1. Who We Are

• Data Controller: Rainy Day Cooperative Multipurpose Society Limited
• Address: Block 137 Flat 1, Ijaiye Medium Phase 4, Agege, Lagos, Nigeria
• Contact Email: contact@rainydaycoop.com
• If you have questions about this Privacy Policy or how we process personal data, please contact us using the details above.

2. Scope of this Policy

• our Website;
• email, phone, and other communications with us;
• membership enquiries and applications;
• service requests, complaints, or feedback submissions; and
• any other lawful interaction with Rainy Day Cooperative through digital or offline channels linked to our Website.

3. Personal Data We May Collect

Depending on how you interact with us, we may collect the following categories of personal data:

a. Identity and Contact Data

• full name;
• email address;
• phone number;
• residential or mailing address;
• cooperative membership number or applicant reference, where applicable.

b. Membership and Transaction Data

• membership application details;
• savings, contributions, loan, welfare, or cooperative participation records, where applicable;
• payment confirmation or transaction references, where applicable.

c. Communications Data

• messages, enquiries, complaints, feedback, and correspondence you send to us;
• records of our responses to you.

d. Technical and Usage Data

• IP address;
• browser type and version;
• device type;
• pages visited;
• date/time of access;
• referring website or source;
• basic website interaction data collected through cookies or similar technologies.

e. Compliance Data

• records needed to comply with legal, regulatory, audit, anti-fraud, or dispute-resolution obligations.

f. Member Portal Data

If you register for or use our member portal, we may collect and process:

•  login credentials and account identifiers;
• membership profile details;
• records relating to your cooperative membership, savings, contributions, benefits, transactions, or service requests;
• documents or information you upload through the portal;
• portal activity logs, device information, IP address, session details, and account security records.

For member portal access, we implement account and access-control measures designed to protect member information, including authentication controls, restricted access, activity monitoring, and other reasonable safeguards appropriate to the nature of the data processed.

g. WhatsApp and Chatbot Data

If you contact us through our WhatsApp bot or any chat feature, we may collect and process:

• your phone number and WhatsApp profile name;
• the contents of your messages, attachments, and responses;
• chat history and support records;
• metadata associated with messages, such as date, time, and delivery status;
• information you choose to provide during the conversation.

Automated Interactions

Some responses provided through our WhatsApp bot or digital support channels may be automated. These automated tools are used to assist with routing enquiries, providing basic information, and improving response times.

Where any decision based solely on automated processing would produce legal effects or similarly significant effects on you, we will handle such processing in accordance with applicable law and provide an opportunity for appropriate human review where required.

4. How We Collect Personal Data

• directly from you when you fill forms on our Website;
• when you contact us by email, phone, or other channels;
• when you apply for membership or request cooperative services;
• when you submit documents or information required for verification or administration;
• automatically through cookies, server logs, and analytics tools when you use the Website;
• from lawful third parties or public sources where permitted by law.

5. Purposes for Which We Use Your Personal Data

• to respond to enquiries and provide support;
• to process membership enquiries and applications;
• to administer membership records and cooperative activities;
• to provide services, benefits, and communications related to the cooperative;
• to verify identity and prevent fraud, abuse, or unauthorized activity;
• to maintain the security and proper functioning of our Website;
• to improve our Website, member experience, and service delivery;
• to keep internal records and perform administrative functions;
• to comply with legal, regulatory, tax, audit, and reporting obligations;
• to establish, exercise, or defend legal claims;
• to send service-related notices and, where lawful, updates or information relevant to our members or prospective members.
  We may also use personal data:
• to create, manage, and secure member portal accounts;
• to authenticate users and prevent unauthorized access;
• to provide members with access to account information, transactions, records, and cooperative services;
• to respond to enquiries and requests made through our WhatsApp bot or messaging channels;
• to improve our support services, chatbot flows, and service delivery;
• to monitor misuse, detect fraud, and maintain system security;
• to keep records of member communications and requests.

6. Lawful Bases for Processing

We process personal data only where we have a lawful basis to do so. Depending on the context, our lawful bases may include:

• your consent;
• processing necessary to take steps at your request or to perform a contract with you;
• processing necessary for compliance with a legal obligation;
• processing necessary to protect your vital interests or those of another person;
• processing necessary for our legitimate interests, provided such interests do not override your fundamental rights and freedoms.
• Where we rely on consent, you may withdraw it at any time, subject to the lawfulness of processing carried out before withdrawal.
  
  For member portal services, we may rely on contractual necessity, legal obligation, and legitimate interests such as account security and fraud prevention.

For WhatsApp communications, we may rely on your consent, your request for information or support, contractual necessity where the chat relates to member services, and our legitimate interests in managing communications and improving support.

