Overview & Identity
Business Intel Verify Services ("BIVS", "we", "us", "our") is a business intelligence and field verification company registered and operating in Nigeria. We provide on-ground verification, loan monitoring, fraud investigation, and debt recovery services to financial institutions, fintech lenders, and international investors.
For the purposes of applicable data protection law, BIVS acts as a data controller in respect of personal data we collect directly (e.g. through our website and direct client communications), and as a data processor in respect of personal data submitted to us by our clients for the purpose of conducting verifications and investigations on their behalf.
Our registered business contact for data protection matters is:
Data We Collect
The personal data we collect depends on the nature of the engagement. We collect data across three broad categories:
A. Data relating to subjects of verification (borrowers, business owners, individuals under investigation)
| Data Type | Examples | Source |
|---|---|---|
| Identity data | Full name, NIN, BVN reference, date of birth, gender | Client-submitted / field collected |
| Address data | Residential and business addresses, GPS coordinates | Client-submitted / physically confirmed |
| Business data | Business name, registration details, nature of trade, operational status | Client-submitted / field observed |
| Financial data | Loan amount, stated purpose, utilisation status | Client-submitted |
| Photographic evidence | Timestamped photos of business premises, signage, assets | Field-collected |
| Interview records | Written records of proprietor or staff interviews | Field-collected |
| Risk assessment data | Risk scores, fraud indicators, operational findings | BIVS-generated |
B. Data relating to our clients and their representatives
When a financial institution or company engages BIVS, we collect business contact information including names, job titles, email addresses, phone numbers, and company details for the purpose of delivering our services and managing the business relationship.
C. Website visitor data
When you visit www.bivsnigeria.com, we may collect your IP address, browser type, pages visited, and referral source for the purpose of understanding website usage. See Section 12 for more detail on cookies.
How Data Is Collected
We collect personal data through the following means:
From clients directly: When a client submits a verification request via WhatsApp, email, or our website, they provide us with information about the individual or business to be verified. This data is voluntarily submitted by the client.
Through physical field operations: Our field agents conduct on-ground visits and gather data directly from the environment · including GPS coordinates, photographic evidence, and observations about business premises and operations.
Through interviews: During field visits, our agents may conduct interviews with business owners, employees, or other relevant parties. Records of these interviews form part of the verification report.
Through publicly available sources: We may cross-reference data against publicly available records including Corporate Affairs Commission (CAC) filings, land registry information, and open-source intelligence.
Why We Process Your Data
| Purpose | Description |
|---|---|
| Business Verification | Confirming the existence, location, and operational status of a business on behalf of a lending client |
| Address Verification | Physically confirming that a stated residential or business address corresponds to the subject |
| Loan Monitoring | Verifying post-disbursement loan utilisation and ongoing business activity on behalf of lenders |
| Fraud Investigation | Investigating suspected fraudulent loan applications, ghost businesses, or misrepresented collateral |
| Debt Recovery | Locating and engaging with borrowers on behalf of creditor clients to facilitate lawful recovery |
| Client Relationship Management | Managing communications, delivering reports, and maintaining ongoing client relationships |
| Legal & Regulatory Compliance | Meeting our obligations under Nigerian law including the NDPA 2023 |
| Internal Quality Assurance | Reviewing and improving the quality and accuracy of our field reports and processes |
Legal Basis for Processing
Under the Nigeria Data Protection Act 2023 and, where applicable, the GDPR, we are required to have a lawful basis for processing personal data. The bases we rely on are:
Legitimate interests: The primary basis for processing data relating to verification subjects is the legitimate interest of our clients (financial institutions) in preventing fraud, assessing creditworthiness, and protecting their assets. We carry out a balancing test to ensure this interest is not overridden by the rights of the individual concerned.
Contractual necessity: Processing data relating to our clients and their staff is necessary for the performance of our service contracts.
Compliance with a legal obligation: Where we are required to process or retain data to comply with Nigerian law or a court order.
Consent: Where we rely on consent (e.g. for marketing communications to prospective clients), we will obtain clear, informed, and freely given consent and you may withdraw it at any time.
Important notice for data subjects: If you are an individual whose data has been processed as part of a BIVS verification or investigation, this has been carried out on behalf of a financial institution client. You have the right to contact us to understand what data we hold about you. See Section 10 for your full rights.
Who We Share Data With
We do not sell personal data. We share personal data only in the following limited circumstances:
With clients: Verification reports and associated evidence (including photos, GPS data, and findings) are shared with the client who commissioned the investigation. These clients are financial institutions with their own data protection obligations.
With field agents: Our network of 100+ field agents across 23 states receives only the minimum information necessary to conduct a specific verification. Field agents operate under confidentiality agreements.
With service providers: We use third-party tools for communication (including WhatsApp Business and email), cloud storage, and report generation. These providers are selected for their data security standards.
