CAVISTA TECHNOLOGIES LIMITED PRIVACY POLICY
1. Information & information about CAVISTA TECHNOLOGIES LIMITED
Cavista Technologies Ltd is registered as a company under the laws of the Federal Republic of Nigeria. Cavista Technologies Ltd is committed to safeguarding your privacy by protecting your Personal Data in accordance with the Applicable Data Protection Law. This Privacy Policy sets out how Cavista Technologies Ltd uses and protects your Personal Data.
References in this policy to “we”, “us”, “Company” or “Cavista” are references to Cavista Technologies Ltd. References to “you” in this policy refers to any natural person who are our Data Subjects (Partners, Prospective Employees, Employees, Prospective Clients, Clients, Vendors, Visitors or Alumni) who visit our website or any of our physical offices or interact with any of our controlled information collection links or forms or such other information collection or exchange points, now known or to be developed in the future.
| Category of Data Subject | Explanation |
| Employee | Any person who is employed by the Company to support its operation in the delivery of technological services to its clients including interns, secondees, business support, part-time, and any other temporary or contract staff. |
| Prospective Employee | Any person who is actively undergoing the Company’s recruitment process such as job applicants, test takers, and interviewees. |
| Vendor | Any person who has been engaged by the Company to provide goods and services to support its operations and meet its business needs. This includes any prospective vendors. |
| Client | This may include: any person who has engaged the Company for the purpose of obtaining any of Our Services; a prospective employee or an employee of an organisation that has engaged the Company for the purpose of obtaining any of Our Services; a prospective vendor or vendor of an organisation that has engaged the Company for the purpose of obtaining any of Our Services; and a prospective client or client of an organisation that has engaged the Company for the purpose of obtaining any of Our Services. |
| Prospective Client | Any person actively seeking to engage the Company for the purpose of obtaining technological solution advice, support, or such other services which fall within the scope of Our Services. |
| Visitor | Any person (including Clients & Vendors) who physically visit the Company’s buildings (at any of our office locations and website) or attends any event hosted by the Company. |
| Partners | Any person admitted to the Company’s partnership. |
This Privacy Policy gives you information about how we collect and use your Personal Data, the other parties with whom we may share it and the measures we take to ensure the security of your Personal Data. It also tells you about your rights and choices with respect to your Personal Data and how you can contact us about our privacy practices.
Please note that we also act on behalf of and under the instructions of Clients or Prospective Clients with whom we owe strict professional and statutory obligation of confidentiality. These Clients may act as Data Controllers or Data Processors or in such other capacity for the purpose of giving us legal instructions. When we act on their behalf, we only collect, use and share Personal Data as authorised by our letter of engagement/ agreement, the law or as may be required for the purpose of establishing, exercising, or carrying out instructions. When we collect your Personal Data indirectly from other sources, for our own purposes, the provisions of this Privacy Policy and the Applicable Data Protection Law will apply.
This Privacy Policy is applicable to all CAVISTA Services (Our Services) accessed by you.
2. Our Data Processing Principle
We process your Personal Data in line with the following recognised principles. At CAVISTA, Personal Data is:
- processed and collected for specific, explicit, and legitimate purposes, and only further processed in a way that is compatible with such purposes;
- processed in a fair, lawful and transparent manner;
- adequate, relevant, and limited to the minimum necessary for the purpose for which the Personal Data is collected or further processed;
- secured against hazards and breaches, including unauthorised or unlawful processing, access, loss, destruction, damages, cyber-attack, manipulations;
- accurate, complete, not misleading and kept up to date having regard to the purpose for which the Personal Data is collected; and
- retained for such period for which it is reasonably needed.
3. The Legal Bases for the Use of Your Personal Data
The legal bases we rely on for processing your Personal Data are:
Your Consent
The legal bases set out below form the bases of our processing of your personal data. We may in certain instances rely on your consent to process some of the Personal Data we obtain from you to provide Our Services. Consent is your confirmation or agreement to our data collection and processing request.
