a corporate search on the Nigerian Corporate Affairs Commission website or any similar governmental body.

2. Checking our website

3. Making a note of our brand logo and identity.

1. How we use Cookies

Some cookies are needed to run the website and to provide our service. For example, when you log in, cookies help to recognise you and keep you logged in as you browse the website. We call these strictly necessary and technical cookies.

We also use the following types of cookies:

Analytical and performance cookies.

These allow us to recognise and count the number of visitors to our website, and see how visitors browse around our website, so we can improve it where necessary.

Targeting cookies.

These allow us to see what pages and links you have visited so we can provide more relevant ads. We may share this information with other organisations for the same purpose.

Google Analytics cookies.

These identify and analyse website trends, but do not identify you individually.

These cookies are all 'session cookies', which means that they will end when you close your website browser.

Can I change my preferences?

Except for strictly necessary cookies, we can only use cookies if you agree. By using this website, you agree to us using cookies.

You can change your browser settings to refuse the use of all or some cookies. However, if you block all cookies (including strictly necessary cookies), you may not be able to use all or some parts of our website. You can find out how to opt-out of Google Analytics site activity tracking by clicking here.

Please note, other organisations, such as advertising networks, may also use cookies to track you across different websites. We have no control over these cookies.

Data Encryption

Our database servers encrypt Account Information using the standard AES 256-bit encryption. We generate a multi-part encryption key, one for you, one for us, and one that we store on your behalf in a separate network.

The encrypted information needs all of the three keys simultaneously in order to be decrypted. The encryption keys are rotated and our segments of the key are managed in a network separated from the database and application servers. All the application secrets and keys are stored in a fault-tolerant key management cluster with limited access. The master key is kept in an air-gapped, secure vault to ensure a maximum level of security.

Transmission Security

All data served over our REST API uses HTTPS. We regularly audit our security setup to ensure that the certificates we serve are up to date. We force HTTPS for all connections to our API server to ensure that the information is always encrypted during the transport from our server to the Provider's App. We encourage Providers to use the same methods to ensure that the information is encrypted all the way to you as the End-User.

Logging

We log all API calls and track the interactions with Mono API for later review.

Questions about security

If you have any questions about the security we use at Mono, please contact us by email at support@mono.co