Privacy and security statement
Stanbic IBTC Trustees Privacy Statement:
The Standard Bank Group is an Africa-focused, client-led, and digitally enabled financial services organisation. We provide comprehensive and integrated financial and finance-related solutions to our clients and operate across the African continent and internationally through our subsidiaries.
Due to the integrated nature of the Group business, clients whose primary business is with one entity of the Group are viewed as clients of the Standard Bank Group as a whole for client-centricity, information quality and risk management purposes.
The Standard Bank Group’s simplified legal structure highlights the major subsidiaries and businesses and can be viewed on its website at Our subsidiaries Standard Bank Group.
The legal entities under Stanbic IBTC Holdings PLC are available at Our subsidiaries | Stanbic IBTC Holdings
Stanbic IBTC Trustees is a subsidiary of Stanbic IBTC Holdings PLC and a member of the Standard Bank Group
In this statement any reference to the Standard Bank Group, we, us or our includes all legal entities within the Group structure and clients, you or your refers to clients of a legal entity within the Standard Bank Group.
- 1.1 Regulation of data privacy and protection
As a client of Stanbic IBTC Trustees, your primary data controller would be Stanbic IBTC Trustees, nevertheless as we operate in various countries and through various legal entities, we comply with the applicable data protection and privacy laws in each of these countries. Accordingly, the specific Standard Bank Group legal entity that is responsible for determining the purpose and means of processing your personal information (responsible party or controller), in other words the legal entity who holds the business relationship with you will not always be the same. It will be made clear to you when you use a banking channel (branch or digital) to take up a product or service, who the responsible party or data controller is.
- 1.2 What is the purpose and scope of this statement?
- We may combine your personal information, available across the Group, and use the combined information for any of the purposes set out in this statement where we have lawful grounds for doing so. Your personal information may be processed in another country that does not provide you with the same data protection that the country of origin does, but we will only process or transfer personal information to countries where recipients are bound by code, law, contracts, or corporate rules which would provide an adequate level of personal information protection.
-
However, in the absence of adequate protection, your personal information could still be transferred in cases where:
- Your consent has been obtained despite being informed of the possible risks;
- It is necessary for the performance of a contract which you are a party to or needed to act in accordance with your request prior to entering into a contract.
- It is for your sole benefit and It is not reasonably practicable to obtain your consent for the transfer, but if it were, you would likely approve;
- It is necessary for important reasons of public interest;
- It is necessary for the establishment, exercise, or defence of legal claims;
- It is necessary to protect your vital interests or that of other persons, where you are physically or legally incapable of giving consent.
Protecting the privacy, confidentiality and security of your personal information is very important to us as it is critical for us to maintain your trust and act in the right way to meet your needs. We have therefore implemented Group-wide policies and procedures to ensure that your personal information is protected.
1.3 What is personal information and what types of personal information do we collect?
-
Personal information is any information from which you can be identified. The personal information we may collect about you includes:
- name, age, gender, sex, and identifying numbers;
- physical and email addresses and contact numbers;
- technical data, online identifiers and your online behaviour such as cookies, geo-location information, and IP addresses;
- your photographs, CCTV and video recordings of you and other identifiers, including official identifiers such as National Identification Number(NIN), Tax Identification Number (TIN) etc;
- engagements with us including use of products or services, transactions, requests, queries, applications and complaints;
- financial information including with regard to financial behaviour, goals and needs;
- internal reports and other derivative data based on the personal information we collect;
- information about associations or relationships between individuals or corporate entities that can confirm your identity. For example, spouse or employer relationships;
- other sensitive personal information including biometric details, race or ethnic origin, criminal history and behaviour, medical history and health and your personal beliefs and persuasions such as religious, philosophical, trade union membership or political beliefs.
-
1.4 How do we collect your personal information?
-
We will collect personal information directly from you or by telephone or through online channels such as our website, mobile applications, Internet Banking or electronic messaging platforms.
We also collect personal information about you from other sources where lawful and reasonable, such as reputable third parties that you deal with or that the Standard Bank Group interacts with for the purposes of conducting its business. These third parties include:
- Business partners (including partners and participating partners involved in reward programmes, campaigns or other business activity, joint-venture partners, social media and platform partners) or companies that we may acquire or that merge with us.
- Service providers (including payment processors, card network providers, debt collection and tracing agencies, credit agencies and bureaux, electronic communication service providers, public and private data and data verification providers including data registries, aggregators, search engines, social media and marketing list providers).
- Employers, advisers, agents, associates, assignees, cessionaries, successors in title, trustees, executors, curators and appointed third parties (including lawyers and contractors).
- Government departments, regulatory authorities, courts of law and law enforcement agencies, ombudsmen and tax authorities.
