Privacy Policy

Privacy Policy Information

1. Introduction

The BRB Capital website (brbcapital.co.uk) is operated by BRB Capital Limited, an investment management and advisory firm with offices in the United Kingdom and Nigeria. Our offices are located at 71‑75 Shelton Street, Covent Garden, WC2H 9JQ, London, United Kingdom, and Plot 3A Shakiru Anjorin Street, Lekki Phase 1, Lagos Island, Nigeria. BRB Capital is committed to protecting and respecting your privacy. Throughout this document, “we”, “us” and “our” refer to BRB Capital Limited.

This Privacy Policy explains how we collect, use, share and protect your personal information when you interact with us, whether through our website, during consultations, when making enquiries or when using our investment, advisory or corporate finance services. The policy applies to clients, potential clients, business partners, consultants, job applicants and anyone else whose personal data we hold. It sets out your rights and how to exercise them, and it provides details of the laws we observe when processing your information.

BRB Capital is subject to both the Nigeria Data Protection Act 2023 and the United Kingdom’s data protection framework, which comprises the UK General Data Protection Regulation and the Data Protection Act 2018. These laws require us to collect and process personal data lawfully, fairly and transparently, to limit our use of data to specified purposes and to implement appropriate security measures to safeguard personal information. They also grant data subjects significant rights, including the rights to access, rectify and erase their personal information.

 By visiting our website or engaging with our services, you accept the practices described in this policy. Your use of our services and any dispute over privacy are subject to this policy and our Terms of Use.

2. Consent

You give consent to this Privacy Policy when you access our website, submit information through our online forms, contact us by email or telephone, schedule consultations or otherwise use our services. Consent may be withdrawn at any time by following the procedures described in the Your Rights section below; however, withdrawal will not affect any processing we have already carried out in accordance with this policy.

3. Age Restriction

Our services are intended for adults. By using our website or providing personal information to us, you affirm that you are at least 18 years of age and legally capable of entering into binding agreements.

4. Information We Collect

We collect information in two broad categories: information you provide directly and information we collect automatically when you use our website.

4.1 Information You Provide to Us

We may collect the following information when you voluntarily provide it, for example when you submit an enquiry, schedule a consultation, apply for a role, sign up for newsletters or engage us for investment services:

  1. Identity and Contact Information – your name, address, email address, telephone number and, where appropriate, date of birth. We may also collect your company name and job title when relevant.
  2. Account Credentials – if you register for a client portal, we collect a username and password.
  3. Financial Information – payment details and bank account information necessary for processing investment subscriptions, returns and fees.
  4. Due-diligence Information – information required to comply with Know-Your-Customer (KYC) and anti-money laundering obligations, such as government-issued identification, proof of address and tax identification numbers.
  5. Professional Information – for job applicants or partners, we may collect CVs, employment history and qualifications.
  6. Communications – any correspondence you send to us, including emails, messages through our website and phone recordings when you call our offices.
4.2 Information Collected Automatically

When you visit brbcapital.co.uk, our servers automatically collect certain non‑personal information, such as your Internet Protocol (IP) address, browser type, operating system, referral source, pages viewed, time spent on the site and other traffic statistics. We also use cookies and similar technologies to recognise your device, remember your preferences and analyse how visitors use our site. Cookies allow our servers to remember your account login information, monitor web traffic and prevent fraudulent activities. You can disable cookies via your browser settings, but doing so may affect some site functions.

4.3 Information from Third Parties

We may receive information about you from third parties – for example, if you authorise a third party (such as a verification service or business partner) to share your data with us. We use such information only as permitted by law and for the purposes described in this policy.

5. How We Use Your Information

We collect and process your personal information to deliver and improve our services, comply with legal obligations and protect our legitimate interests. Specifically, your information may be used to:

  1. Verify Your Identity and Conduct Due Diligence – to satisfy KYC, anti-money laundering and other regulatory requirements.
  2. Fulfil Contracts – to carry out our obligations arising from any contracts entered into between you and us, such as administering investments, processing payments and providing advisory services.
  3. Provide Services and Support – to deliver the products, services and information you request, respond to your enquiries and improve our customer service.
  4. Marketing and Analytics – to conduct marketing analysis, customer profiling and research, including creating statistical and testing information; to make recommendations and suggestions about our services (unless you opt out).
  5. Communications – to communicate with you by email, telephone or text message, including sending service or support messages, updates, security alerts, newsletters and marketing communications.
  6. Billing and Account Management – to manage billing, payments and account records.
  7. Fraud Prevention and Risk Management – to help prevent, detect and investigate fraud, financial crime and other prohibited or unlawful activities; to carry out risk assessments.
  8. Compliance and Legal Obligations – to comply with legal and regulatory requirements and to enforce our Terms of Use.

We process your information under one or more lawful bases: your consent, the necessity to perform a contract with you, our legitimate interests (such as marketing and fraud prevention) or compliance with legal obligations. We do not use your information for purposes incompatible with those described above.

6. Data Accuracy

We take reasonable steps to ensure that the personal data we hold is accurate, complete and up to date. You can help us keep your information accurate by notifying us of changes. If we discover inaccuracies, we will promptly correct or delete the data. Under the UK GDPR, individuals have the right to have inaccurate personal data rectified or completed.

