1. INTRODUCTION

S.P.A. Ajibade & Co. (“S.P.A. Ajibade,” “Firm,” “we,” “us,” or “our”) respects your privacy and is committed to safeguarding the personal data we have, control and/or process concerning you in compliance with applicable data protection laws. 

  • SCOPE

This Privacy Policy applies to all forms of systems, operations and processes carried out by us and within our Firm that involve collection, storage, use, transmission, and disposal of personal data. It applies to our website(s) and all related sites, applications, services, and tools regardless of how you access or use them. It does not apply to processing activities that are not controlled by us, including third-party platforms and websites.

This Privacy Policy is provided to enable you know how we collect, use, share, store, protect, and process your personal data when you use or access our services or website, our lawful grounds for processing your personal data and your privacy rights,.

  • CONSENT

By selecting ‘I Agree,’ accessing or using our services and website in any manner, you indicate to us that you have read and accepted this Privacy Policy and consent to the data practices described herein. 

You agree that upon granting us your consent, you have the legal capacity to give consent, you are aware of your privacy rights and your option to withdraw your consent at any given time. 

If you do not accept this Privacy Policy and do not wish to comply with the provisions set forth herein, you may not use or access our services or website. 

  • THE INFORMATION WE COLLECT

We collect and process the following information about our clients or former clients, partners, vendors, contractors, current, past, and prospective employees, website visitors, and other individuals whom we communicate or deal with, jointly and/or severally: 

  • basic details such as name, previous name, title, employer or former employer, date, and place of birth, etc.
  • contact details – address, email address, mobile numbers, etc; 
  • identity information – photo identification, nationality, utility bill, national identification card and/or number;
  • information about the way you interact with us (e.g., channels used, geographic information, software used and information concerning your complaints);
  • any personal information required to enable us comply with legal and regulatory obligations;
  • personal information captured in forms or obtained via telephone;
  • cookies and similar technologies;
  • personal information regarding parties in transactions, arrangements, contracts;
  • photos or videos of you from Closed Circuit Television (CCTV) in and around our facilities;
  • confidential personal information provided to us or generated by us in the course of providing you with our services; and
  • Other information about you that is voluntarily provided by filling online forms or by communicating with us, whether face-to-face or via other available channels (e.g., by phone, email, or on our website).
  • HOW WE USE THE INFROMATION WE COLLECT 

We will only use the information we collect as permitted by the law. We have set out below a description of how we use your information:

  • to represent your interests and provide you with legal and related services;
  • to respond to your comments, questions, inquiries, and customer service requests;
  • to improve our services, platforms, and website content;
  • to send newsletters, technical notices, updates, security alerts, information about events and conferences, and administrative messages to you;
  • to verify your identity and the identities of members of your company;
  • to verify the information you provide;
  • to maintain up-to-date records;
  • for recruitment purposes;
  • to comply with regulatory and legal obligations;
  • to help personalise service experience for you; 
  • to communicate with you; 
  • to protect the rights, privacy, safety, or property of the Firm;
  • to enforce our terms, conditions, and policies;
  • to detect and prevent fraud, malicious and other illegal activities;
  • to resolve disputes that may arise, including investigations by law enforcement or regulatory bodies; and
  • for any other purpose that we disclose to you in the course of providing our services to you.
  • HOW WE PROTECT YOUR INFORMATION

We have established adequate controls to protect the integrity and confidentiality of your personal data and to prevent your personal data from being accidentally or deliberately compromised.

We protect your personal data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. We also utilize industry recommended security protocols to safeguard your personal data. The security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files and only granting access of your personal data to only employees who require it to fulfil their responsibilities.

  1. DATA PROCESSING PRINCIPLES

Your personal data will be:

  • collected and processed in accordance with specific, legitimate, and lawful purposes, consented to by you; 
  • processed adequately, accurately and without prejudice to the dignity of human person; 
  • stored only for the period within which it is reasonably needed and legally permissible; and 
  • secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire, or exposure to other natural elements.
  • GROUND FOR PROCESSING PERSONAL DATA

We use and process your personal data as permitted by the Nigerian Data Protection Regulation 2019 (Nigerian Data Protection Regulation) and other relevant data protection laws. We have set out below a description of the grounds we may rely on to process your personal data: 

  • where you have given us consent to process the personal data for one or more specific purposes; 
  • where processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
  • where processing is necessary for compliance with a legal obligation to which we are subject; 
  • where processing is necessary to protect your vital interests or the vital interests of another natural person; and 
  • where processing is necessary for the performance of a task carried out in the public interest or in exercise of an official public mandate vested in us.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for processing your personal data. Please contact us by sending an email to: (seke@spaajibade.com or lagosoffice@spaajibade.com), if you need details about the specific legal ground we rely on to process your personal data, where more than one ground may have been used to process your personal data. 

