Privacy Policy
1.0 Privacy Policy
The Business Hub values and respects the privacy of the people we deal with. The Business Hub is committed to protecting your privacy and complying with the Nigeria Data Protection Act (2023) and other applicable data privacy laws and regulations.
This Privacy Policy ("Policy") describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information. Throughout this document, "TBH", "we", "us", "our" and/or "ours" refer to The Business Hub a platform provided by Sultan and Joanna Limited, incorporated under the laws of the Federal Republic of Nigeria with its registered website at www.thebusinesshub.ng. The reference to 'you' or 'your' means you, any authorised person on your account, anyone who uses our platform on your behalf, or other related persons (including authorised signatories, partners, or authorised third parties).
2.0 Data Collection
2.1 The Information We Collect About You
We collect several different types of information for various purposes to provide and improve our services to you. We may also collect your information at events hosted or organised by or for The Business Hub, whether physical or virtual. The personal data we collect falls into various categories, such as:
2.1.1 Personal Data
While using our services, providing services, or seeking employment with The Business Hub, we may ask you to provide us with certain personal data that can be used to contact or identify you ("Personal Data"). Personal data may include, but is not limited to:
2.1.1.1 Identification Data
We collect information that can uniquely identify you or verify your identity. This includes, but is not limited to: your first, middle, and last name; date of birth; gender; nationality; biometric identifiers (where applicable); government-issued identification numbers such as National Identification Number (NIN), Bank Verification Number (BVN), international passport number, driver's licence number, and other similar identifiers; as well as identification documents or photographs used for verification or authentication purposes.
2.1.1.2 Contact Details
We collect information that enables us to contact you or communicate with you regarding our services. This includes your residential or mailing address, email address, phone numbers, and any other similar contact information you provide during account creation, onboarding, service usage, or customer support interactions.
2.1.1.3 Business Information
When you use our business registration, tax filing, post-incorporation, or other business services, we collect information about your business. This includes, but is not limited to: business name, business type and structure (e.g. sole proprietorship, limited liability company), registered business address, nature of business or industry, business registration numbers and certificates, tax identification numbers, directorship and shareholding information, memorandum and articles of association, and any other information required to fulfil the specific service you have requested.
2.1.1.4 Employment-Related Data
We collect information relating to your professional background, role, and suitability where required for recruitment, service provision, due diligence, vendor management, or regulatory compliance. This includes your job title or position, employer details, work history, professional qualifications, certifications, references, and other employment-related information relevant to our business relationship or engagement processes.
2.1.2 Financial Information
We collect and process financial information strictly as required to deliver our services, including services provided directly by TBH or indirectly through our approved service partners. This may include financial statements, revenue and cash flow details, tax records, credit history, and loan-related information necessary for service fulfilment, eligibility assessment, regulatory compliance, and transaction processing.
Payment transactions on our platform are processed by a third-party payment gateway service provider. We do not directly store your full card details or payment credentials. All payment data is handled in accordance with applicable security standards, including the Payment Card Industry Data Security Standard (PCI DSS). You are responsible for maintaining the confidentiality of your authentication credentials and ensuring they are not shared with unauthorised persons.
2.1.3 Sensitive Personal Data
We may process certain categories of sensitive personal data about you where necessary and permitted by applicable law. This may include biometric data used for identification (such as fingerprints or facial recognition data), as well as data relating to your racial or ethnic origin or religion.
We only collect or use sensitive personal data when it is essential for delivering our products or services to you, when required for reasons of substantial public interest, to comply with a legal obligation, or where we have obtained your explicit consent.
2.1.4 Access Credentials
When you create an account on our platform, you will be required to provide a username, password, and similar security information used for authentication and account access. Appropriate security measures have been implemented to protect this data, including encryption and storage in a secured environment.
2.1.5 Usage Data
We may also collect information that your browser or device sends whenever you access our platform or mobile application ("Usage Data"). This Usage Data may include information such as your Internet Protocol (IP) address, browser type and version, the pages of our platform that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
2.1.6 Mobile Device Access
We may request access or permission to certain features on your mobile device, including your mobile device's camera, calendar, contacts, storage, and other features, to facilitate the delivery of our services. If you wish to change our access or permissions, you may do so in your device's settings.
2.1.7 Mobile Device Data
We may automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information, IP address, and diagnostic data.
2.1.8 Analytics Data
We may use third-party service providers to monitor and analyse the use of our platform. We may also collect information about your marketing preferences to provide you with information about relevant services, products, and offers that we believe may be of interest to you.
