NIGERIA EXPORT PROCESSING ZONES AUTHORITY [hereafter referred to as “Data Controller” or the Authority] is an establishment of the Federal Government of Nigeria. NIGERIA EXPORT PROCESSING ZONES AUTHORITY as the Data Controller is committed to its statutory mandate, namely: to establish, license, regulate and operate highly efficient Free Zones by providing a highly competitive incentive scheme, excellent support facilities and service for the purpose of creating an enabling environment for export manufacturing and other commercial activities. Our statutory mandate is in furtherance of public interest, this forms the overarching lawful basis of our data processing activities.
SECTION 1:- OUR GUIDING PRINCIPLES ON DATA PROCESSING
In processing your personal data, we adhere strictly to the principles of data processing as set out in Article 2.1 of the NDPR. Thus we shall ensure that Personal Data shall only be:
- Collected and processed in accordance with specific, legitimate and lawful purpose consented to by the Data Subject;
- b) adequate, accurate and without prejudice to the dignity of human person;
- stored only for the period within which it is reasonably needed, and
- secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
SECTION 2:- CONSENT OF DATA SUBJECT
Except as otherwise required by operation of law or principles of law, your consent as the Data Subject is the entry point for data processing. You have the right to give, withhold or otherwise withdraw your consent to data processing. For further understanding of the operation of the principle of consent under data processing see Article 2.1(a), 2.2, 2.3 and 2.4 of the NDPR. Those who seek information on our website or other platforms shall be deemed to have given constructive consent to receiving information of specific or of general nature through us from time to time.
SECTION 3:- OUR SCOPE OF DATA PROCESSING
In varying degrees vis-à-vis the service we provide for you or your level of engagement with us, we do process your personal data. Below is a table containing the types of personal data, the purpose and the lawful basis for processing them:
NEPZA DATA TYPES
|S/NO||PURPOSE OF COLLECTION||TYPES OF DATA||LAWFUL BASIS|
|1||COMPANY RESGISTRATION||NAME GENDER, DATE OF BIRTH, SEX, PLACE OF BIRTH, MAILING ADDRESS, RESIDENTIAL ADDRESS, NAME AND ADDRESS OF ORGANIZATION, CONTACT TELEPHONE NUMBER, E-MAIL, EMERGENCY CONTACT (NAME, ADDRESS, CONTACT NUMBERS), APPLICANT SIGNATURE, RECENT PHOTOGRAPH||REGISTRATION OF COMPANIES TO CARRYING ON BUSINESS AT THE EXPORT PROCESSING ZONES.|
|2||NOTIFICATTIONS||TELEPHONE NUMBERS, EMAIL ADDRESS||PROVIDING INFORMATION RELEVANT TO OUR MANDATE|
|4||SECURITY||VISITORS NAME, REASON, TELEPHONE NUMBER, CONTACT ADDRESS.||DUE DILIGENCE.|
|5||EMPLOYMENT||TITLE, SURNAME, FIRSTNAME, OTHER NAME, GENDER, MARITAL STATUS, SEX, DATE OF BIRTH, CONTACT TELEPHONE NUMBER, EMAIL, RANK, QUALIFICATION, STATE OF ORIGIN, LOCAL GOVT. AREA, DATE OF FIRST APPOINTMENT, DATE OF CONFIRMATION, DATE OF PRESENT APPOINTMENT, IPPIS NO, PERSONAL FILE NO, GRADE LEVEL, STEP, STATION (LOCATION), HOUSE/PLOT NUMBER, ESTATE/LANDMARK, STREET NAME, TOWN/DISTRICT,||STAFF EMPLOYMENT DETAILS. DUE DILIGENCE AND MEETING OBLIGATION TO THE EMPLOYEES.|
|6||CONTRACT||PROJECT NAME, TYPE OF PROJECT, COMMUNITY, LGA, STATE, LAND, NAME OF CONTRACTOR, COMPANY NAME, COMPANY ADDRESS, COMPANY TELEPHONE NUMBER, COMPANY EMAIL, COMPANY PROFILE, SIGNATURE||CONTRACTORS DETAILS. DUE DILIGENCE. AND MEETING OUR CONTRACTUAL OBLIGATION.|
|7||CAPACITY BUILDING||NAME GENDER, DATE OF BIRTH, SEX, PLACE OF BIRTH, MAILING ADDRESS, RESIDENTIAL ADDRESS, NAME AND ADDRESS OF ORGANIZATION, CONTACT TELEPHONE NUMBER, E-MAIL, EMERGENCY CONTACT (NAME, ADDRESS, CONTACT NUMBERS), APPLICANT||REGISTRATION OF PARTICIPANTS FOR TRAINING AS PROVIDED IN AUTHORITY’S BUDGET & DUE DILIGENCE|
SECTION 4:- RIGHTS OF DATA SUBJECTS
We hold your privacy rights very dear to our operations. Apart from the right to give, withhold or withdraw consent, you have rights to all relevant information that may guide you in making informed decisions about your personal data. For example, you have the right to be notified of anyone or any place to which we may transfer your personal data. Your rights under the NDPR include but are not limited to the following:
- right to data portability,
- right to erasure,
- right to limit processing and
- right to obtain your data.
