Statement

The Guaranty Trust Group (Guaranty Trust Holding Company Plc and all its subsidiaries) is a leading African financial services institution whose mission is to make end-to- end financial services easily accessible to every African, and businesses by leveraging technology and strategic partnerships. In the Guaranty Trust Group, we treat personal information as private and confidential.

This privacy policy should be read alongside the terms and conditions attached to the various Group members’ products and services and is addressed to people and entities with whom the Group members interact.

Purpose

This policy applies to Guaranty Trust Holding Company Plc as well as all the entities in the Guaranty Trust Group of companies (collectively referred to as “we”, “us”, “our”)”. The purpose of this policy is to provide information about the manner in which we collect, store, protect, process and share the personal information of customers, suppliers, employees, business partners, visitors to our premises and websites in our role as a data controller.

Changes to this policy

From time to time, this privacy policy may be updated to reflect changes in applicable law or internal changes in our data collection, processing and sharing activities. The approval date of the policy will determine which version will be considered in the event a request or complaint involving this policy is received.

The latest version will be available on our websites and/or changes posted using pop-up notices on any of our digital channels.

Every party interacting with us automatically acknowledge that they are aware and agree with the content of this privacy policy and understand that it might be modified from time to time.

Information that we collect

We collect personal information through various channels and the information collected depends on the product or service a client holds or the nature of the relationship/engagement with us. Data may also be collected by us through other sources such as credit bureaus, employers, etc.

The personal information we collect, generate and use includes but is not limited to the categories listed below.

S/NPersonal data collectedExamples
1.Personal detailsName, gender, biometric information, details of education, employment details, next of kin, etc.
2.Contact detailsPhone number, email address, address, etc.
3.User login and subscription dataLogin details/authentication details to our online and physical channels, etc.
4.Identity- related informationNational Identification Number (NIN), international passport, bank verification number (BVN), IP addresses, data related to the use of our websites, cookies, etc.
5.Financial detailsFinancial transaction data, transaction network, instructions given (electronic and physical format), bank accounts’ details, details of assets, portfolio value, etc.
6.Other informationAny other information provided to us during our interactions, whether in person, or by any communication means, any information obtained in relation to security, fraud management, investigations, risk management, health and safety, AML/CFT/CPF, KYC requirements, regulatory requirements/obligations, etc.
7.Personal data of third partiesInformation listed under (1) to (6) above relating to the data subject relationships’ network (next of kin, dependents, referees, advisors...), etc.

Purposes of processing personal information

We may process personal information, on an appropriate legal basis, for the following purposes:

  • Onboard new clients

  • Conduct Anti-Money Laundering/Combating the Financing of Terrorism/Proliferation Financing (AML/CFT/CPF) checks

  • Carry out/attend to investors/clients’ requests/service issues

  • Provide products, on-premises and online services

  • Process applications for products and services

  • Recover money that the data subject owes us

  • Conduct investigations

  • Assess credit worthiness

  • Monitor and manage risk

  • Assess employment suitability

  • Data analytics

  • IT systems and infrastructure related processing

  • Transfer to archive

  • Correspond with third party professionals

  • Ensure the security of our physical and digital assets as well as our employees

  • Manage human resources

  • Conduct market/product research as well as customer satisfaction surveys

  • Enable corporate communication internally and externally

  • Provide and display marketing information, promotional messages via various digital and physical channels of communication

  • Comply with our regulatory and legal obligations

  • Any other purpose related to/compatible with the purposes listed above

Parties we share personal data with

In some circumstances and where lawful to do so, we may share the data subject’s information with third parties, which in turn process this information in accordance with their respective privacy policies and local regulations.

S/NWho we may share withExamples
1.Other Guaranty Trust Group companiesInternal operational purposes, cross-selling/up- selling of products and services, etc.
2.Advertising partnersSocial media platforms, marketing agencies, etc.
3.Third party service providers (this includes their sub-contractors and affiliates)Debt collectors, credit reference bureaus, data aggregators (e.g., for visa applications), payment service providers (e.g., card schemes), market researchers, etc.
4.Third-party plug- in providersOur websites and other channels might use third party plug-ins/content and personal data will be shared with these if accessed by the data subject.
5.Government, regulators, legal authorities/bodies, law enforcement agencies, rating agencies and similar authoritiesCentral Bank of Nigeria, Securities & Exchange Commission, Court of Law, etc.
6.Third party acquirerData will be shared in the event of a sale or transfer of part of our assets or our businesses or a restructuring of our businesses.
7.Professional Advisers to the Guaranty Trust Group companiesAuditors, lawyers, financial advisers, tax consultants, and other professional advisers
8.Other third partiesOther parties relevant to prevent, detect, investigate, combat criminal activities and inadequate conduct, etc. -Data subject’s legal representative upon death/mental incapacity

