Foundation for Partnership Initiatives in the Niger Delta (“PIND” “we”) takes the personal data of our data subjects that we collect seriously. We understand the need to treat such information as confidential and use the information strictly for the purpose for which they were obtained and in accordance with the applicable extant laws. We are therefore committed to treating personal data received through our product offerings, website, and other platforms with due care and dedicated to safeguarding the personal data of our Data Subjects.
More importantly, we are bound by the Nigeria Data Protection Regulation (NDPR). Therefore, in accordance with the obligations bestowed on Data Controllers and Data Processors under the NDPR, this policy provides an overview of what personal data we gather about individuals (“you”) and how we process it.
Additionally, this policy outlines the rights available to you under the NDPR and how you can exercise them.
1. What constitutes your consent?
2. Who is legally responsible for handling your personal data and whom can you contact about this subject?
According to the NDPR, this responsibility rests upon the “Data Controller”, namely:
Foundation for Partnership Initiatives in the Niger Delta
25 Jimmy Carter Crescent,
Asokoro, Abuja – Nigeria
Tel: (+234(0)9 291 0454)
If you have any general questions or concerns about this Policy, as well as queries or complaints about how we process your data, kindly contact our Data Protection Officer via the contact details above or this email address: firstname.lastname@example.org
3. What personal data do we process?
Personal data refers to any information that tells us something about you or that we can link directly to you. Typically, we will hold data about you that is relevant to the relationship we have with you and how you interact with us.
We process the images of data subjects captured on our CCTV cameras stationed at various critical points within the foundation premises. We also process any information we receive from you, including personal and financial information you provide to us with respect to onboarding you as a beneficiary/ partner, when we employ you as a contractor, when you enquire about our services, register to use and/or use any of our services and when you communicate with us through our social media sites, our website or portal, e-mail, telephone or any other electronic means.
Such information may include the following:
– Name and other contact data of customers, contractors, and vendors.
- For Beneficiaries/ Partners: We may collect your first, middle, and last name; phone number; age; email address; home address; date of birth; Bank Verification Number (BVN); account details; an identification document such as a copy of driver’s license, international passport, national identity card, voter’s card and other similar contact data to process grants.
- For Contractors: We may collect your first, middle, and last name; phone number; email address; home address; date of birth; state of origin; signature, and other details for the fulfillment and maintenance of your employment relationship with us.
- For Vendors: We may collect a contact name, phone number; email address; office address, etc to fulfill your contract with us.
– Usage Data: We may collect usage data sent by your browser whenever you access our website. When you access our services through a computer, this usage data may include information such as the pages of our service that was visited, the time and date of the visit, etc.
4. Why do we collect your personal data?
We collect your personal data to facilitate and manage our relationship with you. Specifically, we collect your personal data for at least one of the following purposes:
- Based on unambiguous consent
In order for us to establish and maintain relationships with our grantee, beneficiaries, partners, contractors and vendors personal data is collected and processed based on the consent provided by the data subject.
- For compliance with a legal obligation or acting in the public interest
As an organization, we are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data. Such obligations might be for anti- money laundering purposes, or to respond to investigations or disclosure orders from law enforcement agencies, our regulators, and tax or other public authorities.
- For legitimate interests
Where necessary, we will process your personal data to serve our legitimate interests or those of a third party. Such applicable cases include:
- Managing our overall relationship with you as our beneficiaries, contractor or vendor
- Responding to your complaints and inquiries
- Carrying out statistical and other analyses to identify trends, evaluate and improve our outreach
- Information security and building security
- Managing the risks and optimizing the efficiency of our operations
- Recording telephone calls and monitor electronic communications for general operations and compliance purposes
- Prevention and detection of fraud, money laundering, and other financial crimes
- Evaluating/ bringing or defending legal claims
- Protecting the foundation buildings and property
- Marketing of our products and services. We will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them. Additionally, you can withdraw your consent at any time and free of charge via our customer service channels
- Audit purposes
5. What are our data collection methods?
We may obtain personal data through the following methods:
Direct collection source:
- Attendance forms
- Beneficiary consent form
- Electronic means (emails, social media sites, website, telephone, and portal)
- Vendor Questionnaire
- Contractor consent form
- Visitors register
- CCTV cameras
Third–party data collection source:
- Individuals nominated and authorized by the data subject to engage us on his/her behalf. A copy of your consent given to the third party to transfer your data to PIND shall suffice for our processing
- HR Outsourcing Firm
- Financial Institutions
- Publicly available sources, e.g. newspapers, websites
- Government agencies
We will use cookie technology on our website. Cookies are small applications saved on your Internet browser when you use our website. The cookie is sent to your computer or device each time you visit our websites. Cookies enable you to access our website faster and have a better experience online. The cookies can be disabled, if you wish, by clicking on the appropriate prompt. However, some parts of our websites or online services may not work if you do so.