With regulatory authorities: We may disclose data to the Nigeria Data Protection Commission (NDPC), the Economic and Financial Crimes Commission (EFCC), the Nigeria Police Force, or other competent authorities where we are legally required or permitted to do so · for example, in the investigation of financial crime.
With legal advisers: In the event of a dispute or legal proceeding, data may be shared with our legal representatives on a confidential, need-to-know basis.
Cross-Border Transfers
BIVS is a Nigerian company and our primary data processing takes place within Nigeria. However, we serve international clients, including impact investors and financial institutions based outside Nigeria (including the United Kingdom and the European Union). Where verification reports are transmitted to clients outside Nigeria, this constitutes an international transfer of personal data.
When transferring data internationally, we take steps to ensure an adequate level of protection is in place, including:
Contractual safeguards: We include data protection obligations in our client contracts to ensure reports and associated data are handled appropriately by recipient organisations.
GDPR awareness: Where our clients or the individuals concerned are located in the European Economic Area (EEA), we apply GDPR-equivalent standards to the processing and transfer of their data.
If you have questions about international transfers of your data, please contact us using the details in Section 14.
How Long We Keep Data
We retain personal data only for as long as is necessary for the purposes set out in this policy or as required by law. Our standard retention periods are as follows:
| Data Category | Retention Period | Reason |
|---|---|---|
| Verification reports & evidence | 5 years from date of report | Client dispute resolution and audit requirements |
| Fraud investigation records | 7 years | Potential criminal proceedings and regulatory compliance |
| Debt recovery records | 6 years from settlement or final action | Limitation periods under Nigerian law |
| Client contact data | Duration of contract + 3 years | Contractual and business relationship management |
| Website visitor data | 12 months | Analytics and security monitoring |
| Marketing communications consent | Until consent is withdrawn | Consent-based processing |
After the applicable retention period, personal data is securely deleted or anonymised. Where anonymisation is not technically feasible, data is destroyed using appropriate methods.
Data Security
BIVS takes the security of personal data seriously. Given the sensitive nature of the data we handle · including financial information, fraud investigation records, and GPS-tagged photographic evidence · we implement appropriate technical and organisational measures to protect data against unauthorised access, loss, destruction, or alteration.
Our security measures include:
Access controls: Personal data is accessible only to authorised BIVS staff and field agents on a strict need-to-know basis. Field agents receive only the case-specific information required for their assignment.
Confidentiality agreements: All BIVS staff and field agents are bound by written confidentiality obligations. Breach of these obligations is treated as a serious disciplinary matter.
Secure transmission: Reports containing personal data are transmitted to clients through secure channels. We do not transmit sensitive data over unsecured public networks without encryption.
Physical security: Where physical documents or records exist, these are stored securely and access is restricted.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, and will notify affected individuals where required by law.
Your Data Rights
Under the Nigeria Data Protection Act 2023, you have the following rights in relation to your personal data. Where GDPR applies, equivalent rights exist under that regulation.
To exercise any of these rights, please contact us using the details in Section 14. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.
Please note that certain rights may be limited where processing is carried out on behalf of a client. In such cases, we will direct your request to the relevant client controller where appropriate.
Children's Data
Our services are directed exclusively at businesses and financial institutions, not individuals below the age of 18. We do not knowingly collect personal data from children.
If we become aware that personal data of a child has been submitted to us inadvertently (for example, as part of a household address verification), we will delete such data promptly and notify the referring client.
If you believe we may have inadvertently collected data relating to a child, please contact us immediately at enquiries@bivsnigeria.com.
Website & Cookies
Our website at www.bivsnigeria.com is a primarily informational site. We may use limited cookies and similar technologies to help the site function correctly and to understand how visitors use the site.
Strictly necessary cookies: These are required for the website to operate and cannot be switched off. They do not store personally identifiable information.
Analytics cookies: We may use anonymised analytics to understand aggregate visitor behaviour · such as which pages are most visited and how visitors arrive at the site. This data does not identify individual users.
WhatsApp and external links: Our site includes links to WhatsApp and email. When you click these links and engage through those platforms, their own privacy policies apply. We recommend reviewing the WhatsApp Privacy Policy and Meta's data practices if you use WhatsApp to contact us.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of some website features.
Changes to This Policy
We review this Privacy Policy periodically and will update it to reflect changes in our practices, legal obligations, or regulatory guidance. When we make material changes, we will update the "Last Reviewed" date at the top of this page.
For significant changes affecting how we process your personal data, we will notify active clients directly by email.
We encourage you to review this policy periodically. Continued use of our services after an update constitutes acceptance of the revised policy.
Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or the personal data we hold, please contact us using the details below. We take all data protection enquiries seriously and will respond promptly.
Making a complaint
If you are unsatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC), the regulatory authority responsible for enforcing the NDPA 2023.
Nigeria Data Protection Commission: ndpc.gov.ng
If you are located in the European Economic Area and believe GDPR applies to your situation, you may also contact your local Data Protection Authority.
We would always prefer to resolve any concerns directly with you first, and invite you to contact us before escalating to a regulatory authority.