- Parents or guardians of minors (Individuals under 18 years old). We will get your parent or guardian’s consent before collecting, using or sharing your personal data.
If you are a third-party service provider, we may collect personal information about you as a data subject in order to ensure that the business relationship and matters relating to the agreement between you and us can be fulfilled. You warrant that, if you provide us with any personal information about other persons, such as employees, shareholders, or your directors, you are authorised to share their personal information with us for purposes set out in this statement.
Providing your personal information to us is usually voluntary. However, it may be mandatory under certain circumstances, for example when you apply for products and/or services or to comply with anti-money laundering legislation. If you fail to provide us with your personal information when requested, we may not be able to provide the products or services to you or comply with our legal obligations.
It is essential that you keep us informed of any changes to your personal information during your relationship with us. Whenever you provide us with the personal information of third parties, you must inform them that you need to disclose their personal information to us. We will process the information in accordance with this statement.
1.5 Why do we process your personal information?
-
Our responsibilities to you are very important to us and we aim to provide you with personalised services to meet your needs. We may process your personal information for any of the reasons outlined below.
-
- 1.5.1 Contract requirements
We may need to process your personal information if we require it to conclude or perform under a contract or agreement with you for a product or service that you have applied for either with us or through our business partners with whom we have entered into a partnership, collaboration or alliance arrangement or for purposes of:
- providing products and services to you that involve opening and maintaining your account, executing transactions, administering claims where applicable, collecting payments due to us by you, managing our risks and maintaining our overall relationship with you;
- communicating with you regarding the products or services you have with us; or
- providing you with further information that you request from us regarding the products or services you have with us.
-
- 1.5.2 Lawful obligations
We may need to process your personal information for the following purposes:
- To complete integrity and business conduct checks required for compliance purposes including due diligence and onboarding processes, monitoring and assurance reviews and conduct sanctions screening against any sanctions lists.
- To comply with other risk management, regulatory and legislative requirements.
- To comply with voluntary and mandatory codes of conduct.
- To detect, prevent and report theft, money laundering, terrorist financing, corruption or other potentially illegal activity, or activity that could lead to loss.
- To process and settle transactions and payments.
- Protect your vital interest and that of other parties;
- To conduct research and analysis (which may include assessing product suitability, credit quality, insurance risks, market risks and affordability, developing credit models and tools and obtaining related information).
- For further processing such as archiving for public interest, scientific, historical research, statistical purposes or in the exercise of official authority.
-
- 1.5.3 Legitimate Interest
Legitimate Interest means the lawful and justifiable reason to process personal information without your explicit consent while ensuring your interests and fundamental rights are not being overridden along the process.
We may process your personal information in the regular management of our business and to protect the interests of the Group and its clients, depositors, shareholders, employees and other third parties, including our business partners and members of the general public.
Stanbic IBTC may process your personal information, in accordance with this basis, to perform activities which may include:
- Prevent fraud and unauthorized access to our systems or facilities;
- Maintain, monitor, improve and develop our business policies, systems and controls;
- Maintain and improve data quality;
- Design, develop and test products, services and solutions for clients, which may include combining sources and types of your personal information across multiple legal entities and countries, subject to compliance with applicable laws;
- Personalise and customise products, services and solutions, messaging and advertising;
- Respond to client enquiries and communications and to record these interactions for the purpose of analysis and improvement;
- Manage business emergencies and stress events;
- Process and settle transactions and payments;
- Meet record-keeping obligations;
- Conduct research and analysis (among other things, to assess product suitability, credit quality, insurance risks, market risks and affordability, to conduct behavioural profiling, to develop credit models and tools and to obtain related information);
- Enable clients to use value-added solutions and participate in reward programmes
-
- 1.5.4 Vital Interest
Vital Interest refers to lawful and justifiable instances where processing your personal information is necessary to protect your vital interests or that of another person. Stanbic IBTC may process your personal information without your consent where obtaining consent would be impractical or impossible under the circumstances. We may need to process your personal information for the following purposes:
- where the processing relates to a matter of life and death for you or another natural person;
- protection of a child;
- where processing is necessary for humanitarian purposes, public crises or in situations of natural and man-made disasters.
-
- 1.5.5 Consent
In addition to the reasons given above, as an organization, we may ask you for your explicit consent or permission to use your personal information in a certain way or where the law states we must get your consent. This may be to process your personal information for specific and/or limited purposes, such as to make our services accessible to you or for reporting of complaints for regulatory purposes.
We may require your consent to:
- carry out statistical and other analyses to identify potential markets and trends, evaluate and improve your business (this includes improving existing and developing new products and services);
- share more information with you about services and products available within the Group; and
- tailor our business to suits your needs.
