Houseriver takes the privacy and security of your personal data very seriously, our privacy statement explains the information we collect from you, why we collect this data, how we ensure that it is kept safe and it explains your rights in relation to your personal data. You should read this statement carefully to ensure that you understand how we handle your personal data.

What do we mean by personal data?

Personal data is any information relating to you or can be used to identify you. As a client of Houseriver you provide us with some of your personal data, this includes your name, telephone number, email address. It can also include Internet Protocol or IP addresses which in some circumstances can be used to identify you. In the event that a corporate or professional party intends on becoming a client, we will also collect personal data which relates to the interested individuals of the company, for example, directors, authorised representatives etc.

What do we mean by processing?

Processing is a concept from the law. It is a very broad concept that covers actions taken in respect to your personal data such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction Whenever Houseriver carries out any processing of personal data, we do so in line with the relevant privacy regulation – NDPR and GDPR

How do we collect your data?

Below you will find ways in which we collect your personal data:

• When you provide information by email, via the website or Mobile app, phone, in writing, or other means. This includes for example the information you provide during the account opening, KYC information update, entering a promotion or survey, and other purposes.
• When you visit our websites, we will automatically collect information including the IP address. We also collect information about your visit, this includes the full click path and mouse movement, pages you visited, searches that were made, and other page interaction information.;
• Where necessary, it is possible that we will receive information about you from the registrar, NGX or CSCS, and any other agencies, this collection is carried out in line with the Client Agreement.;
• For Corporate clients we will also collect information that is publicly available in relation to the Directors of the company.
• If you visit us in person, for security we collect images of visitors using CCTV.

Why do we process your personal data?

Houseriver collects personal data for the following reasons:

• To comply with the legal and regulatory obligations;
• Marketing activities; and
• Execution of contractual obligations.

Houseriver has a number of regulatory obligations which require the processing of client data; customer identification is one of the main reasons we collect and process personal data. Further to this there are additional legal and regulatory obligations we must comply with, cooperation with courts and authorised law enforcement agencies and to prevent and detect crime. Next to this, when people contact Houseriver to ask for additional information or to become a client of Houseriver, Houseriver needs to be able to contact that client or potential client or you request us to send you our periodical newsletters. Houseriver also has contractual obligations which means that they need to process the data of their clients to fulfill these obligations. When Houseriver processes the personal data of its clients, it does so by using the minimal amount of data possible to ensure that the aim is met.

What do we use personal data for?

Houseriver only records personal information that you have provided upon request when you become a client of Houseriver and only after your explicit permission. Without these statements Houseriver cannot and must not exercise its business activities. Houseriver will use your information to provide you services that keep you informed about (new) products and services from Houseriver for anonymous statistical analysis and comply with legal obligations.

All telephone conversations between the customer and Houseriver are recorded. These recordings are stored and can be used for:

• delivery of documents, such as by difference of interpretation or regarding the content of the telephone conversation;
• (fraud) detection and investigation;
• evaluation of service quality;
• training, coaching, and evaluation purposes.

Furthermore, Houseriver may for example do the following with your personal data:

– Client acceptance

It is required by law for us to verify the identity of our clients, and without this information, Houseriver could not provide its services to you. With your personal data, we can for example,

• Contact you.
• Perform the relevant checks to ensure that you are eligible to become a client of Houseriver.
• Review and check your request to become our client or to change your profile.
• Keep your details in our administration and update them when there are changes.
• Manage your profile(s) including your individual risk profile; which is based on internal client acceptance policies.

– Reduce risks

We share the responsibility for the safety and stability of the financial sector. We also have a responsibility to you and all our clients. We will therefore use your personal data to reduce risks.

You might notice for example:

• If the risk on your account breaches the allowed limits, we will contact you to allow you to bring this back into the allowed limits.

You might not notice much of the below, but it is also done to protect you:

• We keep your IP address when you visit our site. This can be used in the event that there is a dispute as to who accessed your account or for the security of the company for example preventative measures against DDoS attacks.
• Ensure good levels of security and invest in resources that protect both you and ourselves against all kind of crimes.
• Internal quality checks, to determine possible issues, risks and testing to ensure that legislation has been properly implemented.
• Carry out the relevant regulatory reporting.
• Ensure that we remain a healthy company (risk management).

