3. What data do we collect about you?
The data we collect from you is personal data. Personal data, or personal information, means any information about an individual from which that person can be identified.
We may collect, use, store specific types of personal data we may collect are as follows:
- Identity Data: includes data such as first name, maiden name, last name, social media username or similar identifier, marital status, title, date of birth, next-of-kin data, biometric data, and gender.
- Contact Data: includes data such as home address, email address and telephone number.
- Financial Data: includes data such payment card details, bank information and payment information.
- Transaction Data: includes data such as details about payments to and from you and other details of products and services you have purchased from us.
- Marketing and Communication Data: includes data regarding your preferences in receiving marketing materials from us as well as your communication preferences.
4. How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct collection: You may give us your data by filling in forms (e.g., the contact form on our website); creating your profile; by correspondence and conversations (including via email and telephone); or through contracts we may enter with you.
- Automated technologies: As you interact with our website, we will automatically collect data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We collect such data to be able to properly provide you with our services.
- Third parties or publicly available sources: We may also receive your personal data from third parties to whom you have legally provided such data to, such as your employer, benefactors, etc. To the extent that such data is disclosed by third parties, different rules may apply to their use or disclosure of your information. We do not control how they use or share your data and we cannot make any representations or warranties as to these. We however have control over data that you have voluntarily shared to us directly or through your usage of our website. With your consent, we use your information to fulfil requests to receive information or materials from us, to carry out services for your benefit and to process applications and requests from you. We do not use your data for any other purpose than for the purposes listed out in this policy and we do not sell, lend, or rent any personally data about you to any third parties.
5. Lawful basis for our use of your personal data
We will only use your personal data as allowed by law. Under the Nigeria Data Protection Regulation 2019 (NDPR), personal data may be processed under any of the following lawful basis:
- Where you consent to our use of your personal data
- Where we need to perform the contract which we are about to enter or have entered into with you.
- Where we need to comply with a legal obligation.
- Where we need to protect your vital interest or the vital interest of another individual
- Where it is in the interest of the general public to process your data.
While we mostly collect and process your data with your consent, we may collect and process your data under any of the identified lawful basis depending on the circumstance. We do not always need your consent to process your data. However, we do need your consent before we can process your data for purposes such as direct marketing communications. You are at liberty to withdraw your consent to such kinds of processing at any time. Where such withdrawal makes us unable to proceed with providing you with certain services, we will inform you accordingly.
6. Why we use your data
We collect data to enable us process requests which you make, or which are made on your behalf with your consent and to provide you with our services.
We collect data to be able to communicate with you, to provide further information on our products and services and to assist you.
We also collect data to be able to respond to questions or requests which you submit as well as anticipate and resolve problems with any services we offer to you.
7. Failure to provide data
Where you refuse to provide data required under contract or under law when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods). Where we have to cancel an order, you have made with us because you have not provided us with relevant data, we will notify you.
8. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. Disclosures of your personal data
It may be necessary for us to share your personal data with third parties. These third parties may include internal third parties such as members of our company or our affiliates, or external third parties such as our service providers, business partners, and merchants.
We may disclose any information about you as required by law and we may make such disclosures to law enforcement agencies and government officials, as necessary or appropriate under the relevant circumstance. Other than these instances and other instances allowed under law, we do not disclose or share your personal data provided to us without your authorisation.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not routinely transfer your data outside of Nigeria. Whenever we transfer your personal data out of Nigeria, we ensure that a similar degree of protection is afforded to it in the country to which it is transferred. You hereby consent to such transfers where such adequate protection has been ensured for your data.
11. Data Security
We have well-maintained systems for storing and managing your data, and we commit to carefully utilising your data in line with the provisions of this policy. We have suitable security measures in place to prevent your personal data from being accidentally lost or used or accessed in an unauthorised way by a third party.
In addition, we limit access to your personal data to only those employees, agents, merchants, service providers and other third parties who need to have access to your personal data in order to enable us to provide our services to you. They will only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We admit however that no database is completely secure or “hacker proof” and we only guarantee the safety of your data to the extent of our undertaking all reasonable measures to protect your data.
12. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. We have an internal data retention policy in place to this effect.
13. Your rights
In addition to being able to control the data your directly provide to us, you may exercise any of the below rights with respect to your data:
- Request information about any of your personal data which we are processing, and request access to your personal information which we process.
- Request correction of personal information that we hold about you to make them more accurate or to reflect change in circumstances.
- Request us to refrain from doing certain things with your data or restrict the extent of our collection or processing of your data.
- Request partial or complete erasure of your personal information.
- Object to our processing of your personal information where we are processing your personal information for direct marketing purposes.
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Request the transfer of your personal information to another party. If you wish to exercise any of the rights set out above, please contact us using the contact details provided below.
14. CCTV Cameras and Visitors’ Policy
We may use CCTV Cameras in some of our physical facilities and we may process your personal data using a CCTV system when you visit our physical facilities. Our CCTV systems monitor and record visual images, including your personal appearance, in our facilities. We process these recordings to ensure the continued integrity and security of our property and to detect incidents of security threats, theft, or hazard which would require our attention and which we would otherwise not be aware of. Specifically, we use CCTV systems to:
- prevent and detect crimes;
- identify, apprehend, and prosecute offenders;
- dealing with any queries, complaints, or enquiries;
- ensure the security of our and your property and that of our clients and contractors;
- ensure that our policies and procedures are being adhered to;
- to assist in any investigations or any disciplinary or grievance issue;
- monitor the security of our premises;
- monitor adherence to health and safety provisions and policies.
We process your data through CCTV systems under the tripartite legal basis of public interest, vital interest, and consent, in certain circumstances. Images captured by CCTV may be monitored and recorded and kept for up to 90 days after the recording was made. After this time, recording stored on the hard drive of our CCTV system will usually be overwritten. Information collected by our CCTV systems would only be viewed by authorized personnel and shall not be made available to third parties, except legal authorities or on compulsion by law. We will endeavour to inform you that your data is being taken through CCTV systems at our premises.
We may also collect your data at our physical facilities through our visitors’ logbook and other records. Typically, we obtain basic personal information from you which includes but is not limited to name, company name, phone number, reason of visit, date, and time of visit. We collect such data to be able to prevent and detect crimes, identify visitors in the case of investigations, to ensure contact tracing for the prevention of transmittable diseases and in line with health standards, to ensure the physical security of the people and items, security of confidential information located in our premises or accessible from our premises and to prevent loss, frauds, thefts, injuries, terrorism, and other events of such kind in our premises. We only take your information through the visitors’ logbook with your permission. On filling the visitor’s logbook, you may be required to consent to the routine collection of physical data by CCTV cameras located within our premises.
15. Contact Details
Full name of legal entity: O2O Network Limited (SABI)
Email address: [email protected]
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.