Privacy Policy
1. Introduction / Scope
This Privacy Policy is prepared in accordance with the GDPR and the NDPA. It explains how Zenith Nominees Limited, a subsidiary of Zenith Bank Plc licensed by the Central Bank of Nigeria (CBN) and the Securities and Exchange Commission (SEC) for custodianship in fixed-income, money market and other assets, processes personal data of clients, institutions, vendors, third parties and employees.
For personal data of individuals, this document also highlights their rights and covers the data subject(s) whose personal data is collected and processed in compliance with the GDPR/NDPR.
2. Roles and Responsibilities
| Role | Responsibilities |
| Data Protection Officer | • Ensure this notice is accurate, updated and available to all data subjects prior to data collection. • Oversee compliance across Zenith Nominees Limited. |
| All Employees/Staff | • Follow all provisions of this policy. • Ensure transparency and proper communication to data subjects. • Obtain consent where required. |
3. Policy Statement
3.1 Who We Are
Zenith Nominees Limited is licensed by the Central Bank of Nigeria and the Securities and Exchange Commission to provide custodianship in fixed-income securities, money market instruments and other assets.
3.2 What Personal Data Do We Need?
Zenith Nominees Limited collects and processes the following categories of personal data:
| Personal Data Type | Sources |
| Biodata | Directly from clients / institutions / regulators / authorised third parties |
| Identification Information | Directly from clients / institutions / regulators / authorised third parties |
| Financial/Transaction Information | Directly from clients / institutions / regulators / authorised third parties |
| Contract/Instruction-related Information | Directly from clients / institutions / regulators / authorised third parties |
| Employee HR & Employment Data | Employees / background check providers / statutory bodies / internal systems |
Special category data is processed only when legally permitted including explicit consent or legal obligation.
3.3 Why Do We Need the Data?
| Purpose | Examples | Lawful Basis |
| Custodial/Nominee services | Instruction processing, safekeeping, settlements | Contractual necessity / Legal obligation |
| Record accuracy & compliance | Maintaining correct records for regulatory obligations | Legal obligation (CBN/SEC) |
| Financial/transaction data management | Reconciliations, reporting | Legal obligation |
| System security | Access logs, fraud prevention | Legitimate interests / Legal obligation |
| Employee administration | Payroll, benefits, performance records | Contractual necessity / Legal obligation |
| Disclosures required by law | Regulatory reporting | Legal obligation |
| Legitimate interest operations | IT operations, service improvement | Legitimate interests |
3.4 Legitimate Interest Assessment
Where legitimate interests apply, Zenith Nominees Limited evaluates purpose, necessity and balance to ensure the rights of data subjects are not overridden.
4. Consent
Zenith Nominees Limited may require your explicit consent to process certain categories of personal data or for specific purposes . And by consenting to this privacy policy, you are giving us the permission to use/process your personal data specifically for the purpose identified before collection.
If, for any reason, Zenith Nominees Limited is requesting sensitive personal data from you, you will be rightly notified why and how the information will be used.
You may withdraw consent at any time by requesting for Withdrawal of Consent form, following the Zenith Nominees Limited Withdrawal of Consent Procedure.
5. Disclosure & Data Sharing
Zenith Nominees Limited shares personal data only where legally permitted or required.
| Recipient | Purpose | Lawful Basis |
| Regulators (CBN, SEC, NDPC) | Compliance, supervision | Legal obligation |
| Auditors and Professional Advisers | Audit, compliance reviews, legal advice | Legal obligation / Legitimate interests |
| Financial Institutions | Settlements and custodial transactions | Contractual necessity |
| IT, Cloud and Business Service Providers | Hosting, security, operational support | Contractual necessity / Legitimate interests |
| Group/Affiliate Entities | Governance, reporting, shared services | Legitimate interests / Contractual necessity |
5.1 International Transfers
International transfers follow NDPA/GDPR safeguards including Standard Contractual Clauses, adequacy decisions, binding corporate rules and other approved mechanisms.
6. Retention of Records
Zenith Nominees Limited retains data only for as long as necessary to fulfil statutory, regulatory and contractual obligations. Data is securely deleted or anonymised when no longer required.
7. Data Subject Rights
Data subjects have rights to access, rectify, erase, restrict processing, portability, object, and complain to the Nigeria Data Protection Commission (NDPC).
8. Complaints
Complaints may be directed to the Nigeria Data Protection Commission (NDPC) or to Zenith Nominees Limited via enquiries@zenithnominees.com.