Where we require your consent, your consent may be obtained through the use of “check boxes”, “accept button”, “toggle button”, “submit button”, “continue button”, “oral confirmation”, “written confirmation” or such other similar method, including your continuous use of Our Services and/or provision of your Personal Data to us where consent is required, to indicate your agreement/consent to the use of your Personal Data. [See the section on Why and How We May Use Your Personal Data.
Where you have taken any action which may indicate consent by accident or mistake, you have the right to withdraw your consent using our Cavista Data Subject Tool. [See the section on Your Right as a Data Subject]
Where we need your consent and this is not provided to us, we may be unable to provide you with (a) Our Services; and/or (b) process your Personal Data to provide you with Our Services, except where we have other legal bases to do so.
Other Legal Bases:
As a technology Company, we may process your information where we have other legal bases to do so. Some of the other legal bases that we may rely on include:
- Contract (We have a contractual obligation): To fulfil the terms of the contract to which you are a party, or to take steps, upon your request, prior to entering the contract.
- Compliance with Legal Obligation: To comply with the laws and regulations that are applicable to us in Nigeria and globally and ensure that we are fully compliant with the laws applicable to Our Services on how we must process your Personal Data.
- Legitimate Interest: For the purposes of our own legitimate interests or for the legitimate interests of others to whom we may lawfully disclose your Personal Data.
- Vital interest: To protect your interests where you are incapable of providing your consent.
- Public Interest: For the performance of a task carried out in the public interest or in the exercise of official authority.
4. The Types and Categories of Personal Data We Collect about You
We may collect, use, store and transfer different types of Personal Data about you which we have categorised as follows:
| Category | Types |
| Alumni Data | This includes all forms and types of Personal Data about our past Employees retained by the Company for relationship, storage, and archiving purposes. |
| Audio/visual Data | This includes all forms and types of data contained in audio and visual recordings captured through cameras or other recording devices including images or videos with identifiable voices, identifiable faces, voice recordings, and geotagging information (such as location, date, and time of image) pertaining to an identified/identifiable person. |
| Compliance Data | This includes records maintained to demonstrate compliance with applicable laws; records related to consumer preferences, such as your opt-ins and opt-outs of marketing programmes; records relating to data subjects’ rights requests and any other types or forms of Personal Data which we process in relation satisfying and demonstrating the fulfilment of our compliance obligations. |
| Contact Information | This includes telephone number, email address, physical address, social media handles and any other type or form of information which provide a means by which to contact an identified/identifiable person. |
| Credential Information | This includes academic certificates, transcripts and records, and any other type or form of professional certification used for the purpose of demonstrating the qualification of an identified/identifiable person in an academic or professional context. |
| Financial Information | This includes tax identification details, partnership equity contributions, bank account information, income and salary details, loan and debt information, insurance policies and any other type or form of information relating to any financial transactions between an identified/identifiable person and the Company. |
| Identity Information | This includes name, date of birth, gender, state of origin, National Identification Number (NIN), IT equipment’s inventory tag numbers, employee ID number, place of birth, nationality information, passport number, driver’s license number and any other type or form of information which is used to uniquely identify an identified/identifiable person. |
| Identity Documentation | This refers to any type or form of government or Company issued identification documents and includes passports, National Identification Number (NIN) card or slip, driver’s licence, birth certificate, employee identity cards and any other type of document used to validate an identified/identifiable person’s identity. |
| Performance Data | This includes performance review assessment, compensation and benefit history, employee training and development, disciplinary records, key performance indicators, performance feedback, evaluation, performance rating and any other type or form of information used to monitor, assess and review the performance of an identified/identifiable employee. |
| Referential Data | This includes names, address and contact details of next of kin, emergency contact, spouse, children, or other dependants. It may also include the data of identified/identifiable client employees or vendors and any other type or form of Personal Data belonging to an individual which is supplied to the Company by a Data Subject. |
| Professional Information | This refers to data relevant to an identified/identifiable person’s professional life or activities such as employment history, department, professional designation, professional skills and expertise, professional achievements and awards, publications, professional memberships, and affiliations. |
| Recruitment Data | This includes information about an identified/identifiable person’s education, profession, employment, ethnic background, state of health and any other types or forms of Personal Data processed for the purpose of completing the recruitment process see Credential Information. |
| Sensitive Personal Data | This is all types and forms of data on religion, ethnicity, health (including vaccination details and medical history), race, trade union membership, genetic data, and biometric data of an identified/identifiable person. |
| Technical Data | This refers to all types and forms of data used in the course of an identified/identifiable person’s interactions with technology and includes data such as IP address, session ID, Cookie and tracking data, user account information, web browsing history, and communication metadata. |
| Travel Information | This refers to travel preferences, travel history, travel itinerary, accommodation information and any other types or forms of data relating to an identified/identifiable person’s travel. |
| Vehicle information | This includes vehicle information, Close Circuit Television (CCTV) footage of vehicle and any other types or forms of data which relate to the vehicle but may be used to identify an identifiable/identified person. |
5. Source and How is Your Personal Data Collected
We use different methods and sources to collect Personal Data from and about you; and these may include:
- You: When you interact with us, such as when you visit any of our office locations, send us an email, or interact with any of our other data collection or exchange medium.
