(Last updated March 2019)
The Group abides by the Nigerian Privacy Principles (“NPPs”), which provide a scheme in relation to the collection, disclosure, use and storage of personal information. The Group’s objective is to handle information responsibly and provide you with some control over the way information about you is handled.
The Privacy Act provides for exemptions:
a. in relation to employee records (being records relating to a current or former employment relationship between the Group and the individual); and
b. from coverage in relation to the journalism activities of the Group (as explained further at section 3).
Where these exemptions apply, they will take precedence over this Policy.
1. Collection of Personal Information and other data
Personal information is information or opinion about an individual, or an individual who is reasonably identifiable (whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form). The nature of personal information collected by the Group comprises information such as an individual’s name, address, phone number, fax, e-mail address, birth date and gender, as well as interests and information about your viewing of our programs and services, your transactions with us and with some of our business partners.
The purposes for collecting such information include to arrange, conduct and promote the Group’s media activities (including but not limited to production, broadcasting and publishing), understand our audiences and provide you with requested products and services. You may object to us using your personal information for any of these purposes at any time by emailing firstname.lastname@example.org
The Group may collect personal information about you in a number of ways. These include, but are not limited to situations in which you set up an account with a company within the Group (for example a magazine or newspaper subscription), request to receive products or services from the Group, provide products or services to the Group, enter a competition or voting forum, utilise the Group’s services (including, but not limited to IPTV services, websites, mobile phone apps, blogs and online forums), complete a survey or questionnaire, or when you communicate with the Group by telephone, fax, writing, email, or any other electronic means.
When you are using a service we provide to you over the internet (for example a website, mobile phone app or digital edition of one of the Group’s publications), we may use technology (including third party technology such as Google Analytics) to collect information as to your activities on such services associated with the Group including your IP Address and/or the type of operating system you use and/or the domain name of your Internet Service Provider, software and hardware attributes and the web-page you request.
In addition, the Group may set and access cookies and other similar technologies (collectively “Cookies”) on your computer or other internet-enabled device and may let other companies (such as third party tracking service providers, third party advertisers and ad network companies including data management platforms, demand side platforms and server side platforms) set and access their Cookies on your device (subject to their own privacy policies). Cookies are used to improve and personalise your experience of particular products and services, measure your use of those products and services and show you relevant advertising.
The Group or its agents will generally collect personal information from you directly. For example, the Group may collect personal information when you subscribe to one of the Group’s publications, log on to a website or service by providing us with your email address and password, complete a survey, become a member, attend a function or event, enter a competition, make a purchase, provide a resume or enter an agreement. There may be other occasions when the Group sources personal information from third parties, such as from Facebook or Google when you log on to a website or service using your Facebook ID or Google ID, or from recruitment agencies when you apply for a position with us via a recruitment agency.
You may choose to deal with the Group anonymously or under a pseudonym where lawful and practicable (i.e. provided we are still able to provide the relevant service or do business with you without that information). For example, it might not be practical to deal with you anonymously if we need to process a payment, delivery goods or services or send personalised communications to you.
8. Personal Information Security
The Group is committed to keeping your personal information secure, and we will take reasonable precautions to protect your personal information from unauthorised access, loss, release, misuse or alteration.
We will not keep your personal information for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it.
In general, we will retain your data for a period of 5 years following our last contact with you, in order, for example, for us to be able to deal with any questions or complaints you may have, even after your relationship with us has ended. Following this period, we will delete or de-identify the personal information that we hold about you from our systems, or put it beyond use.
Your personal information and other data may be stored in hard copy documents, but is generally stored electronically on the Group’s software or systems or on those of our third party service providers.
The Group maintains physical security over its paper and electronic data stores, such as locks and security systems. The Group also uses computer and network security technologies such as firewalls, intrusion prevention software, antivirus software, external email filtering and passwords to control and restrict access to authorised staff for approved purposes and to secure personal information from unauthorised access, modification, disclosure, misuse and loss.
Whilst the Group takes all reasonable steps to secure your personal information from loss, misuse and unauthorised access, you acknowledge that all activities in which you intentionally or unintentionally supply information to the Group carries an inherent risk of loss of, misuse of, or unauthorised access to such information. The Group cannot be held responsible for such actions where the security of the personal information is not within the control of the Group, or where the Group cannot reasonably prevent such incident.
Additionally, you acknowledge that the collection and use of your personal information by third parties may be subject to separate privacy policies and/or the laws of other jurisdictions.
9. Access to Personal Information
You may request access to the personal information the Group holds about you.
The procedure for gaining access is as follows:
a. All requests for access to your personal information should be made in writing and addressed to the Privacy Officer.
b. You should provide as much detail as possible regarding the business entity, department or person to whom you believe your personal information has been provided, and when, as well as detail regarding the type of information to which you are seeking access. This will allow the Group to process your request faster.
c. The Group will acknowledge your request within 14 days, and access will usually be granted within 14 days, or if it is more complicated, 30 days. The Group will inform you if this timeframe is not achievable.
d. You will be asked to verify your identity.
e. A fee may apply to such access in the event that a request for access is onerous or time consuming. Such a fee will cover staff costs involved in locating and collating information, and reproduction costs.
f. Depending on the circumstances, you may be forwarded the information by mail or email, or you may be required to personally inspect your records at the appropriate place.
g. You will be given the opportunity to correct any personal information that is no longer accurate.
In some circumstances, the Group may not be in a position to provide access. Such circumstances include the following:
a. access would create a serious threat to safety;
b. providing access will have an unreasonable impact upon the privacy of other individuals;
c. denying access is required or authorised by law;
d. the request is frivolous or vexatious;
e. legal proceedings are underway or anticipated, and the information would not be accessible through the process of discovery in the proceedings;
f. negotiations may be prejudiced by such access;
g. providing access is likely to prejudice law enforcement;
h. providing access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to the Group’s functions or activities; or
i. access would reveal a commercially sensitive decision making process.
If the Group denies access to your personal information, it will provide you with reasons in writing.
10. Your other rights
In addition to your right to request access to your personal information and
to correct it, you also have the right to:
a. request the erasure of any or all of your personal information;
b. restrict or object to the processing of any or all of your personal information;
c. request the porting or transfer of any or all of your information to another organisation; and
d. (as set out elsewhere) withdraw any consent to processing that you have previously given in respect of any or all of your personal information;
e. lodge a complaint with your local regulatory authority.
Please contact email@example.com with any of these requests and we will respond to your request as soon as practicable.
11. Changes to this Policy
The Group may, without notice, change this Policy from time to time for any reason and will update the Policy accordingly. We ask that you visit our website periodically in order to remain up to date with such changes.
If you believe that your privacy has been infringed or a breach of the APPs has occurred, you are entitled to complain. All complaints should initially be in writing and directed to the Privacy Officer. The Group will respond to your complaint as soon as possible, within 14 working days, to let you know who is responsible for managing your query. The Group will try to resolve the complaint within 30 working days. When this is not possible the Group will contact you to provide an estimate of how long it will take to handle the complaint.
If you believe the Group has not adequately dealt with your complaint, you may complain to the Privacy Commissioner whose contact details are as follows: