About Coronation

The Coronation Group (“Coronation” “the Group”, “We” or “US”) is a leading African financial services provider. The Coronation group comprises several entities and aims to provide an array of products and services to its customers/ clients.

The privacy notice (“this Notice”) applies to the following companies/ entities within the Coronation Group:

We Value Your Privacy

Coronation respects your privacy and is committed to protecting your personal data. This Privacy Notice describes our policies and procedures on the collection, use, and disclosure of your information. It also tells you about privacy rights. By “your information”, we mean any information provided to us directly by you or through a third party.

This Privacy Notice relates to all personal information-processing activities carried out by Coronation. Entities within the Coronation group are the data controllers of personal information collected and processed for various business purposes.

Information We Collect and Use

Personal data or personal information means any information about an individual from which that person can be identified. It does not include where the identity has been removed (anonymous data).

Coronation group adopts the following methods for the collection and storage of your personal information:

• Physical and Online forms
• Cookies
• CCTV recordings

We collect information about you from a variety of sources, such as website visits, applications, identification documents, interactions with relationship managers, and other third parties (e.g., payment gateway), and other written or electronic communications reflecting information such as your name, address, passport details, identification numbers, telephone number, occupation, assets, income and any other information we deem necessary. We may also gather information from publicly available sources such as the press, public search engines, the press, etc.

We may also use your transactional account history including your payment records. We may also use the information received from third parties such as family, solicitors, friends, or employers, website/ social media pages made public by you, government agencies, regulators, supervisory or credit agencies.

HOW WE USE PERSONAL DATA

We may use the personal data we obtain to:

• Provide and administer our services
• Process and keep you informed on the status of your business relationship with us
• Provide investor services
• Communicate and administer our services and events (such as sending promotional materials, newsletters, and other marketing communications)
• Provide customer support
• Verify your identity and protect against and prevent fraud and other unlawful activity, unauthorized transactions, claims, and other liabilities.

Where applicable by law, we will obtain your consent for the processing of your personal data for direct marketing purposes.

Lawful Purposes for which we may use your personal data

In the table below we demonstrate why and how we use your personal data as well as provide the legal reasons on which we rely under the Data Protection Legislation.

Consent

We will provide you with our Privacy Notice whenever we are collecting your personal information irrespective of the medium used. For the electronic medium, your consent is obtained by asking you to click on a button to show acknowledgment of the Notice. On the other hand, for your personal information collected via a paper document, we will require you to sign off on the document showing your understanding of our Privacy Notice.

Information Sharing with Third Parties

The Group does not sell or otherwise disclose personal data about you except as described in this Privacy Notice or at the time of collection.

We will only disclose your personal information in accordance with applicable laws and regulations.

We may engage the services of third parties in order to process your personally identifiable information. The processing by such third parties shall be governed by a written contract to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Data in accordance with the terms of this Notice and the NDPR”.

We share personal data with the following categories of third parties:

International Transfer

Where Personal Data is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such Personal Data. We shall, among other things, conduct a detailed assessment of whether the said country is on the National Information Technology Development Agency (NITDA) Whitelist of Countries with adequate data protection laws”.

Transfer of Personal Data out of Nigeria would be in accordance with the provisions of the NDPR. We will therefore only transfer Personal Data out of Nigeria on one of the following conditions:

• The consent of the Data Subject has been obtained.
• The transfer is necessary for the performance of a contract between the entity and the Data Subject or the implementation of pre-contractual measures taken at the Data Subject’s request.
• The transfer is necessary to conclude a contract between the entity and a third party in the interest of the Data Subject.
• The transfer is necessary for reasons of public interest
• The transfer is for the establishment, exercise or defense of legal claims
• The transfer is necessary in order to protect the vital interests of the Data Subject or other persons, where the Data Subject is physically or legally incapable of giving consent.

Provided, in all circumstances, that the Data Subject has been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this proviso shall not apply to any instance where the Data Subject is answerable in duly established legal action for any civil or criminal claim in a third country.

Coronation will take all necessary steps to ensure that the Personal Data is transmitted in a safe and secure manner. Details of the protection given to your information when it is transferred outside Nigeria shall be provided to you upon request.

Information Retention and Storage

Your Personal data will be retained only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will retain and use Your personal data to the extent necessary to fulfil our contractual obligations with You and only retain your information further in line with regulatory requirements.

All Personal Information you provide to us is stored on our secure servers as well as secure physical locations and cloud infrastructure (where applicable). The data that we collect from you may be transferred to and stored at a destination outside Nigeria or the European Economic Area (“EEA”). Whenever your information is transferred to another location, we will take all necessary steps to ensure that your data is handled securely and in accordance with this Privacy Notice.

Your Legal Rights

Subject to applicable laws, and other data protection regulations, you have the following rights to how we use your information:

• To request a copy of the personal data processed in relation to you. Your right of access can be exercised by sending an email to digital@coronation.ng
• To request that we rectify your personal data where such data are inaccurate or incomplete
• To request us to delete your personal data, for example, if we no longer have a valid reason to process it
• To object to how we process your personal data
• To restrict how your personal data is processed in certain cases, such as when the accuracy of your Personal data is contested
• To request a copy of the personal data you have given to us in a machine-readable

Right to withdraw consent

We rely on consent for certain limited processing of your personal information. Where we do this, you have the right to withdraw your consent to further use of your personal information.

