At Loyalty Solutions Limited (“LSL”, us, we, the Company), we are committed to maintaining the confidentiality of the Personal non-public Data (“Personal Data ”) entrusted to us by our clients, employees and other individuals.
LSL’s approach is to work closely with Data Subjects so that we can support compliance with privacy laws and Data Subjects’ confidentiality requirements as part of the provision of our services.
You may withdraw your consent at any time before, during and after we process your Personal Data.
2. LEGAL & REGULATORY OBLIGATIONS
LSL abides by the Nigeria Data Protection Regulation (“NDPR”) regulations for the purpose of handling and protecting our own data and Data Subjects’ Personal Data.
LSL uses the regulator’s policy to improve privacy requirements as it relates to how we collect, use, process, store and disclose Personal Data. Personal Data means any information relating to an identified or identifiable natural person (Data Subject). For example, this may include name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others.
3. INFORMATION WE COLLECT
We may collect the following types of Personal Data:
· email address;
· telephone number and other contact details;
· any other personal or additional information that may be required in order to facilitate your dealings with us.
We may also collect your Personal Data when you:
• communicate with us through correspondence, chats, emails, or when you share information with us from other social applications;
• interact with our sites, services, contents and surveys.
4. WHY WE COLLECT, USE AND PROCESS PERSONAL DATA
We collect and process your Personal Data only as necessary or appropriate for business purposes.
There are certain lawful bases for which we are allowed to use your Personal Data. Most commonly, we will rely on one or more of the following lawful bases for processing your Personal Data.
The legal basis for processing is based on any of the following:
I. Consent: This will apply where you have provided your consent to the processing of your Personal Data for one or more specific purposes;
II. Performance of contract: This will apply where processing is necessary for the performance of a contract to which you are a party or in order to take steps prior to entering into a contract with you;
III. Vital interests: This is where processing is required for the protection of your vital interests.
IV. Compliance with legal obligation: Where we are subject to a legal obligation and need to use your Personal Data in order to comply with that obligation.
V. Public interest: Where processing is necessary for the performance of a task or function carried out in the interest of the public.
VI. Legitimate Interest – means the interest of our business in conducting and managing our business to enable us to give you the best services and most secure experience.
We may also use your Personal Data:
· to enable your use of the services available on our website or clients’ websites managed by us;
· to send you items redeemed through websites managed by LSL;
· to send statements, invoices and payment reminders to you, and collect payments from you;
· to send you non-marketing commercial communications;
· to send you email notifications that you have specifically requested;
· to send you our email newsletter, to which you can unsubscribe if you no longer want to receive;
· to deal with enquiries and complaints made by or about you relating to our website; and
· to keep our website secure and prevent fraud.
We will not, without your express consent, supply your Personal Data to any third party for the purpose of their or any other third party’s direct marketing.
5. DISCLOSING PERSONAL DATA
· our employees;
· third party suppliers and service providers;
· professional advisers;
· our existing or potential partners;
· specific third parties authorized by you to receive information held by us;
· fraud management agencies and law enforcement bodies;
· regulatory or government body.
6. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
You have rights as an individual which you can exercise in relation to the information we hold about you under certain circumstances. These rights are to:
· request rectification of your Personal Data;
· request the erasure of your Personal Data;
· request the restriction of processing of your Personal Data;
· You have a right to lodge a complaint about the handling of your Personal Data with the National Information Technology Development Agency (“NITDA”).
· You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your Personal Data for such purposes or if we intend to disclose your Personal Information to any third party for such purposes.
· You have the right to be informed about the existence of automated decision-making processes, including profiling as well as meaningful information about the logic involved, the significance and the envisaged consequences of such processing.
· You have a right to a copy of the Personal Data we hold about you, as well as the information about what we do with it, who we share it with and how long we hold it for. We may make a reasonable charge for additional copies of that data in the case of unfounded and excessive requests.
· You have a right to freely transfer your Personal Data received from us to any other person.
NITDA’s website (https://nitda.gov.ng/nit/) has a wealth of useful information in respect of your rights over your Personal Data.
If you wish to exercise your rights, you may contact the office of our Data Protection Officer at firstname.lastname@example.org
Where we do not act on your request to exercise any of your rights, we shall inform you within one month of the receipt of your request, of the reasons for not taking action and on the possibility of lodging a complaint with NITDA.
We may however withhold Personal Data that you request to the extent permitted by law as well as where it is deemed unlawful as directed by a court order.
We adopt robust technologies and policies to ensure the Personal Data we hold about you is suitably protected. We take steps to protect your information from unauthorized access and against unlawful processing, accidental loss, destruction and damage. Where you have chosen a password that allows you to access certain parts of the website and mobile application, you are responsible for keeping this password confidential. We advise you not to share your password with anyone. We have also taken measures to comply with global Information Security Management Systems (ISMS) and therefore put in place digital and physical security measures to limit or eliminate possibilities of data privacy breach incidents.
8. RETENTION OF PERSONAL DATA
We will retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such Personal Data in our records. This will normally include any period during which we are dealing or expect to deal with you and what we consider to be a suitable period thereafter, for our internal record-keeping purposes.
9. BREACH/ PRIVACY VIOLATION
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, LSL shall within 72 (seventy-two) hours of having knowledge of such breach, report the details of the breach to NITDA. Furthermore, LSL shall within 7 (seven) days of having knowledge of the occurrence of such breach take steps to inform the Data Subject of the breach incident, the risk to the rights and freedoms of the Data Subject resulting from such breach and any course of action to remedy the said breach.
If you feel that your Personal Data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your Personal Data, you have a right to lodge a complaint with the NITDA.
National Information Technology Development Agency
Tel: +234929220263, +2348168401851, +2347052420189
Your continued use of the LSL website and other websites managed by us after any changes to the Privacy Policies are posted, will be taken as acceptance of those changes.