1. Overview
Cowry Asset Management Limited ("Cowry", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your data when you interact with our website, services, and platforms.
This policy is issued in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023, and other applicable Nigerian laws governing the processing of personal data. By accessing our services, you consent to the practices described in this policy.
2. Information We Collect
We collect information you provide directly to us, as well as information gathered automatically when you use our services.
Personal Information You Provide
- Full name, date of birth, and government-issued identification
- Contact details: email address, phone number, residential and mailing address
- Bank account details, BVN (Bank Verification Number), and financial information
- Investment preferences, risk tolerance, and portfolio information
- Employment information and source of funds for KYC compliance
- Communications with us, including emails and support requests
Information Collected Automatically
- Device information: IP address, browser type, and operating system
- Usage data: pages visited, links clicked, and time spent on pages
- Cookies and similar tracking technologies (see Section 9)
- Transaction data: trade history, account activity, deposits, and withdrawals
3. How We Use Your Information
We use the information we collect for the following purposes:
- To open and manage your account and provide our investment and financial services
- To process transactions, execute trades, and handle fund withdrawals
- To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations
- To communicate with you regarding your account, services, and regulatory matters
- To send market updates, investment reports, and promotional materials (with your consent)
- To detect, investigate, and prevent fraudulent or illegal activities
- To improve our website, services, and client experience
- To comply with applicable laws and regulatory requirements
4. Legal Basis for Processing
We process your personal data on the following legal grounds:
- Contractual necessity: to fulfill our obligations under our client agreements
- Legal obligation: to comply with regulatory requirements including SEC, CBN, and NDPC directives
- Legitimate interests: to protect our business and improve our services
- Consent: where you have provided explicit consent for specific processing activities
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:
- Regulatory authorities: SEC, CBN, NDPC, NGX, FIRS, and other bodies as required by law
- Service providers: technology partners, custodians, and operational partners who process data on our behalf under strict confidentiality agreements
- Group companies: subsidiaries and affiliates within the Cowry group for internal purposes
- Professional advisers: legal, audit, and compliance professionals where necessary
- Law enforcement: where required by court order, legal process, or to protect against fraud
6. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of sensitive data in transit and at rest
- Secure access controls and multi-factor authentication
- Regular security assessments and penetration testing
- Staff training on data protection and confidentiality
- Incident response procedures for data breaches
While we take every reasonable precaution, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, including compliance with legal, regulatory, and tax obligations. In general, client records are retained for a minimum of seven (7) years following the end of the client relationship, in accordance with SEC and CBN record-keeping requirements. After this period, data is securely deleted or anonymised.
8. Your Rights
Under the Nigeria Data Protection Act 2023 and NDPR, you have the following rights with respect to your personal data:
- Right of access: to obtain a copy of the personal data we hold about you
- Right to rectification: to correct inaccurate or incomplete data
- Right to erasure: to request deletion of your data, subject to legal retention obligations
- Right to restrict processing: to limit how we use your data in certain circumstances
- Right to data portability: to receive your data in a structured, machine-readable format
- Right to object: to object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us at info@cowryasset.com. We will respond within 30 days of receiving your request.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after any changes constitutes your acceptance of the revised policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
Cowry Asset Management Limited
Data Privacy Officer
- Email: info@cowryasset.com
- Phone: +2349137048686
- Hours: Monday to Friday, 8:00 am to 5:00 pm
