Privacy policy
Our Privacy policy
By accessing or using the Services, or by accepting our Terms and Conditions (the “Terms”) or any other terms that incorporate this Privacy Policy by reference, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understood this Privacy Policy and that you consent to the collection, use, and sharing of information as discussed below. If you do not agree with this Privacy Policy, do not access or use the Services or the Platforms. This Policy is incorporated into and made a part of our Terms and Conditions.
1. USERS’ PRIVACY RIGHTS
1.1. This Policy describes the User’s privacy rights regarding the STI Asset Management’s collection, use, storage, sharing and protection of a User’s personal information on the Platforms and in respect of the Services.
1.2. If a User creates a username, identification code, password or any other piece of information as part of the Platform’s access security measures, such information will be treated as confidential, and will not be disclosed to any third party. STI Asset Management reserves the right to disable any User identification code or password, whether chosen by a User or allocated by the Platform at any time, if in STI Asset Management ’s opinion a User has failed to comply with any of the Terms (including this Privacy Policy). If a User is aware or suspects that anyone other than his/herself is aware of a User’s security details, kindly notify STI Asset Management as soon as possible via the address below.
1.3. In the event that you use another platform which has been integrated with the Site’s application programming interface (API) (the “Third Party Site”), you acknowledge and agree that you have carefully read and understood the terms of use (including the privacy policy) of the Third Party Site.
1.4. You further acknowledge and agree that STI Asset Management is authorized to share any data which you enter on the Platforms with Third Party Sites, subject to applicable laws of the Federal Republic of Nigeria. Provided always that STI Asset Management shall not bear any liability for data shared by Users with Third Party sites, or such other platforms accessed using the Site.
2. USERS’ PERSONAL INFORMATION
2.1. The use of the Platforms (including the Site) and the Services require that we collect information received via the use of a computer, mobile phone or other electronic access device by a User. The automatically collected information includes, but is not limited to, data about the pages accessed by a User, computer internet protocol (“IP”) address, device identification or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the Platforms, referral uniform resource locator (“URL”), advertising data, standard web log data, still and moving images.
2.2. The Platforms may also collect information which a User provides to STI Asset Management, including, but not limited to, email address, phone number, payment information, payment card details, information on web form, survey responses account update information, correspondence with the Platform support services and communication with STI Asset Management. In addition, the Platforms collect information about a User’s enquiries and activities on the Platforms.
2.3. Information about a User provided to other third parties or websites and used by such parties are not controlled by STI Asset Management and STI Asset Management is therefore not liable for how such information is used.
3. GOVERNING PRINCIPLES
STI Asset Management will comply with the principles outlined below for the purpose of collecting, storing and using a User’s personal information:
a: Data shall be collected and processed with a specific, legitimate and lawful purpose which shall be consented to by the User before collection and processing
b: Data may be further processed for archiving, scientific research, historical research and statistical purposes for public interest without the obtaining the consent of the User
c: Data collection and processing shall be adequate, accurate and with consideration for dignity of human person.
d: Data shall only be stored for the period which is reasonably needed; and
e: Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
4. PURPOSE OF USERS’ PERSONAL INFORMATION
STI Asset Management collects a User’s personal information to provide an efficient and secure User experience and may retain such personal data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Information gathered on the Platforms for each User may be used to:
a: provide financial services to Users;
b: provide the Services and support services in respect of same as well as improve its services and develop new services;
c: communicate vital information with a User through a provided telephone number, email address or other contact details;
d: provide a User with further information on the Services.
e: enhance a User’s experience on the Platforms, including to save a User’s preference and login information and verify a User’s identity
f: analyse the use of the Platforms;
g: protect the interests and rights of the Platforms.
h: monitor compliance with and enforce the terms of any agreement with STI Asset Management; resolve disputes, and troubleshoot problems;
i: trail information breach and remediate such identified breaches.
j: manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities.
k: detect, prevent, or remediate violations of laws, regulations, standards, guidelines, and frameworks.
l: manage and protect the Site’s information technology and physical infrastructure; and
m: measure the performance of the Services and improve content, technology, and layout.
