Effective Date: 01 January 2024
Nigerian Youth Academy ("NiYA" or “Platform”) is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, share, and protect your personal data in compliance with the Nigerian Data Protection Act, 2023 (NDP Act) and other applicable data protection laws in Nigeria.
Preamble
Nigerian Youth Academy (NiYA) recognizes the privacy rights of all individuals who interact with our platform. This policy is designed to ensure transparency in our data processing practices and adherence to the Nigeria Data Protection Act (NDP Act), and other relevant legal instruments aimed at protecting personal data.
1. Name and Address of the Data Controller
Data Controller: Sapphital Learning Ltd
Address: Plot 975 Cadastral Zone A0, Central Business District, Abuja, Nigeria.
Contact Information: hello@niya.ng
2. Definitions and Interpretation
In this Policy, the following terms shall have the meanings assigned:
“Personal Data”: Any information relating to an identified or identifiable natural person.
“Processing”: Any operation or set of operations performed on personal data, whether or not by automated means.
“Data Subject”: An individual whose personal data is processed by NiYA.
“Data Controller”: NiYA, as the entity that determines the purposes and means of processing personal data.
“Cookies”: Small text files that are placed on your device by NiYA when you visit certain parts of our Website to analyse browsing habits and preferences.
3. Information We Collect
3.1 Categories of Personal Data Collected:
- Personal Identification Information: Name, address, email address, phone number, gender, date of birth, and other contact details.
- Usage Data: Information about how you interact with our platform, including your IP address, browser type, pages viewed, time spent on pages, and links clicked.
- Device Information: Data about the device you use to access our platform, such as operating system, device type, and network information.
- Demographic Information: Data such as your age, gender, and location, which may be collected through surveys or forms.
- Communication Data: Records of your correspondence with us, including customer service inquiries and support requests.
3.2 How We Collect Data:
- Direct Collection: Through registration, form submissions, interactions on the platform, and direct communications with NiYA.
- Automated Collection: Via cookies, web beacons, and other tracking technologies that monitor usage patterns on our website and mobile applications.
- Third-Party Sources: Data from third-party service providers, including social media platforms, analytics providers, and payment processors.
OUR SCOPE OF DATA PROCESSING
In varying degrees, vis-à-vis the services we provide for you or your level of engagement with us, we do process your personal data. Below is a table containing the major types of personal data, the purpose and the lawful bases for processing them:
Please note that the categories of data and the lawful basis provided are not exhaustive. We are governed by the NDP Act, and we process data without prejudice to your rights as a data subject.
4. Purpose of Data Processing
NiYA processes your personal data for various purposes, including but not limited to:
- Providing Services: To manage your registration, provide access to courses, and maintain platform functionality.
- Improving Services: To analyse usage data and feedback to improve the platform’s performance and user experience.
- Communications: To send notifications, newsletters, updates, and respond to your inquiries.
- Compliance: To comply with legal obligations, such as record-keeping, reporting, and responding to lawful requests by public authorities.
- Marketing: To deliver personalized content and advertising based on your interests, subject to your consent.
- Security: To monitor and enhance the security of our platform, including detecting and preventing fraud and other unauthorized activities.
5. Legal Basis for Processing
NiYA processes personal data based on the following legal grounds:
- Consent: Your explicit consent is obtained for processing activities such as marketing communications.
- Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which NiYA is subject.
- Legitimate Interests: Processing is necessary for the legitimate interests pursued by NiYA, except where such interests are overridden by your rights and freedoms.
6. Sharing of Personal Data
6.1 Data Sharing with Third Parties:
NiYA may share your personal data with:
Service Providers: To perform services on our behalf, including payment processing, hosting, data analysis, customer support, and email delivery.
- Business Partners: For co-branded services or shared marketing initiatives.
- Legal Authorities: To comply with legal requirements, court orders, or government requests.
- With Your Consent: Where you have explicitly consented to data sharing.
The type of data usually processed for this may be your name, email, phone number and contact details. Where such services depend on consent, you have the right to decline and further restrict the processing of your personal data. You can simply unsubscribe to the notices sent for the purpose of such services.
6.2 International Data Transfers:
To effectively meet its objectives and mandate, NiYA may work with, and require the services of, third party partners who may be within or outside the NDPA jurisdiction (Nigeria). Examples of such services include but are not limited to the following:
- Internet connectivity,
- Cloud storage,
- Data analytics,
- Data security, and
- Software development
- eLearning production
- Training curriculum and contents
Your Personal data may be transferred to and processed in such jurisdictions. NiYA ensures that such transfers are conducted in compliance with NDPA by implementing adequate safeguards, including standard contractual clauses, and working with partners that are compliant to the General Data Protection Regulations (GDPR) and other relevant data protection laws.
7. Data Security
NiYA implements appropriate technical and organizational measures to protect your personal data, including:
- Encryption: Data is encrypted both in transit and at rest to prevent unauthorized access.
- Access Controls: Strict access controls ensure that only authorized personnel can access personal data.
- Regular Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
- Incident Response: A dedicated incident response team is in place to manage and mitigate the impact of data breaches.
Despite our efforts, please note that no security measures are infallible. Therefore, we cannot guarantee absolute security of your personal data.
8. Data Retention
NiYA retains personal data only as long as necessary for the purposes stated in this policy or as required by law. Retention periods are determined based on:
- Legal Requirements: Compliance with record-keeping laws and other statutory obligations.
- Business Needs: Duration of your relationship with NiYA and subsequent service requirements.
- Dispute Resolution: Retention of data necessary to resolve disputes or enforce agreements.
Upon your request, NiYA will delete or anonymize personal data that is no longer needed, subject to legal and operational constraints.
9. Your Rights
As a data subject, you have the following rights under the NDP Act:
- Right to Access: Obtain confirmation of whether your personal data is being processed and request access to your data.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): Request the deletion of your personal data under certain conditions.
- Right to Restrict Processing: Request the limitation of data processing where applicable.
- Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
- Right to Object: Object to the processing of your personal data on grounds related to your particular situation.
- Right to Withdraw Consent: Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: File a complaint with the Nigerian Data Protection Commission if you believe that your data protection rights have been violated.
DATA PROTECTION OFFICER
We have provided a platform to respond promptly and satisfactorily to all your requests, suggestions and complaints. This is called the DPSU. We have a Data Protection Officer who is responsible for prompt action on your data privacy. Contact the DPSU via this link: dpo@ndpc.gov.ng. Our DPSU serves as the internal mechanism to carry out the following services, amongst others:
a) Data protection regulations compliance and breach services
b) Data protection and privacy advisory services
c) Data protection capacity building
d) Data Regulations Contracts drafting and advisory
e) Data protection and privacy breach remediation planning and support services
f) Information privacy audit
g) Data privacy breach impact assessment
h) Data Protection and Privacy Due Diligence Investigation
i) Data Protection Officer
10. Cookies and Tracking Technologies
NiYA uses cookies and other tracking technologies to enhance the user experience and analyze usage patterns:
Types of Cookies Used:
- Essential Cookies: Necessary for the operation of the platform.
- Performance Cookies: Used to collect information about how visitors use the platform.
- Functionality Cookies: Allow the platform to remember choices you make and provide enhanced features.
- Targeting Cookies: Used to deliver relevant advertisements to you and measure the effectiveness of advertising campaigns.
11. Third-Party Websites and Services
NiYA may contain link to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party services, and NiYA is not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party services you interact with.
12. Changes to This Privacy Policy
NiYA reserves the right to update or modify this Privacy Policy at any time. Please read and update yourself from time to time about our Privacy Policy. Your continued use of the platform after such changes indicates your acceptance of the updated policy.
13. Contact Us
We have a Data Protection officer who is available to answer any questions or concerns about this Privacy Policy or to advise on how you can exercise your data protection rights. Please contact us at:
Email: hello@niya.ng
Address: Plot 975 Cadastral Zone A0, Central Business District, Abuja, Nigeria.