7. Record retention period
8. Sharing your personal data
We may share information about you with a range of third parties for legitimate purposes or as permitted/required by law. Such third parties may include our service providers; professional advisors; financial institutions; regulators; law enforcement agencies; courts; public authorities; etc. These third parties could be located outside Nigeria.
We will only disclose information about you with your consent, where necessary, and in line with the provisions of the NDPR.
9. Transferring your data to other countries
Where necessary, in line with the purposes described in section 8 above, information relating to you may be transferred to countries outside Nigeria, i.e., third countries. However, if we use service providers in a third country, they will be obligated to apply the same level of protection to your data as would be necessary for Nigeria. We will enforce this through the inclusion of standard data protection clauses in our agreements with them and by conducting vendor security assessments. Above all, we will only transfer your personal data to a third country in a way that is permitted under the NDPR.
10. What are your rights?
Under the NDPR, you are entitled to the following rights:
I. Request to Access, Rectify or Erase
1. Based on unambiguous consent
You have the right to access personal data relating to you. This enables you to receive a copy of the personal data we hold about you in electronic form unless you want a paper copy which will attract a fee.
2. Rectification Request
You have the right to ask us to correct your personal data if it is inaccurate and to have incomplete personal data updated without undue delay.
3. Erasure Request
You have the right to ask us to erase your personal data if:
Your personal data are no longer necessary for the purpose(s) they were collected for
- Your personal data have been unlawfully processed
- Your personal data must be erased to comply with a regulation
- You withdraw your consent for the processing of the personal data (and if this is the only basis on which we are processing your personal data)
- You object to processing that is based on our legitimate interests, provided there are no overriding legitimate grounds for continued processing, or
- You object to processing for direct marketing purposes.
If we have made the personal data concerned public, we will also take reasonable steps to inform other data controllers processing the data so they can seek to erase links to or copies of your personal data.
II. Request to Object
Additionally, you have the right to object at any time if we process your personal data for direct marketing purposes. You may also object at any time to profiling supporting our direct marketing. In such cases, we will simply stop processing your personal data when we receive your objection.
III. Request to Restrict
You have the right to ask us to restrict the processing of your personal data if:
- You contest the accuracy of your personal data, and we are in the process of verifying the Personal Data we hold
- The processing is unlawful, and you do not want us to erase your personal data
- We no longer need your personal data for the original purpose(s) of processing, but you need them to establish, exercise, or defend legal claims, and you do not want us to delete the Personal Data as a result, or
- You have objected to processing carried out because of our legitimate interests while we verify if our legitimate grounds override yours.
IV. Request for Portability
You have the right to ask that we transfer any personal data that you have provided to us to another third party in a commonly used electronic format. Once transferred, the other party will be responsible for safeguarding such personal data.
V. Request to Object to Automated Decisions
Typically, you have the right to object to any decision producing a legal effect concerning you or which otherwise significantly affects you if this is based solely on the automated processing of your personal data. This includes automated decisions based on profiling.
We may refuse your request if the decision in question is:
- Necessary to maintain a beneficiary relationship with you, or for the performance of your contract with us, or
- Permitted by regulations
To exercise any of these rights, please write to the Data Protection Officer via the contact details provided in Section 2 above.
11. How do we protect your personal data?
We store personal data as required by law, and such is held in Nigeria both physically and electronically. Our security systems are designed to prevent the loss, unauthorized destruction, damage and/or access to your personal data from unauthorized third parties. Some of our security measures include physical access controls to our premises, cyber security controls as well as information access authorization controls.
We will also publish security tips and updates from time to time on our website to make sure that you benefit from our security systems and stay updated with the latest fraud scams and trends. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the personal data we maintain about you is accurate and up to date.
We will duly inform you of any breaches which may pose a threat to your personal data.
In the event of a violation of this policy, our Data Protection Officer shall, within seven days, redress the violation. Where the violation pertains to the disclosure of your personal data without your consent, such information shall be retracted immediately, and confirmation of the retraction sent to you within 48 hours of the redress.