The Guaranty Trust Group (Guaranty Trust Holding Company Plc and all its subsidiaries) is a leading African financial services institution whose mission is to make end-to- end financial services easily accessible to every African, and businesses by leveraging technology and strategic partnerships. In the Guaranty Trust Group, we treat personal information as private and confidential.
This privacy policy should be read alongside the terms and conditions attached to the various Group members’ products and services and is addressed to people and entities with whom the Group members interact.
This policy applies to Guaranty Trust Holding Company Plc as well as all the entities in the Guaranty Trust Group of companies (collectively referred to as “we”, “us”, “our”)”. The purpose of this policy is to provide information about the manner in which we collect, store, protect, process and share the personal information of customers, suppliers, employees, business partners, visitors to our premises and websites in our role as a data controller.
From time to time, this privacy policy may be updated to reflect changes in applicable law or internal changes in our data collection, processing and sharing activities. The approval date of the policy will determine which version will be considered in the event a request or complaint involving this policy is received.
The latest version will be available on our websites and/or changes posted using pop-up notices on any of our digital channels.
Every party interacting with us automatically acknowledge that they are aware and agree with the content of this privacy policy and understand that it might be modified from time to time.
We collect personal information through various channels and the information collected depends on the product or service a client holds or the nature of the relationship/engagement with us. Data may also be collected by us through other sources such as credit bureaus, employers, etc.
The personal information we collect, generate and use includes but is not limited to the categories listed below.
| S/N | Personal data collected | Examples |
|---|---|---|
| 1. | Personal details | Name, gender, biometric information, details of education, employment details, next of kin, etc. |
| 2. | Contact details | Phone number, email address, address, etc. |
| 3. | User login and subscription data | Login details/authentication details to our online and physical channels, etc. |
| 4. | Identity- related information | National Identification Number (NIN), international passport, bank verification number (BVN), IP addresses, data related to the use of our websites, cookies, etc. |
| 5. | Financial details | Financial transaction data, transaction network, instructions given (electronic and physical format), bank accounts’ details, details of assets, portfolio value, etc. |
| 6. | Other information | Any other information provided to us during our interactions, whether in person, or by any communication means, any information obtained in relation to security, fraud management, investigations, risk management, health and safety, AML/CFT/CPF, KYC requirements, regulatory requirements/obligations, etc. |
| 7. | Personal data of third parties | Information listed under (1) to (6) above relating to the data subject relationships’ network (next of kin, dependents, referees, advisors...), etc. |
We may process personal information, on an appropriate legal basis, for the following purposes:
Onboard new clients
Conduct Anti-Money Laundering/Combating the Financing of Terrorism/Proliferation Financing (AML/CFT/CPF) checks
Carry out/attend to investors/clients’ requests/service issues
Provide products, on-premises and online services
Process applications for products and services
Recover money that the data subject owes us
Conduct investigations
Assess credit worthiness
Monitor and manage risk
Assess employment suitability
Data analytics
IT systems and infrastructure related processing
Transfer to archive
Correspond with third party professionals
Ensure the security of our physical and digital assets as well as our employees
Manage human resources
Conduct market/product research as well as customer satisfaction surveys
Enable corporate communication internally and externally
Provide and display marketing information, promotional messages via various digital and physical channels of communication
Comply with our regulatory and legal obligations
Any other purpose related to/compatible with the purposes listed above
In some circumstances and where lawful to do so, we may share the data subject’s information with third parties, which in turn process this information in accordance with their respective privacy policies and local regulations.
| S/N | Who we may share with | Examples |
|---|---|---|
| 1. | Other Guaranty Trust Group companies | Internal operational purposes, cross-selling/up- selling of products and services, etc. |
| 2. | Advertising partners | Social media platforms, marketing agencies, etc. |
| 3. | Third party service providers (this includes their sub-contractors and affiliates) | Debt collectors, credit reference bureaus, data aggregators (e.g., for visa applications), payment service providers (e.g., card schemes), market researchers, etc. |
| 4. | Third-party plug- in providers | Our websites and other channels might use third party plug-ins/content and personal data will be shared with these if accessed by the data subject. |
| 5. | Government, regulators, legal authorities/bodies, law enforcement agencies, rating agencies and similar authorities | Central Bank of Nigeria, Securities & Exchange Commission, Court of Law, etc. |
| 6. | Third party acquirer | Data will be shared in the event of a sale or transfer of part of our assets or our businesses or a restructuring of our businesses. |
| 7. | Professional Advisers to the Guaranty Trust Group companies | Auditors, lawyers, financial advisers, tax consultants, and other professional advisers |
| 8. | Other third parties | Other parties relevant to prevent, detect, investigate, combat criminal activities and inadequate conduct, etc. -Data subject’s legal representative upon death/mental incapacity |
We organize a range of complimentary CSR events throughout the year, including the GTCO Food and Drink Festival, GTCO Fashion Weekend, and other events. Participants and visitors to any of the CSR events consent to being photographed and/or filmed. Visuals taken during our events may be shared on our digital platforms, including but not limited to our social media channels and websites and are subject to the respective platform’s terms of use and privacy policies.
We may offer complimentary WiFi access during our events to enrich participants and visitors’ experience. The decision to connect to our WiFi network confirms the user’s agreement to adhere to our acceptable use policy, which prohibits any illegal or harmful activities. We may also collect basic usage data, such as the number of devices connected etc., to improve our services and network performance.
We may interact with registered users of various social media platforms, including Facebook, Twitter, Google+, LinkedIn, TikTok and Instagram, etc. Any content posted on social media platforms (e.g. pictures, information or opinions), as well as any personal information that made available to users is subject to the applicable social media platform’s terms of use and privacy policies.
We recommend that social media platforms’ users review this information carefully in order to better understand their rights and obligations with regard to such content.
We take reasonable technical and organizational security measures to protect data subjects’ personal information. Processes are also in place to control and restrict personal data access on a need-to-access basis. We also require external service providers to adhere to appropriate security standards.
It is the responsibility of the data subject to ensure that they (1) transmit data to us securely and (2) keep any password and other authentication devices/details confidential.
Personal data is retained in accordance with our data retention policy. We abide by the minimum regulatory requirements and extant laws in our operating environment. We keep this data:
For as long as there is an ongoing business relationship with the data subject
For as long as required to fulfil our legal, regulatory, tax and other business obligations
In most cases for a period of at least 5 years after the end of a relationship
At the end of the retention period, we may
archive, permanently delete, or anonymize this
personal information.
Personal information collected may be processed in other countries. Countries may have different level of data protection. We will abide by the applicable laws and regulations in the host location and may also request for the service provider in the host country to commit to practices similar to the ones described in this document.
During the retention period of their personal information, data subjects are entitled to the rights listed below, subject to applicable laws and regulations.
Correction
Data subjects have the right to request
that any inaccurate or incomplete
information we hold about them is
updated/corrected.
Deletion
A data subject has the right to ask us to
delete their personal information.
Complaint
A data subject has the right to complain
about our processing of his/her information
to the relevant data protection regulator in
his/her country of residence.
The rights of data subjects listed above will not apply in instances where processing is required:
For dispute resolution
To comply with laws and regulations
So as not to infringe on our rights and the rights of others
We respect the privacy of children and only open accounts and process their personal information with the consent of their legal representative. We do not knowingly collect names, email addresses or any other personally identifiable information from children.
Personal information collected for minors will only be processed in accordance to the above section on “Purposes of processing personal information”.
Any complaints, questions, or requests regarding the processing of personal information should be directed to the relationship managers, the customer service representatives at any of our locations or to our Data Protection Officer.
Our Data Protection Officer (DPO) can be contacted at the following email address: DPO@gtcoplc.com.