Privacy Policy






Privacy Policy — Hillcrest Capital Management


Hillcrest Capital Management

Privacy Policy

Effective Date: 21 May 2025  ·  Last Updated: 17 March 2026

01

About This Policy

This Privacy Policy describes how Hillcrest Capital Management (“we”, “us”, or “our”) collects, uses, stores, and protects personal information obtained from clients, prospective investors, and visitors to our website at hillcrestcapmgt.com.

We are committed to handling your personal data with integrity, transparency, and in full compliance with applicable Nigerian data protection legislation, including the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR).

By engaging our services or using our website, you acknowledge that you have read and understood this Policy.

02

Who We Are

Hillcrest Capital Management is a capital management firm incorporated and operating under the laws of the Federal Republic of Nigeria. We provide investment advisory, asset management, and related financial services.

For the purposes of this Policy, Hillcrest Capital Management is the Data Controller of your personal information.

03

Information We Collect

In the course of providing our services and meeting our regulatory obligations, we may collect the following categories of personal information:

  • Identity Documents: Government-issued ID cards, international passports, driver’s licences, and other photo identification.
  • Proof of Address: Utility bills, bank statements, or official correspondence confirming your residential address.
  • Business Documentation: For corporate clients — Certificate of Incorporation, Memorandum and Articles of Association, Board resolutions, and details of beneficial owners.
  • Financial Information: Source of funds declarations, bank account details, and investment-related financial data provided during onboarding.
  • Biometric Data (where applicable): Photographs or facial data used for identity verification purposes.
  • Contact Information: Name, phone number, email address, and postal address.
  • Transaction Records: Details of investments, fund movements, and correspondence related to your account.

Note: We collect only the minimum personal data necessary to fulfil our legal and contractual obligations. You will always be informed of the purpose before any data is collected.

04

How We Use Your Information

We use your personal information for the following purposes:

  • To verify your identity and conduct required Know Your Customer (KYC) checks before and during the provision of services.
  • To comply with Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and other applicable regulatory obligations.
  • To open, manage, and administer your investment account.
  • To communicate with you regarding your investments, account activity, and material updates.
  • To conduct risk assessments and ongoing due diligence as required by law.
  • To respond to enquiries, complaints, or requests from you or relevant regulatory authorities.
  • To improve our services and ensure operational security.

05

Legal Basis for Processing

We process your personal data on the following legal grounds under the Nigeria Data Protection Act 2023:

  • Legal Obligation: Processing necessary to comply with the Money Laundering (Prevention and Prohibition) Act 2022, the Investment and Securities Act, SEC regulations, and other applicable laws.
  • Contractual Necessity: Processing required to enter into or perform a contract with you for the provision of investment services.
  • Legitimate Interests: Processing undertaken to protect the firm’s security, prevent fraud, and manage risk — provided such interests are not overridden by your rights.
  • Consent: Where you have given explicit, freely obtained consent for a specific processing activity, which you may withdraw at any time.

06

KYC / AML Obligations

As a regulated financial services entity, Hillcrest Capital Management is legally required to conduct thorough Know Your Customer (KYC) and Anti-Money Laundering (AML) checks on all clients. These obligations arise from:

  • The Money Laundering (Prevention and Prohibition) Act 2022
  • The Securities and Exchange Commission (SEC) Nigeria rules and directives
  • The Central Bank of Nigeria (CBN) AML/CFT regulations
  • The Financial Action Task Force (FATF) recommendations adopted in Nigeria

This means we are obligated to collect, verify, and retain your KYC documents regardless of whether you give consent. Failure to provide required KYC documentation may prevent us from onboarding you as a client or continuing to provide services.

KYC data may be screened against government sanctions lists, Politically Exposed Persons (PEP) databases, and adverse media sources as part of our due diligence process.

07

Sharing Your Information

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

  • Regulatory Authorities: The Securities and Exchange Commission (SEC), Central Bank of Nigeria (CBN), Nigerian Financial Intelligence Unit (NFIU), and other competent authorities where legally required.
  • Law Enforcement: Where we are compelled by a valid court order or applicable law.
  • Service Providers: Trusted third-party vendors (e.g. identity verification platforms, IT service providers, auditors) bound by strict confidentiality and data processing agreements.
  • Professional Advisors: Legal counsel, accountants, or compliance consultants engaged to support our operations, under obligations of professional secrecy.

Any third party with whom we share your data is contractually required to handle it in accordance with applicable data protection laws.

08

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • KYC / AML Records: Retained for a minimum of five (5) years after the end of the business relationship, as required by the Money Laundering (Prevention and Prohibition) Act 2022.
  • Investment & Transaction Records: Retained for a minimum of seven (7) years in line with SEC Nigeria requirements.
  • General Correspondence: Retained for up to three (3) years or as necessary for dispute resolution.

Upon expiry of the applicable retention period, data will be securely deleted or anonymised.

09

Data Security

We implement appropriate technical and organisational measures to safeguard your personal information against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Encryption of sensitive data in transit and at rest.
  • Access controls limiting data access to authorised personnel only.
  • Regular security assessments and staff training on data protection practices.
  • Secure physical storage of physical KYC documents.

In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals in accordance with the NDPA 2023.

10

Your Rights

Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data where there is no lawful basis for its continued processing (subject to our legal retention obligations).
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us using the details in Section 13. We will respond within 30 days of receiving your request. Note that some rights may be limited where we are required by law to retain or process your data.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe your data rights have been violated.

11

Cookies & Website Use

Our website at hillcrestcapmgt.com may use cookies and similar tracking technologies to improve user experience and analyse site usage. Cookies used are strictly functional and analytical — we do not use advertising or tracking cookies.

You may configure your browser to refuse cookies; however, this may affect the functionality of certain parts of the website.

12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory requirements. Any material changes will be communicated via our website and, where appropriate, by direct notification to clients.

The “Last Updated” date at the top of this Policy indicates when it was most recently revised. We encourage you to review this Policy periodically.

13

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our Data Protection Officer:

Company
Hillcrest Capital Management

Address
30b Oladimeji Alo Street, Lekki Phase 1, Lagos 10610, Nigeria

Email
ctopanu@hillcrstcapmgt.com

Website
hillcrestcapmgt.com

© 2026 Hillcrest Capital Management. All rights reserved.  ·  Privacy Policy