"PA76" refers to PA76 Limited, trading as iHub Nigeria.
"The Company" refers to PA76 Limited, trading as iHub Nigeria.
"Consent" means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
"Data Controller" means a person who either alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes for and the manner in which Personal Data is processed or is to be processed;
"Data Subject" means an identifiable person; one who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;
"Privacy impact assessment or PIA" means tools and assessments used to identify and reduce risks of a data Processing activity. PIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the Processing of Personal Data;
"Data Protection Laws" means the NDPR, the GDPR and any relevant data protection laws;
"Data Protection Officer or DPO" means the person appointed as such under the Data Protection Laws and in accordance with its requirements. A DPO is responsible for advising The Company (including its employees) on their obligations under Data Protection Laws, for monitoring compliance with Data Protection Laws, as well as with The Company’s policies and providing advice.
"GDPR" means the EU General Data Protection Rules 2016/679
"NDPR" means Nigeria Data Protection Regulation 2019
"NITDA" means National Information Technology Development Agency
"Personal Data" means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM and others;
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
"Policy" means this Data Protection Policy;
"Privacy by Design and Default" means implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the GDPR;
"Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Pseudonymisation” means replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure;
"Sensitive Personal Data" means Data relating to religious or other beliefs, sexual tendencies, health, race, ethnicity, political views trade union membership, criminal records or any other sensitive personal information;
"Third Party" means any natural or legal person, public authority, establishment or any other body other than the Data Subject, the Data Controller, the Data Administrator and the persons who are engaged by the Data Controller or the Data Administrator to process Personal Data
1.1. PA76 takes its responsibilities with regard to the management of the requirements of the Data Protection Laws seriously. This Policy sets out how The Company manages these responsibilities.
1.2. PA76 obtains, uses, stores and otherwise processes Personal Data relating to potential and existing customers, employees current and former employees workers, contractors, website users which are collectively referred to in this Policy as Data Subjects. When Processing Personal Data, PA76 is obliged to fulfil individuals’ reasonable expectations of privacy by complying with the Data Protection Laws.
1.3. This Policy therefore seeks to ensure that PA76
Is clear about how Personal Data must be processed and The Company’s expectations for all those who process Personal Data on its behalf
Comply with the Data Protection Laws and with good practice
Protect its reputation by ensuring the Personal Data entrusted to us is processed in accordance with Data Subjects rights
Protect itself from risks of Personal Data Breaches and other breaches of the Data Protection Laws
2.1This Policy applies to all Personal Data we process regardless of the location where that Personal Data is stored (e.g. on the financial system in Nigeria, or other associate offices in South Africa and Cyprus) and regardless of the Data Subject. All users and others Processing Personal Data on The Company’s behalf must read it. A failure to comply with this Policy may result in disciplinary action.
2.2Every member of staff of PA76 is required to read and assimilate the contents of this policy and to abide by it fully. PA76 shall have the right to seek redress against any member of staff whose failure to comply with this policy in any manner whatsoever results in damages being sought or awarded, or any legal action instituted against PA76.
2.3 The Data Protection Officer is responsible for ensuring that all PA76 employees comply with this Policy and should implement appropriate practices, processes, controls and training to ensure compliance.
2.4 The DPO is responsible for overseeing this Policy. The Company DPO is also the CFO, and he can be reached at