- Automated technologies or interactions: As you interact with our platforms or website or engage with our emails and online adverts, such as when we record calls made to/with us and use CCTV cameras in our facilities, we may collect information by automated means using technologies such as Cookies, browser analysis tools, and server logs. We may also collect Technical Data about your equipment, browsing actions and patterns.
- Close Circuit Television (CCTV): We use CCTV to help provide a safe and secure environment for our Visitors and Employees; and you may be recorded when you visit any of our office locations.
- Recruitment Exercise: If you apply for a job with us, you may need to provide information about your education, employment, ethnic background, and health status or submit to a health check. Your application will constitute your express consent to our use of this information in order to assess your application or suitability for the role applied for or any other role, carry out recruitment analytics and any monitoring activities which may be required of us under any laws applicable to us as an employer. We may also carry out screening checks (including reference, background, identity, eligibility to work, and vocational suitability checks) when considering you for employment. We may disclose your personal information (including diversity and equal opportunities data) to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees, and your current and previous employers. We may also collect your Personal Data from these parties in some circumstances. Without your Personal Data we may not be able to progress with your applications for employment with us.
- Third Parties sources (including publicly available sources): In certain circumstances, we may need to collect Personal Data such as Professional and Credential Information which may be collected from publicly available sources, your references, and Third Parties that help us conduct internal investigations and other background screenings. Also, your Personal Data may be collected from your employer, trade show and conference organisers, and professional services companies.
- Other Sources of collections are further highlighted below in Purpose of Processing: Why and How We May Use Your Personal Data.
6. Purpose of Processing: Why and How We May Use Your Personal Data
We use your Personal Data across our business functions, to help us with specific business purposes as detailed below.
| Business function | Specific Purpose of processing | Source of Data | Categories Of Data | Categories of Data Subjects | Legal basis |
| Administration | Mailroom management | Mailroom log, Email | Identity Information, Contact Information, Professional Information | Clients, prospective Clients, Employees, Vendors, Partners | Legitimate Interest |
| Travel Arrangements Booking hotels, Visa processing, Flight reservations, car booking | Email, SMS, Telephone call | Contact Information, Identity Information, Financial Information, Travel Information, Sensitive Personal Data, Identity Documentation, Sensitive Personal Data | Employees, Partners | Contractual Legitimate Interest | |
| Event management Support (such as processing invitations, etc) | Email, Social Media, SMS, Telephone call | Identity Information, Contact Information, Professional Information, Audio/Visual Data | Employees, Clients, Visitors, Partners | Legitimate Interest Consent | |
| Front Desk management (Accreditation of guest coming into any Company’s location) | Visitors’ log | Identity Information, Audio/Visual Data, Vehicle Information, Contact Information | Clients, Prospective Clients, Employees, Visitors, Prospective Employees, Vendors, Partners | Legitimate Interest Contract | |
| Facility management (This helps us manage the occupational safety and health facility, security risks and other business utility purposes) | Email, SMS, Telephone call, CCTV | Identity Information, Professional Information, Contact Information, Audio/Visual Data | Employees, Visitor, Client, Partners | Legitimate Interest, Contract, Vital Interest | |
| Provision of Phone services (CUG) | CUG log, Employee Records | Identity Documentation, Identity Information | Employees, Prospective Employees, Partners | Contractual, Legal Obligations, Legitimate Interest | |
| Catering/food vending services for our employees | Microsoft form | Identity Information | Employees, Partners | Contractual | |
| Vendor management | Email, SMS, Telephone call | Identity Information, Contact Information, Professional Information | Vendors | Contractual | |
