The Policy constitutes our commitment to the privacy of personal/corporate data on all our administrative records, websites, recruitment, professionals, clients, potential clients, individuals who engage all our database applications, services, tools, and physical contact with us and other social media platforms, premises and locations of operation in line with our commitment to complying to relevant regulatory requirement and our implemented ISO 27001:2013 Information Security Management Systems and ISO 9001:2015 Quality Management System.
2.0. Consent / Acceptance of Terms
You accept this Policy when you give consent upon access to our platforms, fill any of our official documents, use our services, content, or functions offered on our websites, or digital platforms or visit any of our physical offices and hereby give us consent to save, process and use your Personal Data to the extent as allowed by law when you provide us with details of your Personal Data or by clicking on the “accept” button.
You may not access our website or use our services if you are younger than 18 years old or do not have the legal capacity to conclude legally binding contracts. By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all its terms.
3.0. Collection of Personal Data:
3.1. The personal information collected by us may include the following
• contact information such as your name, date of birth, identification supporting documents (including copies of Driver’s License or Passport Bio Data Page), gender, nationality and race, preferred language, current private and/or business address, telephone or mobile phone number, fax number, email address, organisational/corporate name, pictures and video coverage of persons gaining access into our physical facility
• your bank account details
• additional information accessed through your interactions with us; and
• When you use our websites, we collect information sent to us by your computer, mobile phone, or other electronic access devices. The automatically collected information includes but is not limited to data about the pages you access, computer IP address, device ID or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, standard web log data, still and moving images.
• optional information that you voluntarily provide to us.
• information that has been made anonymous so that it does not identify a specific person;
• permanently de-identified information that does not relate or cannot be traced back to you specifically; and
• non-personal statistical information collected and compiled by us and information that you have provided voluntarily in an open, public environment or forum including (without limitation) any blog, social media account, chat room, community, classifieds or discussion board. Because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy.
4.0 How we use your Personal Data
We may use your Personal/corporate Data, including not-public Personal Data as follows:
i. Verify qualifications and other claims as part of our recruitment and employment process
ii. Verify supplier qualification and competence as part of our Vendor management process.
iii. Provide, maintain, and improve our services
iv. Provide and deliver the products and services you request, process transactions and send you related information, including confirmations.
v. Verify your identity, for security purposes and prevent fraud.
vi. Send you technical notices, updates, security alerts and support and administrative messages.
vii. Respond to your comments, questions and requests and provide customer service.
viii. Communicate with you about products, services, offers, promotions, rewards, and events offered by us and provide news and information we think will be of interest to you.
ix. Monitor and analyse trends, usage and activities in connection with our services.
x. Link or combine with information we get from others to help understand your needs and provide you with better service.
xi. Carry out any other purpose for which the Personal Data was collected
xii. Disclose Personal/Corporate Data to our employees that require the personal data to do their jobs.
xiii. Remember your information so that you will not have to re-send it anytime there is a need
xiv. Provide any services, which may be useful or beneficial to you; and
xv. Track your entries, submissions, and status of other activities in connection with your usage of the website.
4.1 Collection from browser
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
When you access our website, we may send one or more cookies (small text files containing a string of alphanumeric characters) to your computer to collect certain usage information. We use session cookies (which disappear after you close your browser) and persistent cookies (which remain after you close your browser and which can be removed manually) and may be used by your browser on subsequent visits to our website. We use information gathered by cookies to improve the website.
5.2. Sharing your information
We may share/transfer your Personal Data with:
• An affiliate, in which case we will seek to require the affiliates to honour this privacy and personal information policy;
• Our service providers under contract who help with parts of our business operations (including fraud prevention, bill collection, marketing, and technology services). Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit;
• Security agencies
• State and Federal Tax offices, as permitted by law; and
• Banking partners, and HMOs as required for inclusion on their list of terminated merchants (in the event that you utilise the services to receive payments and you meet their criteria).
5.3. Regulators and Law enforcement
5.3.1. If you contact us regarding your experience with using any of our services, we may disclose your Personal Data as required by law or governmental audit.
5.3.2. We may disclose personal information if required:
• by a subpoena or court order;
• to comply with any law;
• to protect the safety of any individual or the general public; and
• to prevent violation of our service terms.
- Security of your Personal Data
We adopt appropriate measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Generally, we use computer safeguards such as firewalls and data encryption to protect personal information and we enforce physical access controls to our buildings and files.
We authorize access to Personal Data only for those employees who require it to fulfil their job responsibilities.
Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders.
We authorize access to personal information only for those employees who require it to fulfil their job responsibilities.
- Personal Data Accuracy
We will try to keep the Personal Data we collect as accurate, complete and up to date as is necessary for the purposes explicitly defined in this policy.
Storage of Personal Data The Personal Data that we collect from you will be transferred to, and stored at, a destination within and outside Nigeria. We have identified all our storage locations of your Personal Data which is part of NITDA’s Whitelist. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and the Nigeria Data Protection Regulation (NDPR).
- Retention of Personal Data
We will only retain your Personal Data for as long as we determine is necessary to fulfill the purposes explicitly set out in this policy, unless:
• retention of the record is required or authorised by law; or
• you have consented to the retention of the record.
During the period of retention, we will continue to abide by our obligations.
- Updating or removing
We make good faith efforts to provide you with access to your personal information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes.
We may change the terms of this policy at any time. We will notify you of any changes by placing a notice in a prominent place on the website, at our premises or by email. If you do not agree with the change you must stop using the service. If you continue to use the services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted such terms.
15.0 Data Subject Rights
- The right to be informed: This means anyone processing your personal data must make clear what they are processing, why and who else the data may be passed to.
- The right of access: This is your right to see what data is held about you by Redleaf Solutions Limited
- The right to rectification: This is your right to have your data corrected or amended if what is held is incorrect in some way.
- The right to erasure: Under certain circumstances you may ask for your personal data to be deleted. This is also called “the Right to be Forgotten”. This would apply if your personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or your personal data has been unlawfully processed.
- The right to restrict processing: This gives you the right to ask for a temporary halt on the processing of your personal data, such as in the case where a dispute or legal case must be concluded, or the data is been corrected.
- The right to data portability: You have the right to ask for any data supplied directly to Redleaf Solutions Limited to be provided in a structured, commonly used, and machine-readable format.
- The right to object: You have the right to object to further processing of your data which is inconsistent with the primary purpose for which it was collected, including profiling, automation and direct or digital marketing.
- Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing
- 0 Breach / Privacy Violation
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, we shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NITDA. Also, where we ascertain that such breach is detrimental to your rights and freedoms, we shall take reasonable steps to inform you of the breach incident and any course of action to remedy said breach.
If you have any questions or concerns arising from this privacy & personal information policy, the way in which we handle Personal/Corporate Data or to exercise any of your rights, please contact us at: e-mail: firstname.lastname@example.org or telephone: +234 (0) 815 0970 627