Venoble
Privacy Policy

Privacy Policy

How Venoble Limited collects, uses, shares, and protects your personal data in accordance with applicable data protection legislation.

Last updated: April 7, 2026

1. About This Policy

This Privacy Policy (“Policy”) describes how Venoble Limited (“Venoble,” “the Company,” “we,” “us,” or “our”) collects, uses, stores, discloses, and protects the personal data of individuals who visit our website (venoble.com), subscribe to our publications, use our index data services, engage with our advisory services, or access our capital management platform.

This Policy applies to personal data processed in connection with all of Venoble’s business activities, including research and publications, index provision and licensing, advisory services, and capital management technology services.

We are committed to processing personal data in accordance with applicable data protection legislation, including:

  • The Nigeria Data Protection Act 2023 (“NDPA”) and the General Application and Implementation Directive (“GAID”), administered by the Nigeria Data Protection Commission (“NDPC”).
  • The Personal Information Protection and Electronic Documents Act (“PIPEDA”) of Canada, as applicable to our Canadian operations.

Where this Policy refers to “personal data” or “personal information,” it means any information relating to an identified or identifiable natural person, as defined under the applicable legislation.

2. Who We Are

Venoble Limited is a research, benchmark, and advisory firm incorporated in Canada and registered with the Corporate Affairs Commission (CAC) of the Federal Republic of Nigeria. We operate two complementary business arms: a research, index, and advisory firm, and a capital management technology platform.

Canada (Headquarters)Venoble Limited1 West Avenue SHamilton, Ontario, L8N 1C3Canada
NigeriaVenoble Limited1 Akin Adesola St.Victoria Island, LagosNigeria

Venoble Limited is the data controller responsible for your personal data processed through our website and services.

3. Information We Collect

We may collect and process the following categories of personal data:

Identity Data

Full name, date of birth, nationality, government-issued identification numbers, and documentation required for know-your-customer (KYC) verification.

Contact Data

Email address, telephone number, postal address, professional title, and organisational affiliations.

Financial Data

Bank account details, transaction records, portfolio information, and tax identification numbers, where required for capital management platform services or advisory engagements.

Subscription & Preference Data

Research subscription selections, content preferences, communication frequency preferences, geographic location (as selected during subscription), professional segment, and role level.

Technical Data

Internet Protocol (IP) address, browser type and version, operating system, device type, referring URL, pages visited, time spent on pages, and other usage data collected through cookies and similar technologies.

Index Access Data

API usage logs, data download records, index data queries, and licensing information associated with your use of Venoble index products and data services.

Correspondence Data

Records of communications between you and Venoble, including emails, support requests, advisory engagement correspondence, and feedback.

4. How We Collect Information

Directly From You

When you subscribe to our publications, register for events, request index data access, contact us with enquiries, enter into advisory engagements, open an account on our capital management platform, or submit information through forms on our website.

Automatically

When you visit our website, we automatically collect certain technical data through cookies and similar technologies. See Section 11 (Cookies) for details.

From Third Parties

We may receive personal data from regulated brokerage and custodial partners (in connection with capital management platform services), identity verification service providers (for KYC compliance), and publicly available sources such as corporate filings, regulatory databases, and professional networking platforms.

5. Lawful Basis for Processing

Under the Nigeria Data Protection Act 2023 and PIPEDA, we process your personal data only where we have a lawful basis to do so. The bases on which we rely include:

Consent

Where you have given clear, informed consent for us to process your personal data for a specific purpose. You may withdraw consent at any time by contacting us at privacy@venoble.com. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Performance of a Contract

Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract. This includes providing subscription services, index data access, advisory deliverables, and capital management platform functionality.

Legal Obligation

Where processing is necessary for compliance with a legal obligation to which we are subject. This includes KYC/AML requirements, tax reporting obligations, regulatory reporting, and responding to lawful requests from government authorities.

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include: operating and improving our website and services, fraud prevention and security monitoring, enforcement of our terms, aggregated analytics for service improvement, and communicating with existing clients and subscribers about our services.

