Privacy Policy


Privacy Policy

1.0  Privacy Policy

The Business Hub values and respects the privacy of the people we deal with. The Business Hub is committed to protecting your privacy and complying with the Nigeria Data Protection Act (2023) and other applicable data privacy laws and regulations.

This Privacy Policy ("Policy") describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information. Throughout this document, "TBH", "we", "us", "our" and/or "ours" refer to The Business Hub a platform provided by Sultan and Joanna Limited, incorporated under the laws of the Federal Republic of Nigeria with its registered website at www.thebusinesshub.ng. The reference to 'you' or 'your' means you, any authorised person on your account, anyone who uses our platform on your behalf, or other related persons (including authorised signatories, partners, or authorised third parties).

2.0  Data Collection

2.1  The Information We Collect About You

We collect several different types of information for various purposes to provide and improve our services to you. We may also collect your information at events hosted or organised by or for The Business Hub, whether physical or virtual. The personal data we collect falls into various categories, such as:

2.1.1  Personal Data

While using our services, providing services, or seeking employment with The Business Hub, we may ask you to provide us with certain personal data that can be used to contact or identify you ("Personal Data"). Personal data may include, but is not limited to:

2.1.1.1  Identification Data

We collect information that can uniquely identify you or verify your identity. This includes, but is not limited to: your first, middle, and last name; date of birth; gender; nationality; biometric identifiers (where applicable); government-issued identification numbers such as National Identification Number (NIN), Bank Verification Number (BVN), international passport number, driver's licence number, and other similar identifiers; as well as identification documents or photographs used for verification or authentication purposes.

2.1.1.2  Contact Details

We collect information that enables us to contact you or communicate with you regarding our services. This includes your residential or mailing address, email address, phone numbers, and any other similar contact information you provide during account creation, onboarding, service usage, or customer support interactions.

2.1.1.3  Business Information

When you use our business registration, tax filing, post-incorporation, or other business services, we collect information about your business. This includes, but is not limited to: business name, business type and structure (e.g. sole proprietorship, limited liability company), registered business address, nature of business or industry, business registration numbers and certificates, tax identification numbers, directorship and shareholding information, memorandum and articles of association, and any other information required to fulfil the specific service you have requested.

2.1.1.4  Employment-Related Data

We collect information relating to your professional background, role, and suitability where required for recruitment, service provision, due diligence, vendor management, or regulatory compliance. This includes your job title or position, employer details, work history, professional qualifications, certifications, references, and other employment-related information relevant to our business relationship or engagement processes.

2.1.2  Financial Information

We collect and process financial information strictly as required to deliver our services, including services provided directly by TBH or indirectly through our approved service partners. This may include financial statements, revenue and cash flow details, tax records, credit history, and loan-related information necessary for service fulfilment, eligibility assessment, regulatory compliance, and transaction processing.

Payment transactions on our platform are processed by a third-party payment gateway service provider. We do not directly store your full card details or payment credentials. All payment data is handled in accordance with applicable security standards, including the Payment Card Industry Data Security Standard (PCI DSS). You are responsible for maintaining the confidentiality of your authentication credentials and ensuring they are not shared with unauthorised persons.

2.1.3  Sensitive Personal Data

We may process certain categories of sensitive personal data about you where necessary and permitted by applicable law. This may include biometric data used for identification (such as fingerprints or facial recognition data), as well as data relating to your racial or ethnic origin or religion.

We only collect or use sensitive personal data when it is essential for delivering our products or services to you, when required for reasons of substantial public interest, to comply with a legal obligation, or where we have obtained your explicit consent.

2.1.4  Access Credentials

When you create an account on our platform, you will be required to provide a username, password, and similar security information used for authentication and account access. Appropriate security measures have been implemented to protect this data, including encryption and storage in a secured environment.

2.1.5  Usage Data

We may also collect information that your browser or device sends whenever you access our platform or mobile application ("Usage Data"). This Usage Data may include information such as your Internet Protocol (IP) address, browser type and version, the pages of our platform that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

2.1.6  Mobile Device Access

We may request access or permission to certain features on your mobile device, including your mobile device's camera, calendar, contacts, storage, and other features, to facilitate the delivery of our services. If you wish to change our access or permissions, you may do so in your device's settings.

