R-DATS Consulting Limited (“R-DATS”) is committed to fully complying with national and international data protection laws, principles and regulations. In its efforts to ensure your personal data are professionally managed and secured, this Policy statements describe how your personal data will be processed based on the fundamental principles of the Nigerian Data Protection Regulation 2019 (NDPR) as the minimum standard. While this Policy may not address all possible data processing scenarios, it is intended to provide a detailed guide to help you understand:
- The type of personal data we collect.
- Data collection methods and usage.
- Consent for the processing of data and access rights.
- Personal data protection principles.
- User responsibility.
- Data security.
- Link to third-party sites.
- Third-party access.
- Violation of privacy.
- Data retention.
The Type of Personal Data We Collect
R-DATS may collect the following information: name, date of birth, residential and contact address, telephone number, fax numbers, email address, marital status, nationality, gender, sexual orientation, social security number, tax identity number, debit/credit card number, card expiry date and Card Verification Value/Code, trade union membership bank details, posts on social networking information regarding data subjects and their family members, online usernames, license numbers, medical information and records, health plan beneficiary information, race or ethnic origin, political opinions, educational background, genetic data, biometric data (ex. thumb print), passport number and other identity numbers, location, geospatial data, photograph, audio and video recordings, IP address, MAC address, IMEI number, IMSI number and other device identifiers and serial numbers, vehicle identifiers and serial information, and any other information relevant which constitute Personal Data (“personal data”).
Personal Data collection methods and usage
- R-DATS collects the above-mentioned information using surveys, forms, email, physical requests, private message via social media platforms, cookies, subscribe to R-DATS newsletter, fill out a form, JWT and web tokens.
- When you send email or other communications to R-DATS, we may retain those communications to process your inquiries, respond to your requests and improve our services. When you access R-DATS’s services, our servers automatically record information that your browser sends whenever you visit a website.
- We use the above-mentioned information for research, regulatory compliance, marketing, business development, to process donations, to send periodic emails, development of outreach materials and policy documents, publicity, human resources management, talent and recruitment, benefits administration, events planning and hosting, in-house security and analysis, key business operations, evaluation of the success of our marketing and promotional efforts, analysis of our website usage, and improvement of our website’s content, layout, and services, processing or carrying out tasks to fulfill business goals or objectives
Consent for the Processing Data and Access Rights
- We usually require your consent for the processing of your data. We shall obtain your consent for/to individual matters, where any document deals with different matters.
- We can process your personal data in the absence of consent where:
- Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which you are subject;
- processing is necessary in order to protect your vital interests or that of another natural person; and
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of the official public mandate vested in us.
- If we intend to use your data for a purpose that is different from the purpose(s) for which your data was obtained, we will seek your consent prior to the use of your data for that other purpose, as required by law.
- In the event of any arrangement whereby R-DATS sells or transfers all, or a portion of, it is business or assets (including in the event of a reorganization, dissolution, or liquidation) to third parties, you hereby consent that your personal data held with R-DATS can be transferred or assigned to third parties who may become the controllers and/or processors of your personal data that was held by R-DATS prior to such arrangement. R-DATS shall always ensure that you are notified when your personal data is intended to be transferred to third parties in the circumstances outlined in this clause.
- No consent shall be sought, given, or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti-social conducts.
- You may withdraw your consent at any time and may request access to your personal information in our possession. We can, however, deny you access to the information where we determine that your request is unreasonable.
- You reserve the right to request the modification or amendment of your personal data in our possession.
- In all cases of access or modification/amendment of personal information, we shall request sufficient identification to enable us to confirm that you are the owner of the data sought to be accessed or modified/amended
Personal Data Protection Principles
When we process your personal data, we are guided by the following principles, which require personal data to be:
- Processed lawfully, fairly, transparently and with respect for the dignity of the human person.
- Collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and where necessary kept up to date.
- Removed or not kept in a form which permits identification of data subject for longer than is necessary for the purposes for which the personal data is processed.
- Processed in a manner that ensures its security, using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
You are required to familiarize yourself with this policy and to ensure that the information you provide to us is complete, accurate and up to date.
- R-DATS implements and maintains appropriate safeguards to protect personal data, taking into account in particular the risks to you, presented by unauthorized or unlawful processing or accidental loss, destruction of, or damage to their personal data.
- Safeguarding will include the use of encryption and pseudonymization where appropriate. It also includes protecting confidentiality (i.e. that only those who need to know and are authorized to use personal data have access to it), integrity and availability of the personal data. We regularly evaluate and test the effectiveness of those safeguards to ensure security of our processing of personal data.
- You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures, we cannot guarantee absolute security. R-DATS, therefore, accepts no liability for any damage or loss, however caused, in connection with transmission over the Internet or electronic storage.
- R-DATS only shares personal information with other companies, entities, or individuals in the following limited circumstances:
- We have your consent.
- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to
- Satisfy any applicable law, regulation, legal process or enforceable governmental request,
- enforce applicable terms of service, including investigation of potential violations thereof,
- detect, prevent, or otherwise address fraud, security or technical issues, or
- protect against imminent harm to the rights, property or safety of R-DATS, its users or the public as required or permitted by law.
Violation of Privacy
- We have put in place procedures to deal with any suspected personal data breach and will notify you of any personal data breach and let you know the steps we have taken to remedy the breach and the security measures we have applied to render your personal data unintelligible.
- All suspected breach of personal data will be remedied with 1 (one) month from the date of the report of the breach.
- If you know or suspect that a personal data breach has occurred, you should immediately contact the R-DATS team at firstname.lastname@example.org.
- R-DATS will not be responsible for any personal data breach which occurs as a result of:
- an event which is beyond the control of R-DATS;
- an act or threats of terrorism;
- an act of God (such as, but not limited to fires, explosions, earthquakes, drought, tidal waves and floods) which compromises R-DATS’s data protection measures;
- war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilization, requisition, or embargo;
- rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises R-DATS’s data protection measures;
- the transfer of your personal data to a third party on your instructions; and
- the use of your personal data by a third party designated by you.
We shall retain your personal data for as long as necessary to carry out the purpose for which the personal data was collected, as stated in the consent, or, if your personal data was lawfully collected and processed without obtaining consent per the consent section of this Policy or the law, for a period no longer than necessary to continue the lawful processing of your personal data. You may always contact us, and we will remove your personal data upon your written request.
How to Contact Us