Right to lodge a complaint

You have the right to complain to the regulatory agency the Nigerian Data Protection Bureau (NDPB) at any time if you object to the way in which we use your personal information.

Contact Email: info@ndpb.gov.ng

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at InformationSecurity@coronation.ng

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized manner, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

To ensure the security of Personal Data, the Group will, among other things, implement the following appropriate technical controls:

• Industry accepted hardening standards, for workstations, servers, and databases.
• Full disk software encryption on all corporate workstations/laptops operating systems drives storing Personal and Personal/Sensitive Data.
• Encryption at rest including key management of key databases.
• Restrict the use of removable media such as USB flash, and disk drives.
• Anonymization techniques in testing environments
• Physical access control where Personal Data is stored in hardcopy.
• Enable Security Audit Logging across all systems managing Personal Data.
• We use strict security measures and technologies to prevent fraud and intrusion.
• Our security controls and processes are regularly updated to meet and exceed industry standards.
• Our employees are trained to respect the confidentiality of any personal information held by us

Where we have provided you (or where you have chosen) with a password that grants you access to specific areas on our site, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details (e.g. token generated codes) with anyone.

Cookies Policy

Cookies are small text files containing information that your computer or mobile device downloads when you visit a website, return to websites – or visit websites that use the same cookies – they recognize these cookies and therefore your browsing device. We do not store confidential or sensitive personal information in cookies.

To find out more about how we use cookies and what benefits they bring, please take a few moments to read this Cookie Policy.

Usage Data collected when using the Service may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Why and How We Use Cookies on Our Website

We use cookies to improve your online activity session by making navigation easier and providing important security features.

When You access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device You use, your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device.

We use cookies to track the activity on our service and store certain information

We use Google Analytics to collect the following types of information from users who have JavaScript enabled on their browsers:

• Web browser used – software manufacturer, and version number
• Operating system
• Screen colors
• JavaScript support
• Flash version
• Screen resolution
• Network location and IP address
• Geographic data
• Hostname
• Connection bandwidth
• Time of visit
• Pages visited and dwell time on these pages
• Referring site
• The referring website URL
• Search engine query used

Cookie Category

Some cookies are required to make our website work, but we need your consent to use others. The cookie categories are:

We do not use third-party cookies on our website.

What are your choices regarding cookies?

You can choose to have your computer warn you each time a cookie is collected, or you can choose to turn off all cookies. Since browsers differ, we recommend that you access the Help Menu to learn the correct way to modify your cookies.

If you turn your cookies off, some of the features that make your site, experience more efficient may not function properly.

Security

We will always hold your information securely. To prevent unauthorized access to your information, we have implemented strong controls and security safeguards at the technical and operational levels. This site uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure the secure transmission of your personal data. You should see the padlock symbol in your URL address bar once successfully logged into the platform. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting server. To ensure that data is unreadable during transmission, encrypted data transmits during a session and is decrypted at the receiving end.

Your information is confidential to any third party except under legal and/or regulatory conditions. You have the right to request sight of, and copies of all information we keep on you if such requests made comply with the Freedom of Information Act and other relevant enactments. While the Group is responsible for safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details, adherence with physical security protocols on our premises, dealing with only authorized officers of the Agency.

Accuracy of Information

Keeping your account information accurate and up to date is very important. You have access to your account information, which includes your contact information, account balances, transactions and similar information through various means, such as self-service portals.

If you discover any inaccuracies in your personal information, please promptly notify us, via the Contact Us page, and provide the required documentary evidence, to enable us to implement the necessary updates or changes.

Social Media Platforms

Coronation may interact with registered users of various social media platforms, including Facebook, Twitter,LinkedIn and Instagram. Please note that any content you post to such social media platforms (e.g., pictures, information or opinions), as well as any personal information that you otherwise make available to users (e.g. your profile), is subject to the applicable social media platform’s terms of use and privacy policies. We recommend that you review this information carefully in order to better understand your rights and obligations with regard to such content.

Privacy of Children

Coronation’s Notice contains the following disclosure statement for children:

“Coronation respects the privacy of children. We do not knowingly collect names, email addresses or any other personally identifiable information from children. We do not knowingly market to children, nor do we allow children under 18 to open online accounts.

Promotional Messages

Coronation may sometimes contact you with products or services that we think may be of interest to you. If you don’t want to receive such promotional materials from us, you can opt out at any time by sending an email to digital@coronation.ng

Privacy Notice Changes

This Notice may be revised on an ad-hoc basis to reflect the legal, regulatory and operating environment and such revised versions will automatically become applicable to you. We will post any revisions we make to our Privacy Notice on this page and such revised notice becomes effective at the time it is posted. We will notify you when any changes to our Privacy Notice have been made. We also encourage you to check this page from time to time for updates to this Notice.

Governing Law

This Privacy Notice is made pursuant to the Nigeria Data Protection Regulation (2019) or any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria. Where any provision of this Notice is inconsistent with a law, regulation or convention, such provision shall be subject to the overriding law, regulation or convention.

Contact

Questions, comments, and requests regarding this Privacy Notice are welcomed and should be addressed to;

Data Privacy Officer: InformationSecurity@coronation.ng

This Privacy Notice was last updated 31^st of October 2022