| Provision of first aid & emergency services | Email, SMS, Employee Records | Identity Information, Professional Information, Contact Information, Sensitive Personal Data, Referential Data | Employees, Partners | Vital Interest Consent | |
| People & Culture | Recruitment and selection | Google Form, LinkedIn Jobs, Emails, SMS, Telephone call, Third-party sources | Identity Information, Credential Documents, Professional Information, Contact Information | Prospective Employees, Employees, Partners | Contractual, Legitimate Interest, |
| Compensation and benefit | Microsoft Forms, Email, SMS, Employee Records Telephone Call, Health Management Organisation | Identity Information, Identity Documentation, Contact Information, Performance Data, Alumni Data, Referential Data | Employees, Partners | Contractual Consent | |
| Performance management | Third Party Sources, Email | Identity Information, Performance Data | Employees, Partners | Legitimate Interest | |
| Learning and development | Microsoft Teams, Email | Identity Information, Contact Information, Audio/visual Data | Employees, Partners | Legitimate Interest | |
| Employee records and services | Microsoft Forms, Email, SMS, Telephone Call | Identity Information, Identity Documentation, Credential Information, Financial Information, Referential Data, Sensitive Personal Data | Employees, Partners | Vital interests, contractual, Legitimate Interest, Consent | |
| Finance | Payables (payment purposes for fulling contractual arrangements) | Email, SMS, Telephone call | Identity Information, Financial Information, Contact Information | Vendor, Employees, Partners | Contractual, Legitimate Interest |
| Revenue (payment collection from clients and other agreements) | Email, SMS, Telephone call | Identity Information, Contact Information, | Employees, Clients, Partners | Legitimate Interest | |
| Tax & pension management | Email, SMS, Telephone call | Identity Information, Financial Information, Compliance Data | Employees, Clients, Partners | Legal Obligation | |
| Statutory reports and audits | Email, SMS | Identity Information, Financial Information, Compliance Data | Employees, Client, Vendor, Partners | Legal Obligation, Legitimate interest | |
| Business budget process | Email, SMS, Telephone call | Identity Information, Financial Information, Contact Information | Employees, Vendor, Partners | Legitimate Interest | |
| IT | Maintain IT network | Email, SMS, Telephone | Identity Information, Technical Data | Employees, Partners | Legitimate Interest |
| Maintain Personal computers | Email, SMS, Telephone Calls | Identity Information, Contact Details | Employees, Partners | Legitimate Interest | |
| Maintain applications | Emails, SMS, Telephone Call | Identity Information, Technical Data | Employees, Partners | Legitimate Interest | |
| Branding & Marketing | Event management | Photography Vendor, Email, SMS, Telephone call, social media | Identity Information, Contact Information, Contact Information, Professional Information, Audiovisual Data | Employees, Clients, Visitors, Partners | Legitimate Interest, Consent |
| Social media engagement (Where such engagement contains your Personal Data) | Social Media, Email, SMS, Telephone call, | Identity Information, Contact Information, Professional Information Audiovisual Data | Employees, Clients, Visitors, Partners | Consent | |
| Publications (Where such publication contains your Personal Data) | Website, Email, SMS, Telephone Call, social media | Identity Information, Contact Information, Professional Information Audiovisual Data, Technical Data | Employees, Clients, Visitors, Partners | Consent | |
| Awards | Email, SMS, Telephone call | Identity Information, Contact Information, Professional Information Audiovisual Data | Employees, Clients, Partners | Contractual, Consent, Legitimate Interest | |
| Library services | E-library management | Identity Information, Contact Information | Employees, Partners | Legitimate Interest | |
| Internal newsletter | Identity Information, Contact Information | Employees, Partners | Legitimate Interest | ||
| Professional Technological Services | Technological services engagement (this includes data collected prior to engagement (e.g. KYC and conflict checks) | Email, SMS, Telephone call | Identity Information, Contact Information, Compliance Data | Prospective Clients, Clients, Employees, Partners | Contractual, Legal Obligations |
| During engagement | Email, SMS, Telephone call | Identity Information, Contact Information, Sensitive Personal Data, Identity Documentation, Credential Documentation, Referential Data | Clients, Employees, Partners | Contractual, Consent, Legal Obligation | |
