Document effective: July 01, 2022
- COLLECTION OF INFORMATION
We may collect and process the following information about you:
- Information that you provide to us, for example when you fill out a contact or web form, or if you register to receive alerts or updates.
- When you provide your Personal Data while signing up for a service or purchasing a product.
- Personal Data that we obtain or learn, such as information about the browser or device you use to access this site, how you use this site and the pages you visit, traffic and location data
- When you contact our customer support whether by phone, email, or chat
- [We may also ask you for information if you experience problems when using this site. We may also ask you to complete surveys for research purposes, although you don’t have to respond to these].
- [Personal Data we receive from other sources: We are working closely with third parties. We will notify you when we receive Personal Data about you from them and the purposes for which we intend to use that Personal Data].
- USE OF PERSONAL DATA
We may use your Personal Data, including non-public Personal Data as follows:
- Provide, maintain, and improve our services
- Provide and deliver the products and services you request, process transactions and send you related information, including confirmations.
- Verify your identity and prevent fraud.
- Send you technical notices, updates, security alerts and support and administrative messages.
- Respond to your comments, questions and requests and provide customer service.
- Communicate with you about products, services, offers, promotions, rewards, and events offered by Day Waterman and others, and provide news and information we think will be of interest to you.
- Monitor and analyse trends, usage and activities in connection with our services.
- Personalize and improve the services and provide advertisements, content or features that match user profiles or interests.
- [Process and deliver contest or promotion entries and rewards].
- Link or combine with information we get from others to help understand your needs and provide you with better service.
- Carry out any other purpose for which the Personal Data was collected.
Day Waterman is based in Nigeria and the information we collect is governed by the Nigeria Data Protection Regulation (NDPR). By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to Nigeria [and other countries].
- DISCLOSURE OF INFORMATION
We only disclose Personal Data to other companies or individuals in the following limited circumstances:
- We may provide such Personal Data to affiliated companies or other trusted businesses or persons for the purpose of processing Personal Data on our behalf. We require that these parties agree to process such Personal Data based on our instructions and in compliance with the Nigeria Data Protection Regulation (NDPR) and any other appropriate confidentiality and security measures. When they no longer need your Personal Data to fulfil this service, they will dispose of the details in line with the NDPR.
- [With other third parties such as email service providers that perform marketing services on Day Waterman College’s behalf].
- With other non-affiliated companies for our everyday business purposes, such as to process transactions, maintain accounts, respond to court orders and legal investigations.
- In response to a request for Personal Data, if we are required by, or we believe disclosure is in accordance with, any applicable law, regulation or legal process.
- With relevant law enforcement officials or other third parties, such as investigators or auditors, if we believe it is appropriate.
- In connection with, or during negotiations of, any merger, sale of Day Waterman’s assets, financing or acquisition of all or a portion of our business to another company; and
- With your consent or at your direction, including if we notify you that the Personal Data you provide will be shared in a particular manner and you provide such Personal Data.
- We may also share aggregated or de-identified or anonymized Information, which cannot reasonably be used to identify you.
When we do not have a lawful basis for disclosure of your Personal Data, we will obtain consent from you before sharing your Personal Data with third parties. Where we need to transfer your Personal Data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your Personal Data to a country without an adequate data protection law.
We take reasonable measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Additionally, we implement policies designed to protect the confidentiality and security of your Personal Data, including a Data Protection Policy. [We have also taken measures to comply with provision of security facilities for the protection of your Personal Data through the set-up of firewalls, limited access to specified authorized individuals, encryption and continuous capacity building for relevant personnel. We therefore have digital and physical security measures to limit and eliminate possibilities of data privacy breach incidents].
- HOW LONG WE KEEP YOUR PERSONAL DATA
We will hold your Personal Data on our systems for as long as it is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
- WHERE WE STORE YOUR PERSONAL DATA
The Personal Data we collect from you may be transferred to and stored at a destination outside Nigeria. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely with an appropriate level of protection and that the transfer is lawful.
- YOUR RIGHTS AS A DATA SUBJECT
The law gives you certain rights in respect to your Personal Data which we hold about you. Below is a highlight of some of those rights. At any point while we are in possession of or processing your Personal Data, you, the Data Subject has the following rights:
- RIGHT OF ACCESS – You have the right to request a copy of the information that we hold about you. We will respond to your access request within one-month of receiving your request. Where we are not able to provide this personal data to you within the One-Month timeline provided by law, we will communicate same to you, and may request an additional time within which we will provide the information to you. Your Personal Data shall be provided to you in a structured, commonly used and machine-readable format.
- RIGHT TO RECTIFY – You have the right to correct the Personal Data we hold about you that is inaccurate.
- RIGHT TO BE FORGOTTEN – In certain circumstances you may ask for the data we hold about you to be erased from our record.
- RIGHT TO RESTRICT PROCESSING – Where certain conditions apply, you have a right to restrict processing of your Personal Data.
- RIGHT TO PORTABILITY – You have the right to have your Personal Data transferred to another organisation.
- LODGE COMPLAINT – You have a right to lodge a complaint about the handling of your Personal Data with the National Information Technology Development Agency (NITDA) at email@example.com
- RIGHT TO OBJECT – You have the right to object to the Processing of Personal Data.
NITDA’s website (https://nitda.gov.ng/) has a wealth of useful information in respect of your rights over your Personal Data. If you wish to exercise your rights, you may contact our Data Protection Officer at firstname.lastname@example.org
- BREACH/ PRIVACY VIOLATION
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, we shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NITDA.
Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we shall within 7 (Seven) days of having knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.
- QUESTIONS OR CONCERNS