1.1 Personal Information Privacy Policy

Titan Trust Bank (TTB or the “Bank”) is dedicated to protecting the confidentiality and privacy of information entrusted to us by staff, customers and all stakeholders. Our Data Protection and Privacy Policy indicates that we are dedicated to and responsible for processing the information of our customers, staff and other stakeholders with absolute caution and confidentiality. This policy describes how we collect, use, store, handle and secure personal information (sometimes referred to as “Personal Information”, “Personally Identifiable Information” or “PII) fairly, transparently, and with confidentiality. This privacy policy sets out our current policies and demonstrates our commitment to privacy. TTB provides financial products and services through its online/digital channels and branches located in Nigeria. Privacy and personal data protection principles are applied based on this Privacy Notice at all relevant locations where hosting and processing takes place.

Our intent is to collect only the personal information that is provided voluntarily by customers or online visitors so that we can offer information and/or services to those for specific and legitimate purposes. Please review this Privacy Notice to learn more about how we collect, use, share and protect the personal information that we obtain. Since our Privacy Notice may change at any time you will be receiving an update notification letter and your continued access to or use of our online systems / sites will mean that you agree to the changes.

1.2 Data Protection Policy

The TTB’s Information Protection Policy (DPP) applies to personal information held by the Bank as a data controller and as described in this policy. The policy explains what information we collect about our customers, how we use that information, who we share it with, the circumstances under which we may share it and what steps are taken to make sure it stays private and secure. The policy also clearly outlines the right of customers in respect of information collected in the course of business.

This Privacy Policy stipulates the bank’s approach to handling collected customer data and rights with regards to our collection, use, storage and sharing of the personal data which may be collected by the Bank in the course of providing you with exceptional products and services, collectively referred to herein as TTB’s “ services”, across all our delivery channels to meet customer’s needs.

It is important to know that the policy continues to apply even if the customer agreement for banking or other products and services with TTB ends and it covers any product or

services which customers have with TTB e.g. deposit accounts, savings accounts, loans, credit cards and investments, retail financing, commercial financing and payment services. 1. Collection and Use of Personal Information

2.1 What we Collect

We obtain personal information about you if you choose to provide it —for example, to fulfill your request and to provide the requested and / or agreed services. In some cases, you may have previously provided your personal information to TTB (if, for example, you are a former customer or have had an established agreement or contract with TTB). By submitting personal information to TTB, you are also acknowledging that TTB may use this information in accordance with this Privacy Policy.

Your personal information is not used for purposes other than those listed in this document, unless we obtain your permission, or unless otherwise required by law. In general we collect and generate the following information:

  • Individual personal information (e.g. name, previous names, date and place of birth).
  • Individual personal contact details (e.g. address, email address, landline, fax and mobile numbers).
  • Identity information (e.g. photo ID, passport, utility bill, national ID card and nationality).
  • Market research (e.g. information and opinions voluntarily expressed when participating in market research).
  • User authentication login and subscription data (e.g. login credentials for online banking and mobile banking apps, and voice print).
  • Financial information.
  • Information about the ways you interact with TTB (e.g. channels used, payment history from and to your account, transaction information, ATM usage information, geographic information, software used and information concerning your complaints).
  • Any information received from external authoritative registers required for compliance purposes.
  • Information captured in customer documentation or data exchange such as application forms or advice documents or via telephone (e.g. records of advice).
  • Marketing and promotional information (e.g. details of the services and your preferences).
  • Cookies and similar technologies used to remember your preferences and tailor content.
  • Risk rating information (e.g. credit risk rating and transactional behavior).
  • Investigations data (e.g. due diligence checks, sanctions and anti-money laundering checks).
  • Data or records of correspondence related to relevant exchanges of information (e.g. emails).
  • Information to fulfill regulatory obligations (e.g. transaction details, user activity).
  • Information from other entities (e.g. relevant transaction information).
  • Information from third parties providing information to identify and manage fraud.
  • Closed circuit television (CCTV) in and around TTB facilities (these may collect photos or videos of you).
  • Voice recorded for quality and security purposes through voice call enquiries made at TTB Call Center.
  • Other information about you that is voluntarily provided by filling in forms or by communicating with us, whether face-to-face or via other available channels (e.g. by phone, email, online).

2.2 Why we Collect it and the Legal Grounds

TTB generally collects only the personal information necessary to fulfill your request and to provide the requested and / or agreed services. Where additional, optional information is sought, you will be notified of this at the point of collection. The applicable law allows us to process personal information, so long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one of the following processing conditions:

Performance of a contract: This is when the processing of your personal information is necessary in order to perform our obligations under a contract but also to be able to complete our acceptance procedure so as to enter into a contract; Legal obligation or for public interest: This is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for complying with any tax obligations, regulatory purposes, or providing information to a public body or law enforcement organization;

  • Legitimate interests: where necessary, we may process information about you where there is a legitimate interest for us or a third party in pursuing commercial and business interests, except where such interests are overridden by your interests, fundamental rights and freedoms; or you expressly deny.
  • Your consent: We may occasionally ask you for specific permission to process some of your personal information for some or more specific purposes, and we will only process your personal information in this way if you so agree. You may withdraw your consent at any time by contacting TTB at info@titantrustbank.com.

TTB only collects “sensitive” personal information when the relevant individuals have explicitly provided us with their consent or where such information is otherwise required or permitted to be collected by law. Sensitive information includes, for example, personal information regarding a person’s ethnicity and criminal record. Please use your discretion when providing sensitive information to TTB, and under any circumstances, do not provide sensitive information to TTB, unless you thereby consent to TTB’s use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in TTB databases. If you have any questions about whether the provision of sensitive information to TTB is, or may be, necessary or appropriate for particular purposes, please contact TTB at DPO@titantrustbank.com.

In general we process, transfer and disclose customer information to:

  1. Verify your identity (e.g. for authentication or for anti-money laundering procedures).
  2. Provide services and delivery products (including via online platforms).
  3. Provide alerts and notifications.
  4. Deal with your transactions or carry out instructions.
  5. Perform data analytics and understand your preferences and how you use the provided services.
  6. Use technology for decision making purposes.
  7. Keep a record of correspondence (e.g. to check instructions given or to enhance service quality).
  8. Meet compliance and legal obligations such as to comply with FATCA regulatory framework.
  9. Manage our relationship with you (including any marketing activities you agree to).
  10. Collect any money owed to us.
  11. Obtain reports of an online problem (e.g. with the TTB sites or Mobile applications).
  12. Perform credit checks and obtain or provide credit references.
  13. Enforce or defend the rights of a member of TTB.
  14. For internal operational support and administrative purposes (e.g. product development, audit, credit and risk management).
  15. Complete surveys that we use for research purposes, although you do not have to respond to them.
  16. Perform any warranted risk and crime detection and management activities.
  17. Ensure security and business continuity.
  18. For service quality management and product improvement.
  19. Correspond with third parties (e.g. surveyors, valuators, intermediaries).

2.3 Retention of Information

In the event that you cease to be a client of ours, according to our Data Retention Policy, and in compliance with KYC requirement issued by the CBN, we shall retain your data for a minimum period of up to five (5) years.

After expiration of any of the aforementioned periods as applicable, your personal data will be irreversibly destroyed. This allows us to comply with legal and regulatory requirements or fulfill our legitimate purposes such as managing your account and dealing with any disputes that may arise, respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we do not need to retain information for this period of time, we may destroy, delete or anonymize it more promptly. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

2.4 Storage of Information

The data that we collect from you will not be transferred to, and stored at, a destination outside Nigeria. The data may be processed by staff operating outside of the EEA who work for TTB or for one of our third party service providers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. We maintain security standards and procedures with a view to preventing unauthorized access to data by anyone, including our staff. We use technologies (e.g. data encryption, firewalls) to protect the security of data in transit and data at rest by following a risk based approach. All TTB members, all our staff and third parties are required to observe our privacy standards and to allow us audit them for compliance.

