Data Policy
Data Policy
Data Policy
This is a policy approved by the management of bitMARTe CBIT Industries Ltd to protect and
educate data subjects (e.g. employees, customers, suppliers), regardless of the means by which
such personal data is collected or processed.
Maintain existing data protection rules and policies; namely: Nigerian Data Protection Regulations
2019 (NDPR) and Privacy Policy of bitMARTe CBIT Industries Ltd. In this case, the Company
respects the main provisions 4.2 and 8.5 respectively. The data subject's right to privacy should
be interpreted as strengthening and never as a limitation of the protection to which the data
subject is entitled under all data protection instruments established to promote fundamental rights
and Nigerian laws.
OBJECTIVES:
The objectives of this regulation are:
a) to safeguard the rights of natural persons to data privacy;
b) promote security when carrying out operations involving the exchange of personal data;
c) prevent the manipulation of personal data; and
to ensure that Nigerian businesses remain competitive in international trade through the
protections provided by a fair and equitable data protection framework in line with best practices.
CONSTITUTION:
The Company may collect, process, store and use my personal data to execute the contracts
signed by Data Subject with bitMARTe CBIT Industries Ltd and for other specified legitimate
purposes, including but not limited to payment for services provided etc. In accordance with the
bitMARTe CBIT Industries Ltd Privacy Policy and the Nigerian Data Protection Regulations 2019
(NDPR).
The Data Subject's personal data requested by bitMARTe CBIT Industries Ltd for the purposes
stated herein may include first and last name, email address, registered company address,
telephone number and other related data.
The Company collects and stores (regardless of the technical method such as cookie, JWT, web,
token, etc.) personal data for the period necessary for the purposes for which they were collected.
bitMARTe CBIT Industries Ltd may retain and disclose my personal data to its affiliates, agents,
regulatory authorities or third party service providers for the purposes for which it is collected or
as permitted by applicable law.
The Data Subject shall have the rights to:
A. Request and access to personal information collected and stored by bitMARTe CBIT Industries
Ltd;
B. Revoke consent at any time;
C. Resistance to automated decision making;
D. request the correction and modification of my data stored by bitMARTe CBIT Industries Ltd;
E. Request for deletion of data;
F. must be informed before data processing and have the right to give their consent
purposes other than those for which the personal data were collected;
G Request bitMARTe CBIT Industries Ltd to share my information with third parties; and
H. Request that bitMARTe CBIT Industries Ltd restrict the processing of my data
The company must ensure that no data is collected without the Data Subject informing the
company of the specific purpose of the collection;
(1) The data controller has the duty to ensure that the consent of the data subject is obtained
without fraud, coercion or undue influence; appropriate:
a) If the processing is based on consent, the company can demonstrate that the Data Subject
has consented to the processing of his personal data and has the legal capacity to express his
consent.
(b) If the consent of the person concerned is expressed by a written statement that also applies
to other matters, the request for consent must be made in a manner that is clearly different from
other matters, in an understandable and easily accessible form and using clear methods and
simple language. Any part of this Statement that constitutes a violation of these Rules will not be
binding on the affected party;
c) Before consent is given, the Data Subject is informed about his rights and the possibility of
withdrawing his consent at any time. However, the revocation of consent does not affect the
lawfulness of the processing carried out based on the consent before its revocation;
d) When assessing whether consent is voluntary, particular attention must be paid to whether the
performance of the contract, including the provision of the service, depends on consent to the
processing of personal data that is not necessary for the performance (or beyond) are this
contract; and where data may be disclosed to third parties for any reason
(a) in the case of data companies dealing with more than 10,000 Data Subjects, the payment of
a penalty equal to 2% of the Annual Gross Revenue of the previous year or the payment of the
amount of 10 million Naira, whichever is greater;
(b) in the case of a data company dealing with less than 10,000 Data Subjects, the payment of
a penalty equal to 1% of the Annual Gross Revenue of the previous year or the payment of N2
million, whichever is greater.
(1) Without prejudice to the right of the Data Subject to appeal to a competent jurisdiction, the
Agency shall establish an Administrative Appeals Commission under the following terms of
reference:
(2) Investigation of allegations of violation of the provisions of this Ordinance;
(3) to require any party to respond within seven days to the charges against them;
(4) issue administrative orders to protect the subject-matter of the charge pending the completion
of the investigation;
(5) Complete the investigation and determine appropriate action within twenty-eight (28) working
days; and
Any violation of these regulations shall be deemed to be a violation of the provisions of the
National Information Technology Development Agency (NITDA) Act, 2007.
All information contained in this document is subject to the knowledge and consent of the
reader/Data Subject to the collection, processing, use and transfer of my personal data within or
outside Nigeria for the purposes set out in this document.