7. Sensitive Personal Data

We do not intentionally collect or process sensitive personal data unless it is strictly necessary for a lawful purpose connected with our cooperative functions, you have expressly consented where required, or the processing is otherwise permitted or required by applicable law. Where sensitive personal data is processed, we will apply additional safeguards appropriate to the nature of the data.

8. Children’s Data

Our Website and services are not intended for children unless specifically stated. Where personal data relating to a child or person lacking legal capacity is processed, we will do so only in accordance with applicable Nigerian law and, where required, with the involvement or consent of a parent, guardian, or other legally authorized person.

9. Cookies and Similar Technologies

We may use cookies and similar technologies to:

• enable core Website functionality;
• remember preferences;
• understand how users interact with the Website;
• improve performance, security, and user experience.

You may control cookies through your browser settings. However, disabling some cookies may affect the functionality of the Website.

If we use non-essential cookies such as analytics, advertising, or personalization cookies, we will provide appropriate notice and, where required, request your consent.

10. Disclosure of Personal Data

We may disclose personal data only where necessary and lawful, including to:

• our employees, officers, and authorized personnel on a need-to-know basis;
• trusted service providers, vendors, or processors who support our operations, hosting, communication, IT, analytics, or administration;
• professional advisers, auditors, insurers, or legal representatives;
• regulators, law enforcement, courts, or competent authorities where required by law;
• other parties where disclosure is necessary to protect rights, investigate fraud, or enforce our legal terms.

We do not sell your personal data.

Where third parties process personal data on our behalf, we require them to implement appropriate confidentiality, security, and data protection measures.

11. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, including for:

• membership administration;
• service delivery;
• legal, tax, accounting, audit, and regulatory compliance;
• dispute resolution and enforcement of rights;
• fraud prevention and security.

When personal data is no longer required, we will securely delete, anonymize, or destroy it in accordance with our retention practices and applicable law.

We may retain member portal records, account logs, and chat communications for as long as reasonably necessary for membership administration, security monitoring, dispute resolution, legal compliance, fraud prevention, and service improvement.

12. Your Rights

Subject to applicable law, you may have the right to:

• be informed about how your personal data is processed;
• request access to your personal data;
• request correction of inaccurate or incomplete personal data;
• request deletion of personal data in certain circumstances;
• request restriction of processing in certain circumstances;
• object to processing, including processing for direct marketing;
• withdraw consent where processing is based on consent;
• request portability of personal data where applicable;
• object to decisions based solely on automated processing where applicable;
• lodge a complaint with the relevant supervisory authority.

To exercise any of these rights, please contact us at contact@rainydaycoop.com. We may request information to verify your identity before acting on your request.

13. International Transfer of Personal Data

Your personal data may be processed or stored outside Nigeria where we use third-party technology infrastructure, cloud hosting, portal providers, or messaging platforms such as WhatsApp.

Where this occurs, we will take reasonable steps to ensure that such transfers are lawful and that your personal data remains protected through appropriate safeguards, contractual measures, or other legally recognized transfer mechanisms under applicable Nigerian data protection law.

Please do not send unnecessary sensitive personal data through WhatsApp or chat channels unless specifically requested by us for a lawful purpose. Where more secure or appropriate channels are required for certain services or documents, we may ask you to use those channels instead.

14. Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, misuse, alteration, unauthorized disclosure, or unauthorized access.

• access controls;
• password protection;
• staff confidentiality obligations;
• secure hosting and communications measures;
• monitoring and response procedures for security incidents.

While we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure.

15. Direct Marketing

Where we send promotional or informational communications, we will do so in accordance with applicable law. You may opt out of non-essential marketing communications at any time by following the unsubscribe instructions in the message or by contacting us at contact@rainydaycoop.com.

16. Third-Party Links

Our Website may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to read their privacy policies before providing any personal data.

Third-Party Platforms and Service Providers

Some of our digital services may be delivered through third-party platforms and service providers, including website hosting providers, portal software providers, cloud storage providers, analytics providers, and messaging platforms such as WhatsApp.

Where you communicate with us through WhatsApp, your personal data may also be processed by WhatsApp and its affiliated service providers in accordance with their own terms and privacy policies. We encourage you to review those policies before using the service.

We use third-party providers only where necessary and require appropriate confidentiality, security, and data protection measures where they process personal data on our behalf.

17. Data Breach Response

Where a personal data breach occurs, we will take appropriate steps to investigate, contain, and remediate the incident. Where required by law, we will notify affected individuals and/or the relevant authority within the applicable timeframe.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Website functionality. Any updates will be posted on this page with a revised “Last Updated” date.

19. Contact Us

• Rainy Day Cooperative Multipurpose Society Limited
• Block 137 Flat 1, Ijaiye Medium Phase 4, Agege, Lagos, Nigeria
• Email: contact@rainydaycoop.com
• If you are dissatisfied with our response, you may have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).