-
- 1.5.6 Withdrawal of Consent
You may elect to withdraw your consent where we rely on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
-
- 1.5.7 Consent for Minors or Persons lacking legal capacity
For children and persons lacking legal capacity to consent, we shall obtain consent from the parent or legal guardian. This consent shall not be required in instances where:
- It is necessary to protect the vital interests of the child or person;
- It is carried out for purposes of education, medical, or social care
- necessary for proceedings before a court relating to the individual
Data processing for children shall be consistent with applicable laws.
Note that we may process your personal data for more than one lawful purpose depending on the specific purpose for which we are using your data. Please contact us through the details contained at the bottom of the page if you need details about the specific legal grounds we are relying on to process your personal data.
1.6 Where will we process your personal information?
-
-
Due to the integrated nature of the Standard Bank Group’s business and to provide you with efficient access to our products and services, we may process your personal information in other countries where we have a presence and where our products or services are provided or where our third-party service providers operate. We will only process and transfer personal information to countries that we are satisfied will provide adequate data protection, and we ensure our third-party service providers comply with the minimum data protection standards of the Standard Bank Group.
Integrated processing holds the following benefits for you:
- A single, holistic view of your information that helps us to manage your client profile, authenticate your identity and protect you against fraud.
- Improved business processes and service delivery (and less duplication of information provided).
-
1.7 How long do we retain your personal information?
-
We retain your personal information in line with legal and regulatory requirements and for our business and operational purposes as highlighted above. Your data shall be erased when it’s purpose for collection and processing is no longer required subject to compliance with regulatory obligations.
- 1.8 How will we communicate with you?
Besides in-person communication, we use a wide array of channels to engage with you regarding your existing products and services and to keep you updated. These include SMSs, email, phone calls, automated calls, notifications sent to your mobile device and in-app notifications. We need to keep you up to date on an ongoing operational basis about your existing products and services and their new features especially where we are making them more secure and as we make banking more convenient for you. We may contact you through these means for research purposes or to communicate with you for marketing of new products or services as explained in greater detail below.
- 1.9 How do we use your Personal information for Marketing?
Whether you are an existing client or a prospective client with whom we have had previous interactions in respect of your financial well-being or needs, you are important to us and therefore we would like to share information about our products, services and special offers with you (subject to applicable local laws).
If you are a prospective client, and we have had no previous interaction or have no relationship with you, we will seek your express consent in compliance with local laws to market to you electronically.
If you no longer wish to be contacted for marketing purposes, you may opt out at any time as per the instructions contained in any marketing communication you receive. You can also opt out by contacting us through any of the channels available on our website at Contact us | Stanbic IBTC Trustees
1.10 When, how and with whom will we share your personal information?
-
We share information with third parties, auditors and advisers supporting our services to you, with our trusted partners to introduce products and services to you, with agencies and other financial institutions on credit, fraud and risk matters, with data validation and trust providers to verify your data and identity and with the relevant local and foreign government and other authorities as required by law.
We take extra care when we transfer or share information and will enter into suitable contracts with the trusted parties with whom we share your information, thus ensuring your rights under relevant data protection legislation are upheld.
1.11 How is your personal information protected?
-
The security of your personal information is important to us and we take reasonable steps to keep your personal information safe and to prevent loss, destruction of and damage or unlawful access to your personal information by unauthorised parties. We require the same level of security to be implemented by our service providers and other third parties. However, you must not share or send us any personal information through unauthorised channels, as these are not secure ways of communication and carry a risk of interception and unauthorised access. You should only share personal information through our authorised channels.
1.12 What are your rights?
-
We value your trust and want you to be familiar with your rights under the legislation and to know how you can exercise them in your interactions with Stanbic IBTC Bank and the Standard Bank Group. You have the right to:
- Request access to the personal information we hold about you;
- Request correction of your personal information, where applicable. This enables you to have any incomplete or inaccurate data we hold about you corrected or updated, though we may need to verify the accuracy of the new data you provide to us.;
- object to processing of your personal information where it is not pending the resolution of a public interest or other legitimate grounds request which override your rights and freedoms, and establishment, exercise, or defence of legal claims.
- withdraw consent, where applicable;
- request that we delete your personal information. Note, however, that we may not always be able to comply with your request for deletion for legal or regulatory compliance reasons which will be notified to you, if applicable, at the time of your request.
- be notified that your personal information is being collected by us or has been accessed or acquired by an unauthorised person;
- object to the further processing of personal information e.g. direct marketing. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.;
- request for the transmission of the personal data to another third party under certain circumstances. Once transferred, the other party will be responsible for safeguarding such personal data. Note that this right only applies to information which you initially provided consent for us to use or where we used the information to perform under a contract with you.
