7. Data Protection Regulation
The Regulation was established in January 2019 which provides information on the gathering, storing, and processing of personal data (regardless of whether data is stored electronically, on paper, in transit, or on other materials), and protects the rights and privacy of all individuals. The Regulation applies to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.
Controllers and Processors
Customers and PII Principals are the controllers and Soft Alliance is the processors of personally identifiable information/data. Other sub-processors are our service providers. Any update of this policy or changes in status will be communicated to all relevant stakeholders.
8. Governing Principles of Data Protection
The Regulation mandates every data processor to process any personal data following the governing principles of data protection. To comply with the obligation undertakes to adhere to the following principles
8.1. Data processing
By using our service, you give your consent to process your data per these policies and our Terms of Services (ToS). All Information will be stored and easily accessible for as long as the purposes for which they were collected exist. However, retention of information may be done where there is a need for legal necessaries like invoices, audit logs, subscription information.
8.2. Lawful Processing
The Company shall process personal data of individuals if at least one (1) of the following applies:
The data subject has given consent to the processing of his or her data for one or more specific purposes.
Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
Processing is necessary for compliance with a legal obligation to which Soft Alliance and Resource Limited is a subject.
Processing is necessary to protect the vital interests of the data subject or another natural person.
8.3. Procuring Consent
To fulfill the requirement of the Regulation, personal data will be processed by the rights of the data subject. The Company’s business operations will be guided by the following:
The Company shall request for consent in a manner that is distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language, where the data subject’s consent is given in the context of a written declaration.
The Company shall inform the data subject of his/her right and the ease to withdraw his/her consent at any time.
To operate and maintain your account, and to provide you with access to the Website and use of the Apps and Services that you may request from time to time. Your email address and password are used to identify you when you sign into the Platform. Your device-IDs are used to ensure that you are in control of the devices that have access to your subscription.
To seek your participation in surveys, to conduct and analyze the results of those surveys if you choose to participate.
To provide you with technical support.
To respond to you about any comment or inquiry you have submitted
To prevent or take action against activities that are, or maybe in breach of our Terms of Service (ToS) or applicable law.
For identification and verification purposes.
For marketing, sales, and promotional activities.
For product development, to build higher quality and more useful services.
For security purposes and other purposes stated in these policies.
The company shall request for consent of the data subject where data may be transferred to a third party for any reason.
Soft Alliance shall only obtain personal information for the specific purpose of the collection after which consent is sought from the data subject to processing of his or her data and the legal capacity to give consent, where processing is based on consent.
8.4. Due Diligence and Prohibition of Improper Motives
To align with these requirements, the Company shall:
Process and retain personal information for its stated and communicated purpose only.
Take reasonable measures to ensure that a party to any data processing contract does not have a record of violating the regulation and such party is accountable to NITDA or a reputable regulatory authority for data protection within or outside Nigeria.
8.5. Data Security
Soft Alliance has established the necessary technical and security measures to prevent unauthorized or unlawful access to or accidental loss of or destruction or damage to personal Information.
To ensure the safety of personal information
Secured web services have been configured to run within a virtual private connection and an SSL certificate to make sure that all communications are made over HTTPS, SFTP using TLS.
Development of security measures including but not limited to protecting systems from hackers, setting up firewalls and protection email systems, secure storage of data, employ data encryption technologies.
Development of organizational policy for handling personal data and other sensitive or confidential data and Continuous capacity building for all staff are also strategies to ensure data privacy in-house.
8.6. Data Processing Contracts with interested/third parties
To ensure compliance with the Regulation, being a data controller, the Company shall:
Establish a written contract that shall be signed by a third party that will process the personal data of individuals.
Ensure that such third party process the data obtained from data subjects complies with the regulation
8.7. Data Subject’s Rights to information
As a user, you have certain rights/control over the information you submit to us. You have the right;
To access and confirm your Information.
To withdraw your consent from processing your Information (this does not affect already processed information).
To rectify or update any inaccurate or outdated information.
To know the purpose of processing your Information.
To restrict the processing of your Information.
To erase any information, we hold about you.
To request a copy of the information we keep about you.