Social events

We organize a range of complimentary CSR events throughout the year, including the GTCO Food and Drink Festival, GTCO Fashion Weekend, and other events. Participants and visitors to any of the CSR events consent to being photographed and/or filmed. Visuals taken during our events may be shared on our digital platforms, including but not limited to our social media channels and websites and are subject to the respective platform’s terms of use and privacy policies.

Free WiFi access

We may offer complimentary WiFi access during our events to enrich participants and visitors’ experience. The decision to connect to our WiFi network confirms the user’s agreement to adhere to our acceptable use policy, which prohibits any illegal or harmful activities. We may also collect basic usage data, such as the number of devices connected etc., to improve our services and network performance.

Social media platforms

We may interact with registered users of various social media platforms, including Facebook, Twitter, Google+, LinkedIn, TikTok and Instagram, etc. Any content posted on social media platforms (e.g. pictures, information or opinions), as well as any personal information that made available to users is subject to the applicable social media platform’s terms of use and privacy policies.

We recommend that social media platforms’ users review this information carefully in order to better understand their rights and obligations with regard to such content.

Security of the data in our possession

We take reasonable technical and organizational security measures to protect data subjects’ personal information. Processes are also in place to control and restrict personal data access on a need-to-access basis. We also require external service providers to adhere to appropriate security standards.

It is the responsibility of the data subject to ensure that they (1) transmit data to us securely and (2) keep any password and other authentication devices/details confidential.

Retention period of the data in our possession

Personal data is retained in accordance with our data retention policy. We abide by the minimum regulatory requirements and extant laws in our operating environment. We keep this data:

  • For as long as there is an ongoing business relationship with the data subject

  • For as long as required to fulfil our legal, regulatory, tax and other business obligations

  • In most cases for a period of at least 5 years after the end of a relationship

At the end of the retention period, we may archive, permanently delete, or anonymize this personal information.

Trans-border flow of personal data

Personal information collected may be processed in other countries. Countries may have different level of data protection. We will abide by the applicable laws and regulations in the host location and may also request for the service provider in the host country to commit to practices similar to the ones described in this document.

Rights of the data subject

During the retention period of their personal information, data subjects are entitled to the rights listed below, subject to applicable laws and regulations.

  • Access
    A data subject has the right to request and access the personal information we possess about him/her.
  • Objection
    Data subjects have the right to object to our processing of their data; in addition, they can ask us to limit the processing of their information to specific activities. In certain circumstances where we have legitimate reasons to do so, such requests will be denied. Requests should be made to the Data Protection Officer whose contact details are provided in the ‘Contact Us’ section.
  • Correction
    Data subjects have the right to request that any inaccurate or incomplete information we hold about them is updated/corrected.

  • Deletion
    A data subject has the right to ask us to delete their personal information.

  • Complaint
    A data subject has the right to complain about our processing of his/her information to the relevant data protection regulator in his/her country of residence.

The rights of data subjects listed above will not apply in instances where processing is required:

  • For dispute resolution

  • To comply with laws and regulations

  • So as not to infringe on our rights and the rights of others

If you suspect any violation of your right, you can send your complaint to the Data Protection supervisory authority in Nigeria, the Nigerian Data Protection Commission (NDPC), at info@ndpc.gov.ng ; additionally, it can also be addressed to dpo@gtcoplc.com

Privacy of children

We respect the privacy of children and only open accounts and process their personal information with the consent of their legal representative. We do not knowingly collect names, email addresses or any other personally identifiable information from children.

Personal information collected for minors will only be processed in accordance to the above section on “Purposes of processing personal information”.

Contact Us

Any complaints, questions, or requests regarding the processing of personal information should be directed to the relationship managers, the customer service representatives at any of our locations or to our Data Protection Officer.

Our Data Protection Officer (DPO) can be contacted at the following email address: DPO@gtcoplc.com.