  • HOW WE SHARE YOUR PERSONAL DATA 

To enable us render our services to you, we may share your information with trusted third parties, such as software providers, as well as any third party that you have directly authorized to receive your persona data. Your personal data may be stored in locations outside our direct control, for instance, on servers or databases co-located with hosting providers.

We will only disclose your personal data in compliance with applicable laws or legal obligations to which we are bound. 

The third-parties’ websites you engage with through our services or website(s) will have their privacy policies, and we are therefore not responsible for their actions, including their information protection practices. The use of your data by such third parties will be subject to their applicable privacy policies, which you should carefully review.

  1. TRANSFER OF PERSONAL INFORMATION

Third Party Processor within Nigeria

  • We may engage the services of third parties to process your personal data. The processing of personal data by such third parties will be governed by a written contract to ensure adequate protection and security measures are put in place by the third parties for protection of your personal data in accordance with the terms of this Privacy Policy.
  • We may share your information with law enforcement agencies, public or tax authorities or other regulatory authorities or organizations if we believe that such use is reasonably necessary to:
  1. comply with a legal obligation, process, or request (including tax and related reporting requirements);
  2. enforce our Terms of Engagement and other agreements, policies, and standards, including investigation of any potential violation thereof;
  3. detect, prevent, or otherwise address security, fraud, or technical issues; or
  4. protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.

Transfer of Personal Data to a Foreign Country

  • Where your personal data is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such data. We shall, among other things, confirm whether the country is on the National Information Technology Development Agency (“NITDA”) Whitelist of Countries with adequate data protection laws.
  • We will only transfer personal data out of Nigeria on any of the following conditions:
  • your consent has been obtained;
  • the transfer is necessary for the performance of a contract between you and S.P.A. Ajibade & Co. or for implementation of pre-contractual measures taken at your request;
  • the transfer is necessary to conclude a contract between us and a third party in your interest;
  • the transfer is necessary for reason of public interest;
  • the transfer is for the establishment, exercise, or defense of legal claims;
  • the transfer is necessary to protect your vital interests or the interest of other persons, where you are physically or legally incapable of giving consent.

We will take all necessary steps to ensure that your personal data is transmitted in a safe and secure manner. Details of the protection given when your personal data is transferred outside Nigeria shall be provided to you upon request.

  • DATA RETENTION

We will retain your personal data for as long as is required to provide our services to you and comply with our legal and statutory obligations. Even after discontinuance of our services, we may retain certain personal data and transaction data to comply with legal and statutory obligations.  

All personal data shall be destroyed by us where possible. For personal data and records obtained, used, and stored by us, we will carry out reviews of the data periodically to verify the accuracy, purpose, validity, and requirements to retain.

The length of storage of personal data shall, among other things, be determined by:

  • the contract terms agreed between you and us or the length of time it is needed for the purpose for which it was obtained; or
  • whether the transaction or relationship has statutory implication or a required retention period or;
  • whether there is an express request for deletion of the personal data by you, provided that such request will only be treated where you are not under any investigation which may require us to retain your personal data, or there is no subsisting contractual arrangement with you that would require the processing of the personal data; and
  • whether we have a lawful basis for retaining the data beyond the period for which it is necessary to serve the original purpose.



  • PURPOSE LIMITATION

We collect personal data only for identified purposes and where consent has been obtained, such personal data will not be reused for other purposes that is incompatible with the original purpose, except consent is obtained for such purposes.

  1. DATA MINIMIZATION

We only request collect personal data that is relevant, adequate, and necessary for carrying out the purpose for which the data is to be processed or utilized. 

  • COOKIES

Cookies are small pieces of data which are stored by a website through your browser, to enable an improved experience whilst using or browsing a particular website or application and remember your preferences or navigation history and activity.

 

We use cookies on our website(s) to identify you as a user, make your user experience easier, customise our services and content. We also use cookies to mitigate risk, prevent fraud and promote trust and safety on our website. 

Cookies allow our servers to remember IP addresses, date, and time of visits, monitor web traffic and prevent fraudulent activities. The cookies never store personal or sensitive information, and they only hold a unique random reference to you so that once you visit our website, we can recognize who you are and provide certain content to you. If your browser or browser add-on permits, you have the choice to disable cookies on our website, however this may impact your experience using our website.

You can accept or decline cookies by modifying your browser setting to decline cookies if you prefer. 

  • CHOICES AND RIGHTS

If your personal data is held by us, you are entitled to reach out to us to exercise the following rights:

  • Request access to your personal data (commonly known as a “data subject access request”)

This enables you to receive a copy of the personal data we hold about you and to verify if it is being processed lawfully. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may notify you of our refusal to comply with your request in these circumstances. 

Where we have reasonable doubts concerning the identity of the natural person making the request for information, we may request the provision of additional information necessary to confirm the identity of the person. Where data is held electronically in a structured form, such as in a Database, you have a right to receive that data in a common electronic format.

  • Right to request correction of personal data

 This enables you to have any incomplete or inaccurate data we hold about you corrected, and we may need to verify the accuracy of the new data you provide to us.

  • Right to request erasure of your personal data

This enables you to request for deletion or removal of your personal data where there is no good reason for us continue to process it. You also have the right to request that we delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local laws. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will communicate to you, if applicable, at the time of your request.

  • Right to object to the processing of your personal data

Where we rely on a legitimate interest (or those of a third party) there maybe something about your situation which could justify an objection to processing on this ground. For instance, if it affects your fundamental rights and freedom. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedom.

  • Right to request restriction of processing of your personal data

This grants you the right to request that we suspend the processing of your personal data in the following instances: 

  • where you want us to establish the accuracy of the data;
  • where our use of the data is unlawful but you do not want us to erase it; 
  • you need us to hold the data (even if we no longer require it) as you need it to establish, exercise or defend legal claims; or 
  • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party: We will provide you or a third party you have chosen with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

 

  • Withdraw consent at any time where we are relying on consent to process your personal data

Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. This will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain information or services to you. We will advise you if this is the case at the time you withdraw your consent.

You may decline our request to provide your personal data, however, certain services or all services may not be available to you. You may review and update your personal data by contacting us.

  • COMPLIANCE WITH LOCAL AND INTERNATIONAL REGULATORY BEST PRACTICES

We comply with the NDPR on data collection, transmission, usage, and protection. For best practices, we also adopt pertinent best practices per the General Data Protection Regulation (2016/679) (GDPR) to the extent that they do not conflict with Nigerian data protection regulations and laws.

  • UPDATES, MODIFICATIONS AND AMENDMENTS

We reserve the right to update, modify, change, or revise this Privacy Policy from time to time. The changes will not be retroactive, and the most current version of this Privacy Policy which will always be on this page and will continue to govern our relationship with you. We advise that you check this page often, referring to the date of the last modification on the page. 

By continuing to use our services after the changes become effective, you agree to be bound by the revised Privacy Policy.

It is vital that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  • SUPERVISION AND COMPLIANCE

We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy policy and ensuring our compliance with the applicable data protection laws and regulations. 

  1. COMPLAINTS AND REMEDIES

You may file a complaint in accordance with this privacy policy if you believe that any provision of this privacy policy or your privacy rights have been violated in respect of your personal data or if your access to our services have been compromised, to enable us take the necessary steps towards ensuring the security of your personal data. 

All complaint must be addressed to the S.P.A. Ajibade & Co. by sending an email to our Data Protection Officer using the following contact details: 

Name – Miss. Sandra Eke

Email address – seke@spaajibade.com 

 

Please note that, the complaint and resolution procedure is not prejudicial to your right to complain to data protection authorities (in this case, the National Information Technology Development Agency (NITDA)) using the following contact details:

Address:  No. 28 Port Harcourt Crescent, 

   Off Gimbiya Street P.M.B 564 Area 11 

  Garki Abuja 

   Nigeria. 

 

Email: info@nitda.gov.ng

 

We also have a duty of self-reporting of personal data breaches to NITDA within 72 hours of being aware of such breach.  

You may also seek redress in a court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authorities. Kindly contact us in the first instance by sending an email to: (seke@spaajibade.com or lagosoffice@spaajibade.com).

  1. QUESTIONS AND INQUIRIES

You may also contact us if you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights. All questions, comments and requests regarding this policy should be addressed to (seke@spaajibade.com or lagosoffice@spaajibade.com).

  1. If you are in Lagos, we can also be reached at: Suite 201 27a Macarthy Street Onikan Lagos.

GLOSSARY

TERM

DEFINITION

Data Subject

Any person that can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.

Consent

Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, through a statement or a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

Personal Data/Personal Information

Any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others.

Processing

Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Third Party

Any natural or legal person, public authority, establishment, or any other body other than the Data Subject, the Data Controller, the Data Administrator, and the persons who are engaged by the Data Controller or the Data Administrator to process Personal Data.

Personal Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

Foreign Country

Other sovereign states, autonomous or semi-autonomous territories within the international community.

Data Subject Access Request

The mechanism for an individual to request a copy of their data under a formal process which may include payment of a fee.








 

Tell Us About Your Case