Introduction
Guaranty Trust Holding Company Plc and its affiliated companies place a premium on the security and privacy of the information of their existing and potential customers, shareholders, and employees. This Privacy Policy describes what personal information we collect, what we do with it, and how we protect it. Specific policies that address the requirements of our distinct subsidiaries or businesses may be found on their respective websites.
This privacy policy is organized into the following sections.
- Information we collect and use
- How we use your data
- How we protect your data
- Sharing your information
- Storage
- Your Rights
- Processing Children’s data
- Providing Information
- Third-party sites and services
- Contact
This is a maiden edition of the policy for the holding company, and it shall be subject to review annually or where there are significant changes.
Information we collect and use
We may collect information such as
- Identification Data: Name, Identification numbers, Passport Details, Biometric information.
- Demographic Data: Age, gender, location, address, education, employment, marital status, health information, family, dependents, relationships, beneficiaries.
- Financial Data: transaction records, account information, income, credit & debt profile, asset ownership records, data related to your financial objectives, payment behavior, and other financial KYC-related information.
- Online Data: device data, application data, IP addresses, preferences when you use any of our platforms, cookie data.
- Data from surveys & feedback: provided by you when you fill out our surveys or provide feedback or make complaints to us via any of our channels.
- Audio Data: For example, when you interact with our customer touchpoints via telephone or internet calls, audio footage is captured by security devices in our physical locations.
- Visual Data: This includes surveillance footage captured by security cameras, video calls, or meetings.
- Communication and Social Media Data: This includes written correspondence via digital or physical media such as letters, email or messages, and data collected via social media platforms.
Who we get our information from?
We collect your personal data from a variety of sources
- Directly from you: from a variety of sources such as website visits, applications, identification documents, curriculum vitae, personal financial statements, interactions with our employees, visits to our locations, attendance of our events, and other written or electronic communication reflecting information.
- Generated by us: we generate data about you throughout the lifecycle of our relationship.
- From your organization: when you are chosen as a contact or representative of your organization in its interactions with us.
From third parties and sources: whether public or private such as representatives or agents acting on your behalf, related parties, the media (including traditional, online, and social media), payment processors, financial institutions, credit agencies, government agencies, and regulators.
How we use your data
- Executing contracts or taking steps prior to entering into contracts as well as to execute or terminate an agreement: e.g. to assay your eligibility for certain products such as loans and advances, verify a request or transaction
o Managing our relationship with you.
o Processing your job application if you apply with us.
o Communicating with you on important developments.
- Following your consent prior to your data being processed. Consent provided can be withdrawn and, in some cases, may result in us being unable to continue processing your data or offering services to you.
- Legitimate interests for example
o Developing and improving our products and services.
o Security & Investigations e.g. alerting you to abnormal activities on your accounts with us, securing our assets and locations, investigating illegal activity such as fraud, theft, money laundering, and terrorism financing.
o Managing our risks.
o Preventing money laundering or terrorism financing activities.
o Identifying visitors and attendees to our locations and events.
- Complying with legal and regulatory requirements.
- Processing of your data in your vital interest or that of any other natural person.
- Processing is carried out for an activity that is of significant public interest.
Automated Processing
We sometimes use automated systems and software to help us reach decisions about you, for example, to make credit decisions, generate business insights, carry out security, fraud, and money laundering checks, or process your data when you apply for some of our products and services.
This type of processing is carried out on a lawful basis and you can contact us to request that automated processing be reviewed by a human being if you detect any inaccuracies in your personal data.
How we protect your data
We take appropriate technical and organizational measures to prevent unauthorized access, misuse, modification, or disclosure of information under our control. We utilize security frameworks, policies, and standards across our businesses to keep your data secure. We require all parties including our staff and third parties processing data on our behalf to comply with relevant policies and guidelines to ensure that information is protected in use when stored, and during transmission.
Your personal information with us remains secure because:
- We use strict security measures and technologies to prevent fraud and intrusion.
- Our security controls and processes are regularly updated to keep them up to date with regulatory requirements and industry standards.
- Our employees are trained to respect the confidentiality of any personal information held by us.
Where we have provided you (or where you have chosen) a password that grants you access to specific areas on our platforms, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details (e.g. token generated codes) with anyone. Please always contact us if you suspect that your personal data may have been compromised.
Sharing your information
To provide you with seamless services as well as meet regulatory requirements, we may share some of your data internally (with GT Holdings) and externally (with third parties).
- Guaranty Trust Holding Company employees
- Guaranty Trust Holding Company’s Subsidiaries.
- Guaranty Trust Holding Company’s strategic partners/service providers – for the purpose of providing and improving our products and services to you, ensuring security, and preventing or investigating fraud. Your Personal information will not be shared with third parties for their marketing purposes.