2.5 Sharing Information

We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law. This include:

  • Service providers: TTB works with reputable partners and service providers so they can process your personal information on our behalf where required. TTB will only transfer personal information to them when they meet our standards set in our third party information security policy on the processing of data and security. We only share personal information that allows them to provide their services.
  • Courts, law enforcement or regulatory bodies: TTB may disclose personal information in order to respond to requests of courts, government or law enforcement entities or where it is necessary to comply with applicable laws, court orders or rules, or government regulations.
  • Audits: Disclosures of personal information may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat. In addition, TTB may transfer certain personal information to external entities working with us or on our behalf for the purposes described in this Privacy Policy (e.g. in order to provide you with products or services you requested, or due to public or legal duty to do so). TTB will not transfer the personal information you provide to any third parties for their own direct marketing use.

As such information may be transferred and disclosed to authorities, law enforcement, government, persons acting on your behalf, payment recipients, beneficiaries, intermediaries, nominees, clearing houses, agent banks, fraud prevention agencies, debt recovery agencies, third party introducers, guarantee providers, other financial institutions, lenders and holders of security over any property relevant to TTB, tax authorities, credit reference agencies, payment service providers, fund managers, technology providers, support service providers, anyone who provides instructions or operates any of your accounts on your behalf (e.g. Power of Attorney), etc. We may also share aggregated or anonymized information with partners such as research groups, universities or advertisers.

2.6 Automated Decisions and Profiling

We sometimes use systems to make automated suggestions or decisions, including profiling, based on personal information we have, or that are allowed to collect from other authorized sources, about you. This helps us ensure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future. The types of automated decision we make include:

  • Tailored Products and Services: We may place you in groups with similar customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer segments, and to manage our relationships with them.
  • Detecting Fraud: We use your personal information to help decide if your personal accounts are potentially used for fraud or money-laundering/ terrorist financing or if you are under international sanctions. We may detect that an account is being used in ways that fraudsters work or in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the accounts or refuse access to them.
  • Approving Credit: We use systems to suggest whether to lend money to you when you apply for credit such as a loan. This is called credit scoring. It uses past data to assess how you’re likely to act while paying back any money you borrow.

2.7 Further Processing

We sometimes process personal data for purposes other than those for which the personal data were initially collected where the processing is compatible with the purposes for which the personal data were initially collected. In order to ascertain whether the processing for another purpose is compatible with the purpose for which the personal data were initially collected:

  • Any link between the original and proposed new purposes.
  • The context in which data have been collected (in particular the relationship between us and your reasonable expectations).
  • The nature of the data (particularly whether they are sensitive data or criminal offence data).
  • The possible consequences of the proposed processing.

  • The existence of safeguards (including encryption).

Where the data subject has given consent or the processing is based on the law we are allowed to further process the personal data irrespective of the compatibility of the purposes.

Where we intend to process the personal data for a purpose other than that for which they were collected, we will provide you, prior to that further processing, with information on that other purpose and other necessary information.

3.0 Automatic Collection Cookies & IP Addresses

3.1 Use of Cookies and Location Based Tools

In some instances, TTB and its service providers use cookies and other technologies to automatically collect certain types of information when you visit TTB online platforms, as well as through email exchange. The collection of this information allows TTB to customize your online experience, improve the performance and security, usability and effectiveness of TTB’s online presence, and to measure the effectiveness of marketing activities. We may collect information about your computer or mobile device, including where available operating system and browser type, for system administration or for our own commercial purposes.

Cookies may be placed on your computer or internet-enabled device whenever you visit TTB online. This allows the site to remember your computer or device and serves a number of purposes. Usually, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your computer or internet-enabled device will not be tracked to allow for the activities explained above. A secondary type of cookie referred to as “user-input” cookies may still be required for necessary functionality. Such cookies will not be blocked through the use of this notification banner. Your selection will be saved in a cookie and is valid for a short period (e.g. 90 days). If you wish to revoke your selection, you may do so by clearing your browser’s cookies.

Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web sites’ features. Below is a list of the types of cookies used on our web sites: Cookie Type

Item Title Description / Purpose

  1. Google Analytics Cookie ‘_ga’, ‘git’ The Google Analytics cookie serves the purpose of remembering and recording a user’s interaction with the Bank’s websites.
  2. BITRIX_SM_DSC Bitrix Site Manager System Parameter
  3. BITRIX_SM_GUEST_ID Bitrix Site Manager Guest ID
  4. BX_USER_ID Bitrix User ID
  5. PHPSESSID PHP Sessions for Members Area
  6. JSESSIONID Generated by JBoss to create the session of the user. This cookie expires at the end of the user session.
  7. csfcfc Generated by our load balancer for the duration of the session. This cookie expires at the end of the user session.

Other third party tools and widgets may be used on our individual web pages to provide additional functionality. Use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly. Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers, but this is for the purpose of identifying the number of unique visitors to our web sites and geographic origin of visitor trends, and not to identify individual visitors. TTB may also collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.

By navigating on our web sites and accepting cookies or entering your login details to access areas reserved for registered users, you agree that we can place these cookies on your computer or internet enabled device.

3.2 IP Addresses

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct web site trend and performance analysis.

4.0 Your Rights

4.1 Data Subject Rights

TTB may ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter or sms notifications, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request. As described in “Cookies” above, if you wish to prevent cookies from tracking you as you navigate our sites, you can reset your browser to refuse all cookies or to indicate when a

cookie is being sent. Note, however, that some portions of our sites may not work properly if you elect to refuse cookies. In general if you have submitted personal information to TTB, you have the following rights: – The right to access information about you and to obtain information about how it is processed. – The right to request that your information is corrected if it is inaccurate or incomplete. – The right to request that your information is erased(depending on the circumstances and agreements in place). We may continue to-retain your information if another legitimate reason for doing so exists. You have the right to have you personal data erased if: The personal data is no longer necessary for the purpose which it was originally collected or processed for. TTB is relying on consent as the lawful basis for holding the data, and you withdraw your consent. TTB is relying on legitimate interests as the basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing. TTB is processing the personal data for direct marketing purposes and you object to that processing. TTB has processed the personal data unlawfully (i.e. in breach of the lawfulness requirement). It has to be done to comply with a legal obligation. TTB has processed the personal data to offer banking services to a child. The right to request that we restrict our processing of your information if the information provided to TTB are not accurate, the processing is unlawful and your request for erasure is opposed or when we no longer need your data for the purpose of processing but they are required by you for the establishment, exercise or defence of legal claims. The right to withdraw your consent to our processing of your information (depending on the circumstances and agreements inplace). We may continue to process your information if another legitimate reason for doing so exists. – The right to receive certain information you have provided to us in an electronic format and / or request that it is transmitted to a third party. This applies when: The lawful basis for processing this information is consent or for the performance of a contract. The processing is carried out by automated means.

The right to ask us not to process your personal data for marketing purposes. Prior to collecting data, we will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

The right to lodge a complaint with the Data Protection Commissioner if you think that TTB has not processed your personal data in accordance with data protection legislation. You can exercise your rights by contacting us using the details set out in the “Questions and Enforcement” section. We will make all reasonable and practical efforts to comply with your request, if it is consistent with applicable laws and regulations. In such a case every effort to comply within one month shall be made or to inform you of refusal and the basis of this, or of an extension to the period to comply.

5.0 Other Relevant Information

5.1 Data Security

TTB has security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite TTB’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. A series of technology and Cyber Security platforms and solutions are utilized to protect data within the TTB environment including, but not limited to perimeter security mechanisms, end point security mechanisms, encryption, etc.

5.2 Your Responsibilities

You are responsible for ensuring that the information provided to TTB on your behalf is accurate and up to date, and you must inform us if anything changes as soon as possible. If you provide information for another person on your account, you must direct them to this notice and ensure they also agree to us using their information as described in it. 5.3 Questions and Enforcement TTB is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us at DPO@titantrustbank.com, or visit one of our branches. You may also use this contact information to communicate any concerns you may have regarding compliance with our Privacy Policy.

If you are not satisfied with the response you receive, you may escalate your concern to the Data Protection Commissioner by visiting their website at www. nitda.gov.ng or email – info@nitda.gov.ng This Privacy Policy may be updated from time to time and the most recent version can be found at www.titantrustbank.com