2.1.9 Tracking and Cookies Data
We use cookies and similar tracking technologies to track activity on our platform and hold certain information. Cookies are files sent to your browser from a website and stored on your device. Tracking technologies also used include beacons, tags, and scripts to collect and track information and to improve and analyse our platform. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, our online service experience may be degraded and you may not be able to use some portions of our platform.
Examples of cookies we use:
You can learn more about how we use cookies in our Cookie Policy available on our website.
2.1.10 Social Media Information
This includes information from any social media profiles or accounts that you share with us.
3.0 Purposes of Processing
We collect and process your personal data through secure systems for the following lawful and legitimate purposes:
3.1 Provision of Business Services
3.2 Customer Support and Relationship Management
3.3 Security, Fraud Prevention, and Risk Management
3.4 Legal, Regulatory, and Compliance Obligations
3.5 Vendor/Third-Party Management
3.6 Service Improvement and Business Operations
3.7 Marketing, Communications, and Personalisation
3.8 Protection of Individuals, Assets, and Our Interests
3.9 Other Legitimate and Lawful Purposes
Any additional purpose that is compatible with the original reason for collection, permitted under applicable laws, and consistent with this Privacy Policy.
4.0 Lawful Bases for Processing
We process personal data based on one or more of the following lawful bases as provided under the Nigeria Data Protection Act (NDPA) 2023:
4.1 Consent
Where required by law, we obtain your consent before processing your personal data. This applies to situations such as certain marketing communications, optional service features, and specific uses of sensitive personal data where explicit consent is required. You may withdraw your consent at any time, subject to legal or contractual restrictions.
4.2 Performance of a Contract or Pre-Contractual Processes
We process personal data where it is necessary to enter into or perform a contract, or to take steps at your request before entering into one. This includes processing required to:
4.3 Compliance with Legal and Regulatory Obligations
As a registered business services company, we process personal data to comply with obligations under applicable laws, regulations, and supervisory requirements. These include CAC filing obligations, FIRS tax requirements, AML/CFT requirements, KYC obligations, and requirements from other competent authorities.
4.4 Protection of Vital Interests
We may process personal data where necessary to protect your vital interests or those of another individual — for example, in emergency situations, fraud prevention scenarios, or matters involving personal or public safety.
4.5 Legitimate Interests
We process personal data where it is necessary for our legitimate business interests and where such interests do not override your rights and freedoms. These include:
4.6 Public Interest or Exercise of Official Authority
In certain circumstances, we process personal data in the public interest or in the exercise of official authority, particularly where required for regulatory oversight, anti-fraud initiatives, or obligations placed on business service providers.
5.0 How We Use Your Personal Information
To the extent permissible under applicable law, we may use your information for the following legitimate purposes:
6.0 How We Share Your Information
We may share or disclose your personal data only as permitted by law, for legitimate business purposes, or where necessary to provide our services. All third parties we share data with are required to comply with appropriate confidentiality, data protection, and security obligations.
6.1 Internal Sharing
We may share your data within The Business Hub, including its subsidiaries and affiliated entities, to enable service delivery, compliance activities, risk management, and operational support.
6.2 Government Ministries, Departments, Agencies & Regulators
We may disclose your personal data to government authorities, supervisory bodies, and regulators where required for:
6.3 Authorised Service Providers and Data Processors
We share data with carefully selected third parties who process information on our behalf. These include:
These parties are strictly required to protect your data in line with contractual and legal requirements.
6.4 Professional Advisers and External Auditors
We may disclose data to external auditors, legal advisers, tax consultants, and other professionals who assist us in meeting legal, regulatory, and governance obligations.
6.5 Financial and Lending Partners
Where necessary for the provision of business loan services or related financial activities, your data may be shared with:
6.6 Third-Party Partners
We may share personal data with approved partners who provide contractual, statutory, or employment-related services such as insurance providers, benefits administrators, or due-diligence partners. We do not share data with third parties for their own independent marketing purposes.
6.7 Law Enforcement, Courts, and Public Authorities
We may disclose your information to law enforcement agencies, courts, or public authorities where required by law or where such disclosure is necessary to protect rights, prevent fraud, or investigate wrongdoing.
6.8 Protection of Vital Interests and Safety
Data may be shared with emergency services or relevant authorities when necessary to protect your life, safety, or the vital interests of others.
6.9 Mergers, Acquisitions, or Corporate Restructuring
If The Business Hub undergoes a merger, acquisition, reorganisation, or asset transfer, your personal data may be shared with relevant parties, provided appropriate safeguards are in place.
6.10 Cross-Border Transfers
Where data must be transferred outside Nigeria for example, for cloud hosting, payment processing, or technology support. We ensure that such transfers comply with NDPC requirements, including adequacy decisions, legally binding agreements, contractual safeguards, and other lawful mechanisms. We take all steps reasonably necessary to ensure your data remains secure and protected.
6.11 Your Consent
Where required by law, or where no other lawful basis applies, we will seek your consent before sharing your personal data. You may withdraw your consent at any time, subject to contractual or legal limitations.
7.0 How We Secure Your Information
We have implemented appropriate organisational and technical measures to keep your personal data confidential and secure. This includes the use of encryption, access controls, and other forms of security to ensure that your data is protected. We require all parties, including our staff and third parties processing data on our behalf, to comply with relevant policies and guidelines.
Where you have a password that grants you access to your account or any of our services, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details with anyone.
Although we have taken measures to secure and keep your information confidential, please be aware that no method of transmission over the Internet or method of electronic storage can guarantee 100% security at all times. While we strive to use reasonable means to protect your personal data, we cannot guarantee its absolute security. You are responsible for securing and maintaining the privacy of your password and account registration information, and for verifying that the personal data we maintain about you is valid, accurate, and up to date. If we receive instructions using your account login information, we will consider that you have authorised those instructions and process them accordingly.
8.0 How Long We Keep Your Information
We retain your information for as long as the purpose for which the information was collected continues. The information is then securely destroyed unless its retention is required to satisfy legal, regulatory, internal compliance, or accounting requirements, or to protect our interests.
Please note that applicable regulations may require The Business Hub to retain your personal data for a period longer than specified, even after the end of your relationship with us.
9.0 Information from Locations Outside Nigeria
If you are located outside Nigeria and choose to provide information to us, please note that the data, including personal data, will be processed in Nigeria. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that processing.
10.0 Accuracy and Update of Your Information
You are responsible for ensuring that the information provided to The Business Hub is accurate and should inform us of any changes as they occur. This will enable us to update your information accordingly.
Any changes will affect only future uses of your personal information. Subject to applicable law, which might from time to time oblige us to store your personal information for a certain period of time, we will respect your wishes to correct inaccurate information. Otherwise, we will hold your personal information for as long as we believe it will help us achieve our objectives as detailed in this Privacy Policy.
11.0 Your Rights
You have certain rights in relation to the personal data we collect, as provided by the Nigeria Data Protection Act (NDPA 2023). These rights include:
These rights are subject to certain limitations as provided under the Nigeria Data Protection Act 2023.
12.0 Privacy of Minors
We do not knowingly collect names, email addresses, or any other personally identifiable information from children through the internet or any other touchpoints. We do not allow individuals under the age of 18 to open accounts or use our services without the consent of a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with personal data without verification of parental consent, please promptly contact us.
13.0 Social Media Platforms
We operate and communicate through our designated pages and accounts on social media platforms to engage with our users and the general public. We monitor and record comments and posts made about us on these channels so that we can improve our services. Please note that any content you post to such social media platforms is subject to the applicable social media platform's terms of use and privacy policies. We recommend that you review this information carefully to better understand your rights and obligations regarding such content.
Our platform may allow you to connect with us on, share on, and use third-party websites, applications, and services. Please be mindful of your personal privacy needs, as we cannot control the privacy or security of information you choose to make public or share with others. We also do not control the privacy practices of third parties. Please contact those sites and services directly if you want to learn about their privacy practices.
14.0 Third-Party Websites
Our website and mobile application may contain links to or from other websites not operated by us, including websites of our integrated third-party tool and service providers. We have no control over and assume no responsibility for the security, privacy practices, or content of third-party websites or services. We recommend that you always read the privacy and security statements on these websites before providing any personal data.
15.0 Service Providers
We may engage third-party companies and individuals to facilitate our services ("Service Providers"), to provide services on our behalf, to perform service-related roles, or to assist us in analysing how our platform is used. This includes, but is not limited to, providers of business tools, training platforms, payment processing services, cloud hosting, and customer support solutions. These third parties have access to your personal data only to perform their specific tasks on our behalf and are obligated not to disclose or use it for any other purpose outside of the service-specific need for which the data is required.
16.0 Changes to This Policy
This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be effective immediately after being posted on our website.
Based on the changing nature of privacy laws, user needs, and our business, we may modify this Privacy Policy from time to time. Any change to our Privacy Policy will be communicated on our website, via email, or by placing a notice on our platform, and will be effective as soon as published. Accordingly, we encourage periodic reviews of this Privacy Policy for awareness of any changes. Your continued use of the platform after we post any modifications to the Privacy Policy on our website will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.
17.0 Contact Us
If you have any questions, comments, or requests in relation to this Privacy Policy, or if you have any objections, complaints, or requirements in relation to the use of your personal data, please contact us at:
The Business Hub
Website: www.thebusinesshub.ng
Email: hello@thebusinesshub.ng
Phone: 02017004271