- Regulators/Supervisors, Government Agencies/courts - It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Guaranty Trust Holdings to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, tax, law enforcement, or other issues of public importance, where disclosure is necessary or appropriate.
External Auditors
- Credit Agencies: as part of the steps needed to make a credit decision
- Financial Institutions: for the purpose of processing certain transactions on your behalf, executing your instructions, or providing services to you.
- Any legal natural persons or entities to which you have given consent for your personal data to be transferred including those acting on your behalf or offering you services.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party. Information about our customers and their usage of our website is not shared with third parties for their marketing purposes. We do not disclose any information about any user’s usage of our website except in specific cases, and we do not share information with any unaffiliated third parties for marketing purposes unless you expressly give us permission to do so.
Storage
Where we store your information
All Personal Information you provide to us is stored on our secure servers as well as secure physical locations and cloud infrastructure (where applicable) for the purposes of providing seamless services to you, including but not limited to ensuring business continuity, the data that we collect from you may be transferred to or stored in cloud locations at globally accepted vendors' data centers. Whenever your information is transferred to other locations, we will take all necessary steps to ensure that your data is handled securely and in accordance with this privacy policy.
How long we store your information
We retain your data for as long as is necessary for the purpose(s) that it was collected. The storage of your data is also determined by legal, regulatory, administrative, or operational requirements. We only retain information that allows us to comply with legal and regulatory requests for certain data, meet business and audit requirements, respond to complaints and queries, or address disputes or claims that may arise.
Your Rights
You have certain rights available to you, these include
- The right to access your personal information is held by us.
- The right to rectify inaccurate or incomplete information. In the event you observe any inaccuracies in your data, please notify us via any of our touchpoints so that they can be rectified.
- Withdraw consent for processing in cases where consent has previously been given.
- Restrict or object to the processing of your personal data. We might continue to process your data if there are valid legal or operational reasons.
You also have the right to:
- Request that your personal data be made available to you in a common electronic format and/or request that such data be sent to a third party when that data is processed based on consent or performance of a contract.
- Request that your information be erased. We might continue to retain such data if there are valid legal, regulatory or operational reasons.
You have the right to raise a complaint to us if you are unsatisfied with the way in which your concerns have been addressed. You also have a right to lodge a complaint with the relevant regulatory authority if you determine that your data privacy rights are not being respected.
You can exercise your rights or submit complaints by contacting us via our touchpoints. We may require a valid means of identification or some additional information to ascertain that the request is coming from you. In some cases, your request may be denied and where legally permissible we shall notify you of the reasons for such denial. Additionally, where legally permissible we may charge a reasonable fee for processing your request. Where we require more time than what is permitted by law to attend to your request (e.g. owing to the complexity of the request or based on your location) we shall notify you with reasons for such delay.
If you suspect any violation of your right, you can send your complaint to the Data Protection supervisory authority in Nigeria, the Nigerian Data Protection Commission (NDPC), at info@ndpc.gov.ng ; additionally, it can also be addressed to dpo@gtcoplc.com
Processing Children’s Data
We only process children’s data
- When consent has been provided by their legal guardians or parents.
- When their legal guardians or parents have entered a contract or are taking steps to enter an agreement on behalf of the children.
- When legal guardians, parents, or related third parties have provided personal information of the children related to KYC or beneficiary information.
Providing Information
Due to the nature of some of our business, it may be required that certain types of personal data be provided prior to entering into an agreement or when there are changes to your information during the course of the business relationship. Some of these requirements may be related to knowing your customer (KYC) expectations which we are obliged by regulatory authorities to collect for tax, money laundering, and terrorism prevention purposes. Some data may be necessary for certain products or services to be made available to you.
Third party sites and services
Guaranty Trust Holding’s websites, products, applications, and services may contain links to third-party websites, products and services. Our products and services may also use or offer products or services from third parties. It is also important to note that content you create or share on social media platforms as well as personal information that you otherwise make available to users (e.g. your profile) is subject to the applicable social media platform’s terms of use and privacy policies. Information collected by third parties, which may include such things as location data or contact details or other personal information is governed by their privacy practices and Guaranty Trust Holding Company is not liable for any breach of confidentiality or privacy of your information on such sites. We encourage you to learn about the privacy practices of those third parties to understand how they handle your privacy.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to holdcoriskcompliance@gtcoplc.com
To contact our Data Protection Officer, kindly address your request to “The Data Protection Officer” at Plot 635, Akin Adesola Street, Victoria Island, Lagos State, Nigeria.
This privacy policy was last updated on 29th September 2022