PRIVACY POLICY

Newrgy Lending Limited

Date of Last Update:24 July , 2025

Date of Policy Approval:24 July, 2025

Dear User (hereinafter referred to as "You" or "User"),

Introduction

This Privacy Policy is issued by NEWRGY LENDING LIMITED ("NEWRGY", "we", "us", or "our"), a company duly incorporated under the laws of the Federal Republic of Nigeria, in connection with the collection, processing, storage, and protection of personal data obtained through the use of our digital loan application known as Sharp Collect, available on the platform for offering financial and credit facilities to users.

We recognize the importance of privacy and data protection and are fully committed to ensuring that your personal information is handled in a lawful, fair, and transparent manner. This Privacy Policy sets forth the basis upon which we process your personal data in accordance with the provisions of the Nigeria Data Protection Act (NDPA), 2023, Nigeria Data Protection Regulation 2019 and Federal Competition and Consumer Protection Act 2021, and other applicable data protection regulations, including but not limited to relevant guidelines issued by the Nigeria Data Protection Commission (NDPC) and, where applicable, international best practices.

By accessing, downloading, registering with, or using the Sharp Collect mobile application, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with the terms herein, you are advised not to proceed with the use of the application.

This Policy applies to all users of the Sharp Collect App, including applicants, borrowers, and other individuals whose personal data may be collected or processed in the course of providing our services.

For the purpose of this Privacy Policy:

"Personal Data" refers to any information relating to an identified or identifiable natural person as defined under the Nigeria Data Protection Act (NDPA).

a. "Processing" refers to any operation performed on Personal Data, whether automated or not, including collection, storage, use, disclosure, or deletion.

b. "User", "you", or "data subject" refers to any individual who accesses, uses, registers for, or interacts with the Sharp Collect mobile application.

c. "Application" or "App" refers to the Sharp Collect digital loan application developed and operated by NEWRGY LENDING LIMITED. NEWRGY processes your personal data on the following lawful bases, as provided under the NDPA:

d. Consent: Where you have provided clear permission for us to process your data for a specific purpose;

e. Contractual Necessity: Where processing is necessary for the performance of a contract with you (e.g., loan agreements);

f. Legal Obligation: Where processing is necessary for compliance with legal or regulatory obligations (e.g., anti-money laundering (AML), Know Your Customer (KYC));

g. Legitimate Interest: Where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms.

We hereby advise you to carefully read and fully understand all terms of this Agreement. If you have reviewed and understood all provisions of this Policy, you may choose to consent to the use of our Sharp Collect App services. Should you disagree with any terms herein, we strongly advise against applying for our App services to safeguard your rights.

In compliance with national laws and regulations, changes in regulatory policies, and operational requirements, we may periodically amend, modify, update, or revise this Policy.

1. Our Primary Activities

To deliver our services through the Sharp Collect App, we require certain personal information from you. This enables core functionalities such as user registration, loan application processing, credit assessments, and customer support. Our goal is to facilitate a secure and responsive experience while ensuring full compliance with relevant data protection laws.

This policy explains the nature of the data we handle and how it is managed throughout your interaction with our platform. We strongly encourage you to read this document in full to understand your rights and our responsibilities.

2. Types of Data Collected

We may collect the following categories of data:

2.1 Basic Identity Information

Including but not limited to: full name, gender, physical address, telephone number, identification document images, facial biometrics, User ID, and other personally identifiable information provided by you.

2.2 Unique Device Identifiers

Comprising unique device identifiers (e.g., device serial numbers), battery status, and other device-specific identification data.

2.3 Behavioral Data

Your interactions within the Sharp Collect App, including pages visited, clicks, and input activities.

2.4 Financial Data

Sensitive financial information such as bank account details and transaction history.

2.5 Application and Technical Data

Including application usage analytics, performance metrics, device error logs, system diagnostics, and device identifiers (e.g., device ID).

2.6 Device Activity and Location Information

Approximate location data, Bluetooth connectivity status, calendar permissions, network status, and Advertising ID.

2.7 Supplementary Information

Credit assessments related to your loan applications obtained from third parties (e.g., credit reports from authorized agencies).

3. Processing, Sharing, and Disclosure of Information

Purposes for data processing include:

3.1 Identity verification (document/liveness checks) to prevent fraud, unauthorized disclosure, and secure accounts using internal/third-party screening tools.

3.2 Creditworthiness and repayment capacity assessment using submitted data and risk control models.

3.3 Communication regarding updates via provided contacts (phone/email/App).

3.4 Marketing/service updates (opt-out available).

3.5 Loan service provision, contractual fulfillment, request management, and inquiry resolution.

3.6 Controlled Data Sharing: With explicit consent, we share limited data (name, email, User ID, phone number, app performance, approximate location, device model, in-app activity, financial status, battery level) with partners (e.g., Facebook, Advance, Skypay, AppsFlyer) for:

• Identity validation
• Credit review
• Loan approval/disbursement
• Payment processing
• Post-lending management

3.7 Credit data updates, record maintenance, and scoring.

3.8 Promotion efficacy analysis, usage trend identification, service/product enhancement, and user experience optimization.

