This policy applies to Guaranty Trust Fund Managers Limited as well as all the entities in the Guaranty Trust Group of companies (collectively referred to as “we”, “us”, “our”)”. The purpose of this policy is to provide information about the manner in which we collect, store, protect, process and share the personal information of customers, suppliers, business partners, visitors to our premises and websites in our role as a data controller.
|Personal data collected||Examples|
|Personal details||Name, gender, biometric information, details of education, employment details, next of kin, etc.|
|Contact details||Phone number, email address, address, etc.|
|User login and subscription data||Login details/authentication details to our online and physical channels, etc.|
|Identity-related information||National Identification Number (NIN), international passport, bank verification number (BVN), IP addresses, data related to the use of our websites, cookies, etc.|
|Financial details||Financial transaction data, transaction network, instructions given (electronic and physical format), bank accounts’ details, details of assets, portfolio value, etc.|
|Other information||Any other information provided to us during our interactions, whether in person, or by any communication means, any information obtained in relation to security, fraud management, investigations, risk management, health and safety, AML/CFT/CPF, KYC requirements, regulatory requirements/obligations, etc.|
|Personal data of third parties||Information listed under (1) to (6) above relating to the data subject relationships’ network (next of kin, dependents, referees, advisors…), etc.|
Purposes of processing personal information
We may process personal information, on an appropriate legal basis, for the following purposes:
- Onboard new clients
- Conduct Anti-Money Laundering/Combating the Financing of Terrorism/Proliferation Financing (AML/CFT/CPF) checks
- Carry out/attend to clients’ requests/service issues
- Provide products, on-premises and online services
- Process applications for products and services
- Recover money that the data subject owes us
- Conduct investigations
- Assess credit worthiness
- Monitor and manage risk
- Assess employment suitability
- Data analytics
- IT systems and infrastructure related processing
- Transfer to archive
- Correspond with third party professionals
- Ensure the security of our physical and digital assets as well as our employees
- Manage human resources
- Conduct market/product research as well as customer satisfaction surveys
- Enable corporate communication internally and externally
- Provide and display marketing information, promotional messages via various digital and physical channels of communication
- Comply with our regulatory and legal obligations
- Any other purpose related to/compatible with the purposes listed above
Parties we share personal data with
In some circumstances and where lawful to do so, we may share the data subject’s information with third parties, which in turn process this information in accordance with their respective privacy policies and local regulations.
|Who we may share with||Examples|
|Other Guaranty Trust Group companies||Internal operational purposes, cross-selling/up-selling of products and services, etc.|
|Advertising partners||Social media platforms, marketing agencies, etc.|
|Third party service providers (this includes their sub-contractors and affiliates)||Debt collectors, credit reference bureaus, data aggregators (e.g., for visa applications), payment service providers (e.g., card schemes), market researchers, etc.|
|Third-party plug-in providers||Our websites and other channels might use third party plug-ins/content and personal data will be shared with these if accessed by the data subject.|
|Government, regulators, legal authorities/bodies, law enforcement agencies, rating agencies and similar authorities||Securities & Exchange Commission, Court of Law, etc.|
|Third party acquirer||Data will be shared in the event of a sale or transfer of part of our assets or our businesses or a restructuring of our businesses.|
|Professional Advisers to the Guaranty Trust Fund Managers Limited||Auditors, lawyers, financial advisers, tax consultants, and other professional advisers|
|Other third parties||Other parties relevant to prevent, detect, investigate, combat criminal activities and inadequate conduct, etc.|
-Data subject’s legal representative upon death/mental incapacity.
Social media platforms
Security of the data in our possession
We take reasonable technical and organizational security measures to protect data subjects’ personal information. Processes are also in place to control and restrict personal data access on a need-to-access basis. We also require external service providers to adhere to appropriate security standards.
It is the responsibility of the data subject to ensure that they:
- transmit data to us securely and
- keep any password and other authentication devices/details confidential.
Retention period of the data in our possession
Personal data is retained in accordance with our data retention policy. We abide by the minimum regulatory requirements and extant laws in our operating environment. We keep this data:
- For as long as there is an ongoing business relationship with the data subject
- For as long as required to fulfil our legal, regulatory, tax and other business obligations
- In most cases for a period of 5 years
At the end of the retention period, we may archive, permanently delete, or anonymize this personal information.
Trans-border flow of personal data
Personal information collected may be processed in other countries. Countries may have different level of data protection. We will abide by the applicable laws and regulations in the host location and may also request for the service provider in the host country to commit to practices similar to the ones described in this document.
Rights of the data subject
During the retention period of their personal information, data subjects are entitled to the rights listed below, subject to applicable laws and regulations.
A data subject has the right to request and access the personal information we possess about him/her.
Data subjects have the right to object to our processing of their data; in addition, they can ask us to limit the processing of their information to specific activities. In certain circumstances where we have legitimate reasons to do so, such requests will be denied. Requests should be made to the Data Protection Officer whose contact details are provided in the ‘Contact Us’ section.
Data subjects have the right to request that any inaccurate or incomplete information we hold about them is updated/corrected.
A data subject has the right to ask us to delete their personal information.
A data subject has the right to complain about our processing of his/her information to the relevant data protection regulator in his/her country of residence.
The rights of data subjects listed above will not apply in instances where processing is required:
- For dispute resolution
- To comply with laws and regulations
- So as not to infringe on our rights and the rights of others
Privacy of children
We respect the privacy of children and only open accounts and process their personal information with the consent of their legal representative. We do not knowingly collect names, email addresses or any other personally identifiable information from children. Personal information collected for minors will only be processed in accordance to the above section on “Purposes of processing personal information”.
ny complaints, questions, or requests regarding the processing of personal information should be directed to the relationship managers, the customer service representatives at any of our locations or to our Data Protection Officer. Our Data Protection Officer (DPO) can be contacted at the following email address: email@example.com.