5. COOKIES
5.1: .Cookies are small files placed on a User’s computer hard drive to enable a website identify a User’s computer as different pages are viewed.
5.2: Cookies also allow websites and applications to store a User’s preferences in order to present content, options or functions which are specific to a User. Like most interactive websites, the Site uses cookies to enable the tracking of a User’s activity for the duration of a session.
5.3: The Site uses only encrypted session cookies which are erased either after a pre-defined timeout period or once a User logs out of the Site and closes the browser. Session cookies do not collect information from the User’s computer. They will typically store information in the form of a session identification that does not personally identify a User.
6. SHARING AND PROTECTION OF USERS’ PERSONAL INFORMATION TO THIRD PARTIES
6.1: During a User’s interaction on the Platforms, a User’s data such as full name, contact details, or other similar details may be provided to third parties for the purpose of performing the Services.
6.2: Where a User’s data needs to be transferred to another country, such country must have an adequate data protection law before same may be transferred by STI Asset Management to such country.
6.3: In the event that STI Asset Management needs to send a User’s data to a country without an adequate data protection law, such User’s consent will be sought.
6.4: Information provided on the Site is protected using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the security measures used include firewalls and data encryption, physical access controls to the Site’s data centers, and information access authorization controls.
6.5: STI Asset Management may also share a User’s personal information in compliance with national or international laws; crime prevention and risk management agencies and service providers.
7. SECURITY OF USERS’ PERSONAL INFORMATION
7.1: STI Asset Management will always hold a User’s information securely. To prevent unauthorized access to a User’s information, STI Asset Management has implemented strong controls and security safeguards on the Site.
7.2: The Site uses Secure Sockets Layer/Transport Layer Security (“SSL/TLS”) to ensure secure transmission of a User’s personal data. A User will see a padlock symbol in the URL address bar once successfully logged onto the Platform. The URL address will also start with https:// indicating a secure webpage.
7.3: SSL applies encryption between two points such as a User’s computer and the connecting server. Any data transmitted during the session will be encrypted before transmission and decrypted at the receiving end. This is to ensure that data cannot be read during transmission.
8. DATA CONFIDENTIALITY RIGHTS
8.1: A User’s information is regarded and will be held as confidential.
8.2: A User has the right to request sight of, and copies of any and all personal information on the Platforms.
8.3: A User’s role in fulfilling confidentiality duties include, but are not limited to, adopting and enforcing appropriate security measures.
8.4: STI Asset Management will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.
9. REPORTING A PERSONAL DATA BREACH
9.1: STI Asset Management is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialize, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.
9.2: STI Asset Management has placed procedures around the Site to deal with any suspected personal data breach and will notify a User or the relevant regulator (where legally required to do so). Any suspected breach of personal data of a User will be remedied with one (1) month from the date of the report of the breach.
9.3: All evidence relating to a personal data breach should be preserved to enable the STI Asset Management maintain a record of such breaches, as required by the data protection laws.
9.4: STI Asset Management will not be responsible for any personal data breach which occurs as a result of:
a: an event which is beyond the control of STI Asset Management;
b: an act or threats of terrorism.
c: an act of God (such as, but not limited to pandemics, fires, explosions, earthquakes, drought, tidal waves and floods) which compromises STI Asset Management’s data protection measures on the Site;
d: war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilization, requisition, or embargo;
e: rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises the STI Asset Management’s data protection measures for the Site;
f: the transfer of a User’s personal data to a third party on his/her instructions; and
g: the use of a User’s personal data by a third party designated by a User.
10. CHANGES TO THIS POLICY
STI Asset Management reserves the right to change this Policy at any time without notice to the Users. In the event STI Asset Management modifies this privacy policy, we may contact you via email and provide you with notice of the change and a link to review the new privacy policy. However, the onus remains on you to keep abreast of changes to our Policies as updated on this page from time to time.
11. GOVERNING LAW
This Policy is made pursuant to the provisions NDPR and any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.