ABOUT THIS PRIVACY NOTICE
At IpNX we take the protection of Personal Data seriously. In this Privacy Notice we will explain what Personal Data we collect from you, how we use and share that data, how we keep your Personal Data safe, and how long we keep it for. We will also explain how we Process your data (and the Legal Basis for doing so) and help you to understand your Personal Data Rights.
WHAT DO WE MEAN BY PERSONAL DATA?
Personal Data is any information that could be used to identify you. That could be anything from your name and address, your bank details, your email address, an image or recording of you, your IP address or any other data that could be used to identify you.
WHAT DO WE MEAN BY PROCESSING YOUR PERSONAL DATA?
Processing Data simply means doing something with your Personal Data in the course of our business in order to provide our services to you. If a company or organization does anything with your Personal Data, they are processing it.
WE ARE ACCOUNTABLE
At IpNX we are committed to processing personal data in accordance with the Nigeria Data Protection Regulation (NDPR) principles, which ensure the safe processing of personal data.
WHAT PERSONAL INFORMATION WE COLLECT
We Collect Your Personal Data When You Register For Our Services, When You Contact Us Through Social Media, Online Through The “Contact Us Form” On Our Websites, Over The Telephone And When You Visit One Of Our Retail Outlets.
We also collect your personal data when you directly apply for employment with us. We do not collect Personal Data of persons below the age of 18.
HOW WE COLLECT INFORMATION ABOUT YOU
We collect your personal data in the following ways:
- When you sign up for a service – when you sign up, we collect certain personal data such as your email address, home address, birth date, gender so you can use the service
- Personal data collected that enables us to provide you with additional features/functionality – from time to time, you also may provide us with additional personal data or give us your permission to collect additional personal data, for example to provide you with better services
- From third parties – we will receive personal data about you and your activity from third parties, including partners we work with to provide you with a service.
We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving services, and developing new features and functions.
WHY WE COLLECT INFORMATION ABOUT YOU
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information. Some of the services we offer, that we cannot complete without your information, are below:
- deliver our services
- confirm your identity to provide services
- contact you when the need arises
- understand your needs to advise you on the correct service and then provide that service
- obtain your opinion about our service
- update your customer record
- process financial transactions
- prevent and detect fraud
HOW WE USE INFORMATION ABOUT YOU
We Will Use The Information You Have Provided In Accordance With Data Protection Regulation. We Will Not Keep It For Longer Than Is Necessary. In Some Instances, The Law Sets The Length Of Time Information Has To Be Kept. We Will Strive To Keep Your Information Up-To-Date And Accurate. We Will Always Make Sure You Understand Why We Need The Information. We Will Not Collect Irrelevant Information.
In General, We Process Your Information For The Following Reasons:
- for the service you have requested, to monitor and improve our performance in responding to your request
- to allow us to communicate effectively with you and provide services appropriate to your needs
- to ensure we meet our legal obligations
- to prevent or detect fraud or crime
- to process financial transactions
- to collect monies owed to us
We will not pass any personal data on to third parties, other than:
- those who process information on our behalf e.g other service providers, suppliers or partners sometimes need access to information to deliver services for us)
- because of a legal or regulatory requirement
- organizations that we engage with in joint working
We will only do so, where possible, after we have ensured that sufficient steps have been taken to protect the personal data by the recipient.
INTERNATIONAL TRANSFERS
We May Occasionally Send Your Data To Countries (Or International Organizations) Outside Of Nigeria That Are Deemed To Have Adequate Data Protection By NITDA. For Transfers To Others IpNX Will Ensure That Either Of The Following Conditions Are Met: Explicit Consent Of The Data Subject Has Been Granted, Performance Of A Contract, Public Interest, Legal Claims Or Protect The Vital Interest Of Data Subjects
Instances where we will transfer your data outside of the Nigeria include:
- Processing international payments.
- Performing identity checks; or
- Disclosures to foreign authorities to reduce financial crime and terrorism
INFORMATION SHARING
Your information will not be sold, or provided to anyone else, or used for any purpose that is not related to any of our services, unless you have been advised that we will do so or it is required by law. Where we need to share personal or confidential information to other partners or parties we will do so only with your prior explicit consent or where we are legally required to.
COMMUNICATIONS WITH ipNX
Telephone calls
When you call our contact centres, we record our calls for quality assurance and training purposes and keep them for 24 months. We do not record telephone payment transactions or if the call is passed onto another member of staff who works outside of the contact centre.
Using our website
Online Electronic Forms (e-forms)
All our e-forms have links to this Privacy Notice before you submit any personal information. We recommend that you read the Privacy Notice before filling in the form. Details of your rights are in the Privacy Notice.
AUTOMATED DECISION MAKING
Automated decision making
We sometimes use automated systems for decision-making. You have the right to object to any decision made by solely automated means and can request for human intervention on any such decision. You also have the right to challenge the decision.
HOW LONG YOUR INFORMATION WILL BE HELD
We Will Not Keep Your Information Any Longer Than Needed To Provide The Services You Require. We May Keep Your Data Longer If We Need To Retain It For Legal, Regulatory, Or Best Practice Reasons.
HOW WE PROTECT YOUR INFORMATION
The information you provide will be subject to thorough measures and procedures to make sure it can’t be seen, accessed, or disclosed to anyone who shouldn’t be allowed to access it.
We abide by strict information and security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We train staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
In terms of payments, all transactions carried out via our payment providers’ website are protected by Secure Socket Layer (SSL) technology. This is to ensure that any information you provide, when transmitted over the internet, is encrypted and secure.
We have procedures and policies in place to ensure we do our best to protect your personal data. This includes reporting of near miss events so that we continually improve procedures.
In the case of a breach IpNX has a duty to inform the regulator (NITDA) without undue delay. We are obligated to notify the agency within 72 hours.
YOUR RIGHTS
The Nigeria Data Protection Regulation (NDPR) gives certain rights to individuals in relation to their personal data. The rights afforded to individuals are:
Right of access (subject access)
- You have the right to ask IpNX what personal information we are processing about you.
Right of rectification
- You have the right to have inaccurate personal data rectified without undue delay. Incomplete data should also be completed.
Right to erasure (right to be forgotten)
- Under certain circumstances you can ask for your data to be erased. You will be notified of outcome of the request without undue delay and no later than a month after a request has been made.
Right to restriction of processing
- You can request restriction of the processing of your information in a number of circumstances:
- When processing is restricted IpNX is allowed to store the personal data, but not to process it further.
- If the personal data in question is disclosed to third parties, IpNX will inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.
Right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. You can request only the data you have supplied to a controller (under either ‘Consent’ or ‘Contract’ lawful conditions only). You can request that this information is supplied directly to another data controller on your behalf.
Right to object
You have the right to object to the use of your data if it is processed for services which you object to or opt-out of.
LINKS TO THIRD-PARTY WEBSITES
We may display advertisements from third parties and other content that link to third-party websites. We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, please understand that you are leaving IpNX website and any personal data you provide will not be covered by this Privacy Notice. Please read their Privacy Notice to find out how they collect and process your personal data.
CHANGES TO THIS PRIVACY POLICY
We may occasionally make changes to the Policy or when significant changes occur in related legislation or in council strategy. When this happens we will place an updated version on this page and the date the page has been amended will be visible at the top of this page.
CONTACT INFORMATION
Questions, comments and requests regarding this privacy policy should be addressed to privacy@ipnxnigeria.net or in writing to “The Data Protection Officer” at 4 Balarabe Musa Crescent, Victoria Island, Lagos.