Preamble
Nigeria Data Protection Commission [hereafter referred to as “Data Controller” or NDPC] is an establishment of the Federal Government of Nigeria. The central mandate of NDPC is to implement the Nigeria Data Protection Act (NDP Act) 2023.
Our contact information is provided under ARTICLE 12 of this Data Privacy Policy.
This privacy policy is in furtherance of section 37 of the Constitution of the Federal Republic of Nigeria (CFRN) 1999 (as amended), the Nigeria Data Protection Act (NDP Act) 2023, and all other legal instruments designed to protect the privacy rights of natural persons.
As the “Data Controller”, we are cognizant of the privacy rights of all natural persons who are part of NDPC or interact with us on all our data processing mediums or platforms. These classes of people are our “Data Subjects”. As a responsible establishment, we are committed to safeguarding the privacy rights of our data subjects through this strict privacy policy. It shall complement extant legal regulatory framework as an internal standard of care we owe our “Data Subjects”.
Article 1: Our Guiding Principles on Data Processing
In processing your personal data,
we adhere strictly to the principles of data
processing as set out under S.24 of the NDP Act.
Our obligation in terms of the principles is to ensure that
personal data is:
- processed in a fair, lawful and transparent manner;
- collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes;
- adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data was collected or further processed;
- retained for not longer than is necessary to achieve the lawful bases for which the personal data was collected or further processed;
- accurate, complete, not misleading, and, where necessary, kept up to date having regard to the purposes for which the personal data is collected or is further processed; and
- processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, access, loss, destruction, damage, or any form of data breach.
Furthermore, we are committed to ensuring accountability, demonstrating duty of care to you and also upholding data Confidentiality, Integrity and Availability.
ARTICLE 2: CONSENT OF DATA SUBJECT
Except as otherwise required by operation of law or principles of law,
your consent as the data subject is paramount in our considerations.
You have the right to give, withhold or otherwise withdraw your
consent to data processing. For further understanding of the operation of
the principle of consent under data processing, see S.26 of the NDP Act.
ARTICLE 3: OUR SCOPE OF DATA PROCESSING AND LAWFUL BASIS IN GENERAL
In varying degrees,
vis-à-vis the services we provide for you or your level of
engagement with us, we do process your personal data.
Below is a table containing the major types of personal data,
the purpose and the lawful basis for processing them:
| S/N |
Purpose of Collection |
Types of Data |
Lawful Basis |
| 1 |
Regulatory Actions |
Name, Phone Number, Email Address, Contact Address, Sex, Date of Birth, Photograph |
LEGAL OBLIGATION. Some instances may involve public interest. |
| 2 |
Notifications |
Name, Phone Number, Email Address, Contact Address, Sex, Date of Birth |
LEGAL OBLIGATION. Some may require consent as prescribed by the NDP Act. |
| 3 |
Data Analytics |
Name, Phone Number, Email Address, Contact Address, Sex, Date of Birth |
CONSENT. (To ensure that our services suit the purpose of data subjects and to measure our performance). Some may involve legitimate interest or legal obligation where analytics are tailored towards crime prevention. |
| 4 |
Security |
Name, Phone Number, Email Address, Contact Address, Sex, Date of Birth, Photograph |
LEGAL OBLIGATION. For safety and security of lives and property. Some may involve legitimate interest or public interest where analytics are tailored towards crime prevention. |
| 5 |
Employment |
Name, Phone Number, Email Address, Contact Address, Sex, Date of Birth, Photograph, Medical Record, Educational Record |
CONTRACT. This is the major lawful basis. Some instances may involve other lawful basis such as consent, vital interest, or legal obligation. |
| 6 |
Contract |
Name, Phone Number, Email Address, Contact Address, Sex |
CONTRACT. Some instances may involve legitimate interest or public interest - particularly in carrying out due diligence. |
Please note that the categories of data and the lawful basis provided are not exhaustive. We are governed by the NDP Act and we process data without prejudice to your rights as a data subject.
ARTICLE 4: RIGHTS OF DATA SUBJECTS
We hold your privacy rights very dear to our operations.
Apart from the right to give, withhold or withdraw consent,
you have rights to all relevant information that may guide you
in making informed decisions about your personal data.
For example, you have the right to be notified of anyone or
any place to which we may transfer your personal data.
Your rights under S.34 and S.35 NDP Act include but are not limited to the following:
- Right to be Informed
- Right to Rectification
- Right to Object to Processing
- Right to Data Portability
- Right to be Forgotten
- Right in Relation to Automated Decision Making (which essentially entitles you to human intervention)
- Right to withdraw Consent
Note that you also have a right to lodge a complaint with the Commission. See Part VI of the NDP Act.
ARTICLE 5: WITHHOLDING RELEVANT DATA
There are types of personal data that are mandatory for us to process in order
to carry out your instructions or perform our legal mandate for your benefit.
If you withhold such information, it may be impracticable to carry out our mandate in relation to you.
If you seek more clarification on our data processing, contact our designated Data Protection Officer
as provided under ARTICLE 12 below.
ARTICLE 6: TRANSFER OF PERSONAL DATA TO A THIRD-PARTY
As a public establishment, third parties may wish to provide essential services to you
(through our platforms ) while relying on the relevant lawful bases for processing your personal data in this regard.
The type of data usually processed for this may be your contact details. Where such services depend on consent,
you have the right to decline and further restrict the processing of your personal data.
You can simply unsubscribe to the notices sent for the purpose of such services.
ARTICLE 7: TECHNICAL INFORMATION AND COOKIES
Customarily, websites are designed to collect certain information from the visitor.
Our website is also designed to collect your IP address and other information that
your web browser typically shares with the websites that you visit.
The purpose of this is to know you better and to automatically and dynamically
engage with you through your actions on our website.
“Cookies”, in computer parlance, are text files that are downloaded to your browsing devices
such as phones or computers when you browse pages of websites. They contain small amounts of data
and their essential function is to intelligently memorise your preferences and therefore present
them to you as choices when you are browsing - even at different times. Note that various websites
use cookies for different purposes some of which may undermine your privacy rights. We have taken
measures to ensure that all methods adopted by us to engage automatically with you do not violate your
privacy rights under the NDP Act. In the case of cookies, we ensure that they have security protocols
and are not vulnerable to abuses by anyone.