| General | Storage, archiving and deletion | Identity Information, Contact Information, Sensitive Personal Data, Identity Documentation, Credential Documentation, Referential Data, Compliance Data | Employees, Prospective Employees, Clients, Prospective Clients, Vendors, Visitors, Partners | Legitimate Interest Legal Obligation Consent | |
| NOTE: We will ONLY process Sensitive Personal Data and Children’s Personal Data where you have provided your consent for the use or where there are other recognised legal bases. | |||||
Other Business Purposes
In addition to the purposes highlighted above for which Personal Data may be used to offer and provide you with Our Services and to support our business functions, the following are other purposes for which we may process your Personal Data:
- to provide the information on Our Service requested by the individual or as reasonably expected given the context in which the Personal Data was collected;
- to protect the security and integrity of systems, networks, applications, and data, including detecting, analysing and resolving security threats, and collaborating with cybersecurity centres, and law enforcement about imminent threats;
- fraud prevention and other legal or information security risks;
- for corporate audit, analysis and reporting;
- to communicate with you, we use your Contact Information to send Short Messaging Service (SMS), email, instant messaging (e.g. WhatsApp), or other electronic media to you in respect of any inquiry, complaint or concerns about your Personal Data or other relevant matters;
- to provide, administer, and communicate with you about Our Services;
- to enforce our terms;
- to enforce our contracts and protect against injury, theft, legal liability, fraud or abuse, and to protect people or property, including physical security programmes;
- to de-identify, de-personalise, or anonymise the Personal Data or create aggregated datasets, such as for consolidating reporting, research or analytics;
- to comply with applicable laws and regulations, or as requested by any judicial process, law enforcement or governmental agencies having or claiming jurisdiction over the Company and as may be reasonably needed for compliance with the Company’s policies and procedures, such as privacy programmes, anti-money laundering programmes, security and incident response programmes, intellectual property protection programmes;
- to make back-up copies for business continuity and disaster recovery purposes;
- for restructuring purposes. For example, if we sell any business or assets, any part of our business or assets are acquired by a third-party, or we enter into an alliance or arrangement with another person, we may disclose your Personal Data relating to those business and assets to the prospective buyer acquiring third-party or any member of our alliance or arrangement; and
- for other purposes for which we provide specific notice at the time of collection, and as otherwise authorised or required by law.
- Additionally, we may further collect and use/process your Personal Data for such legitimate interest pursued by us which is not incompatible with the purposes we have highlighted above.
7. Automated Decision-Making (Profiling)
We do not make automated decisions about you that may significantly affect you, unless (a) the decision is necessary as part of a contract that we have with you; (b) we have your explicit consent; or (c) we are required by law to use the technology.
8. Marketing
You may receive marketing communications from us if you have (a) provided your consent or (b) we have recognised lawful basis for doing so.
However, you may exercise your right to object to such contact from us or opt out from the marketing communication at any time through any of the means provided in the section on “Exercising your Rights, Complaints and Remedies”.
We do not share your Personal Data with third-parties for their own marketing purposes without your express consent.
9. Cookies Policy
We utilise Cookies to differentiate you from other users, gauge your interaction with our website, and enhance Our Services. Depending on your Cookie management settings and preferences, we may store Cookies on your device when you visit our website. We will exclusively deploy analytics Cookies if you provide consent or accept these Cookies. Certain browsers may automatically accept Cookies, while others can be adjusted to reject Cookies or notify you when a website intends to place a Cookie on your computer. Opting to disable non-essential Cookies could potentially limit your ability to fully experience our website. For additional details about the Cookies we employ and instructions on modifying your Cookie preferences, please refer to our cookies Policy.