3.9 Necessary sharing of name/bank account details with payment processors for fund disbursement.

3.10 Product functionality optimization and behavioral analysis.

3.11 Compliance with governmental/regulatory disclosure requirements.

3.12 Dispute resolution, legal investigations, and debt recovery.

3.13 Any additional purposes disclosed during service delivery.

3.14 Third-Party Sharing

Wemayshareyourpersonalinformation(e.g.,name,emailaddress,mobilenumber,financialstatus,approximatelocation,in-appactivityhistory,appperformance,etc.)withtrustedandauthorizedthirdpartiesstrictlyforthepurposeoffulfillingtheservicesrequestedbyyou(e.g.,identityverification,creditscoring,loandisbursement).NopersonaldatawillbedisclosedtounrelatedthirdpartiesorusedbeyondthescopeofthisPrivacyPolicywithoutyourconsent.

Data Subject withdraws consent or objects to the processing of his or her information, and there is no other legal basis or overriding legitimate interest for processing; the personal data involves private information that is disadvantageous to the Data Subject, unless freedom of speech, freedom of expression or press freedom or other authorization justifies it; the processing is unlawful, or the Personal Information Controller or Personal Information Processor infringes the rights of the Data Subject.

4. Data Collection, Storage, and Protection

4.1 How We Collect Your Information?

We collect information through: (a) manual input/uploads within the Sharp Collect App, and (b) authorized device permissions, specifically:

When using the APP, and with your permission, the following data will be collected and used for credit evaluation to ensure transaction security. We use encryption technology to securely transmit this information to the sharp collect server: https://api.newrgy.ng/sharpcollectaPost

4.1.1 Device Details

We collect device - specific data (such as model, operating system, etc.) to verify access rights and reduce fraud.

4.1.2 Location Access

We collect approximate location data. One purpose is to identify whether the APP is registered and used locally in Nigeria; the other is to monitor suspicious login behaviors and ensure the security of your transactions.

4.1.3 SMS Data

We will use advanced keyword filtering functions to extract financial - related SMS metadata (for example, sender, amount, etc.). This data is encrypted and will only be used for credit evaluation. It will never be shared with external parties without your permission, and you can apply to delete the data at any time.

4.1.4 Calendar Access

This allows us to create non - intrusive loan repayment reminders. We will not modify or delete your calendar events.

4.1.5 Camera Access

Your device's camera will be used for biometric verification (for example, matching Face ID with government - issued identity documents).

4.1.6 Bluetooth Access

It is used to detect nearby connections and prevent unauthorized data transmission.

4.1.7 Network and Wi - Fi Connections

We will monitor the internet connection of your device to ensure smooth service performance and data synchronization.

4.1.8 Internet Connection

It is necessary for securely performing online operations within the application ecosystem. All transmissions are encrypted and comply with data security standards.

4.1.9 Advertising Identifier

It is used to analyze user behavior and monitor advertising delivery, aiming to improve the accuracy of advertising display and reduce the impact on non - target users.

4.2.0 Contacts

When filling out your basic information, you'll need to provide your contact information so we can reach you in an emergency. We won't access your contact permissions; we only collect the contact information you select.

4.2 How We Store Your Information?

4.2.1 We retain your personal data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, or as required under applicable laws and regulations. For instance, under Nigerian law, financial records must be retained for a minimum of five (5) years.

Retention Schedule

Note: "Closure" refers to either the final settlement of a loan or the termination of a user’s account.

4.2.2 Data Deletion and Disposal

l Data that has reached the end of its retention period will be securely deleted or irreversibly anonymized, unless otherwise mandated by law.

l All digital data is removed using certified secure deletion tools, while physical documents are shredded and disposed of through secure channels.

l Third-party service providers and vendors handling personal data are required to adopt similar secure deletion procedures and must provide confirmation of disposal upon request.

4.2.3 Exceptions to Retention Schedule

We may retain your personal data beyond the standard retention periods under the following circumstances:

• Where retention is required by applicable law or regulatory directive;
• Where data is subject to a legal dispute, regulatory investigation, or ongoing litigation;
• Where you have provided explicit consent for extended retention of your information.

4.2.4 Data Security

We are committed to protecting your personal data using appropriate administrative, technical, and physical safeguards that meet industry standards. Our security measures include:

• Data Encryption: All personal data is encrypted both during transmission and while stored (at rest).
• Access Control & Multi-Factor Authentication: User and staff access to data is protected by multi-layered verification mechanisms.
• Security Audits: We conduct regular internal and third-party assessments to identify and mitigate potential vulnerabilities.
• Risk Monitoring: Ongoing risk assessments help us identify threats and strengthen our data protection practices.

We continuously update our security infrastructure to respond to evolving threats and to ensure your information is handled with the utmost care and integrity.

