DataMax Registrars Limited – Privacy Notice
This Privacy Notice is issued by DataMax Registrars Limited, registered in Nigeria (RC No. 645075) and whose registered office is 2c Gbagada Expressway, Gbagada, Lagos State
We understand how important your personal data is to you, hence, we are committed to protecting and respecting your privacy.
‘Personal Data’ means any information relating to, or which identifies you. This can include items such as your name, address, phone number, identification numbers (such as your shareholder reference number, or your national identity number), location data or other online identifiers. Personal data can be held electronically or in paper records.
The Nigeria Data Protection Regulation (NDPR) regulates the processing of personal data. The NDPR seeks to protect your rights to your personal data by setting out, amongst other things, the conditions under which the processing of personal data is lawful, the rights of data subjects and the standards that organisations handling personal data must adopt.
We are a ‘Data Processor’ and we use Personal Data in obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties. We obtain personal data from ‘Data Controllers’ who are responsible for deciding how and why we hold and use personal data about you.
It is a legal requirement that a shareholder’s name, address and the number of shares held are made available on a Register of Members. We therefore hold your data to:
- To maintain the Register of Members in corporate bodies in which you have interest and to enable trading on the Nigerian Stock Exchange.
- To undertake activities relating to the Register of Members e.g. dividend distribution, general meeting and other related services
- To enable us to perform our obligations to you.
- To ensure that we meet regulatory or other legal requirements.
- To keep your information on record and update it when necessary
- To carry out checks, including by using publicly available information to help us get back in touch, should we ever lose contact;
- To submit returns to the relevant regulatory authorities.
We are committed to keeping your data safe and always seek to use your data in accordance with regulations.
The Personal Data we hold may include the contents of our investor data-key, names, home addresses, shareholdings, share transactions, dividend payments, financial information and, where such personal data is provided by the shareholder to the Registrar, the email addresses, national identity numbers, date of birth and bank account details of natural persons who are shareholders on the Company’s shareholder register in accordance with the applicable laws and regulations together with any web-registration passwords. Passport and driving licence details may also be held where required for verification of identity purposes.
We collect personal data in a variety of different ways:
Information you provide to us
- Application and registration forms/identification documentation
- By corresponding with us by post, phone, e-mail, or otherwise and;
- By using our website(s)
Information we collect about you when you use our services
- Information about how you logged on and off of our website, including your IP address,
- Information about your visit, your browsing history, your device information and how you use our website.
- If you contact us electronically, we will collect details about the date and time of contact.
Information we receive from third parties
- In the course of our identity and financial crime checking procedures with banks, fraud detection agencies and registration or stockbroking industry exchanges as well as public information sources;
- From third parties when you have instructed or agreed for them to pass information to us, such as:
- Your broker, agent, Trustee or Investment Company and companies that introduce you to us;
- Where we as Registrars are informed of a change in details on the share register
Sensitive Personal Data
– The law and other regulations treat some types of personal information as Sensitive Personal Data. We will only collect and use this information if the law allows us to do so. Sensitive Personal types of data are:
- Criminal convictions and offences;
- Sexual orientation;
- Health data including gender;
- Racial or ethnic origin;
- Religious or other beliefs;
- Political views and Trade union membership.
Keeping your personal data up to date
It is important to us that the Personal Data we hold about you remains accurate and up to date at all times, but we need your help in doing this. Please help us by ensuring that you review the information held about you regularly and let us know as soon as anything needs updating or correcting.
Other people’s Personal Data
The information you give us or that we collect through your use of our services, may contain yours or another person’s personal data. If you provide us with information about another person, you confirm that they have appointed you to act for them, they consent to you providing their personal data to us and any processing of their personal data and that you have informed them of our identity and the purpose for which their Personal Data will be processed – as set out in this Privacy Notice.
Hereunder, we demonstrate why and how we use your personal data as well as providing the legal reasons which we rely upon. We use your personal data to manage and operate your account with us to facilitate the administration of your shareholding. This includes but not limited to:
- Retaining records of your instructions and keeping your shareholder records up to date.
- Completing transactions that you instruct us to undertake, and any legal obligations we have in relation to the transactions.
- To provide you with dividends / certificates and notices.
- To respond to any complaints and / or data rights that you invoke.
- To notify you about changes to the way we manage our Register of Members.
- To keep our websites secure and permit you safe access to our services.
The legal reasons for this are to comply with legal requirements placed upon us, such as by legislation, Statutory agencies, regulatory authorities and our legitimate interests, such as the proper administration of our service and business.
If you choose not to give Personal Data
We need to collect personal information required by law or under the terms of service you have elected to use. If you choose not to give us the Personal Data we need, it can mean that we have to cancel or decline a service that you request or have with us. So that you know what information is optional, we make it clear at the time we collect your Personal Data.