10. Disclosure of your Information: How and to Whom We Share Your Personal Data
We may need to share your Personal data with Third Parties for the purpose of providing Our Services to you and will only share your Personal Data where we have a legal basis to rely on.
We do not allow our Third-Party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. When these Third Parties process your Personal Data, they do so based on our instruction; they are acting strictly under contract with us, with strict confidentiality and data security provisions, and in accordance with the Applicable Data Protection Law.
Our Third Parties with whom we share your Personal Data are categorised as follows:
| Categories of Third Party | Explanation |
| Awards Accreditation Organisations | These are organisations to whom we make award submissions to. |
| Catering Vendors | These are organisations that provide catering facilities to the Company. |
| Client’s Affiliates | This includes our client’s professional advisers, employers, or place of business or any other third parties which interact with or provide services to our clients including local and offshore counsel. |
| Compliance Organisations | This includes regulatory authorities, law enforcement agencies, auditors, and government agencies that we are required to report to as part of our compliance obligations. |
| Corporate | This includes members of our Axxess and Cavista Holdings group and partners who aid the optimal delivery of Our Services to you. It may also include third parties whom we may choose to sell, transfer or merge parts of our business or our assets. |
| Couriers | These are organisations that provide delivery and dispatch services to the Company. |
| Event Management | This includes event planners, photographers, security, third parties with whom we have co-promotional arrangement for the purpose of delivering Company-organised or sponsored events. |
| Financial Institutions | This includes our merchant banks, insurers and any other organisations offering financial services to the Company. |
| IT Productivity & Payroll Management | This includes website support, IT support, and technology organisations, including cloud service providers, such as data storage platforms and any other technology tools used optimise legal and administrative tasks within the Company. |
| Phone Service Providers. | These are organisation responsible for providing closed user group services or such other telephone services to the Company. |
| Health and Emergency Services | These are health management organisations, and any other organisations responsible for delivering health-related emergency and non-emergency services to the Company. |
| Recruitment Services | This includes recruitment agencies, recruitment test platforms, and your referees involved in the recruitment activities of the Company. |
| Security Services | These are organisations responsible for the security of our facilities at all of the Company’s locations including our CCTV providers. |
| Travel vendors | These are organisations that support travel arrangement services in the Company including hotels, airlines, car hire services, and embassies. |
| Other third parties | These are organisations with whom we may share aggregated data that does not personally identify you such as the number of users of a particular service with some other third parties. |
11. International Transfers
In the course of offering Our Services to you, we may need to transfer your Personal Data outside Nigeria. However, we will only do so (a) with your consent; (b) to perform our obligations under a contract with you or take steps at your request before entering into a contract; (c) solely for your benefit where you would have likely given your consent if it were possible for us to obtain it; (d) to establish or in defence of a legal claim against the Company; or (e) to protect your vital interests.
Whenever we have to transfer or transmit your Personal Data internationally, we will take reasonable steps to ensure your Personal Data is handled securely in compliance with the Applicable Data Protection Law. We will ensure that your Personal Data is sent only to countries with Adequate Level of Data Protection, and where the country may not have Adequate Level of Data Protection, we will ensure that appropriate safeguards are in place to protect your Personal Data.
We may use any data transfer mechanisms which is available to us under the Applicable Data Protection Law, and which is adequate to ensure appropriate safeguards for your Personal Data or other data transfer mechanisms stipulated by the law.
12. Data Security
We take reasonable steps and have put appropriate security measures in place to hold information securely in electronic or physical form and to prevent unauthorised access, modification, disclosure or accidental loss. In addition, we limit access to your Personal Data to employees, agents, contractors and other third parties on a need-to-know basis. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality.
We store information in our access-controlled premises or in electronic databases requiring logins and passwords. Also, we require our third-party data storage providers to comply with appropriate information security industry standards. All employees and third-party providers with access to confidential information are subject to confidentiality obligations.
