0% found this document useful (0 votes)
33 views4 pages

Data Policy

Download as pdf or txt
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 4

Privacy Policy

This is a policy approved by the management of bitMARTe CBIT Industries Ltd to protect and
educate data subjects (e.g. employees, customers, suppliers), regardless of the means by which
such personal data is collected or processed.

Maintain existing data protection rules and policies; namely: Nigerian Data Protection Regulations
2019 (NDPR) and Privacy Policy of bitMARTe CBIT Industries Ltd. In this case, the Company
respects the main provisions 4.2 and 8.5 respectively. The data subject's right to privacy should
be interpreted as strengthening and never as a limitation of the protection to which the data
subject is entitled under all data protection instruments established to promote fundamental rights
and Nigerian laws.

OBJECTIVES:
The objectives of this regulation are:
a) to safeguard the rights of natural persons to data privacy;
b) promote security when carrying out operations involving the exchange of personal data;
c) prevent the manipulation of personal data; and
to ensure that Nigerian businesses remain competitive in international trade through the
protections provided by a fair and equitable data protection framework in line with best practices.

CONSTITUTION:
The Company may collect, process, store and use my personal data to execute the contracts
signed by Data Subject with bitMARTe CBIT Industries Ltd and for other specified legitimate
purposes, including but not limited to payment for services provided etc. In accordance with the
bitMARTe CBIT Industries Ltd Privacy Policy and the Nigerian Data Protection Regulations 2019
(NDPR).

The Data Subject's personal data requested by bitMARTe CBIT Industries Ltd for the purposes
stated herein may include first and last name, email address, registered company address,
telephone number and other related data.

The Company collects and stores (regardless of the technical method such as cookie, JWT, web,
token, etc.) personal data for the period necessary for the purposes for which they were collected.

bitMARTe CBIT Industries Ltd may retain and disclose my personal data to its affiliates, agents,
regulatory authorities or third party service providers for the purposes for which it is collected or
as permitted by applicable law.
The Data Subject shall have the rights to:

A. Request and access to personal information collected and stored by bitMARTe CBIT Industries
Ltd;
B. Revoke consent at any time;
C. Resistance to automated decision making;
D. request the correction and modification of my data stored by bitMARTe CBIT Industries Ltd;
E. Request for deletion of data;
F. must be informed before data processing and have the right to give their consent
purposes other than those for which the personal data were collected;
G Request bitMARTe CBIT Industries Ltd to share my information with third parties; and
H. Request that bitMARTe CBIT Industries Ltd restrict the processing of my data

The company guarantees that the personal data:


a) are collected and processed in accordance with a specific, legitimate and lawful purpose to
which the Data Subject has consented; only if:
i. a further processing may only take place for archival, research, scientific, historical or statistical
purposes in the public interest;
ii. The natural or legal person who processes or wishes to process data in accordance with the
provisions of this paragraph will not disclose personal data to third parties;
b) appropriate, precise and without prejudice to the dignity of the human person;
c) are kept only for the period for which it is reasonably necessary and protected from foreseeable
threats and breaches such as theft, cyberattacks, virus attacks, distribution, alteration of any kind,
damage caused by rain, fire or action of other natural elements
d) The company will take appropriate measures to provide Data Subject with all information
related to the processing in a concise, transparent, understandable and easily accessible form
and in clear and simple language. The information will be provided in writing or otherwise,
including, where appropriate, in electronic form. At the request of the Data Subject, the information
can be provided verbally, provided that the identity of the Data Subject is confirmed in another
way.
e) If the company does not comply with the Data Subject's request, the company will inform the
Data Subject immediately at the latest, within one month from receipt of the request to justify the
inaction and submission of the complaint to the supervisory authority.

The company must ensure that no data is collected without the Data Subject informing the
company of the specific purpose of the collection;
(1) The data controller has the duty to ensure that the consent of the data subject is obtained
without fraud, coercion or undue influence; appropriate:
a) If the processing is based on consent, the company can demonstrate that the Data Subject
has consented to the processing of his personal data and has the legal capacity to express his
consent.
(b) If the consent of the person concerned is expressed by a written statement that also applies
to other matters, the request for consent must be made in a manner that is clearly different from
other matters, in an understandable and easily accessible form and using clear methods and
simple language. Any part of this Statement that constitutes a violation of these Rules will not be
binding on the affected party;
c) Before consent is given, the Data Subject is informed about his rights and the possibility of
withdrawing his consent at any time. However, the revocation of consent does not affect the
lawfulness of the processing carried out based on the consent before its revocation;
d) When assessing whether consent is voluntary, particular attention must be paid to whether the
performance of the contract, including the provision of the service, depends on consent to the
processing of personal data that is not necessary for the performance (or beyond) are this
contract; and where data may be disclosed to third parties for any reason

PUNISHMENT FOR INCOMMINANCE


Anyone subject to this Regulation who violates the right to confidentiality of the data of any Data
Subject will, in addition to any other criminal liability, be held responsible for:

(a) in the case of data companies dealing with more than 10,000 Data Subjects, the payment of
a penalty equal to 2% of the Annual Gross Revenue of the previous year or the payment of the
amount of 10 million Naira, whichever is greater;
(b) in the case of a data company dealing with less than 10,000 Data Subjects, the payment of
a penalty equal to 1% of the Annual Gross Revenue of the previous year or the payment of N2
million, whichever is greater.

ADMINISTRATIVE COMMITTEE OF INVESTIGATION

(1) Without prejudice to the right of the Data Subject to appeal to a competent jurisdiction, the
Agency shall establish an Administrative Appeals Commission under the following terms of
reference:
(2) Investigation of allegations of violation of the provisions of this Ordinance;
(3) to require any party to respond within seven days to the charges against them;
(4) issue administrative orders to protect the subject-matter of the charge pending the completion
of the investigation;
(5) Complete the investigation and determine appropriate action within twenty-eight (28) working
days; and
Any violation of these regulations shall be deemed to be a violation of the provisions of the
National Information Technology Development Agency (NITDA) Act, 2007.

All information contained in this document is subject to the knowledge and consent of the
reader/Data Subject to the collection, processing, use and transfer of my personal data within or
outside Nigeria for the purposes set out in this document.

You might also like