4.3 How We Protect Your Information?

4.3.1 We are committed to protecting your personal data through comprehensive and layered safeguards in accordance with:

• The Nigeria Data Protection Act, 2023,
• The Nigeria Data Protection Regulation (NDPR), 2019, and
• Current guidelines and advisories issued by the Nigerian Data Protection Commission (NDPC).

4.3.2 Our Security Measures Include:

• Physical safeguards: Restricted access to data centers and offices;
• Technical safeguards: Use of end-to-end encryption, secure data transfer protocols, and device-level protections;
• Administrative safeguards: Regular employee training, privacy awareness, and access controls;
• Procedural safeguards: Internal data access governance and incident response planning.

All personal data collected is stored in encrypted form on our secure servers at [https://api.newrgy.ng/sharpcollectaPost]. These systems are continuously monitored to detect and mitigate risks such as unauthorized access, disclosure, misuse, or alteration.

5. How Can You Exercise Your Rights?

Pursuant to the Nigeria Data Protection Act, 2023, Data Subjects (i.e., users of the Sharp Collect App) are entitled to the following rights in relation to their personal data:

5.1 Right to be Informed

Data Subjects have the right to be informed about the collection and use of their personal data. We will provide clear and accessible notice and obtain the Data Subject’s informed consent before collecting, processing, sharing, or storing their personal information.

5.2 Right to Object

Data Subjects have the right to object to the processing of their personal data, particularly where such processing involves:

• Direct marketing,
• Automated decision-making, or
• Profiling.

This right allows the Data Subject to withhold or withdraw consent, especially if the basis or purpose of processing changes from what was initially disclosed.

Exceptions: Sharp Collect may process personal data without explicit consent in the following circumstances:

• If required by law or subpoena;
• Where processing is necessary for the performance of a contract to which the Data Subject is a party;
• In an employer-employee relationship where processing is necessary or desirable;
• Where permitted or mandated under applicable legal obligations.

5.3 Right to Access

The Data Subject has the right to access personal data held about them. Upon request, the Data Subject may obtain the following:

• The content and nature of the processed data;
• The source of the data;
• The names and addresses of any recipients of the data;
• The methods of processing;
• The purpose for data sharing (if applicable);
• Information on any automated decision-making processes that significantly affect the Data Subject;
• The most recent date of data access or modification;
• The name and contact information of the Data Controller (Sharp Collect).

5.4 Right to Erasure or Blocking

Data Subjects may request the blocking, deletion, or destruction of their personal data from our systems if any of the following grounds are established:

• The data is false, outdated, incomplete, or unlawfully obtained;
• The data was used for purposes not authorized by the Data Subject;
• The data is no longer necessary for the original purpose of collection;
• The Data Subject has withdrawn consent or objects to processing and no overriding legal basis exists;
• The data contains sensitive private information that may cause harm or disadvantage, unless processing is justified by public interest, freedom of expression, or other lawful grounds;
• The data is processed in a manner that infringes on the rights and freedoms of the Data Subject.

5.5 Procedure for Submitting a Request by the user

5.5.1 Data Subject Access Requests must:

• Be submitted in writing via email;
• Requests should be directed to:Data Protection Officer (DPO)

Email:dponewrgy@gmail.com

• Clearly specify the type or scope of data being requested.
• Include sufficient information to verify the identity of the requestor.

To protect against unauthorized disclosure, NEWRGY LENDING LIMITED requires:

• A valid form of government-issued identification (e.g., National ID, passport);
• If acting on behalf of someone else, legal documentation or a signed authorization.

The Company reserves the right to request additional information to confirm identity or legal authority before proceeding.

5.5.2 Our Timeline for Response

Upon receipt of a valid request:

• Acknowledgement will be sent within 72 hours;
• A substantive response will be issued within 30 calendar days;
• In complex cases, the timeline may be extended by an additional 15 days, with prior notification and justification to the requestor.

5.5.3 Our Costs of Processing Requests

• DSARs shall be processed free of charge in most circumstances;
• If a request is manifestly unfounded, excessive, or repetitive, NEWRGY LENDING LIMITED reserves the right to:
• Charge a reasonable administrative fee; or Decline the request with written justification.

5.5.4 Our Grounds for Denial or Partial Disclosure

A request may be lawfully denied in whole or part where:

• Disclosure would violate another individual’s privacy rights;
• The request is abusive, unfounded, or poses a threat to operational security;
• The data requested falls under legal exemptions (e.g., anti-fraud, law enforcement, attorney-client privilege);
• The data has already been erased in line with retention schedules.

In such cases, the data subject will receive a written explanation detailing the basis for the denial or redaction.

6. Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in technology, law, or business operations. When material changes are made, users will be notified through the Sharp Collect app interface or by email, where appropriate.

7. How to Contact Us?

If you have any questions about this policy, or any related complaints or suggestions, you may contact us in the following ways:

7.1 If you need to delete your account or have other questions to consult our customer service, you may contact our customer service by sending an email to:contactcom@newrgy.ng

7.2 Our Data Protection Officer (DPO) email address is: dponewrgy@gmail.com