We maintain administrative, technical, and physical controls designed to protect your Personal Data. We protect against loss or theft, as well as against any unauthorised access, risk of loss, disclosure, copying, misuse, or modification. Some of the security measures we may implement includes secure servers, firewalls, data encryption and granting access only to specific employees in order to fulfil their job responsibilities.
13. Retention Period: How Long Do We Retain Your Data
We will only retain your Personal Data for as long as the information is needed for the purposes set forth in this Privacy Policy or for any additional period that may be required or permitted by law. The length of time your Personal Data is retained depends on the purpose(s) for which it was collected, how it is used, and the requirements to comply with the Applicable Data Protection Law.
You may request that we delete your Personal Data by contacting us via email to [email protected] or writing to our Privacy Office at the address provided in this Privacy Policy. If we do not have a legal basis for retaining your information, we will delete it as required by the Applicable Data Protection Law and where we retain your Personal Data, we do so in compliance with limitation periods or retention obligations imposed by the Applicable Data Protection Law.
In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
14. Your Rights as a Data Subject
You have a number of rights under the Applicable Data Protection Law in relation to your Personal Data.
You have the right to:
- Be informed on how we process your Personal Data: This Privacy Policy details how we process your Personal Data in compliance with the Applicable Data Protection Law.
- Request access to your Personal Data (commonly known as a “subject access request”): This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. To process your request, we may need to collect specific information from you as a security measure to help us confirm your identity and ensure that your Personal Data is not disclosed to any person who has no right to receive it.
You will not be required to pay any fees for us to process your subject access request. However, we may charge a reasonable fee where processing your request will impose unreasonable cost on us or refuse to comply with your request if you fail to do so. We try to respond to all legitimate requests within one month.
Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Request correction of the Personal Data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected. However, we may need to verify the accuracy of the new data you provide to us.
- Request deletion or removal of Personal Data where there is no good reason for us continuing to process it: You have the right to ask us to delete or remove your Personal Data where (a) we no longer need to process your data for the purpose it was collected; (b) you have withdrawn your consent to the processing of your Personal data and we cannot rely on any other legal basis to process your Personal Data; (c) you have successfully exercised your right to object to processing and we have no overriding interests; (d) we may have processed your information accidentally; or (e) where we are required to erase your Personal Data to comply with local law.
Note however, that the exception to this right is (a) where the Applicable Data Protection Law requires us to retain a historical archive of your Personal Data to fulfil regulatory requirements; or (b) where you object to your data being used for marketing purposes and we have retained a set of your Personal Data to ensure we do not inadvertently contact you in future.
We may not always be able to comply with your request of erasure for specific legal reasons. Where we are unable to do so, you will be notified, if applicable, at the time of your request.
- Object to processing of your Personal Data: You may object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests).
In some cases, we may demonstrate that we have compelling legitimate interest or public interest grounds to continue to process your information which override your right to object.
- Object at any time to the processing of your Personal Data for direct marketing purposes.
- Request the transfer of your Personal Data to you or to a third party: We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Data: Where your consent is required, we may not be able to provide Our Services to you if you withdraw your consent. Where this is the case, we will advise you accordingly at the time you withdraw your consent. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdrew your consent.
You may withdraw your consent by engaging with our Cavista Data Subject Tool through any of the following means:
- click here to withdraw your consent; or
- Lodge a complaint with the Nigeria Data Protection Commission.
- Request to restrict the processing of your Personal Data: This enables you to ask us to suspend the processing of your Personal Data in one of the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the Personal Data is accidental, but you do not want us to erase it;
- where you need us to hold the Personal Data even if we no longer require it for any legitimate purpose; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
15. Complaints and Remedies
If you wish to exercise any of the rights set out above or have any query or complaint in respect of this Privacy Policy or how we process your Personal Data, please contact our Data Protection Officer in the Cavista Privacy Office using any of the following methods:
Cavista Data Subject Tool:
Or Email us:
Or write us:
Cavista Technologies Ltd
13 Town Planning Way, Ilupeju, Lagos 102215, Lagos, Nigeria, Lagos, Lagos State
Complaint & Remedies
We take your privacy seriously and so should you have any privacy related issues in respect of our data processing activities, we appreciate the chance to deal with your concerns before you take other legal steps available to you.