– Legal obligations

There are a variety of legal obligations which Houseriver as an investment firm must follow.

• Identification of clients: we check who you are and ensure that we have enough knowledge to allow us to offer our services.
• Provide your personal data to specific organisations which are authorised to request this information, for example the government agencies, financial regulators, CSCS, company registrars or when we are legally obliged to share this information for example during a criminal investigation.
• We also have a number of obligations under anti-money laundering legislation.

– Marketing activities

At Houseriver we like to keep you informed. For example, with emails, newsletters, offers or updates to our Mobile App.

• We can for example collect your searches within the website of Houseriver to ensure that our FAQ are up to date with the information clients need. This information is anonymised, so no one is able to ascertain which client is asking the question.
• We use anonymised data to ensure that our marketing campaigns are effective.

If you would prefer not to receive some of this information, please feel free to contact the Service desk or unsubscribe via the button within the marketing email.

– Improve and innovate

We may also use personal data for analytical research, this allows us to find better solutions and ensure that we continue to be innovative. When we are carrying out these research activities, we use the minimal data required and do this in a way where your information is either pseudonymised or anonymised.

– Google Analytics

In order to ensure that the website of Houseriver is easy to use for clients, and to assess the success of campaigns Houseriver makes use of Google Analytics. Houseriver has signed an agreement for the use of this service and ensures that the data is anonymised as much as possible, this includes masking part of the IP address.

Who do we collect personal data from?

We can have (some) personal data of anyone who has contact with Houseriver. If you request additional information, we will store the information which is provided during that request.

We are required by law and regulation to have personal information surrounding all of our clients. This information is gathered during the registration/account opening and requested when necessary. In some cases, it may be necessary for us to make use of third parties to either verify or collect information.

What personal data is collected?

Data about you

This includes your name, address, telephone number and email address. In the event you are a corporate client we will also collect information surrounding your company or foundation. If you open a minor account or a joint account, the information surrounding the secondary account holders will also be collected. We will also ask for copies of your ID and personal numbers such as your BVN, tax identification number or relevant identifiers.

Transaction history

In addition to personal data which Houseriver have in relation to clients, we also keep a historic log concerning transaction and order history.

Contact history

We keep record of the times when you have contacted Houseriver, this includes telephone recordings, emails or other ways you have communicated with us.

Website visits and app use

In the event that you visit the website of Houseriver, we will also collect the IP address which is used. Should your IP address be used, for example via Google Analytics this will be done in an anonymised way.

External data sources

There are times when Houseriver will use external data providers, such as checking with the relevant agency or in the event of KYC and compliance checks are required. In the event that Houseriver carry out compliance and KYC check, they apply strict confidentiality on this information. Any individual who has access to this information does so only in the performance of their duty and the relevant data protection regulation is fully complied with. In the event you have questions of when KYC checks are carried out, please contact the service desk of Houseriver.

Sensitive personal data

Sensitive personal data include things such as Bank Verification Number, tax identification number, criminal history, biometric data, matrimonial status, sexuality or ethnic origin, etc. If processing sensitive personal data is necessary, there are stricter rules applied to this. At Houseriver we never use sensitive data related to health, religious beliefs, political or philosophical beliefs, or sexual orientation. We have a legal obligation to identify our clients, therefore we require the tax identification number and national identification to do this.

Who do we share your personal information with?

In principle, we do not share your information with others. It is possible that we may share personal data within the financial market ecosystem which Houseriver is a part of. All members of the ecosystem have the similar strict Privacy Policy. The police, judiciary, regulators and the tax authority can also request information from us on the grounds of law. However, we follow procedures that ensure that any sharing of information is both legitimate and proportionate.

Service providers

In the event we use a service provider to assist Houseriver, we will aim to inform you about the use of a third party and limit the sharing of personal information strictly to what is required for that specific assignment.

In the event that registrars request your information for verification, it is possible that we will need to provide them with information about who you are.

With other companies on your own request

There are times when we will only share your personal data with other companies when you specifically ask. When this is done, we will specify this in the agreement to share the information.

Government and regulators and other CMO’s operators

As an investment firm regulated within Nigeria, there are times when we receive requests for information concerning our clients. We are obliged under law to provide the regulators with this information. Additionally, we have legal obligations which require us to share information with governmental bodies and competent legal authorities such as NFIU, SEC etc. The data protection regulations which cover Houseriver are also applicable to these bodies mentioned. Houseriver will in specific circumstances also share information with relevant tax authorities.

How long do we store your personal data?

When you become a client of Houseriver, we will keep your personal data for the duration of our relationship, we have a legitimate business need to do so. Upon the end of the relationship, we are required to keep this personal data for five years. We need to keep this to ensure that we can comply with legal obligations such as fighting financial crime or settling any disputes or mounting a legal defense.

How do we protect your personal data?

Security

We spend a lot of time and resources to ensure our systems and your personal data have the relevant security measures in place. In the case that there is a breach of our systems we will report this to the relevant authorities within the period of 72hrs and ensure that our clients are aware.

We have appropriate technical and organisational measures in place to protect your personal data against unauthorised access including accidental loss, destruction or disclosure of your data. We place restrictions on the access of personal data, so only those employees who need to access your data can. To ensure that any new processing is justified and compliant with the law we complete data protection impact assessments and carry out monitoring of any external data processors.

Confidentiality

Our employees have all signed a confidentiality agreement and agreed to an internal code of conduct and follow the Oath of promise in the financial sector. Further to this, only authorised personnel may view and process your personal data.

Supervision

• We are supervised by the Nigerian Data Protection Authority (NITDA) to ensure we comply with the Personal Data Protection Act. Houseriver operates under behavioral supervision of the Securities and Exchange Commission.

Is your personal data used in automated decision-making?

There are times for example when you change your profile from a Basic to an online Trading account that we will automatically send you an email containing your login details and guides on how to use the portals easily and safely.

Your rights

• Right of access:

you have the right to access any personal data that Houseriver hold about you. We can provide a copy of this information, to request this you can contact the relevant Service Desk of Houseriver who can provide this information after completing security.

• Right to rectification:

if you find your data to be incorrect or outdated, you should contact the relevant service desk of Houseriver to request for this data to be updated.

• Complaints:

If you have complaints about the processing of your personal data, please get in touch either with the relevant service desk of Houseriver or by contacting the Data Protection Officer.

• NITDA:

Under NDPR you have the right to complain about our processing of your personal data to the NITDA.

Under NDPR you have some other rights which may be possible in specific circumstances:

• Right to Erasure:

in certain circumstances, it is possible for us to delete some or all the personal data we hold for you.

• Right to restriction of processing:

You can ask Houseriver to restrict the way your personal data is processed.

• Right to data portability:

It is possible to request for your data to be provided to you or to be sent to a third party.

• Right to object:

You have the right to object to the processing of your personal data when this processing is done based on legitimate interest.

• Right to stop marketing:

it is possible to stop using your personal data for direct marketing purposes. This can be done via the unsubscribe button in the marketing emails or by contacting the relevant Service Desk. Please be informed that for some communication reason, we are required to inform you and for these, it will not be possible to unsubscribe while you are a client, this includes changes to the client agreement for example.

Furthermore, in the event that consent was required for the processing of your personal data, you have the right to withdraw your consent as given regarding your data at any time.

The above requests will be considered by Houseriver and responded to within a reasonable period. Please be aware that some of these requests might not be granted, for instance in cases where these would result in Houseriver failing to meet a legal requirement or the ability to exercise or defend a legal claim.

Our view on privacy

At Houseriver, our client’s trust is fundamental to our relationship. We, therefore, strive to ensure that our clients have faith in the way we deal with their personal data. We take great care in ensuring that your data is safe and only processed when authorised to do so.

When we process your personal data, we always make sure that it is essential for us to do this. When possible, we will anonymise your personal data or when this is not possible, we will only use the data which is strictly necessary. For processing your personal data, we will also ensure that the concept of ‘privacy by design’ is at the heart of our development.

Our privacy policy is updated regularly, as laws and regulations are continuously subjected to change.

Questions about privacy

In the event you have some additional questions in relation to privacy or your personal data you can contact the service desk of Houseriver where they will answer all questions.

In the event that you wish to complain about the way we have handled your personal data please contact the data protection officer. Please note when contacting the data protection officer this communication will be answered in English. The DPO will then look into your complaint and work towards a resolution.

Liability

Houseriver considers it important that the processing of your (personal) information is conducted in a manner that is consistent with the existing safeguards to protect your personal information. Houseriver complies with the rules of the Data Protection Act and the Financial Sector Supervision in all its activities. Your (personal) information will not be disclosed to third parties outside Houseriver without your express consent, unless legal obligations require to do so.

Third-party websites

Houseriver are not responsible for the measures of other websites using terms, even when they are associated with Houseriver's websites with hyperlinks or otherwise.

Exercise of rights

You have the right to see your information and when necessary, the ability to improve or correct this information. For this, contact Houseriver through this website.

We'll keep you updated about (new) products and services from Houseriver via e-mail. If you do not want this, it can be specified via our official email

Cookies

What is a cookie?

Cookies are small files stored on the hard drive of your computer. Cookies ensure that your browser is recognized by Houseriver's Web server.

Why does Houseriver use cookies and web bugs?

Websites have no memory. A visitor who browses from page to page on the site is regarded as a new visitor each time. Cookies enable a website to recognize your browser. Web bugs behaves in much the same way as cookies.

Are all cookies the same?

No! There are different types of cookies. the distinction is made between function, duration and who places the cookie.

By Function:

A technical cookie is necessary for a website and specific functions to work (technically). For example, to create access to protected or secured parts of a website. Without this type of cookie, some services, such as a login, shopping cart and electronic payment will not work.

An analysis cookie collects information about how visitors use a website. For example, the page that is visited most and where any errors occur. The purpose of this type of cookie is to provide the website provider insight into how the site works and how it can be improved. This cookie thereby also contributes to the website's usability.

A functional cookie remembers the choices made by the user. It may be choices such as a username, currency, language or country. This means that a user does not need to specify their preferences again. The functional cookie thus also contributes to ease of use.

An advertising cookie is used to display advertisements that are targeted at visitors of the website to ensure that the same advertising does not appear every time and to measure the effectiveness of advertising campaigns. These are usually placed by advertising networks with the consent of the administrator of the website. They record that a website is visited.

By Duration

A session cookie is installed on the visitor's computer and collects data as long as the visitor is actually on the website. When you close your browser, the cookie is removed.

A permanent cookie is installed on the visitor's computer for a fixed (longer) period.

A first-party cookie (first-party cookie) is a cookie that is connected to the website that the visitor is visiting at the time. It may be a cookie from Houseriver placed when visiting our website or related subdomains.

A third-party cookie (third-party cookie) is a cookie that is placed by a party other than Houseriver (the provider of the visited website). For example, providers of advertisements and (external) providers of applications whose advertisements or applications are integrated into the visited website.

What is a web bug?

A web bug is an electronic image of a single pixel (1 x 1) or a so-called "colourless GIF" in the website's coding. Web bugs really function in the same way as cookies. Web bugs are used to follow the visitor traffic from one page to another, in order to optimize the flow of traffic on the website.

What can I do if I do not want (certain) cookies?

You can in your browser settings (e.g. Internet Explorer, Safari, Firefox, Mozilla or Chrome) specify whether you allow cookies or not and which cookies to accept. The settings are different from browser to browser. You can obtain information about the location and method under the 'Help' on your browser. You should be aware that you may not be able to use our website's functions properly if you refuse (certain) cookies. If you do not wish to receive advertising cookies, you can activate the 'do not track' in your browser.

Changes

Houseriver reserves the right to make changes to this statement. It is therefore advisable to consult this privacy statement regularly when you visit our website.

Do you think that there is something wrong with this statement or are you unhappy with another aspect of our service? Please make sure to contact us. Your complaint will be handled by Houseriver 's compliance officer.