See Part 3 of the NDPR for details of the rights of data subjects,
SECTION 5: WITHOLDING RELEVANT DATA
There are types of personal data that are mandatory for us to process in order carry out your instruction or perform our legal mandate for your benefit. If you withhold such information, it may be impracticable to carry out our mandate in relation to you. If you seek more clarification on our data processing contact our designated Data Protection Officer as provided under SECTION 12 below.
SECTION 6:- THIRD-PARTY MARKETING:
As a public establishment, third parties may wish to provide opportunities on our platform for mutual benefits or in public interest. The type of data usually processed for this may be your digital contact such as E-Mail. You have the right to decline such third party offers and further restrict the processing of your personal data. You can simply unsubscribe to the notices sent for the purpose of marketing.
SECTION 7:- TECHNICAL INFORMATION
Customarily, websites are designed to collect certain information from the visitor. Our website is also designed to collect your IP address and other information that your web browser typically shares with the websites that you visit. The purpose of this is to know you better and to automatically and dynamically engage with you through your actions on our website.
SECTION 8:- PERSONAL DATA SECURITY AND INTEGRITY
We use cutting-edge technologies and foolproof protocols to provide you with comprehensive layers of security in the area of personal data. Thus, we are constantly vigilant in preventing cyber-attacks, fraudulent intrusion, unauthorized access, loss or corruption of personal data. We are equally cognizant of the obligations imposed on us by law and third-parties in terms of data protection. Accordingly, we conduct reviews of process and privacy impact assessment, carry out trainings and obtain strict warranties where applicable.
SECTION 9:- PURPOSE AND STORAGE LIMITATION
The purpose of data processing usually determines the length of time within which your personal data is stored with us and the residue of data actually stored for this purpose. We collect and store personal data that are reasonably required by law to serve you or respond to legitimate enquiry about our transaction with you. We take this responsibility very seriously in the knowledge of the need for you to enjoy your privacy as guaranteed under the 1999 Constitution of the Federal Republic of Nigeria and international human rights law.
SECTION 10:- CAVEAT ON WEBSITE LINKS:
SECTION 10:- TRANSFER TO THIRD PARTIES AND COUNTRIES
In carrying out our mandate effectively, we may require the services of third parties who may be within or the outside the NDPR jurisdiction (Nigeria). Examples of such services include but are not limited to the following:
- Internet connectivity,
- cloud storage,
- data analytics,
- data security,
- software development, and
- Legitimate Public interest.
In transferring your data to third parties, we shall be guided by the NDPR as regards the adequacy level of their jurisdictions and data protection compliances respectively. See PART 2 Article 2.11 and PART 3 under the NDPR for details of your right under this section
SECTION 11: USE OF SPECIAL DATA PROCESSING CODES (COOKIES)
Special Data processing codes called cookies are algorithmic devices created to process your personal data on our website. The purpose is generally to optimize your engagement with the website and make our engagement with you more automated and dynamic. Cookies serve as an intelligent menu list without which it will be impracticable to respond appropriately and sustain functional service to you. You have the right to manage your interaction with cookies through your browser or device. Your choices in relation to cookies may determine your access to resources or services that are cookie based.
SECTION 12: DATA PRIVACY SERVICE UNIT (DPSU).
We have provided a platform to respond promptly and satisfactorily to all your requests, suggestions and complaints. This is called the DPSU. We have a Data Protection Officer responsible for prompt action on your data privacy. Contact our DPSU via firstname.lastname@example.org
We have also engaged a Data Protection Compliance Organization (DPCO) Licensed NITDA. The DPCO shall be providing the following services:
- Data protection regulations compliance and breach services
- Data protection and privacy advisory services
- Data protection capacity building
- Data Regulations Contracts drafting and advisory
- Data protection and privacy breach remediation planning and support services
- Information privacy audit
- Data privacy breach impact assessment
- Data Protection and Privacy Due Diligence Investigation
- Data Protection Officer
SECTION 13:- REMEDIATION
Our data subjects shall report any complaint or concern about their data privacy through the DPSU. Our team at the DPSU shall take action to redress any grievance within 7 working days.
The Data Controller reserves the right to alter the foregoing policy for the purpose of advancing data privacy rights or complying with lawful directives of our regulatory authorities.