- enquire on the type of personal information collected, source of personal information collected, storage, processing purpose, and other recipients of the data.
- lodge a complaint with the Data Protection regulator; the Nigerian Data Protection Commission (NDPC).
- not be subject to automated decision-making processes in respect of an application for products and/or services, except under certain circumstances such as where consent has already been given, authorized by written law, and/or necessary for entering or performing a contract.
-
1.13 Use of cookies on our website
-
A “cookie” is a small text file that is stored on your computer, smartphone, tablet or other device when you visit a website or use an application. It helps to distinguish you from other users and contains specific information related to your use of our website or application, such as your login details and your preference settings, and helps the website or the application to recognise your device.
Cookies help to make a website or app function better and make it easier for us to give you a better user experience on our online channels. To use or store cookie types that are not required for the functioning of the website or app and are optional, we will obtain your consent first.
For this reason, we limit our use of cookies to:
- providing products and services that you request;
- delivering advertising through marketing communications;
- providing you with a better online experience and tracking website performance; and
- helping us make our website more relevant to you.
We use the following types of cookies on our online channels, such as our website.
- Strictly necessary cookies
These cookies are mandatory and are required for the effective operation and functioning of our website on your device. They enable you to use the website and the features on the website and cannot be switched off.
- Performance cookies
These are optional cookies that collect information about how you use the website but not any personal information. Performance information is anonymous and mostly statistical and is used to improve the performance of our website.
- Marketing cookies or advertising cookies
These cookies are also optional and are used to deliver and display advertisements that are relevant and engaging for you as the user. They help us measure how effective our advertising campaigns are by your interaction with the advertisement.
- Session cookies
These cookies are temporary and optional and only exist while you browse our website to remember your activities on the website. As soon as you close the website or move to a different website, the cookies are deleted.
- Persistent cookies
These are permanent, optional cookies that are stored on your device until they reach a set expiry date or until you delete them. They remember your preferences or actions on our website (or in some cases across different websites). We may use them for various reasons, for example to remember your preferences and choices when you use our website, or to display relevant advertising campaigns to you.
- First-party cookies
These are cookies that we create and store when you use our website and relate to information obtained directly from you.
- Third-party cookies
- These cookies are owned and created by a third party that provides a service to us such as social media sharing, website analytics or content marketing. These cookies are intended to collect information directly from you by us and we share the personal information with the third party through the cookies that the third party stores on our website.
- Once you select your cookie preferences you can always change them later by enabling or disabling them here: Manage Cookies | Stanbic IBTC Trustees.
- Where we use cookies to collect personal information, it will always be done in accordance with this statement. You can stop your browser from accepting cookies, but if you do, some parts of our websites or online services may not work properly. We recommend that you allow cookies. Explore the settings and options on your browser to disable or enable them or visit https://www.aboutcookies.org for detailed information about managing cookies.
- 1.14 Social Media
-
The purpose of this statement is to inform you about how we collect, use, store, make available, disclose, update, safeguard, destroy or otherwise deal with (process) your personal information (also referred to as personal information in some countries) and also to explain your rights relating to the privacy of your personal information and how the law protects you.
-
When you engage with us through our social media accounts, your personal information may be processed by the social media platform owner. This process is outside our control and the processing activities may be in a country outside of your home country that may have different data protection laws. For more information about the privacy practices of a social media platform, please refer to and read the terms and conditions of that social media platform before you use it or share any personal information on it.
-
Our social media accounts are not appropriate forums to discuss our clients’ products or financial arrangements. We will never ask you to share personal, account or security information on social media platforms. We may, however, ask you to message us in private through one of our official social media accounts.
1.15 Third-Party Links
Our platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our platform, we encourage you to read the privacy policy of every website you visit.
1.16 General
We may change this statement from time to time in accordance with changes in our products or services or regulatory requirements. We will make reasonable efforts to notify you through suitable communication channels. The latest copy of this statement is available at Privacy & Security Statement | Stanbic IBTC Trustees.
If you have any queries or complaints about privacy, please contact:
Phone: +234 0201 270 6800
Email: [email protected] or [email protected]
We will ensure all complaints are resolved in a timely manner consistent with all relevant regulatory provisions.
After engaging us and should your queries still not be addressed to your satisfaction, you have the right to lodge a formal complaint with the Nigerian Data Protection Commission (NDPC).
Kindly send a mail to [email protected]
No.12 Clement Isong Street,
Asokoro,
Abuja,
Nigeria
Or
For all complaints against Capital Market Operators:
Kindly contact the Securities and Exchange Commission [email protected]
-
Securities and Exchange Commission
Plot 272, Samuel Ademulegun Street,
Central Business District,
P.M.B 315, Garki,
Abuja, Nigeria.