Introduction
Everyone has rights regarding the way in which their personal data is handled. We regard the lawful and correct treatment of personal information as integral to the successful operation of this platform and to maintaining the confidence of the people we work and communicate with. To this end we fully endorse and adhere to the principles of the relevant Laws.
Purpose
This policy outlines the data protection policies and procedures we have adopted and to which we abide to ensure we are complaint with the Nigeria Data Protection Act 2023 ("The Act"). The purpose of this policy and any other documents referred to in it, is to clearly list and identify the legal requirements, procedures and rights which must be established when we obtain, process, transfer and/or store your personal data. This policy will assist you in understanding the obligation, responsibilities and rights which arise from the Data Protection Laws.
Notice Statement
In accordance with the Nigeria Data Protection Act 2023 anyone processing Personal Data must comply with the six principles of good practice. These provide that Personal Data must:
- be processed in a fair, lawful and transparent manner;
- only be used for specified, explicit and legitimate purposes for which it was collected;
- be adequate, relevant and limited for the purpose for which it is being processed;
- be accurate and kept up-to-date;
- not be kept longer than necessary to fulfil the purpose of its collection;
- be kept secure and protected from unauthorised processing, loss, damage or destruction, damage or any form of data breach.
Principles of Personal Data Processing
Fair, Lawful and Transparent Processing
For Personal Data to be processed lawfully, the basis for the processing must be one of the legal grounds set out in The Act. These include, among other things, your written consent to the processing, or that the processing is necessary for the performance of our contract with you.
Processing for Specified, Limited and Legitimate Purposes
In the course of our business, we shall process the Personal Data we receive directly from you (for example, by you completing forms, questionnaires or by sending us papers or from you corresponding with us by mail, phone, email or otherwise) and your Personal Data which we receive from any other source for a legitimate purpose.
We shall only process your Personal Data to fulfil and/or enable us to satisfy the terms of our obligations and responsibilities in our role as your Data Controller and Processor or for any other specific purposes permitted by The Act.
Adequate, Relevant and Limited Processing
We will only collect and process your Personal Data as required to fulfil the specific purpose/s identified in this policy.
Accurate and Up-to-date Data
We shall ensure that all Personal Data held is accurate and up to date and will check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. If you become aware that any of your Personal Data is inaccurate, you are entitled to contact us and request that your Personal Data is amended.
Storage Limitation
We will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. Once Personal Data is no longer required, we will take all reasonable steps to destroy and erase it.
Keeping Your Personal Data Secure
Our employees and contracted personnel are bound to our privacy policies, procedures and technologies which maintain the security of all your Personal Data from the point of collection to the point of destruction.
Lawful Basis
We collect and process information about you only where we have a lawful basis for doing so, and as such when we process your personal information it will be done in a lawfully, fairly, and transparent manner.
In accordance with Section 25(1) of the Nigeria Data Protection Act 2023, we will only collect and use your information only where:
- you give us consent to do so for a specific purpose; or
- it's necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- it satisfies a public or legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
- we need to process your data to comply with a legal obligation.
Purpose and Use of Your Information
We only collect information that you voluntarily provide to us when you log in to the portal, fill in the initial Education Personnel Management Information System (EPMIS) questionnaire or otherwise when you contact us. The information we collect can be categorised as:
Personal Data
We will only collect and process personal information where you have consented to this privacy policy or as otherwise permitted by applicable law, we process the following categories of personal information:
- Name
- Date of Birth
- Contact number
- Home address
- Employment information
Sensitive Personal Data
We will only collect and process sensitive information where you have consented to this privacy policy or as otherwise permitted by applicable law, we process the following categories of sensitive information:
- Racial and Ethnic Background
- Biometric Data
Purpose Statement: We collect this information on behalf of the Niger State Government for the purpose of understanding the qualifications and experiences of teachers and non-academic staff in Niger State and to support the development of the education sector. In the interest of public benefit and legitimate administrative needs, this includes policy formulation, resource allocation, workforce planning, remuneration, maintaining accurate records for effective management and other measures for the overall improvement of the Niger State education system.
Sharing Your Data
There may also be other times when we may need to share your Personal Data. This section discusses how, when, why and who we might share your Data.
Recipients of your personal data
Your personal data will be shared with the Niger State government authorities for the legitimate interests of regulatory, administrative, statistical, and financial purposes outlined above. However, this portal is solely for hosting your profile and does not handle or guarantee salary payments by us or any third party.
Such disclosures will be made in compliance with applicable data protection laws and only for lawful and legitimate purposes. Niger State government will only receive the data for the stated purposes.
Third Party Disclosure
In the course of us fulfilling our role as Data Controller it will be necessary for us to disclose your Personal Data in certain situations:
- To enforce or apply any contract or other agreement with you.
