1. General Policy Scope
- Soft Alliance and Resources Limited set forth how it shall manage the Personal Data collected in the normal course of business. Any data provided are handled confidentially to ensure that the content and service being offered are tailored to specific requests, needs, and interests.
- This Policy applies to:
- All investors, operators, individuals, or employees who provide Personal Data using any channel;
- All functional areas and Soft Alliance sites in the scope of the NDPR
- All methods of contact, including in-person, written, via the Internet, direct mail, telephone, or other data capturing channels/methods.
- This Policy is designed also to inform all stakeholders about their obligation to protect the privacy of all stakeholders’ information and the security of Personal Data.
- This document applies to the entire Nigerian Data Privacy Regulation scope.
2. Purpose and Users
- Soft Alliance and Resources Limited software development needs to gather and process certain information about individuals with whom it has a relationship for various purposes, but not limited to the recruitment and payment of staff, relationship management with Members, issuers, investors, collection of personally identifiable information on their platforms, In light of the emerging data regulatory environment that requires higher transparency in how companies manage personal information, the Company must ensure that its business operations align with global best practices on the protection of rights and privacy of individuals. This Policy is designed to inform all stakeholders about their obligation to protect the privacy of all stakeholders’ information and the security of Personal Data.
- This document applies to the entire Nigerian Data Privacy Regulation scope. Users of this document are all employees of Soft Alliance and service providers.
3. Policy Statement
All data in the custody of Soft Alliance shall be handled with utmost privacy and protection. Soft Alliance shall comply with all legislation and regulations applicable to its business and operations regarding data protection and privacy. All personal data shall be classified in line with Soft Alliance Information Classification Policy.
This policy document describes how we use and protect Your Information and the control you have over it. Soft Alliance respects your privacy and will keep all your details confidential.
5. Terms and definitions
- Database Administrator/ Processor is a specialized computer systems administrator who maintains a successful database environment by directing or performing all related activities to keep the data The top responsibility of a DBA professional is to maintain data integrity.
- Data Controller means a person who either alone, jointly with other persons or in common with other persons or as a statutory body, determines the purposes for and how personal data is processed or is to be processed.
- Data Portability means the ability for data to be transferred easily from one IT system or computer to another through a safe and secure means in a standard format ▪ Nigeria Information Technology Development Agency – NITDA
- Data Protection Compliance Organization (DPCO) means any entity duly licensed by NITDA for training, auditing, consulting, and rendering services and products for compliance with Nigeria Data Protection Regulation, or any foreign Data Protection law or any other regulation affecting in Nigeria.
- Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Data means facts and statistics collected together for reference or analysis.
- Database refers to a structured set of data held in a computer, especially one that is accessible in various ways.
- Data Subject/PII Principal means an identifiable person; one who can be identified directly or indirectly, in particular by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.
- Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which when collected together can lead to the identification of a particular person, also constitute personal data.
- Data breach is a security incident in which information is accessed without authorization.
- Record a thing constituting a piece of evidence about the past, especially an account kept in writing or some other permanent form, means public record and reports in creditable news media
- Sensitive Personal Data means data relating to religious or other beliefs, sexual tendencies, health, race, ethnicity, political views, trade union membership, criminal records, or any other sensitive personal information.
The purpose of this policy is to:
- Protect the company from the risks of a data breach.
- Disclose how Soft Alliance stores and processes data of individuals.
- Protect the rights of staff, members, and stakeholders.
- Comply with the regulation and follow international best practices.
7. Data Protection Regulation
The Regulation was established in January 2019 which provides information on the gathering, storing, and processing of personal data (regardless of whether data is stored electronically, on paper, in transit, or on other materials), and protects the rights and privacy of all individuals. The Regulation applies to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.
Controllers and Processors
Customers and PII Principals are the controllers and Soft Alliance is the processors of personally identifiable information/data. Other sub-processors are our service providers. Any update of this policy or changes in status will be communicated to all relevant stakeholders.
8. Governing Principles of Data Protection
The Regulation mandates every data processor to process any personal data following the governing principles of data protection. To comply with the obligation undertakes to adhere to the following principles
8.1. Data processing
- All forms of data processing will be done transparently. In-line with the European Union General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR), all policies have been updated to ensure that your data is being processed lawfully.
- By using our service, you give your consent to process your data per these policies and our Terms of Services (ToS). All Information will be stored and easily accessible for as long as the purposes for which they were collected exist. However, retention of information may be done where there is a need for legal necessaries like invoices, audit logs, subscription information.
8.2. Lawful Processing
The Company shall process personal data of individuals if at least one (1) of the following applies:
- The data subject has given consent to the processing of his or her data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
- Processing is necessary for compliance with a legal obligation to which Soft Alliance and Resource Limited is a subject.
- Processing is necessary to protect the vital interests of the data subject or another natural person.
8.3. Procuring Consent
To fulfill the requirement of the Regulation, personal data will be processed by the rights of the data subject. The Company’s business operations will be guided by the following:
- The Company shall request for consent in a manner that is distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language, where the data subject’s consent is given in the context of a written declaration.
- The Company shall inform the data subject of his/her right and the ease to withdraw his/her consent at any time.
- To operate and maintain your account, and to provide you with access to the Website and use of the Apps and Services that you may request from time to time. Your email address and password are used to identify you when you sign into the Platform. Your device-IDs are used to ensure that you are in control of the devices that have access to your subscription.
- To seek your participation in surveys, to conduct and analyze the results of those surveys if you choose to participate.
- To provide you with technical support.
- To respond to you about any comment or inquiry you have submitted
- To prevent or take action against activities that are, or maybe in breach of our Terms of Service (ToS) or applicable law.
- For identification and verification purposes.
- For marketing, sales, and promotional activities.
- For product development, to build higher quality and more useful services.
- For security purposes and other purposes stated in these policies.
- The company shall request for consent of the data subject where data may be transferred to a third party for any reason.
- Soft Alliance shall only obtain personal information for the specific purpose of the collection after which consent is sought from the data subject to processing of his or her data and the legal capacity to give consent, where processing is based on consent.
8.4. Due Diligence and Prohibition of Improper Motives
To align with these requirements, the Company shall:
- Process and retain personal information for its stated and communicated purpose only.
- Take reasonable measures to ensure that a party to any data processing contract does not have a record of violating the regulation and such party is accountable to NITDA or a reputable regulatory authority for data protection within or outside Nigeria.
8.5. Data Security
Soft Alliance has established the necessary technical and security measures to prevent unauthorized or unlawful access to or accidental loss of or destruction or damage to personal Information.
To ensure the safety of personal information
- Secured web services have been configured to run within a virtual private connection and an SSL certificate to make sure that all communications are made over HTTPS, SFTP using TLS.
- Development of security measures including but not limited to protecting systems from hackers, setting up firewalls and protection email systems, secure storage of data, employ data encryption technologies.
- Development of organizational policy for handling personal data and other sensitive or confidential data and Continuous capacity building for all staff are also strategies to ensure data privacy in-house.
8.6. Data Processing Contracts with interested/third parties
To ensure compliance with the Regulation, being a data controller, the Company shall:
- Establish a written contract that shall be signed by a third party that will process the personal data of individuals.
- Ensure that such third party process the data obtained from data subjects complies with the regulation
8.7. Data Subject’s Rights to information
- As a user, you have certain rights/control over the information you submit to us. You have the right;
- To access and confirm your Information.
- To withdraw your consent from processing your Information (this does not affect already processed information).
- To rectify or update any inaccurate or outdated information.
- To know the purpose of processing your Information.
- To restrict the processing of your Information.
- To erase any information, we hold about you.
- To request a copy of the information we keep about you.
- To object/refuse your Information for direct marketing.
- For portability, if feasible.
- The accuracy of the personal data is contested by the data subject for a period enabling Soft Alliance to verify the accuracy of the personal data.
- Provide personal data concerning data subjects, in a structured manner, commonly-used and machine-readable format to such data subjects.
- Not hinder the data subject from transmitting those data in its database to another company where the processing is based on consent, on a contract, and processing is carried out by automated means.
- Execute data subjects’ requests on the transmission of their data to another company, where technically feasible.
- When you request to exercise any of the above rights, we shall provide you with your personal information and other necessary information as requested by you. However, we reserve the right to charge you or refuse your request where we notice that your request is repetitive or excessive. Your rights to erasure of your Information does not apply to legal necessaries like invoices, audit logs, subscription information, and your Information archived on our backup systems which we shall securely isolate and protect the use of it from any further processing, to the extent required by applicable law,
8.8. Transfer of information to a Foreign Country
- The Company shall comply with the regulation and any transfer of personal data that is undergoing processing or is intended for processing after transfer to a foreign country or an international organization shall take place subject to the provisions of the Regulation.
9. Assigning Roles and Responsibilities
Board must ensure that Soft Alliance is nurturing public trust and complying with regulations as they take advantage of data collected from customers. They must also enforce and ensure compliance with documented privacy policies per NDPR.
9.2. Executive Management Committee
- The main role of the privacy committee should be to make strategic recommendations about data security across the company.
- Ensure data protection objectives are established and aligned with the strategic direction of the Company.
- Ensure the availability of resources needed for the protection of data.
- Communicate the importance of effective data protection in the company and of conforming to its requirements.
9.3. Data Protection Officer
- The primary role of the data protection officer (DPO) is to ensure that Soft Alliance processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
- Keep Executive Management updated about data protection responsibilities, risks, and issues.
- Review all data protection procedures and related policies, in line with an agreed schedule.
- Arrange data protection training and advice for the people covered by the policy.
- Handle data protection questions from staff and anyone else covered by the policy.
- Deal with requests from individuals to obtain the data Soft Alliance holds about them.
- Review and approve any contracts or agreements with third parties that may handle the company’s sensitive data.
9.4. Head, Solution Delivery.
- Evaluate any third-party services Soft Alliance is considering using to store or process data such as private cloud computing services.
- Ensure all systems, services, and equipment used for storing data meet acceptable security standards.
- Perform regular checks and vulnerability scans to ensure adequate security of hardware and software used in the data processing.
9.5. Quality Assurance
- Provide reasonable assurance regarding the achievement of the operational objectives, such as the effectiveness and efficiency of the security controls.
- Carry out internal audits and report findings to the Executive Management Committee.
- Recommend preventive and corrective action.
9.6. Human resource
- Must ensure everyone is informed and up to date when it comes to keeping information safe.
- HR ensures that the user’s data is only being used for what the original owner intended and agreed to. While the process is lengthy, it saves a lot of legal trouble and potential theft.
- Ensure the pillars of an exit strategy should be put in place as soon as the employee joins the company, ensuring as few misunderstandings as possible. Keeping good communication and appropriate company culture can help breaches like this from ever happening.
10. Policy Review
This policy shall be reviewed at least annually to ensure effectiveness and continual application and relevance to the company’s business or as may be required. Kindly follow-up on this policy from time to time to ensure that you have up-to-date information.
Anyone breaching information security policy may be subject to disciplinary action. If a criminal offense has been committed further action may be taken to assist in the prosecution of the offender(s).
All policy breaches shall be escalated to the Head – Cloud Services and Security.
12. Policy Exceptions & Retention
A policy exception represents a circumstance whereby an employee of Soft Alliance knowingly deviates from a requirement of the Policy. All Policy exceptions must be approved by the MD/CEO of Soft Alliance Limited.
All documentation shall be maintained under the Soft Alliance policy for retention of documents and records or as regulation require.
13. Contact us
The website is owned and operated by Soft Alliance and Resources Limited, a company registered in Nigeria. If you have any questions or comments about this policy, or if you would like us to update information we have about you or your preferences, please email: – email@example.com