At IpNX we take the protection of Personal Data seriously. In this Privacy Notice we will explain what Personal Data we collect from you, how we use and share that data, how we keep your Personal Data safe, and how long we keep it for. We will also explain how we Process your data (and the Legal Basis for doing so) and help you to understand your Personal Data Rights.
Personal Data is any information that could be used to identify you. That could be anything from your name and address, your bank details, your email address, an image or recording of you, your IP address or any other data that could be used to identify you.
Processing Data simply means doing something with your Personal Data in the course of our business in order to provide our services to you. If a company or organization does anything with your Personal Data, they are processing it.
At IpNX we are committed to processing personal data in accordance with the Nigeria Data Protection Regulation (NDPR) principles, which ensure the safe processing of personal data.
We also collect your personal data when you directly apply for employment with us. We do not collect Personal Data of persons below the age of 18
How we collect information about you
We collect your personal data in the following ways:
We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving services, and developing new features and functions.
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information. Some of the services we offer, that we cannot complete without your information, are below:
We will not pass any personal data on to third parties, other than:
We will only do so, where possible, after we have ensured that sufficient steps have been taken to protect the personal data by the recipient.
Instances where we will transfer your data outside of the Nigeria include:
Your information will not be sold, or provided to anyone else, or used for any purpose that is not related to any of our services, unless you have been advised that we will do so or it is required by law. Where we need to share personal or confidential information to other partners or parties we will do so only with your prior explicit consent or where we are legally required to.
When you call our contact centres, we record our calls for quality assurance and training purposes and keep them for 24 months. We do not record telephone payment transactions or if the call is passed onto another member of staff who works outside of the contact centre.
Using our website
Online Electronic Forms (e-forms)
All our e-forms have links to this Privacy Notice before you submit any personal information. We recommend that you read the Privacy Notice before filling in the form. Details of your rights are in the Privacy Notice.
Automated decision making
We sometimes use automated systems for decision-making. You have the right to object to any decision made by solely automated means and can request for human intervention on any such decision. You also have the right to challenge the decision.
How we protect your information
The information you provide will be subject to thorough measures and procedures to make sure it can’t be seen, accessed, or disclosed to anyone who shouldn’t be allowed to access it.
We abide by strict information and security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We train staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
In terms of payments, all transactions carried out via our payment providers’ website are protected by Secure Socket Layer (SSL) technology. This is to ensure that any information you provide, when transmitted over the internet, is encrypted and secure.
We have procedures and policies in place to ensure we do our best to protect your personal data. This includes reporting of near miss events so that we continually improve procedures.
In the case of a breach IpNX has a duty to inform the regulator (NITDA) without undue delay. We are obligated to notify the agency within 72 hours.
The Nigeria Data Protection Regulation (NDPR) gives certain rights to individuals in relation to their personal data. The rights afforded to individuals are:
If the personal data in question is disclosed to third parties, IpNX will inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.
Right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. You can request only the data you have supplied to a controller (under either ‘Consent’ or ‘Contract’ lawful conditions only). You can request that this information is supplied directly to another data controller on your behalf.
Right to object
You have the right to object to the use of your data if it is processed for services which you object to or opt-out of.
Links to third-party websites
We may display advertisements from third parties and other content that link to third-party websites. We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, please understand that you are leaving IpNX website and any personal data you provide will not be covered by this Privacy Notice. Please read their Privacy Notice to find out how they collect and process your personal data.
We may occasionally make changes to the Policy or when significant changes occur in related legislation or in council strategy. When this happens we will place an updated version on this page and the date the page has been amended will be visible at the top of this page.