Who We Are
The Data Protection Academy (‘we’ or ‘us’ or ‘our’) gathers and processes your personal information according to this privacy notice and complies with the relevant data protection Regulations and laws. This notice provides you with the necessary information regarding your rights and obligations and explains how, why, and when we process your personal data.
Information That We Collect
Data Protection Academy processes your personal information to meet our legal, statutory, and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way other than as specified in this notice.
The personal data that we collect is: –
- Date of Birth
- Personal Email
- Business Email
- Home Telephone Number
- Mobile Telephone Number
- Address, State, Province, ZIP/Postal code, City
We collect information in the following ways: –
online form, website orders, and over the phone when you contact us
How We Use Your Personal Data (Legal Basis for Processing)
Data Protection Academy takes your privacy very seriously and will never disclose, share or sell your data without your consent unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
The purposes and reasons for processing your personal data are detailed below: –
- We collect your personal data in the performance of a contract or to provide a service and to ensure that orders are completed and can be sent out to your preferred address
- We collect and store your personal data as part of our legal obligation for business accounting and tax purposes
- We have a legal obligation to share your personal data with [insert company name] who are a credit reference agency and provide us with financial background checks prior to you commencing employment with us
- We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests
You have the right to access any personal information that Data Protection Academy processes about you and to request information about: –
- What personal data do we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long do we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request the erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us; to exercise your data portability rights, and to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Data Protection Academy may use a third-party/third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws, and any other appropriate confidentiality and security measures.
Data Protection Academy takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures in place,
SSL, TLS, encryptions, restricted access, anti-virus/malware, etc.
Transfers Outside Nigeria
Data Protection Academy will only transfer data outside of Nigeria in line with Nigerian Data Protection Regulation requirements, namely set out below:
• Any transfer of Personal Data that is undergoing processing or is intended for processing after transfer to a foreign country or an international organization shall be subject to the other provisions of the NDPR and the supervision of the Honourable Attorney General of the Federation (HAGF). Or
• where the Agency (NITDA) has decided that the foreign country, territory, or one or more specified sectors within that foreign country or the international organization in question ensures adequate protection.
Legitimate Interests (if applicable)
As noted in the ‘How We Use Your Personal Data section of this notice, we occasionally process your personal information under the legitimate interests legal basis. Where this is the case, we have carried out a thorough Legitimate Interests Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests, ensuring that they are proportionate and appropriate.
How Long We Keep Your Data
Data Protection Academy only ever retains personal information for as long as is necessary, and we have strict review and retention policies in place to meet these obligations.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your Personal Data, we shall report within 72 (seventy-two) hours of knowing about such breach the details of the breach to NITDA. Furthermore, we shall, within 7 (seven) days of knowing the occurrence of such breach, take steps to inform you, the Data Subject of the breach incident as well as the risks to your rights and freedoms resulting from such breach and any course of action to remedy the said breach.
If you feel that your Personal Data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your Personal Data, you have a right to lodge a complaint with the NITDA. The contact details of the Agency are as follows:
National Information Technology Development Agency
Tel: +234929220263, +2348168401851, +2347052420189