2.1.7  Mobile Device Data

We may automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information, IP address, and diagnostic data.

2.1.8  Analytics Data

We may use third-party service providers to monitor and analyse the use of our platform. We may also collect information about your marketing preferences to provide you with information about relevant services, products, and offers that we believe may be of interest to you.

2.1.9  Tracking and Cookies Data

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. Cookies are files sent to your browser from a website and stored on your device. Tracking technologies also used include beacons, tags, and scripts to collect and track information and to improve and analyse our platform. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, our online service experience may be degraded and you may not be able to use some portions of our platform.

Examples of cookies we use:

  • Session Cookies: We use session cookies to operate our platform. These expire at the end of your browser session.
  • Preference Cookies: We use preference cookies to remember your preferences and actions across multiple visits.
  • Security Cookies: We use security cookies for security and authentication purposes.
  • Third-party Cookies: These cookies are placed by third-party services we use for platform functionality and analytics. We have no control over these cookies.

You can learn more about how we use cookies in our Cookie Policy available on our website.

2.1.10  Social Media Information

This includes information from any social media profiles or accounts that you share with us.

3.0  Purposes of Processing

We collect and process your personal data through secure systems for the following lawful and legitimate purposes:

3.1  Provision of Business Services

  • To create, verify, and manage user accounts and service enrolments.
  • To process business registration applications, post-incorporation filings, tax filing requests, and other related services on behalf of our users.
  • To assess eligibility and facilitate access to business loans and financing options.
  • To provide access to business tools through our third-party partner ecosystem.
  • To facilitate training programmes and learning resources offered to our users.

3.2  Customer Support and Relationship Management

  • To communicate with you regarding your account, enquiries, requests, complaints, service updates, or notifications.
  • To provide technical support, resolve disputes, and enhance the overall user experience.

3.3  Security, Fraud Prevention, and Risk Management

  • To verify identities, prevent impersonation, and authenticate transactions.
  • To detect, investigate, and prevent fraud, unauthorised access, or misuse of our services.
  • To maintain logs, monitor usage patterns, and ensure the security and integrity of our systems and digital channels.

3.4  Legal, Regulatory, and Compliance Obligations

  • To comply with the Nigeria Data Protection Act (NDPA 2023), Corporate Affairs Commission (CAC) requirements, Federal Inland Revenue Service (FIRS) obligations, Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) requirements, and other applicable laws.
  • To report to regulatory bodies and fulfil any lawful request by government or oversight agencies.
  • To maintain required audit trails and statutory records.

3.5  Vendor/Third-Party Management

  • To conduct due diligence on vendors, technology partners, and third-party service providers, including suitability assessments and ongoing compliance monitoring.

3.6  Service Improvement and Business Operations

  • To analyse platform performance and improve our products, digital tools, and internal processes.
  • To conduct data analytics, quality assurance, user experience studies, and performance monitoring.
  • To operate, maintain, and enhance our online application and third-party integrations.

3.7  Marketing, Communications, and Personalisation

  • To send relevant product or service information, promotions, or updates based on your preferences, where you have consented or where permitted by law.
  • To analyse marketing interactions to improve the relevance of the content we share with you.

3.8  Protection of Individuals, Assets, and Our Interests

  • To safeguard the vital interests of users, employees, or the public, including during emergencies.
  • To protect our facilities, assets, staff, and users.
  • To protect our rights, integrity, reputation, and operational stability.

3.9  Other Legitimate and Lawful Purposes

Any additional purpose that is compatible with the original reason for collection, permitted under applicable laws, and consistent with this Privacy Policy.

4.0  Lawful Bases for Processing

We process personal data based on one or more of the following lawful bases as provided under the Nigeria Data Protection Act (NDPA) 2023:

4.1  Consent

Where required by law, we obtain your consent before processing your personal data. This applies to situations such as certain marketing communications, optional service features, and specific uses of sensitive personal data where explicit consent is required. You may withdraw your consent at any time, subject to legal or contractual restrictions.

4.2  Performance of a Contract or Pre-Contractual Processes

We process personal data where it is necessary to enter into or perform a contract, or to take steps at your request before entering into one. This includes processing required to:

  • Create and maintain user accounts and deliver our business services.
  • Assess and onboard users, employees, contractors, and vendors.
  • Manage employment, service, or partnership relationships.
  • Provide access to our platform, tools, and digital channels.
  • Respond to service requests and fulfil operational or administrative obligations.

4.3  Compliance with Legal and Regulatory Obligations

As a registered business services company, we process personal data to comply with obligations under applicable laws, regulations, and supervisory requirements. These include CAC filing obligations, FIRS tax requirements, AML/CFT requirements, KYC obligations, and requirements from other competent authorities.

4.4  Protection of Vital Interests

We may process personal data where necessary to protect your vital interests or those of another individual — for example, in emergency situations, fraud prevention scenarios, or matters involving personal or public safety.

4.5  Legitimate Interests

We process personal data where it is necessary for our legitimate business interests and where such interests do not override your rights and freedoms. These include:

  • Securing our platform and preventing fraud or misuse.
  • Improving our services and user experience.
  • Protecting our infrastructure, staff, and users.
  • Managing our relationships with users, employees, agents, and vendors.
  • Conducting internal governance, audits, and risk management activities.

4.6  Public Interest or Exercise of Official Authority

In certain circumstances, we process personal data in the public interest or in the exercise of official authority, particularly where required for regulatory oversight, anti-fraud initiatives, or obligations placed on business service providers.

5.0  How We Use Your Personal Information

To the extent permissible under applicable law, we may use your information for the following legitimate purposes:

  • Determine your eligibility for our products and services.
  • Verify your identity when you access your account.
  • Administer your account or other products and services that we or our partners may provide to you.
  • Respond to your requests and communicate with you.
  • Understand your business needs and tailor our services accordingly.
  • Facilitate business registration, post-incorporation filings, and related statutory processes.
  • Facilitate tax filing and related compliance services.
  • Assess eligibility and process applications for business loans.
  • Provide access to business tools and third-party software integrations on our platform.
  • Facilitate training programmes, webinars, and learning resources.
  • Prevent fraud, money laundering, or terrorism financing activities.
  • Manage our risks.
  • Market the products and services of The Business Hub, related entities, and affiliates. We may send you marketing and promotional messages by post, email, telephone, text, secure messaging, mobile application, or through our social media channels. You can change your mind on how you wish to receive marketing messages from us or opt out at any time. However, we will continue to use your contact details to send you important information regarding your dealings with us.
  • Process transactions, design products, and profile users.
  • Notify you about changes to our services.
  • Allow you to participate in interactive features of our platform when you choose to do so.
  • Provide customer support and for internal operations, including troubleshooting, data analysis, testing, security, fraud detection, and account management.
  • Process your information for audit, statistical, or research purposes to help us understand trends in user behaviour, manage our risks, and curate products and services that are suitable for our users' needs.
  • Monitor our communications with you (for example, to check your instructions to us, to analyse, assess, and improve customer service; for training and quality assurance purposes; and for verification, fraud analysis, and prevention purposes).
  • Recover any outstanding amounts that you may owe us.
  • Carry out analysis to evaluate and improve our business.
  • Monitor the usage of our platform.
  • Detect, prevent, and address technical issues.
  • Prevent fraud and enhance the security of your account or our platform.
  • Comply with and enforce applicable legal and regulatory requirements, relevant industry standards, contractual obligations, and our policies.
  • Provide you with tailored content and marketing messages, such as recommending other products or services we believe you may be interested in.
  • For other purposes required by law or regulation.

6.0  How We Share Your Information

We may share or disclose your personal data only as permitted by law, for legitimate business purposes, or where necessary to provide our services. All third parties we share data with are required to comply with appropriate confidentiality, data protection, and security obligations.

6.1  Internal Sharing

We may share your data within The Business Hub, including its subsidiaries and affiliated entities, to enable service delivery, compliance activities, risk management, and operational support.

6.2  Government Ministries, Departments, Agencies & Regulators

We may disclose your personal data to government authorities, supervisory bodies, and regulators where required for:

  • Compliance with the NDPA 2023 and other applicable laws.
  • Business registration and statutory filing obligations with the Corporate Affairs Commission (CAC) and other relevant agencies.
  • Tax filing obligations with the Federal Inland Revenue Service (FIRS) and relevant State Inland Revenue Services.
  • Reporting obligations, investigations, audits, or lawful requests.
  • Matters involving national security, public interest, or law enforcement.

6.3  Authorised Service Providers and Data Processors

We share data with carefully selected third parties who process information on our behalf. These include:

  • Technology and cloud service providers.
  • Payment gateway service providers who process payments made on our platform.
  • Business tool and software providers integrated into our platform.
  • Training and e-learning platform providers.
  • Customer support providers.
  • Business continuity and infrastructure providers.
  • Outsourced operational or administrative partners.

These parties are strictly required to protect your data in line with contractual and legal requirements.

6.4  Professional Advisers and External Auditors

We may disclose data to external auditors, legal advisers, tax consultants, and other professionals who assist us in meeting legal, regulatory, and governance obligations.

6.5  Financial and Lending Partners

Where necessary for the provision of business loan services or related financial activities, your data may be shared with:

  • Lending institutions and credit providers.
  • Credit bureaus and credit reference agencies.
  • Guarantors (for credit facilities).
  • Partners involved in assessing or processing loan applications.

6.6  Third-Party Partners

We may share personal data with approved partners who provide contractual, statutory, or employment-related services such as insurance providers, benefits administrators, or due-diligence partners. We do not share data with third parties for their own independent marketing purposes.

6.7  Law Enforcement, Courts, and Public Authorities

We may disclose your information to law enforcement agencies, courts, or public authorities where required by law or where such disclosure is necessary to protect rights, prevent fraud, or investigate wrongdoing.

6.8  Protection of Vital Interests and Safety

Data may be shared with emergency services or relevant authorities when necessary to protect your life, safety, or the vital interests of others.

6.9  Mergers, Acquisitions, or Corporate Restructuring

If The Business Hub undergoes a merger, acquisition, reorganisation, or asset transfer, your personal data may be shared with relevant parties, provided appropriate safeguards are in place.

6.10  Cross-Border Transfers

Where data must be transferred outside Nigeria for example, for cloud hosting, payment processing, or technology support. We ensure that such transfers comply with NDPC requirements, including adequacy decisions, legally binding agreements, contractual safeguards, and other lawful mechanisms. We take all steps reasonably necessary to ensure your data remains secure and protected.

6.11  Your Consent

Where required by law, or where no other lawful basis applies, we will seek your consent before sharing your personal data. You may withdraw your consent at any time, subject to contractual or legal limitations.

7.0  How We Secure Your Information

We have implemented appropriate organisational and technical measures to keep your personal data confidential and secure. This includes the use of encryption, access controls, and other forms of security to ensure that your data is protected. We require all parties, including our staff and third parties processing data on our behalf, to comply with relevant policies and guidelines.

Where you have a password that grants you access to your account or any of our services, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details with anyone.

Although we have taken measures to secure and keep your information confidential, please be aware that no method of transmission over the Internet or method of electronic storage can guarantee 100% security at all times. While we strive to use reasonable means to protect your personal data, we cannot guarantee its absolute security. You are responsible for securing and maintaining the privacy of your password and account registration information, and for verifying that the personal data we maintain about you is valid, accurate, and up to date. If we receive instructions using your account login information, we will consider that you have authorised those instructions and process them accordingly.

8.0  How Long We Keep Your Information

We retain your information for as long as the purpose for which the information was collected continues. The information is then securely destroyed unless its retention is required to satisfy legal, regulatory, internal compliance, or accounting requirements, or to protect our interests.

Please note that applicable regulations may require The Business Hub to retain your personal data for a period longer than specified, even after the end of your relationship with us.

9.0  Information from Locations Outside Nigeria

If you are located outside Nigeria and choose to provide information to us, please note that the data, including personal data, will be processed in Nigeria. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that processing.

10.0  Accuracy and Update of Your Information

You are responsible for ensuring that the information provided to The Business Hub is accurate and should inform us of any changes as they occur. This will enable us to update your information accordingly.

