We note that the Nigeria Data Privacy Regulations (“NDPR”) distinguishes between entities that are “controllers” of Personal Data and entities that “process” Personal Data. We note that we are a “Controller” for those services where we make decisions on how personal information is used in connection with our services, and we are a “Processor” for those services where we only use Personal Data that are requested by other Data Controllers.
This Policy explains how we may collect, use and disclose information about users of our Website and other contacts, and describes the rights you may have in respect of your own personal information. Please read it carefully.
This Policy may change from time to time. Unless otherwise stated, any updates to this Policy become effective when we post the updates on the Website. Your continued use of the Website for our services following an update to the Policy means that you accept the updated Policy.
Please read this Policy very carefully. If you do not wish to be bound by the provisions of this Policy, you should not visit the Website or sign up for our services. By visiting the Website, subscribing to our newsletter, signing up to become a volunteer or contributor, you hereby confirm that you have read, understood, and agree to be bound by the Policy.
What Kind of Personal Data Do We Collect?
We collect your name, phone number, email address and any other information we may require from time to time.
How Do We Use your Personal Data?
We collect your information when you sign up for our newsletter and when sign up to become a volunteer or a contributor.
Lawful Basis for Processing
We only process Personal Data where we have a lawful basis for doing so, such as the following:
- Consent – This is where you have given us explicit permission to process Personal Data for a given purpose. For example, if you subscribe for our newsletter.
- Contractual necessity – This is where we have to process Personal Data to meet Our contractual obligations to you.
- Legal obligation – This is where we have to process Personal Data in order to comply with the law.
- Protection of vital interests – This is where we are constrained to process your Personal Data in order to protect your interests or those of another person.
- Public interest – This is where there is an overriding public interest or we have been vested with an official public mandate to take certain action in the interest of the public.
A legitimate business interest means our interest in conducting and managing our services to enable us to give you the best service or product and the best and most secure experience. We make sure we consider and balance any potential impact on you and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.
Your Privacy Rights
This Policy describes your privacy rights regarding our collection, use, storage, sharing and protection of your Personal Data. You have the following rights:
- right to request from us access to and rectification or erasure of your personal data;
- right to restrict processing or object to processing of your personal data;
- right to data portability;
- right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;and
- right to lodge a complaint with the relevant authority.
In the event that you wish to: (i) access your Personal Data processed by us in accordance with this Policy, or (ii) ask any questions at all regarding our use of your personal data, or (iii) rectify your personal data processed by us in accordance with this Policy (iv) restrict or object to processing of your personal data (v) withdraw your consent to our processing of your personal data or (vi) request for data portability , please reach out via [email protected].
We carefully analyze what types of Personal Data we need to provide our services, and we try to limit the Personal Data we collect to only what we really need.
Where possible, we delete or anonymize Personal Data when we no longer need it. We will retain your Personal Data for the duration of our services to you and afterwards for as long as is necessary and relevant for purposes permitted by applicable laws and regulations. Where we no longer need your Personal Data, we will dispose of it in a secure manner.
If you have created a username, identification code, password or any other piece of information as part of our access security measures, you must treat such information as confidential, and you must not disclose it to any third party. We reserve the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion you have failed to comply with any of the provisions of these conditions. If you know or suspect that anyone other than you know your security details, you must promptly notify us at [email protected]
Who we share your Personal Data with?
We do not share Personal Data with unaffiliated third parties, except as necessary for our legitimate business interest, to provide you with our services, and/or as required or permitted by law or professional standards and generally to facilitate the running of our business or to provide specific services you have requested. We would only transfer Personal Data to the following categories or situations, when they meet our strict standards on the processing of data and security. We only share Personal Data that is necessary for them to provide their services. We will not transfer your Personal Data to any third parties for their own direct marketing use except as stated herein. Commonly, we may share your Personal Data with:
- Service providers – We engage service providers who help to support our business and improve our products. These service providers may include payment processors, customer service agencies, hosts, organizers and sponsors of our events; organizations that host our website or databases and providers of online surveys.
- Audits – Disclosures of Personal Data may also be needed for data privacy, financial or security audits and/or to investigate or respond to a complaint or security threat.
How Do We Secure and Store Personal Data?
We employ all reasonable efforts to keep your Personal Data secure by taking appropriate technical and organizational measures against its unauthorized or unlawful processing and against its accidental loss, destruction or damage. We store and process your Personal Data on our computers in Nigeria. Where we need to transfer your data to another country, we would ensure that such country has an adequate data protection law. We will seek your consent where we need to send your data to a country without an adequate data protection law. We protect your Personal Data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration.
Changes To Your Personal Data
CB makes every effort to maintain the accuracy and completeness of the personal information held by us. To help us ensure we have the most up to date information about you, it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact us at [email protected].
We consider the protection of Personal Data to be a sound business practice, and to that end we employ commercially appropriate organizational, physical, technical, and procedural safeguards and measures to protect your Personal Data in our possession or under our control, to the extent possible, from unauthorized or accidental access and improper use.
Unfortunately, the transmission of information via the Internet is not completely secure, and we cannot guarantee the security of your Personal Data transmitted to or through the Website; any such transmission is at your own risk. Once we have received your Personal Data, we will use the procedures and security features described above to try to prevent unauthorized access of your Personal Data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of sending newsletters, taking quizzes on our Website, registering for any event that might be announced etc.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you would like to know more about the retention periods we apply to your personal data, please contact us at [email protected]
What Happens When You Provide Us With Information About Others?
If you provide us with personal data about another individual, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws in relation to such disclosure. In so far as required by applicable data protection laws, you must ensure that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the information and that you explain to them how we collect, use, disclose and retain their personal data or direct them to read our Policy
For general enquiries regarding this Policy, or to make a request or complain about how We process personal data, you may contact us via [email protected]