To object/refuse your Information for direct marketing.
For portability, if feasible.
The accuracy of the personal data is contested by the data subject for a period enabling Soft Alliance to verify the accuracy of the personal data.
Provide personal data concerning data subjects, in a structured manner, commonly-used and machine-readable format to such data subjects.
Not hinder the data subject from transmitting those data in its database to another company where the processing is based on consent, on a contract, and processing is carried out by automated means.
Execute data subjects’ requests on the transmission of their data to another company, where technically feasible.
When you request to exercise any of the above rights, we shall provide you with your personal information and other necessary information as requested by you. However, we reserve the right to charge you or refuse your request where we notice that your request is repetitive or excessive. Your rights to erasure of your Information does not apply to legal necessaries like invoices, audit logs, subscription information, and your Information archived on our backup systems which we shall securely isolate and protect the use of it from any further processing, to the extent required by applicable law,
8.8. Transfer of information to a Foreign Country
The Company shall comply with the regulation and any transfer of personal data that is undergoing processing or is intended for processing after transfer to a foreign country or an international organization shall take place subject to the provisions of the Regulation.
9. Assigning Roles and Responsibilities
Board must ensure that Soft Alliance is nurturing public trust and complying with regulations as they take advantage of data collected from customers. They must also enforce and ensure compliance with documented privacy policies per NDPR.
9.2. Executive Management Committee
The main role of the privacy committee should be to make strategic recommendations about data security across the company.
Ensure data protection objectives are established and aligned with the strategic direction of the Company.
Ensure the availability of resources needed for the protection of data.
Communicate the importance of effective data protection in the company and of conforming to its requirements.
9.3. Data Protection Officer
The primary role of the data protection officer (DPO) is to ensure that Soft Alliance processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
Keep Executive Management updated about data protection responsibilities, risks, and issues.
Review all data protection procedures and related policies, in line with an agreed schedule.
Arrange data protection training and advice for the people covered by the policy.
Handle data protection questions from staff and anyone else covered by the policy.
Deal with requests from individuals to obtain the data Soft Alliance holds about them.
Review and approve any contracts or agreements with third parties that may handle the company’s sensitive data.
9.4. Head, Solution Delivery.
Evaluate any third-party services Soft Alliance is considering using to store or process data such as private cloud computing services.
Ensure all systems, services, and equipment used for storing data meet acceptable security standards.
Perform regular checks and vulnerability scans to ensure adequate security of hardware and software used in the data processing.
9.5. Quality Assurance
Provide reasonable assurance regarding the achievement of the operational objectives, such as the effectiveness and efficiency of the security controls.
Carry out internal audits and report findings to the Executive Management Committee.
Recommend preventive and corrective action.
9.6. Human resource
Must ensure everyone is informed and up to date when it comes to keeping information safe.
HR ensures that the user’s data is only being used for what the original owner intended and agreed to. While the process is lengthy, it saves a lot of legal trouble and potential theft.
Ensure the pillars of an exit strategy should be put in place as soon as the employee joins the company, ensuring as few misunderstandings as possible. Keeping good communication and appropriate company culture can help breaches like this from ever happening.
10. Policy Review
This policy shall be reviewed at least annually to ensure effectiveness and continual application and relevance to the company’s business or as may be required. Kindly follow-up on this policy from time to time to ensure that you have up-to-date information.
Anyone breaching information security policy may be subject to disciplinary action. If a criminal offense has been committed further action may be taken to assist in the prosecution of the offender(s).
All policy breaches shall be escalated to the Head – Cloud Services and Security.
12. Policy Exceptions & Retention
A policy exception represents a circumstance whereby an employee of Soft Alliance knowingly deviates from a requirement of the Policy. All Policy exceptions must be approved by the MD/CEO of Soft Alliance Limited.
All documentation shall be maintained under the Soft Alliance policy for retention of documents and records or as regulation require.
13. Contact us
The website is owned and operated by Soft Alliance and Resources Limited, a company registered in Nigeria. If you have any questions or comments about this policy, or if you would like us to update information we have about you or your preferences, please email: – email@example.com