PRIVACY POLICY | UPDATED: JANURARY 14, 2026.
Sterling Financial Holding Company values and respects the privacy of the people we deal with. Sterling Financial
Holding Company is committed to protecting your privacy and complying with the Nigeria Data Protection Act (2023) and
other applicable data privacy laws and regulations.
This Privacy Policy (“Policy”) describes how we collect, hold, use and disclose your personal information, and how we
maintain the quality and security of your personal information. Throughout this document, “Sterling”, “Bank”, “we”,
“us”, “our” and/or “ours” refer to Sterling Financial Holding Company incorporated under the laws of the Federal
Republic of Nigeria with its registered office at 20 Marina, Lagos. The reference to ‘you’ or ‘your’, means you, any
authorized person on your account, anyone who conducts your banking services for you or other related people (including
authorised signatories, partners or any authorised third party).
We collect several different types of information for various purposes to provide and
improve our services to you. We may also collect your information at events hosted or organized by or for the bank,
regardless of whether such an event is a physical or virtual one. The Personal Data we collect, fall into various
categories, such as:
While using our services, providing services or seeking employment with the Bank, we may
ask you to provide us with certain personal data that can be used to contact or identify you (“Personal Data”).
Personal data may include, but is not limited to:
We collect information that can uniquely identify you or verify your identity. This
includes, but is not limited to: your first, middle, and last name; date of birth; gender; nationality; biometric
identifiers (where applicable); government-issued identification numbers such as National Identification Number
(NIN), Bank Verification Number (BVN), international passport number, driver’s licence number, and other similar
identifiers; as well as identification documents or photographs used for verification or authentication purposes.
We collect information that enables us to contact you or communicate with you regarding
our services. This includes your residential or mailing address, email address, phone numbers, and any other similar
contact information you provide during account creation, onboarding, service usage, or customer support
interactions.
We collect information relating to your professional background, role, and suitability
where required for recruitment process, service provision, due diligence, vendor management, or regulatory
compliance. This includes your job title or position, employer details, work history, professional qualifications,
certifications, references, and other employment-related information relevant to our business relationship or
engagement processes.
We collect and process financial data necessary to provide our services, meet regulatory
requirements, and facilitate transactions. This includes your bank account details, transaction history, card
information (such as card number, expiry date, and security codes), tax-related information, credit or loan
information, and any other financial details you provide during onboarding, service usage, or account maintenance.
Where card-related information is processed, all
payment data is handled in accordance with applicable security standards, including the Payment Card Industry
Data Security Standard (PCI DSS). You are responsible for maintaining the confidentiality of your card and
authentication credentials (such as PINs or access codes) and ensuring they are not shared with unauthorized
persons.
We may process certain categories of sensitive personal data about you where necessary
and permitted by applicable law. This may include, without limitation, health information, biometric data used for
unique identification (such as fingerprints, facial recognition data, or voice recordings), criminal conviction
information, as well as data relating to your racial or ethnic origin, political opinions, religious or
philosophical beliefs, or sexual orientation.
We only collect or use sensitive personal data when it is essential for delivering our
products or services to you, when required for reasons of substantial public interest, to comply with a legal
obligation, or where we have obtained your explicit consent.
When you subscribe to any of our products, particularly our e-channel products
(Online/Mobile Banking, Instant Banking), you may be required to provide a User ID, a password, details from a token
response device, password hints, and similar security information used for authentication and account access. You
may also be required to use biometric identification to access your account and authenticate transactions. While
this information is required to ensure that you carry out transactions securely, appropriate security measures have
been implemented to protect this data, including encryption and storage in a secured environment if required.
We may also collect information that your browser sends whenever you access our online
services or when you access the services by or through a mobile device (“Usage Data”). This Usage Data may include
information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the
pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device
identifiers, and other diagnostic data. When you access services on or through a mobile device, this Usage Data may
include the following:
2.1.5.1 Geo-Location information: We may request access to or permission
to track location-based information from your mobile device, either continuously or while you are using our mobile
application, to provide location-based services. If you wish to change our access or permissions, you may do so in
your device’s settings.
2.1.6 Mobile Device Access: We may request access or permission to
certain features on your mobile device, including your mobile device’s camera, calendar, Bluetooth, contacts,
storage, and other features. If you wish to change our access or permissions, you may do so in your device’s
settings.
2.1.7 Mobile Device Data: We may automatically collect device
information (such as your mobile device ID, model, and Manufacturer), operating system, version information, IP
address, and diagnostic data.
2.1.8 Use of Analytics to Collect, Monitor, and Analyse Data: We may use
third-party Service Providers to monitor and analyse the use of our Service. We may also collect information about
your marketing preferences to provide you with information about relevant services, products, and offers that we
think may be of interest to you.
Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website and
mobile app traffics and events, currently as a platform inside the Google Marketing Platform brand. Google uses the
data collected to track and monitor the use of our Service. This data is shared with other Google services. Google
may use the collected data to contextualise and personalise the ads on its own advertising network. For more
information on the privacy policies of Google, please visit the Google Privacy and Terms web page located at https://policies.google.com/privacy?hl=en.