In the event that, you have any complaint concerning how we process your Personal Data or any difficulty in exercising your right through any channels, including the above contact details, we kindly request that you escalate this through any other CAVISTA TECHNOLOGIES LIMITED’S dispute resolution channels which we have provided in any of our terms and agreement with you.
Where we are unable to resolve this dispute within the agreed time with you after this escalation, you have the right to make a complaint to the Nigeria Data Protection Commission (NDPC), the national data protection authority in Nigeria.
16. Changes to this Privacy Policy
We keep our Privacy Policy under regular review. From time to time, we may change, amend or review this Privacy Policy to reflect changes in the Applicable Data Protection Law, our data protection practices or Our Services. Changes will be posted in all the medium where we display our Privacy Policy. It is your responsibility to review the amended Privacy Policy. This Privacy Policy governs the use of Personal Data by us, unless otherwise agreed through a written contract. The revised version will be effective immediately after publication.
17. Third-Party Links
You may choose to use certain features for which we partner with other entities or participating merchants or click on links to other websites for your convenience and information. Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow Third Parties to collect or share Personal Data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
18. Children/Persons with legal disability’s Data
We do not collect any Personal Data knowingly or directly from individuals who fall within this category. We may however collect these data through their legal guardian where required or where the law otherwise permits.
Where you have any belief that we have mistakenly or unknowingly collected information from a child, please contact us to enable us to investigate and restrict such data processing activities.
19. How to Contact the CAVISTA TECHNOLOGY Privacy Office
If you have any questions about this Privacy Policy or require any other assistance, or want to submit a written complaint to us about how we handle your personal information, please contact us at:
Or Email us [email protected]
Or write us:
Cavista Technologies Ltd
13 Town Planning Way, Ilupeju, Lagos 102215, Lagos, Nigeria, Lagos, Lagos State
20. Miscellaneous
Policy History: This Privacy Notice was last updated in February 2024.
21. Glossary of Terms
| Adequate Level of Data Protection | an official decision by the Nigerian Data Protection Commission (NDPC) or recognising a foreign country as providing an adequate level of protection for the transfer of personal data. |
| Applicable Data Protection Law | means the Nigeria Data Protection Act (2023), Nigeria Data Protection Regulation (2019), Nigerian Data Protection Regulation (2019): Implementation Framework (2020), and/or any other applicable legislation on the protection of Personal Data in Nigeria. |
| Cookies | refers to a small data file that is transferred to your computer or mobile device. It enables us to remember your account log-in information, IP addresses, web traffic, number of times you visit, browser type and version, device details, and the date and time of visits. |
| Data Controller | refers to the Company or, where applicable, shall be as set out in the Applicable Data Protection Law |
| Data Subjects | refers to a living natural person who can be identified, directly or indirectly. |
| Our Services | refers to professional** and non-professional activities (Business Purposes) undertaken by the Company to provide technological assistance and support to a Client and to provide other facilities to any other person, including but not limited to our website, scope of work agreed with Clients, corporate social responsibility activities, etc. **By Professional activities, we mean “professional advice, guidance, support and representation provided by the Company to individuals, businesses or organisations on matters related to the law. |
| Personal Data | refers to any information relating to an individual from which that person can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social or economic identity of that individual. Any information that can be used to identify a living or natural person including email address, date of birth, mobile number, residential address, payment card, financial information such as bank account number, government-issued Identity credentials (e.g., national ID number, driver’s licence number, etc), or taxpayer identification number. It may also include information that is linked to you, for example, your internet protocol (IP) address, log-in information, information about your device or device’s web browser. |
| Processing | refers any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means or, where applicable, shall have the meaning set out in the Applicable Data Protection Law. |
| Third Parties | refers to persons or organisations external to our Company with whom we may share your Personal Data |
| *Other terms used but not defined shall have the meaning ascribed to them under the Applicable Data Protection Law* | |