The purpose of this policy is to:
- Inform users openly about what personally identifiable information (PII) is collected through our website, services, and products, how it is used, and how it is protected.
- Clarify the legal rights under which data is collected and processed and provide enlightenment on user personal data rights.
- To comply and show fealty to the Nigeria Data Protection Regulation (NDPR), as well as global Data Privacy regulations (GDPR).
- Support HMNL’s mission to be the foremost provider of end-to-end Records management, Library Automation and IT solutions in Africa.
- This policy is designed to complement other policies, forms, and procedures within HMNLs that pertain to her services, software, and products, and must be utilized in conjunction with the same.
- This Policy in no way replaces or nullifies the Nigeria Data Protection Regulation (NDPR), rather this Policy is created to supplement the NDPR following the mission and vision of HMNL. The NDPR shall take priority if compliance with this Policy will result in a violation. The content of this Policy shall also be observed in the absence of the NDPR.
- If compliance with this Policy results in a violation of the NDPR, or if regulations that deviate from this policy are required under Nigerian law, it must be reported to the Data Protection Officer (DPO) for Data Privacy law monitoring. The DPO can be contacted at firstname.lastname@example.org
- In a case of collision between the NDPR and this Policy, the Data Protection Officer will work with the responsible personnel to find a practical solution that fulfills the purpose of this Policy.
- Words such as “We” “Our” and “Us” refer to HMNL, while “You” refers to the data subject/provider.
- This Policy will be revised on a need basis to reflect changes in the business environment and/or operations of HMNL.
Collection and Use of Personal Data
Personal Data is any information that we can use to identify you. That can be anything such as your name, home/ office address, phone number, email address, IP address, or any other data that can be used to identify you.
We collect the information you provide directly to us when you fill out a contact form, communicate with us via third-party platforms, or otherwise communicate with us. The types of personal data we may collect include your name, email address, home / office address and phone number
Information We Collect Automatically When You Interact with Us
In many cases, when you visit us online or via email, we automatically collect some information. The data collected allows us to customize your online experience, increase HMNL online presence efficiency and usability, and measure the efficiency of our marketing activities. They include:
- Device and Usage Information: This includes data about device and network, including hardware models, operating system versions, mobile networks, IP addresses, unique device identification systems, browser type, and application version. We also collect information on how you access our services, information about what you do on our website, and how you utilize our services, examples include access times, view periods, link clicks, viewed pages, and specific pages visited before browsing and requesting our services.
Use of Information
We use the information that we gather to provide, maintain and improve our services, which includes distributing user-generated content to our blogs and other services to customers, such as:
- The subscription e-mail feature to inform you regarding new HMNL content, products & services papers, and eBooks.
- The Tawk.to live chat app to answer your questions and offer customer service.
Sharing of Information
We will not sell or provide your information to anyone else or use it for purposes other than our services unless you are notified by email or required to do so by law. If we are to share personal or confidential information with other partners or third parties, we shall only do so with your explicit consent or if we are required to do so by law.
Personal Information Retention Period
We would maintain your information only as long as it takes to supply the services you need. However, it may be maintained for a longer period, if need be, for legal and regulatory obligations.
Data Security and Integrity
To protect personal information against unauthorized loss, misuse, alteration, or destruction, we have adequate security policies and practices in place and enforced. However, we cannot rule out the possibility of experiencing cyber threats, despite the best efforts of HMNL.
Personnel with access to the data are required to keep the information confidential. We also make reasonable efforts to only retain personal information as long as it is necessary to fulfill your request or until you request that the data be deleted.
Links to Third-party Websites
Lawful Basis for Processing
Usually, we only collect personal information necessary to meet your requirements. If further data is required at the point of collection, you will be duly notified. The NDPR enables us to process data on a certain lawful basis and we are legally bound to inform you of the reasons.
Consequently, we rely on the following lawful basis for processing to adequately and securely process your personal information:
- Contract Performance: When processing your data is necessary to fulfill our contractual obligations.
- Legal Obligations: When we are required to process your data to comply with a legal obligation. For example, keeping tax records, providing information to a government body or law enforcement authority, and so on.
- Legitimate Interests: We may process information about you where it is in our legitimate interest to run a legitimate business, so long it doesn’t exceed your interests.
Your Rights as a Data Subject
You are not required to provide HMNL with any personally identifiable information. However, we may request that you provide certain personal information to receive further information on our services.
You may unsubscribe at anytime by following the instructions included in each communication if you opted for specific services such as an e-newsletter. We will remove your information if you unsubscribe from our services or communication channels.
There are certain rights for persons concerning the processing of their data under the Nigeria Data Protection Regulation (NDPR). These rights are as follows:
- Right to Rectification: Without undue delay, you have the right to rectify every incorrect personal information. Failure to complement incorrect information is also expected.
- Right to Be Forgotten: You can request that your data be erased permanently (under certain circumstances). You shall be informed of the outcome of the request no later than one month after the application is made.
- Right to Restrict Processing: You can demand that your data should not be processed again. In this case, we can store it, but not use it. Suppose the personal data in question is disclosed to a third party, HMNL shall inform them, provided it does not become impossible or involves a disproportionate effort to do so, of the restriction on the processing of your data.
- Right to Data Portability: You can obtain and reuse your data for reasons best known to you on other organization platforms. You may also request that your information be directly provided to another organization on your behalf.
- Right to Object: You have the right to stop your data from being used for direct marketing purposes.
- Notice: Rights are not absolute. The lawful basis for which personal data is collected affects the number of rights available to the Data Subject.
Consent is any freely given, specific, informed, and unambiguous indication of your wish, by which through a statement or clear affirmative action, signifies agreement to the processing of personal data relating to you. You have a right to withdraw consent at any given time. However, the withdrawal cannot impact the processing done up to that point.
- Validity: Consent can only be considered valid when the data subject (You) is adequately informed and has been provided voluntarily. Consent cannot be implied. Consent under the Nigeria Data Protection Regulation (NDPR) does not constitute silence, pre-ticked boxes, or inactivity
- Minors: All persons under the age of 18 are considered minors. Only the minors’ representatives can give consent on their behalf under the applicable regulatory requirements.
Reporting and Contact Forms