Vital Interests

In rare circumstances, where processing is necessary to protect the vital interests of a natural person.

6. How We Use Your Data

Personal data is processed for the following purposes:

  • Service provision: Providing and administering our services, including research delivery, index data access and licensing, advisory engagements, and capital management platform functionality.
  • Account administration: Creating and managing your account, processing transactions, and maintaining records of our engagement with you.
  • Legal and regulatory compliance: Complying with KYC, AML/CTF, tax reporting, and other legal and regulatory obligations in the jurisdictions in which we operate.
  • Communications: Communicating with you about our services, publications, events, and relevant updates in accordance with your subscription preferences. You may opt out of non-essential communications at any time.
  • Service improvement: Improving our website, services, and user experience through aggregated, anonymised usage analytics. No individual-level profiling is conducted for marketing purposes.
  • Security and fraud prevention: Protecting our legitimate business interests, including fraud prevention, security monitoring, and enforcement of our terms.
  • Legal claims: Establishing, exercising, or defending legal claims where necessary.

We do not process personal data for automated decision-making that produces legal effects or similarly significant effects on individuals without human review. If this changes, we will notify affected individuals and provide an opportunity to object.

7. Data Sharing

We do not sell personal data to third parties. We may share personal data with the following categories of recipients, solely for the purposes described in this Policy:

  • Service providers: Third-party service providers who process data on our behalf, including cloud hosting providers, email delivery services, analytics providers, and payment processors. All service providers are contractually bound to protect personal data and to process it only on our instructions.
  • Regulated brokerage and custodial partners: Solely for the purpose of executing transactions and maintaining client accounts in connection with our capital management platform.
  • Payment processors and FX providers: Solely for the purpose of processing transactions you have authorised.
  • Identity verification providers: For the purpose of fulfilling our KYC and AML obligations.
  • Government authorities and regulators: Where required by applicable law, regulation, court order, or governmental request. We disclose only the minimum data required to comply.
  • Professional advisers: Legal counsel, auditors, and tax advisers, subject to confidentiality obligations.
  • Corporate transactions: In connection with a merger, acquisition, divestiture, reorganisation, or similar corporate event, personal data may be transferred to the acquiring or surviving entity, subject to confidentiality obligations and applicable law.

8. International Data Transfers

As Venoble operates across Canada and Nigeria, personal data may be transferred between these jurisdictions. Our cloud infrastructure providers may also store or process data in other jurisdictions.

Where data is transferred internationally, we implement appropriate safeguards including:

  • Contractual data protection clauses that impose obligations on the data recipient equivalent to those in the originating jurisdiction.
  • Technical and organisational security measures appropriate to the sensitivity of the data being transferred.
  • Compliance with the cross-border transfer requirements of both PIPEDA (which permits transfers where adequate safeguards are in place) and the NDPA 2023 (which permits transfers based on adequacy decisions, binding corporate rules, standard contractual clauses, consent, or other lawful bases specified in the Act and the GAID).

For enquiries about the safeguards we apply to international transfers, contact privacy@venoble.com.

9. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, and thereafter only as required or permitted by applicable law. In determining retention periods, we consider:

  • The duration of our relationship with you (active subscription, contract, account).
  • Legal and regulatory obligations that require retention (including record-keeping requirements under securities, tax, and AML laws).
  • Applicable statutes of limitations for potential legal claims.
  • Our legitimate business interests, including maintaining business records and protecting against legal claims.

When personal data is no longer required for any of these purposes, it is securely deleted or irreversibly anonymised. Under the NDPA 2023 and the GAID, data that has fulfilled its purpose is retained for no more than six calendar months following purpose completion, unless a longer retention period is required by law.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls and authentication mechanisms, including role-based access to personal data.
  • Regular security assessments and vulnerability monitoring.
  • Secure software development practices.
  • Contractual security obligations on third-party service providers.
  • Incident response procedures for detecting, reporting, and responding to personal data breaches.

