Personal Data We Collect and Use
We collect your personal data when…
- you register as a vendor or customer with our organization
- you are a staff of the organization. e.g. name, gender, date and place of birth, contact address, email address, and mobile numbers, academic records, etc.
- you perform any form of business transactions with our organization
- you contact us through our website. We get your name and e-mail address
How We Use Your Personal Data
- ACPML will only use your information when you have provided your consent or when it is required by the law to do so.
- We use the information we collect for staff administration and business transactions
- We will use your information to meet our compliance obligations, to comply with laws and regulations and to share with regulators when absolutely necessary.
- We may need to record conversations you have with us through emails, phone calls, face-to-face meetings, letters, and any other kinds of communication. These recordings may be used to ensure accuracy and completeness of all the discussions in such meetings and to meet up with any legal obligations.
Who We Share Your Personal Data With
- It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside the country of residence for ACPML to disclose your personal information.
- We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
- And when we have requested and received your permission to share it.
- We may also disclose information about you if we determine that disclosure is reasonably necessary to protect our operations.
- We do not collect information using any technologies like cookies, JWT, Web Tokens on our Website.
- And we do not share information about our customers with third parties for marketing purposes.
The right to be informed
The rights to access
- Individuals have the right to access information the company holds, access their personal data and other supplementary information and obtain information about how we process it. Your right of access can be exercised by sending an email to firstname.lastname@example.org
The right to restrict processing
- Individuals have a right to ‘block’ or withdraw their consent to our processing of your information, which you can do at any time. When processing is restricted, we are permitted to store the personal data, but not further process it. We might continue to process your data if there are valid legal or operational reasons.
The right to rectification
- Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If this personal data in question has been disclosed to third parties, they must be informed of the rectification where possible. The company must also inform the individuals about the third parties to whom the data has been disclosed where appropriate
The right to erasure
- Individuals have the right to request the deletion or removal of personal data where there is no compelling legal or regulatory requirement for its continued processing. We will make sure that this right is protected.
The right to data portability
- We will ensure that personal data is moved, copied or transferred easily from one IT environment to another in a safe and secure way, without hindrance to usability.
The right to object
- Individuals have the right to decline a consent request or withdraw a consent for the processing of their personal data.
Third Party Data Processing Contracts
- A data processing agreement is a legally binding contract that states the rights and obligations of each party concerning the protection of personal data.
- We will ensure that processing by a processor shall be governed by a contract or other legal act, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
Subject Access Requests
All individuals who are the subject of personal data held by ACPML are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
- If an individual contacts the company requesting this information, this is called a subject access request.
- Subject access requests from individuals should be made by email, addressed to the Data Controller and the Data Protection Officer via email@example.com
- The Data Protection Officer will aim to provide the relevant data within 14 days.
- This request may attract a fee.
- The Data Protection Officer will always verify the identity of anyone making a subject access request before handing over any information.
Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, ACPML will disclose requested data. However, the Data Protection Officer will ensure the request is legitimate, seeking assistance from the Management and from the company’s legal advisers where necessary.
To contact our Data Controller/ Data Protection Officer, kindly address your request to “The Data Controller/Data Protection Officer” African Circle Pollution Management Limited, 5 Dipo Orepitan Crescent, Abacha Estate, Ikoyi, Lagos.