2.1.9 Tracking and Cookies Data: We use cookies and similar tracking
technologies to track the activity on our Services and hold certain information. Cookies are sent to your browser
from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect
and track information and to improve and analyse our Service. You can instruct your browser to refuse all cookies or
to indicate when a cookie is being sent. You can also refuse permissions to read your phone data by the mobile
application. However, if you do not accept cookies on your browser or allow permissions on your mobile device, our
online service experience to you may be degraded and you may not be able to use some portions of our Service. We may
also collect information about your internet browser settings and Internet Protocol (IP) address and other relevant
information to help us identify your geographic location when providing you with our services.
Session Cookies: We use Session Cookies to operate our Service. Session
cookies will expire at the end of your browser session and allow us to link your actions during that browser
session.
Preference Cookies: We use Preference Cookies to remember your preferences and actions, across
multiple sites.
Security Cookies: We use Security Cookies for security purposes.
Third-party cookies: These cookies are placed by third-party websites that we use for website
functionality and analytics. We have no control over these cookies.
You can learn more about how we use cookies in our Cookie Policy (https://sterlingholdco.ng/cookie-policy/)
2.1.10 Information from social networks or online accounts: This
includes Information from any social media profiles or any accounts that you share with us.
2.1.11 Information which you have consented to us using and other personal
information: Other personal data which we collect includes image recordings this could include CCTV
images of you at our bank branches, offices and ATMs but only for surveillance, monitoring and auditing purposes, to
help forestall crime.
We collect and process your personal data through secure systems for the following lawful and legitimate purposes:
We process personal data based on one or more of the following lawful bases as provided under the Nigeria Data
Protection Act (NDPA) 2023:
Where required by law, we obtain your consent before processing your personal data. This
applies to situations such as certain marketing communications, optional service features, and specific uses of
sensitive personal data where explicit consent is required. You may withdraw your consent at any time, subject to
legal or contractual restrictions.
We process personal data where it is necessary to enter into or perform a contract, or to
take steps at your request before entering into one. This includes processing required to:
As a regulated financial institution, we process personal data to comply with obligations
under applicable laws, regulations, and supervisory requirements. These include KYC, AML/CFT requirements, tax
obligations, regulatory reporting, identity verification mandates, and obligations from the CBN or other competent
authorities.
We may process personal data where necessary to protect your vital interests or those of
another individual—for example, in emergency situations, fraud prevention scenarios, or matters involving personal
or public safety.
We process personal data where it is necessary for the Bank’s legitimate business
interests and where such interests do not override your rights and freedoms. These include:
In certain circumstances, we process personal data in the public interest or in the
exercise of official authority, particularly where required for regulatory oversight, financial system stability,
anti-fraud initiatives, or national security-related obligations placed on financial institutions.
To the extent permissible under applicable law, we may use your information for the following legitimate actions:
We may share or disclose your personal data only as permitted by law, for legitimate business purposes, or where
necessary to provide our services. All third parties we share data with are required to comply with appropriate
confidentiality, data protection, and security obligations.
We may share your data within the Bank, including its branches and subsidiaries, to
enable service delivery, compliance activities, risk management, and operational support.
We may disclose your personal data to government authorities, supervisory bodies, and
regulators where required for:
We share data with carefully selected third parties who process information on our
behalf. These include:
These parties are strictly required to protect your data in line with contractual and
legal requirements.
We may disclose data to external auditors, legal advisers, tax consultants, and other
professionals who assist us in meeting legal, regulatory, and governance obligations.
Where necessary for financial transactions or credit-related activities, your data may be
shared with:
We may share personal data with approved partners who provide contractual, statutory, or
employment-related services such as insurance providers, benefits administrators, or due-diligence partners. We do
not share data with third parties for their own marketing purposes.
We may disclose your information to law enforcement agencies, courts, or public
authorities where required by law or where such disclosure is necessary to protect rights, prevent fraud, or
investigate wrongdoing.
Data may be shared with emergency services or relevant authorities when necessary to
protect your life, safety, or the vital interests of others.
If the Bank undergoes a merger, acquisition, reorganisation, or asset transfer, your
personal data may be shared with relevant parties, provided appropriate safeguards are in place.
For joint accounts, information may be shared among account holders. We may rely on the
authority of one joint holder as consent on behalf of the other(s), including for third-party payment services.
Where data must be transferred outside Nigeria—for example, for cloud hosting, payment
processing, or technology support—we ensure that such transfers comply with NDPC requirements, including:
We take all steps reasonably necessary to ensure your data remains secure and protected.
Where required by law, or where no other lawful basis applies, we will seek your consent
before sharing your personal data. You may withdraw your consent at any time, subject to contractual or legal
limitations.
We have implemented appropriate organisational and technical measures to keep your Personal Information/Data
confidential and secure. This includes the use of encryption, access controls and other forms of security to ensure that
your data is protected. We require all parties including our staff and third-parties processing data on our behalf to
comply with relevant policies and guidelines. Where you have a password which grants you access to specific areas on our
site or to any of our services, you are responsible for keeping this password confidential. We request that you do not
share your password or other authentication details (e.g., token generated codes) with anyone.
