This is a Policy approved by the Management of FINTRAK SOFTWARE COMPANY LIMITED to protect and educate the Data Subjects (I.e. Staff, Clients , Customers, Vendors) irrespective of the medium through which such personal data are being collected or processed.
Sequel to the extant Laws and Data Protection Policy; to wit: the Nigerian Data Protection Regulations, 2019 (NDPR) and Fintrak Software Company Limited’s Data Privacy and Protection Policy, The Company herein complies with the salient Provisions 4.2 and 8.5respectively. The privacy right of a Data Subject shall be interpreted for the purpose of advancing and never for the purpose of restricting the safeguards Data Subject is entitled to under any data protection instrument made in furtherance of fundamental rights and the Nigerian laws.
OBJECTIVES:
The objectives of this Regulation are as follows:
a)to safeguard the rights of natural persons to data privacy;
b)to foster safe conduct for transactions involving the exchange of Personal Data;
c)to prevent manipulation of Personal Data; and
to ensure that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practice.
CONSTITUTION:
The Company may collect, process, store and use my personal data for the performance of contract(s), signed by Data Subject with FINTRAK SOFTWARE COMPANY LIMITED and for other specific , Legitimate purposes including but not limited to payment for services rendered etc. In line with FINTRAK SOFTWARE COMPANY LIMITED Data Privacy and Protection Policy and the Nigerian Data Protection Regulations, 2019 (NDPR).
The Data Subject’s personal data required by FINTRAK SOFTWARE COMPANY LIMITED for the purposes mentioned herein may include name, email address, office address, phone number, and other related data.
The Company will obtain and retain (with whatever technical method such as Cookies, JWT, Web, tokens etc) the personal data as long as necessary for the purpose for which it is collected.
FINTRAK SOFTWARE COMPANY LIMITED may Store, share my personal data with its affiliates, agents, regulatory authorities or third party service providers for the purposes for which it is collected or in compliance with provisions of applicable laws.
The Data Subjects shall have the rights to:
A. request for and access personal data collected and stored by FINTRAK SOFTWARE COMPANY LIMITED;
B. withdraw consent at any time;
C. object to automated decision making;
D. request rectification and modification of my data kept by FINTRAK SOFTWARE COMPANY LIMITED;
E.request for deletion of data;
F.be informed of and entitled to provide consent prior to the processing of data for
purposes other than that for which the personal data were collected;
G.request the movement of my data by FINTRAK SOFTWARE COMPANY LIMITED to third parties; and
H.request that FINTRAK SOFTWARE COMPANY LIMITED restricts its processing of my information
The Company shall ensure Personal Data:
a)collected and processed in accordance with specific, legitimate and lawful purpose consented to by the Data Subject; provided that:
i.a further processing may be done only for archiving, scientific research, historical research or statistical purposes for public interest;
ii.any person or entity carrying out or purporting to carry out data processing under the provision of this paragraph shall not transfer any Personal Data to any person;
b)adequate, accurate and without prejudice to the dignity of human person;
c)stored only for the period within which it is reasonably needed, and secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements
d)The Company shall take appropriate measures to provide any information relating to processing to the Data Subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and for any information relating to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the Data Subject, the information may be provided orally, provided that the identity of the Data Subject is proven by other means.
e)if the Company does not act on the request of the Data Subject, the Company shall inform the Data Subject without delay and at the latest
within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority.
The Company must ensure that no data shall be obtained except the specific purpose of collection is made known to the Data Subject;
(1)Data Company is under obligation to ensure that consent of a Data Subject has been obtained without fraud, coercion or undue influence; accordingly:
a)where processing is based on consent, the Company shall be able to demonstrate that the Data Subject has consented to processing of his or her Personal Data and the legal capacity to give consent;
b)if the Data Subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding on the Data Subject;
c)prior to giving consent, the Data Subject shall be informed of his right and method to withdraw his consent at any given time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
d)when assessing whether consent is freely given, utmost account shall be taken of whether the performance of a contract, including the provision of a service, is conditional on consent to the processing of Personal Data that is not necessary (or excessive) for the performance of that contract; and where data may be transferred to a third party for any reason whatsoever
PENALTY FOR DEFAULT
Any person subject to this Regulation who is found to be in breach of the data privacy rights of any Data Subject shall be liable, in addition to any other criminal liability, to the following:
a)in the case of a Data Company dealing with more than 10,000 Data Subjects, payment of the fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira, whichever is greater;
b)in the case of a Data Company dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million Naira, whichever is greater.
ADMINISTRATIVE REDRESS PANEL
(1)Without prejudice to the right of a Data Subject to seek redress in a court of competent jurisdiction, the Agency shall set up an Administrative Redress Panel under the following terms of reference;
(2)Investigation of allegations of any breach of the provisions of this Regulation;
(3)Invitation of any party to respond to allegations made against it within seven days;
(4)Issuance of Administrative orders to protect the subject-matter of the allegation pending the outcome of investigation;
(5)Conclusion of investigation and determination of appropriate redress within twenty-eight (28) working days; and
Any breach of this Regulation shall be construed as a breach of the provisions of the National Information Technology Development Agency (NITDA) Act of 2007.
It is Presumed that all the information stated herein that are within the reader /Data Subject knowledge and will consent to the collection, processing, use and transfer of my personal data, within or outside Nigeria, for the purposes stated herein.