Your personal data will be stored either for as long as you are a shareholder, or longer if required by law or as is otherwise necessary. It will always be stored in line with our data retention policies. If we do, we will make sure that your privacy is protected and only use it for those purposes. We review our retention periods for Personal Data on a regular basis.
The information we hold about you is confidential and we will only share your personal information to enable us to deliver the product(s) or service(s). Examples are as follows:
- At your request, or with your consent or the consent of any party linked to your shareholding;
- Third parties including:
- Banks and other payment service providers to process your entitlements and payments;
- Insurance companies – where we need to provide details of your account when we make a claim;
- Stockbrokers and market makers who execute transactions on your behalf;
- Service suppliers to facilitate email, IT and administration services;
- Our professional advisors, for example, our lawyers and technology consultants, when they need it to provide advice to us;
- Your employer or agent(s), in accordance with any specific instructions you provide to us;
- Third party providers, for example, your solicitor, when you have requested their services;
- Fraud prevention and detection agencies as part of our identification procedures; who will use it to prevent fraud and money-laundering and to verify your identity.
- Your Official Receiver or appointed insolvency practitioner if we receive notice of your insolvency, bankruptcy or insolvency proceedings / arrangement.
We will only transfer your personal information to trusted third parties who provide sufficient security guarantees and who demonstrate a commitment to compliance with applicable law and this policy. Where third parties are processing personal information on our behalf, they will be required to agree, by contractual means, to process the personal information in accordance with any applicable law. This contract will stipulate, amongst other things, that the third party and its representatives shall act only on our instructions, or as permitted by law.
We are also required to share your Personal Data with external third parties as follows (but not limited to):
- Regulators and supervisory authorities e.g. The Securities and Exchange Commission, Tax authority, the Courts and Tribunals, Tax advisors, The Nigerian Stock Exchange plc or the operator of any market on which you may hold investments, as part of our legal obligations in providing the products / services;
- Where the law requires or permits disclosure, or there is a duty to the public to reveal it;
- When we need to defend or exercise our legal rights or those of a third party;
- Debt collecting, debt chasing or another agent for enforcing payment of monies owed to us;
- Efforts to trace you if we lose contact with you e.g. to reunite you with your assets;
- Police and other law enforcement agencies for the prevention and detection of crime and where a valid permission is applicable;
- As a result of a court order or other regulatory instruction;
- Our insurers and insurance brokers where required for underwriting our risks and as part of ongoing risk assessments;
Personal data that may be shared outside of Nigeria, will be subject to NITDA and applicable regulations.
We understand how important your Personal Data is to you and we take its security very seriously.
We safeguard your Personal Data across all our computer systems, networks, websites and offices as much as possible through appropriate procedures and internal technical security measures.
You must immediately inform us if you become aware, or suspect, that someone else has knowledge of your account details.
You have rights in respect of the Personal Data that we hold about you.
They include the right to request a copy of the information that we hold about you, to know about any automated decisions that are made about you and to change your marketing preferences at any time. Details about all of your rights are provided below.
Some of these rights are conditional and depend upon why we are processing your personal data. This means that we cannot always be able to respond to your request in the way that you want. For example if you ask us to erase your personal data and we are processing the information because we are required to do so because of a legal requirement, we will not be able to delete your personal data.
Your right – The right to be informed about how we use your personal data.
Explanation – This Privacy Notice provides you with the details on how we use and process your data.
Your right – The right of access to a copy of any personal data process about you.
Explanation – If you request to see your personal data, your initial request will be free of charge; subsequent requests may attract an administration fee.
Your right – The right to request us to rectify or update it.
Explanation – This will be relevant where the personal data we hold is or has become inaccurate or incomplete. In this case, we reserve the right to request from you, an acceptable proof of the change.
Your right – The right to request us to erase your personal data in certain circumstances.
Explanation – The circumstances when erasure can apply include when we no longer need it to meet a lawful requirement.
Your right – The right to request us to restrict processing it.
Explanation – This request can be used to stop us processing your personal data.
Your right – The right to request a copy of your information for data portability purposes.
Explanation – In certain circumstances you have the right to instruct us to transmit that Personal Data to you or another data processor/controller. We shall transmit your data in a format that we are able to.
The right to object to us processing your personal data.
Explanation – You have a right to object to us processing your data where we are processing it for the purpose of legitimate interests. You have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing before the withdrawal. We may not be able to oblige your request, if the law imposes obligation on us.
Your right – Right to lodge a complaint with a supervisory authority.
Explanation – If you wish to raise a complaint on how we have handled your personal data, please contact our Data Protection team who will investigate the matter and report back to you. If you remain unsatisfied with our response, you are able to contact the NITDA Office
We review our use of your personal data regularly. In doing so, we can change what personal data we collect, how we keep it and what we do with it. As a result, we can change this Privacy Notice from time to time to keep it relevant and up to date.