Although we have taken measures to secure and keep your information confidential, because the security of your data is
important to us, please be aware that no method of transmission over the Internet, or method of electronic storage can
guarantee 100% security at all times. While we strive to use reasonable means to protect your Personal Data, we cannot
guarantee its absolute security, you are responsible for securing and maintaining the privacy of your password and
Account/profile registration information and verifying that the Personal Data we maintain about you is valid, accurate
and up to date. If we receive instructions using your account login information, we will consider that you have
authorised the instructions and process your instruction accordingly and without incurring any liability for doing so.
We retain your Information for as long as the purpose for which the information was collected continues. The information
is then securely destroyed unless its retention is required to satisfy legal, regulatory, internal compliance or
accounting requirements or to protect the Bank’s interest.
Please note that regulations may require Sterling Financial Holding Company to retain your personal data for a period
longer than specified even after the end of your banking relationship with us.
If you are located outside Nigeria and choose to provide information to us, please note that the data, including
Personal Data, will be processed in Nigeria. Your consent to this Privacy Policy followed by your submission of such
information represents your agreement to that transfer.
You are responsible for making sure the information provided to the Bank is accurate and should inform the Bank on any
changes as it occurs, this will enable us to update your information with us.
Any changes will affect only future uses of your Personal Information. Subject to applicable law, which might, from time
to time, oblige us to store your Personal Information for a certain period of time, we will respect your wishes to
correct inaccurate information. Otherwise, we will hold your Personal Information for as long as we believe it will help
us achieve our objectives as detailed in this Privacy Policy.
You have certain rights in relation to the personal data we collect as provided by the enacted Nigeria Data Protection
Act (NDPA 2023) of Nigeria, these rights include:
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at
any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal.
These rights are however subject certain limitations as provided under the Nigeria Data Protection Act 2023.
We do not knowingly collect names, email addresses, or any other personally identifiable information from children
through the internet or any other touch points. We do not allow children under the age of 18 to open accounts nor
provide online banking services for children less than 18 years of age without the consent of a guardian. If you are a
parent or guardian and you are aware that your child has provided us with Personal Data without verification of parental
consent, please promptly contact us.
We operate and communicate through our designated pages and accounts on some social media platforms to communicate and
engage with our customers. We monitor and record comments and posts made about us on these channels so that we can
improve our Services. The general public can access and read any information posted on these sites. Please note that any
content you post to such social media platforms is subject to the applicable social media platform’s terms of use and
privacy policies. We recommend that you review the information carefully in order to better understand your rights and
obligations regarding such content.
Our Services may allow you to connect and share your actions, comments, content, and information publicly or with
friends. We are not responsible for maintaining the confidentiality of any information you share publicly or with
friends.
Our Services may also allow you to connect with us on, share on, and use third-party websites, applications, and
services. Please be mindful of your personal privacy needs and the privacy needs of others, as you choose whom to
connect with and what to share and make public. We cannot control the privacy or security of information you choose to
make public or share with others. We also do not control the privacy practices of third parties. Please contact those
sites and services directly if you want to learn about their privacy practices.
As part of our recruitment process and as an applicant, you explicitly consent to the collection, use, transfer, and
storage or in any other form of your personal data contained in application forms/letters, curriculum vitae (CV)/resumes
obtained from your identity document(s) or collected through interviews/other forms assessment by the Bank or its
affiliates. This information is for the exclusive purpose of assessing and evaluating applicants’ suitability for
employment in any current or prospective position within our organisation, verifying applicants’ identity and the
accuracy of your details provided to us or for other related purposes. We shall, in line with our internal policies,
controls and relevant Data Protection Regulations ensure that this data is not disclosed or assessed by unauthorised
persons. By providing any information on the Bank’s career page, you confirm that you have read the terms and privacy
statement and accept it. As an applicant, you consent to the Bank using the data provided in accordance with terms
described above.
Our website, related websites and mobile applications may have links to or from other websites that are not operated by
us. We have no control over and assume no responsibility for the security, privacy practices or content of third-party
websites or services. We recommend that you always read the privacy and security statements on these websites.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the
Service on our behalf, to perform specific Service-related roles or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to
disclose or use it for any other purpose outside of the service-specific need for which the data is required.
This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any
changes in its provisions in the future, which will be in effect immediately after being posted on our website.
Based on the changing nature of privacy laws, user needs and our business, we may modify this Privacy Policy from time
to time. Any change to our privacy policy will be communicated on our website, via email or by placing a notice on our
Platform and this will be effective as soon as published. Accordingly, we encourage periodic reviews of this Privacy
Policy for awareness of any changes that may have occurred. Your continued use of the Services after we post any
modifications to the Privacy Policy on our website will constitute your acknowledgment of the modifications and your
consent to abide and be bound by the modified Privacy Policy.
If you have any questions, comments or requests in relation to this Privacy Policy or objections, complaints or
requirements in relation to the use of your personal data, please contact us by sending an email to [email protected] or 08027170203 or write a letter addressed as follows:
The Data Protection Officer
Sterling Financial Holding Company
20 Marina, Lagos.
