Data Deletion Policy
1. Purpose and Scope
This policy outlines the procedures, criteria, and timelines for the deletion and termination of user accounts, associated data, and deprecated mobile/web applications (collectively, “Apps”) offered by Kredi Banks. This ensures compliance with data protection regulations and maintains the security and efficiency of our services.
● Scope: This policy applies to all Kredi Banks’ customer accounts and applications, and all associated PII (Personally Identifiable Information) and transactional data.
● Key Principle: Kredi Banks retains data only as long as necessary to fulfill the purpose for which it was collected, or as required by law.
2. Triggers for Account and Data Deletion
Deletion processes may be triggered by the following events:
A user may request the deletion of their Kredi Banks account and associated data at any time via the dedicated account management section within the App or by contacting our Data Privacy Office (see Section 5).
If an account shows no transactional activity (e.g., log-ins, transfers, balance checks) for a continuous period of twenty-four (24) months, Kredi Banks reserves the right to initiate the account closure and subsequent data deletion process.
2.3. Legal, Security, or Policy Violation
Accounts found to be in violation of Kredi Banks’ Terms of Service, involved in fraudulent activity, or subject to a valid legal request requiring deletion may be deleted immediately without prior notice.
3. Deletion and Data Retention Timelines
The deletion process is carried out in two main stages to comply with financial and regulatory obligations.
Stage 1: Soft Deletion (Account Closure)
User account access is terminated, and PII is de-identified or pseudonymized within 30 days of the deletion trigger. This data is temporarily archived and remains in non-active status for up to 90 days to allow for fraud investigation or mandatory data export.
Stage 2: Hard Deletion (Final Purge)
All non-regulatory data (non-transactional metadata, marketing preferences) is permanently deleted from Kredi Banks’ live systems and backups after the 90-day soft deletion period.
Note on Financial Data: Transactional records and other data required for compliance (e.g., AML, KYC, tax laws) will be retained in a secure, isolated archive for a minimum of seven (7) years, or as otherwise mandated by governing laws. This data will be deleted once the statutory retention period expires.
4. Application Decommissioning (Kredi Banks Initiated)
Kredi Banks reserves the right to retire or decommission any application due to obsolescence, security concerns, or strategic decisions.
● Notification: Users will be notified via email or within the App interface at least 90 days before the final decommissioning date.
● Data Migration: Users will be provided clear instructions on how to migrate their data or transition to an alternative Kredi Banks service.
● Final Deletion: All application-specific data and code will be permanently deleted from Kredi Banks’ infrastructure within 365 days of the final retirement date.
Once a hard deletion (Stage 2) has occurred, the account and its associated personal data cannot be recovered. Users are responsible for exporting any necessary data before submitting a deletion request.
For questions regarding this App Deletion Policy or to submit a formal deletion request, please contact the Kredi Banks Data Privacy Office:
General Contact Email: info@thekredibank.com
Address: Data Privacy Office, The Eshrow, 6th Floor Wing A, Block V Plot Land Bridge, Oniru, Lagos