- We may disclose any information about you (including your identity) if we determine that such disclosure is necessary and compliant with any applicable law, regulation, legal process or lawful government request.
- We may also disclose your information when we determine that applicable law requires or permits such disclosure, including exchanging information with third other companies and organisations for fraudulent protection purposes.
- To protect our rights, property, or safety and that of our employees, members, or others, in the course of investigating and preventing money laundering and fraud.
- There may also be situations in which it is necessary for us to disclose your Personal Data to other third parties.
Cross Border Transfers of Personal Information
The personal information we collect is stored and processed in Nigeria and the United Kingdom, where we or our data users maintain our operation facilities. By using this portal and providing us with your personal information, you consent to the disclosure to these overseas parties.
We will ensure that any transfer of personal information to countries outside Nigeria will be protected by appropriate safeguards by ensuring such countries have standard and adequate data protection laws and security measures in place; such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, applicable in the United Kingdom.
Rights of Data Subject
Subject to the provisions of the Act, we will process and manage all your Personal Data in line with your rights:
- confirmation as to the information being stored or processed by the data controller or data processor;
- obtaining a copy of your personal data;
- the correction or deletion of personal data that is inaccurate, out of date, incomplete or misleading;
- the erasure of personal data (subject to our overriding legal obligations);
- withdrawing consent to the processing of personal data and to the processing of personal data for direct marketing purposes;
- requesting access to any data we hold about you;
- objecting to the processing of your personal data;
- not be subject to automated decision making;
- be notified of a data security breach which affects your rights and freedoms, without undue delay;
Data Subject Requests
Access and portability requests
You are entitled to request information about the different categories of personal data and purposes of data processing; recipients or categories of recipients who receive your Personal Data, details on how long your Personal Data is stored for, information on your Personal Data's source and whether the Data Controller uses automated decision-making.
Correction requests
You are entitled to request we correct inaccurate, out of date, incomplete, or misleading Personal Data and we will update or erase the information as required, subject to overriding legal obligations.
Erasure requests
You can exercise your "right to be forgotten" and can request we erase your Personal Data. Once receiving a request, we must erase the Personal Data without delay, unless an exception applies.
Verifying your request
To exercise any of these rights, please submit your request through our support form with accurate details for prompt review. Alternatively, contact us Monday to Friday, 8:00am to 5:00pm at +234 913 644 4110.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system.
Data Security
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we store and process.
For your comfort, below is a notice of the safeguards we have put in place to protect your constitutional rights to privacy. Some of the measure put in place include our Data Protection Policies, Data Access and Authorisation and Authentication, Data Protection Impact Assessments, Secure storage and Recovery systems, Data Breach Policies and more.
Important Notice: However, despite our safeguards and best efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that unauthorised persons or intermissions will not be able to defeat our security and improperly collect, access or modify your information.
If you have any concerns regarding a data breach, please submit your concern through our support form or contact us Monday to Friday, 8:00am to 5:00pm at +234 913 644 4110.
Retention Period of Personal Data
In accordance with the Act, we will not hold data any longer than it is necessary in relation to the purposes of which the data is collected or processed. We will also not hold the data where there is no longer a lawful basis to do so. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect yours, ours or the vital interests of another natural person.
Your Complaints
If you feel that your questions or concerns regarding your Personal Data have not been dealt with adequately or that your request has not been fulfilled by us, you can use our complaints procedure by submitting through our support form with accurate details for prompt review. Alternatively, contact us Monday to Friday, 8:00am to 5:00pm at +234 913 644 4110.
Nigeria Data Protection Commission
If, at the conclusion of our complaints procedure you do not feel that we have adequately dealt with your complaint you may make a complaint directly to the supervisory authority; NDPC: Nigeria Data Protection Commission's Office at:
- Address: No.12 Dr Clement Isong Street, Abuja
- Tel: +234 (0) 916 061 5551
- Email: INFO@NDPC.GOV.NG
Company Information
MRL® Public Sector Consultants Ltd ("MRL® Ltd") has determined the purposes for which, and the manner in which, your Personal Data is processed. It's place of business is located at Pepple House, 8 Broad Street, Great Cambourne, Cambridge CB23 6HJ.
This policy belongs to the MRL® Public Sector Consultants Limited which is registered by Companies House in the United Kingdom.
We are registered as a Data Controller of Major Importance by the Nigeria Data Protection Commission and as a Data Controller on the Register kept by the Information Commissioner's Office UK.
Changes to this Policy
We may update this privacy notice at our discretion and to reflect current acceptable data compliant practices. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to also review this privacy notice frequently to be informed of how we are protecting your information.
Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
Contact Us
If you have any questions or suggestions, please submit your inquiry through our support form with accurate details for prompt review. Alternatively, contact us Monday to Friday, 8:00am to 5:00pm at +234 913 644 4110.
