OUR DATA PRIVACY POLICY

In processing your personal data, we adhere strictly to the principles of data processing as set out under S.24 of the NDPA. Our obligation in terms of the principle is to ensure that personal data is:

1. processed in a fair, lawful and transparent manner;
2. collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes;
3. adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data was collected or further processed;
4. retained for not longer than is necessary to achieve the lawful bases for which the personal data was collected or further processed;
5. accurate, complete, not misleading, and, where necessary, kept up to date having regard to the purposes for which the personal data is collected or is further processed; and
6. processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, access, loss, destruction, damage, or any form of data breach.

Furthermore, we are committed to ensuring accountability, demonstrating duty of care to you and also upholding data Confidentiality, Integrity and availability.

Except as otherwise required by operation of law or principles of law, your consent as the data subject is paramount in our considerations. You have the right to give, withhold or otherwise withdraw your consent to data processing. For further understanding of the operation of the principle of consent under data processing. See S.26 of the NDPA 2023.

We hold your privacy rights very dear to our operations. Apart from the right to give, withhold or withdraw consent, you have rights to all relevant information that may guide you in making informed decisions about your personal data. For example, you have the right to be notified of anyone or any place to which we may transfer your personal data. Your rights under the NDPA include but are not limited to the following:

1. a)Right to be Informed
2. b)Right of Access
3. c)Right to Rectification
4. d)Right to Object to Processing
5. Right to Data Portability
6. Right to be Forgotten
7. Right in Relation to Automated Decision Making (which essentially entitles you to human intervention)

Note that you also have a right to lodge a complaint with the Commission. See Part VI of the NDPA.

As a public establishment, third parties may wish to provide essential services to you (through our platforms) while relying on the relevant lawful bases for processing your personal data in this regard. The type of data usually processed for this may be your contact details. Where such services depend on consent, you have the right to decline and further restrict the processing of your personal data. You can simply unsubscribe to the notices sent for the purpose of such services.

Customarily, websites are designed to collect certain information from the visitor. Our website is also designed to collect your IP address and other information that your web browser typically shares with the websites that you visit. The purpose of this is to know you better and to automatically and dynamically engage with you through your actions on our website.
“Cookies”, in computer parlance, are text files that are downloaded to your browsing devices such as phones or computers when you browse pages of websites. They contain small amounts of data and their essential function is to intelligently memorise your preferences and therefore present them to you as choices when you are browsing – even at different times. Note that various websites use cookies for different purposes some of which may undermine your privacy rights. We have taken measures to ensure that all methods adopted by us to engage automatically with you do not violate your privacy rights under the NDPA. In the case of cookies, we ensure that they have security protocols and are not vulnerable to abuses by anyone.

We use cutting-edge technologies and foolproof protocols to provide you with comprehensive layers of security in the area of personal data. Thus, we are constantly vigilant in preventing cyber-attacks, fraudulent intrusion, unauthorised access, loss or corruption of personal data. We are equally cognizant of the obligations imposed on us by law in terms of data protection. Accordingly, we conduct reviews of process and privacy impact assessment, carry out trainings and obtain strict warranties where applicable.

The purpose of data processing usually determines the length of time within which your personal data is stored with us and the residue of data actually stored for this purpose. We collect and store personal data that is reasonably required by law or best practice to serve you or respond to legitimate enquiry about our transaction with you. We take this responsibility very seriously in view of the need for you to enjoy your privacy as guaranteed under the 1999 Constitution of the Federal Republic of Nigeria and international human rights law.

Our website may contain links to other websites. Save and except as otherwise expressly stated by us, any link to another website is not covered by our privacy policy. We strongly advise that you should satisfy yourself with the details of any privacy policy provided on other websites or links.

In carrying out our mandate effectively, we may require the services of third parties who may be within or outside the NDPA jurisdiction (Nigeria). Examples of such services include but are not limited to the following:

• a) Internet connectivity,
• b) Cloud storage,
• c) Data analytics,
• d) Data security, and
• e) Software development.

In transferring your data to third parties, we shall be guided by the NDPA. See PART VIII of the NDPA.

We have provided a platform to respond promptly and satisfactorily to all your requests, suggestions and complaints. This is called the DPSU. We have a Data Protection Officer who is responsible for prompt action on your data privacy. Contact the DPSU via this link: dpo@ndpc.gov.ng. Our DPSU serves as the internal mechanism to carry out the following services amongst others:

• a) Data protection regulations compliance and breach services
• b) Data protection and privacy advisory services
• c) Data protection capacity building
• d) Data Regulations Contracts drafting and advisory
• e) Data protection and privacy breach remediation planning and support services
• f) Information privacy audit
• g) Data privacy breach impact assessment
• h) Data Protection and Privacy Due Diligence Investigation
• i) Data Protection Officer

The Data Controller (NDPC) reserves the right to alter the foregoing policy for the purposes of advancing data privacy rights, public interest or complying with lawful directives of the Federal Government – in line with the safeguards under the NDPA and the 1999 Constitution of the Federal Republic of Nigeria.