During your interaction with us, Jotna Nigeria Ltd, and other associated entities (hereafter referred to as “Jotna”, “We”, “Our”, and “Us”) might obtain your information through the mediums defined below. In addition to the purposes set out below, we may use all or a combination of this information to defend our legal rights and comply with the law and regulatory requirements.
A. SCENARIOS VIA WHICH PERSONAL DATA MAY BE COLLECTED AND INFORMATION THAT WE COLLECT
- As a recruitment candidate undergoing a recruitment process with any of our associated entities, we may collect your name; postal address; postal address; telephone; nationality; place of birth; identification documents; qualification documents; and medical test results (if successful in our recruitment process).
- As a website visitor visiting the corporate website of any of our 4 associated entities, we may collect your name; telephone number; personal email address; cookies (necessary); and JWT web tokens.
- As a vendor providing us with a service or goods, we may collect your name; telephone; business/personal email address of contact persons; and/or individuals with a position of significance (Director, Executive Management).
- As a distributor being part of our supply chain in distributing our products to wholesalers and retailers alike, we may collect your name; telephone, business/personal email address of contact persons, and/or individuals with a position of significance (Director, Executive Management).
- As a customer using any of our goods or products, we may collect your name; telephone; business/personal email address of contact persons, and/or individuals with a position of significance (Director, Executive Management).
- As a visitor to any of our office premises, we may collect your name; telephone; video footage and personal email address.
B. BUSINESS/COMMERCIAL PURPOSE FOR PROCESSING AND LAWFUL BASIS UPON WHICH WE RELY ON TO PROCESS YOUR DATA.
Business/Commercial Purpose for Processing | Lawful Basis |
Amongst other purposes, for:
|
|
|
|
As a website visitor amongst other purposes,
|
|
As vendors/distributors/customers amongst other purposes, for:
|
|
|
|
C. YOUR RIGHTS AS DATA SUBJECTS
You have rights when it comes to our handling of your Personal Data. Those rights include:
- The right to request a copy of your Personal Data we hold.
- The right to request that the Company erase your Personal Data if it is no longer valid or necessary for the purposes for which it was collected, or if it is incomplete or inaccurate.
- The right to rectify or amend inaccurate or incomplete Personal Data.
- The right to object to Jotna’s processing of your Personal Data if there are compelling legitimate grounds to do so and to the extent permitted by law or regulation.
- The right to receive your Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract.
- The right to lodge a complaint with the Supervisory Authority, Nigeria Data Protection Commission (NDPC) where you believe our processing of your data violates the requirements of the Nigeria Data Protection Act (NDPA).
- The right to request a transfer of your Personal Data to a Third-Party provider of services or Data Controller (data portability).
- The right to withdraw, at any time, consent to the processing of personal data.
- If you have any request to make concerning your Personal Data with us, please contact our Data Protection Officer at dpo@jotna.com.
For requests you make, we would normally require you to provide us with the information necessary to confirm your identity before responding. We shall acknowledge your request within 72 hours and respond within one month unless otherwise required by law.
While we aim to attend to all requests you may make, certain personal information may be exempt from those requests in some circumstances, which may include a need to keep storing or processing information to comply with a legal obligation. If such an exception applies, we will notify you when responding to your request.
D. TRANSFER OF PERSONAL DATA
Personal data collected by us may be transferred within our various divisions or associated entities, with personnel who have a business need to know, as well as transferred to third-party providers. Whichever the case, we will ensure that appropriate safeguards are in place to ensure the protection of your Personal Data being transferred.
The following describes the various scenarios for which we may share your Personal Data with a third party:
Transfer for Service Provision: We employ other companies and individuals to perform functions on our behalf as service providers (these companies may include, logistics companies, security agencies, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on Our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure.
Transfer as a Legal Requirement: We may share your information with other parties when required by law or as necessary to protect our service.
Cross-border Data Transfer: Jotna will not transfer your Personal Data to foreign countries directly. However, we may use business applications and software that have servers located in foreign countries.
Transfer to Related Entities: Your Personal Data may be transferred to any of our associated entities. However, your Data will only be transferred to an associated entity if the transfer is needed to complete or facilitate the processing to which you have consented or which your contract requires.
E. HOW WE ENSURE THE PROTECTION OF YOUR PERSONAL DATA
We use appropriate measures (including physical access controls and secure software and operating environments) to keep your Personal Data confidential and secure.
Please note, however, that these protections do not apply to information you choose to share in public areas, such as third-party social networks.
F. DATA RETENTION
We ensure that your Personal Data is not retained for longer than is necessary. This is subject to any requirement to retain information, to comply with any applicable law, regulation, professional requirements, or standards.
Personal Data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Personal Data. This includes breaches that are the result of both accidental and deliberate causes.
Because we value the privacy and security of your Personal Data, Jotna will take the necessary security measures to protect your data. However, in the event of a privacy breach, Jotna will take the necessary steps to contain the incident and shall report such breach to the NDPC and the affected individuals of the Personal Data breach within 72 hours of being aware of the breach.
H. RIGHT TO AMEND THIS PRIVACY NOTICE
Jotna may, at any time, change its practices and this Privacy Notice. The amended version will be communicated via various business communication channels.
This privacy policy becomes effective from the DD of MM, YYYY.
I. CONTACT INFORMATION
If you have any questions or complaints about our Privacy Policy, please contact us at dpo@jotna.com.