7. Data Confidentiality and Security

We regard your information as confidential. We will not sell or lease your personal data, and we will not disclose it to third parties except as described in this policy or as required by law. We implement appropriate physical, technical and organisational measures to protect your data from unauthorised access, disclosure, alteration or destruction. These measures include Secure Sockets Layer (SSL) encryption, firewalls, access controls and ongoing security monitoring. Our employees and contractors who process your information receive data‑privacy training and are bound by confidentiality obligations.

8. Disclosures and Transfers

We may share your personal data with:

  1. Affiliates and Service Providers – our subsidiaries, professional advisers (including lawyers, auditors and bankers), IT providers, cloud hosting services and other third-party vendors who assist us in operating our business and delivering our services. These parties are contractually bound to process your data only on our instructions and to implement appropriate security measures.
  2. Regulators and Law-Enforcement Authorities – where required by law or regulation, we may disclose your information to regulatory bodies, tax authorities, courts and law-enforcement agencies. We will notify you of such disclosure where legally permissible.
  3. Business Partners – third parties with whom we jointly provide services or co-operate on projects (e.g., co-investment partners), but only where you have given consent or where doing so is otherwise lawful.
  4. Successors – in the event of a merger, acquisition or sale of assets, your personal data may be transferred to our successor entity subject to the terms of this policy.

We may transfer your personal data across borders, for example between our UK and Nigerian offices. When transferring data outside the United Kingdom or Nigeria, we will put adequate safeguards in place to ensure that the recipient country has an equivalent level of data protection, as required under the Nigeria Data Protection Act 2023 and the UK GDPR. We may rely on standard contractual clauses, adequacy regulations, intra-group agreements or other approved transfer mechanisms.

Data protection laws grant you several rights regarding your personal information. Subject to certain limitations and exceptions, you have the following rights:

  1. Right to Confirmation and Access – to obtain confirmation of whether we hold personal data about you and to request a copy of that data.
  2. Right to Rectification – to request correction of inaccurate, incomplete or outdated data.
  3. Right to Erasure – to request deletion of your data when it is no longer needed or where processing is unlawful.
  4. Right to Withdraw Consent – to withdraw consent to processing at any time.
  5. Right to Object and Restrict Processing – to object to or request restriction of the processing of your data in certain circumstances.
  6. Right to Data Portability – to request your data in a structured, commonly used and machine-readable format and to have it transferred to another controller where technically feasible.
  7. Right Not to Be Subject to Automated Decisions – to not be subjected to decisions based solely on automated processing that significantly affect you.
  8. Right to Complain – if you believe we have violated your privacy rights, you may lodge a complaint with the Nigeria Data Protection Commission or the Information Commissioner’s Office (ICO) in the UK. Contact details can be found on their respective websites.
10. Data Retention

We will retain your personal data only as long as necessary to provide our services, comply with legal obligations, resolve disputes and enforce our agreements. For example, we keep transaction records to meet tax and regulatory requirements and to detect fraud. We may anonymise your data so that it no longer identifies you and retain the anonymised information for statistical purposes.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, personalise content and analyse traffic. Cookies are small text files stored on your device by your browser. Some cookies are necessary for the basic operation of our site, while others are used for analytics, performance or advertising purposes. When you first visit our site, you will be presented with a cookie banner requesting your consent to non‑essential cookies. You can change your preferences at any time by adjusting your browser settings or selecting “Customise” on the cookie banner. Necessary cookies do not store personally identifiable data.

12. Training

We ensure that employees who collect, access or process personal data receive adequate training on data privacy and protection, including the requirements of the Nigeria Data Protection Act 2023, the UK GDPR and the Data Protection Act 2018. Training is refreshed periodically to maintain awareness of legal obligations and best practices.

13. Data Breach Management

If we experience any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to your personal data, we will:

  1. Notify you and the relevant supervisory authority within the timeframe required by law;
  2. Investigate the breach and take steps to mitigate its effects;
  3. Implement remedial measures and track resolution; and
  4. Document the breach and outcomes for accountability.
14. Links to Third‑Party Websites

Our website may contain links to third‑party websites or services that we do not control. We are not responsible for the content, privacy policies or practices of such websites. We encourage you to read the privacy policies of every website you visit. This policy applies only to information collected by BRB Capital.

15. Limitation of Liability

While we exercise reasonable efforts to safeguard your personal data, we are not liable for unauthorised disclosure of information that occurs through no fault of ours (for example, due to the malicious acts of third parties). Nothing in this policy excludes or limits any liability that cannot be lawfully excluded.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email. Changes take effect immediately upon publication unless otherwise stated. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

17. Contact Us

If you have any questions, comments or requests regarding this Privacy Policy or the way we handle your data, please contact us:

BRB Capital Limited
Email: info@brbcapital.co.uk
Phone (Nigeria): (+234) 708 427 1165
Phone (United Kingdom): (+44) 775 326 2229
Address (Nigeria): Plot 3A, Shakiru Anjorin Street, Lekki Phase 1, Lagos Island.
Address (United Kingdom): 71‑75 Shelton Street, Covent Garden, WC2H 9JQ, London.