While we take reasonable steps to protect personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

11. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to provide core functionality and analyse usage patterns.

Essential Cookies

Required for the website to function correctly. These cookies enable core functionality such as page navigation, access to secure areas, and session management. They cannot be disabled without impairing website functionality.

Analytics Cookies

Used to collect aggregated, anonymised information about how visitors use our website, including pages visited, time spent, and navigation patterns. This data is used solely to improve our website and services. Analytics cookies do not identify individual visitors.

What We Do Not Use

We do not use advertising cookies, retargeting cookies, or cross-site tracking technologies. We do not sell cookie data to third parties. We do not engage in behavioural profiling for advertising purposes.

Managing Cookies

You may manage cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may impair your ability to use certain features of our website.

12. Your Rights

Subject to applicable law and certain exceptions, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@venoble.com.

Under the Nigeria Data Protection Act 2023 (NDPA)

If you are a data subject under the NDPA, you have the right to:

  • Access the personal data we hold about you and receive a copy in a commonly used electronic format.
  • Rectification of inaccurate or incomplete personal data.
  • Erasure of your personal data, where there is no compelling reason for continued processing, subject to legal retention obligations.
  • Restriction of processing in certain circumstances.
  • Data portability — receive your data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.
Nigeria Data Protection Commission (NDPC)Website: ndpc.gov.ng

Under PIPEDA (Canada)

If your personal information is subject to PIPEDA, you have the right to:

  • Access the personal information we hold about you and be informed of how it has been used and to whom it has been disclosed.
  • Correction of personal information that is inaccurate or incomplete.
  • Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
  • Challenge compliance by lodging a complaint about our personal information handling practices.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you are not satisfied with our response.
Office of the Privacy Commissioner of Canada (OPC)Website: priv.gc.ca

Response Timeframes

We will acknowledge receipt of your request within five (5) business days and provide a substantive response within thirty (30) calendar days. If the complexity of the request requires an extension, we will notify you of the extension and the reasons for it before the initial thirty-day period expires.

We may require you to verify your identity before responding to a request, to protect against unauthorised disclosure of personal data.

13. Children’s Privacy

Our services are not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental or guardian consent, we will take steps to delete that data as soon as practicable.

Under the NDPA 2023, processing of a child’s personal data requires the consent of the child’s parent or guardian, with appropriate age verification measures.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

  • Notify the relevant supervisory authority — the Nigeria Data Protection Commission (NDPC) for data processed under the NDPA, and the Office of the Privacy Commissioner of Canada (OPC) for data processed under PIPEDA — within seventy-two (72) hours of becoming aware of the breach, as required by the NDPA 2023 and PIPEDA’s breach reporting regulations.
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, including a description of the nature of the breach, the categories of data affected, likely consequences, and the measures taken to address and mitigate the breach.
  • Document the breach in our internal breach register, including the facts, effects, and remedial actions taken, regardless of whether the breach meets the notification threshold.

16. Changes to This Policy

We may update this Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. When we make material changes to this Policy, we will:

  • Update the “Last updated” date at the top of this page.
  • Post the revised Policy on our website.
  • Where changes are material and we have your contact information, we will make reasonable efforts to notify you directly (e.g., by email).

Your continued use of our website and services following any modification constitutes acceptance of the revised Policy.

17. Contact & Data Protection Officer

Venoble has designated a Data Protection Officer (“DPO”) who is responsible for overseeing our compliance with applicable data protection laws. The DPO can be contacted for any enquiry relating to this Policy, your rights, or the processing of your personal data.

DPO / PrivacyData Protection Officer, Venoble Limited
Emailprivacy@venoble.com
Post (Canada)1 West Avenue S, Hamilton, Ontario, L8N 1C3, Canada
Post (Nigeria)1 Akin Adesola St., Victoria Island, Lagos, Nigeria

Escalation

If you are not satisfied with our response to your enquiry or complaint, you may escalate to the relevant supervisory authority:

  • Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
  • Canada: Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca