Privacy and Cookies Policy
2. Collection and Use of Personal Information
2.1. What we collect
Your personal information is not used for purposes other than those listed in this document, unless we obtain your permission, or unless otherwise required by law. In general we collect and generate the following information:
1. Individual personal information (e.g. name, previous names, date and place of birth).
2. Individual personal contact details (e.g. address, email address, landline, fax and mobile numbers).
3. Identity information (e.g. photo ID, passport, national ID card and nationality).
4. Financial information.
5. Information about the ways you interact with the Organization (e.g. channels used, transaction information, geographic information, and information concerning your complaints).
6. Any information received from external authoritative registers required for compliance purposes.
7. Information captured in data subject’s documentation or data exchange such as via telephone (e.g. records of advice).
8. Cookies and similar technologies used to remember your preferences and tailor content.
9. Data or records of correspondence related to relevant exchanges of information (e.g. emails).
10. Closed circuit television (CCTV) in and around our facilities/platforms (these may collect photos or videos of you).
11. Other information about you that is voluntarily provided by filling in forms or by communicating with us, whether face-to-face or via other available channels (e.g. by phone, email, online).
2.2 Why we collect it and the Legal Grounds
The Organization generally collects only the personal information necessary to fulfill your request and to provide the requested and/or agreed services. Where additional, optional information is sought, you will be notified of this at the point of collection. The applicable law (NDPR 2019) allows us to process personal information, so long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one of the following processing conditions:
i. Performance of a contract: This is when the processing of your personal information is necessary in order to perform our obligations under a contract but also to be able to complete our acceptance procedure prior to the said contract;
ii. Legal obligation or for public interest: This is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for complying with any tax obligations, regulatory purposes, or providing information to a public body or law enforcement organization;
iii. Legitimate interests: where necessary, we may process information about you where there is a legitimate interest for us or a third party in pursuing commercial and business interests, except where such interests are overridden by your interests, fundamental rights and freedoms; or you expressly deny.
iv. Consent: We may occasionally ask you for specific permission to process some of your personal information for some or more specific purposes, and we will only process your personal information in this way if you so agree.
a. What constitutes consent? Your consent is given when you consume our services, navigate our website, tick our online/offline forms or boxes, subscribe to our email alerts, and attend our webinars and other events, or when you voluntarily submit your personal data to us.
b. How do you withdraw your consent? You may withdraw your consent at any time by unsubscribing to our email alerts or other digital platforms or by contacting the Organization’s Data Protection Officer (DPO) via firstname.lastname@example.org.
In general we may process, transfer and disclose your information to:
§ Verify your identity (e.g. for authentication purposes).
§ Provide our services (including via online platforms).
§ Deal with your transactions or carry out instructions.
§ Perform data analytics and understand your preferences and how you use the provided services.
§ Use technology for decision making purposes.
§ Keep record keeping and accountability.
§ (Meet compliance and legal obligations such as to comply with the extant Data regulatory framework.
§ Manage our relationship with you (including any activities you agree to).
§ Obtain reports of an online problem (e.g. with the Organization site).
§ Enforce or defend the rights of a member of the Organization.
§ For internal operational support and administrative purposes (e.g development of our service, audit and risk management).
§ Ensure security and Organizational continuity.
§ For service quality management and product improvement.
§ Correspond with third parties (e.g. vendors, regulators and intermediaries).
§ To facilitate dissemination of information about our organization and events.
§ For the purpose of registration and participation at our online and offline events.
§ To respond to and build on any feedback you send us.
2.3 Retention of Personal Information
We will only retain your personal data for as long as the extant provisions of the applicable laws of Nigeria require us to, or for the purposes set out in this policy or our contract with you, or when you exercise your right to request deletion of personal data.
After expiration of any of the aforementioned periods as applicable, your personal data will be irreversibly destroyed. This allows us to comply with legal and regulatory requirements or fulfill our legitimate purposes. If we do not need to retain information for a period of time, we may destroy, delete or anonymize it more promptly. Any personal data held by us will be kept by us until such time that you notify us that you no longer wish to receive this information.
2.4 Storage of Information
2.5 Log Files
The Organization follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
2.6 Sharing Information
We do not share personal information with unaffiliated third parties, except if necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law. These include:
i. Service providers: Our organization works with reputable partners and service providers so they can process your personal information on our behalf where required. Our organization will only transfer personal information to them when they meet our standards set in our third party information security policy on the processing of data and security. We only share personal information that allows them to provide their services.
ii. Courts, law enforcement or regulatory bodies: Our organization may disclose personal information in order to respond to requests of courts, government or law enforcement entities or where it is necessary to comply with applicable laws, court orders or rules, or government regulations.
iii. Audits: Disclosures of personal information may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
As such information may be transferred and disclosed to authorities, law enforcement, government, persons acting on your behalf, payment recipients, beneficiaries, intermediaries, other financial institutions, lenders and holders of security over any property relevant to our organization, payment service providers, technology providers, support service providers, etc. We may also share aggregated or anonymized information with our partners.
2.6 Automated Decisions and Profiling
We do not use automated systems to make automated suggestions or decisions, including profiling, based on personal information we have, or that are allowed to collect from other authorized sources, about you. All personal data we collect have human involvement.
2.7. Further Processing
We sometimes process personal data for purposes other than those for which the personal data were initially collected where the processing is compatible with the purposes for which the personal data were initially collected. In order to ascertain whether the processing for another purpose is compatible with the purpose for which the personal data were initially collected:
§ Any link between the original and proposed new purposes.
§ The context in which data have been collected (in particular the relationship between us and your reasonable expectations).
§ The nature of the data (particularly whether they are sensitive data or criminal offence data).
§ The possible consequences of the proposed processing.
§ The existence of safeguards (including encryption). Where the data subject has given consent or the processing is based on the law we are allowed to further process the personal data irrespective of the compatibility of the purposes. Where we intend to process the personal data for a purpose other than that for which they were collected, we will provide you, prior to that further processing, with information on that other purpose and other necessary information.
3. Automatic Collection Cookies & IP Addresses
Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves a number of purposes.
Your selection will be saved in a cookie and is valid for a short period (e.g. 90 days). If you wish to revoke your selection, you may do so by clearing your browser's cookies. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser's settings (often found in your browser's Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web sites' features.
Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers, but this is for the purpose of identifying the number of unique visitors to our web sites and geographic origin of visitor trends, and not to identify individual visitors. The Organization may also collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.
By navigating on our web sites and accepting cookies or entering your login details to access areas reserved for registered users, you agree that we can place these cookies on your computer or internet enabled device.
3.2 IP Addresses
An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct web site trend and performance analysis.
4. Your Rights
4.1 Data Subject Rights
The Organization may ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter or sms notifications, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request.
In general if you have submitted personal information to the Organization, you have the following rights under the NDPR 2019:
i. The right to access information about you and to obtain information about how it is processed.
ii. The right to request that your information is corrected if it is inaccurate or incomplete.
iii. The right to request that your information is erased (depending on the circumstances and agreements in place).
iv. We may continue to retain your information if another legitimate reason for doing so exists. You have the right to have you personal data erased if:
§ The personal data is no longer necessary for the purpose which it was originally collected or processed for.
§ We rely on consent as the lawful basis for holding the data, and you withdraw your consent.
§ We relying on legitimate interests as the basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing.
§ We process the personal data for direct marketing purposes and you object to that processing.
§ We process the personal data unlawfully (i.e. in breach of the lawfulness requirement).
§ It has to be done to comply with a legal obligation.
v. The right to request that we restrict our processing of your information if the information provided to the Organization is not accurate, the processing is unlawful and your request for erasure is opposed or when we no longer need your data for the purpose of processing but they are required by you for the establishment, exercise or defence of legal claims.
vi. The right to withdraw your consent to our processing of your information (depending on the circumstances and agreements in place). We may continue to process your information if another legitimate reason for doing so exists.
vii. The right to receive certain information you have provided to us in an electronic format and / or request that it is transmitted to a third party. This applies when:
§ The lawful basis for processing this information is consent or for the performance of a contract.
viii. The right to ask us not to process your personal data for marketing purposes. Prior to collecting data, we will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
ix. The right to lodge a complaint with the Data Protection Regulatory Authority, for example the National Information Technology Development Authority (NITDA) if you think that the Organization has not processed your personal data in accordance with data protection legislation.
You can exercise your rights by contacting us using the details set out in the “Questions and Enforcement” section. We will make all reasonable and practical efforts to comply with your request, if it is consistent with applicable laws and regulations. In such a case every effort to comply within one month shall be made or to inform you of refusal and the basis of this, or of an extension to the period to comply.
5. Other Relevant Information
5.1 Data Security
The Organization has security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite the Organization’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know and they are required to maintain the confidentiality of such information. A series of technology and Cyber Security platforms and solutions are utilized to protect data within our environment including, but not limited to perimeter security mechanisms, end point security mechanisms, encryption, etc.
5.2 Your Responsibilities
You are responsible for ensuring that the information provided to the Organization on your behalf is accurate and up to date, and you must inform us if anything changes as soon as possible. If you provide information for another person on your account, you must direct them to this notice and ensure they also agree to us using their information.
5.3 Questions, Remedies and Time Frame for Remedies
If you are not satisfied with the response you receive, you may escalate your concern to NITDA by visiting their website at www. nitda.gov.ng or email - email@example.com but this is without prejudice to your right to file an action in a court of law. The time frame for remedies may be determined by a court of competent jurisdiction or the regulator.
5.4 Children’s Privacy
Please not that our Services are not intended for use by children under the age of 18 years. We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
5.4 Links to Other Websites
5.5 Governing Principles of our Data Processing
We guarantee that your personal data shall be:
§ collected and processed in accordance with specific, legitimate and lawful purpose consented to by you; provided that: a further processing may be done only for archiving, research or statistical purposes for public interest;
§ restricted to you and shall not be transferred to any person or entity except as required by law;
§ it is adequate, accurate and without prejudice to the dignity of human person;
§ Stored only for the period within which it is reasonably needed, and;
§ Secured against all foreseeable hazards/breaches such as theft, cyber-attack, etc.