Any changes will affect only future uses of your personal information. Subject to applicable law, which might from time to time oblige us to store your personal information for a certain period of time, we will respect your wishes to correct inaccurate information. Otherwise, we will hold your personal information for as long as we believe it will help us achieve our objectives as detailed in this Privacy Policy.

11.0  Your Rights

You have certain rights in relation to the personal data we collect, as provided by the Nigeria Data Protection Act (NDPA 2023). These rights include:

  • A right to confirmation and access – to know whether we process your personal data and to request access to that information.
  • A right to rectification or update – to correct or update any inaccurate or incomplete personal data in our possession.
  • A right to erasure ("right to be forgotten") – to request the deletion of your personal data where it is no longer necessary or has no lawful basis for retention. We may, however, continue to retain certain data where there are valid legal, regulatory, or operational reasons.
  • A right to restrict processing – to request that we temporarily suspend the processing of your personal data while a request or objection is being resolved.
  • A right to object to processing – to object to certain types of processing, including direct marketing, except where processing is required by law or for legitimate operational purposes.
  • A right to data portability – to request that your personal data be provided to you in a commonly used electronic format or transferred to another party where technically feasible.
  • A right to withdraw consent – to withdraw your consent to processing. This will not affect the legality of processing carried out before the withdrawal.
  • A right to be informed of data sources – to know the origin of your data where it was not provided directly by you.
  • A right against automated decision-making – to be informed of, and object to, decisions made solely by automated means that significantly affect you.
  • A right to lodge a complaint – to make an official complaint to the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.

These rights are subject to certain limitations as provided under the Nigeria Data Protection Act 2023.

12.0  Privacy of Minors

We do not knowingly collect names, email addresses, or any other personally identifiable information from children through the internet or any other touchpoints. We do not allow individuals under the age of 18 to open accounts or use our services without the consent of a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with personal data without verification of parental consent, please promptly contact us.

13.0  Social Media Platforms

We operate and communicate through our designated pages and accounts on social media platforms to engage with our users and the general public. We monitor and record comments and posts made about us on these channels so that we can improve our services. Please note that any content you post to such social media platforms is subject to the applicable social media platform's terms of use and privacy policies. We recommend that you review this information carefully to better understand your rights and obligations regarding such content.

Our platform may allow you to connect with us on, share on, and use third-party websites, applications, and services. Please be mindful of your personal privacy needs, as we cannot control the privacy or security of information you choose to make public or share with others. We also do not control the privacy practices of third parties. Please contact those sites and services directly if you want to learn about their privacy practices.

14.0  Third-Party Websites

Our website and mobile application may contain links to or from other websites not operated by us, including websites of our integrated third-party tool and service providers. We have no control over and assume no responsibility for the security, privacy practices, or content of third-party websites or services. We recommend that you always read the privacy and security statements on these websites before providing any personal data.

15.0  Service Providers

We may engage third-party companies and individuals to facilitate our services ("Service Providers"), to provide services on our behalf, to perform service-related roles, or to assist us in analysing how our platform is used. This includes, but is not limited to, providers of business tools, training platforms, payment processing services, cloud hosting, and customer support solutions. These third parties have access to your personal data only to perform their specific tasks on our behalf and are obligated not to disclose or use it for any other purpose outside of the service-specific need for which the data is required.

16.0  Changes to This Policy

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be effective immediately after being posted on our website.

Based on the changing nature of privacy laws, user needs, and our business, we may modify this Privacy Policy from time to time. Any change to our Privacy Policy will be communicated on our website, via email, or by placing a notice on our platform, and will be effective as soon as published. Accordingly, we encourage periodic reviews of this Privacy Policy for awareness of any changes. Your continued use of the platform after we post any modifications to the Privacy Policy on our website will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

17.0  Contact Us

If you have any questions, comments, or requests in relation to this Privacy Policy, or if you have any objections, complaints, or requirements in relation to the use of your personal data, please contact us at:

The Business Hub

Website: www.thebusinesshub.ng

Email: hello@thebusinesshub.ng

Phone: 02017004271