Data Privacy Policy

Introduction

Clan is provided by Clan Africa Innovation Limited (“Clan”). At Clan, we value your privacy and we are committed to safeguarding your personal information. All personal information that you provide us will be protected and kept confidential among our affiliates, representatives, and privies. Throughout the website, the terms “we”, “us” and “our” refer to Clan. This Privacy Policy explains how we collect, use, share and protect your personal information in connection with your relationship with us as a user or potential user. It applies to all our clients, potential clients, consultants, partners, technicians and every other person we hold information about. This policy also sets out your rights and who you may contact for further information or complaints. You agree to this Privacy Policy by visiting our website and when you use our services. Your use of our services, and any dispute over privacy is subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.

Our policies are created to provide protection of the confidentiality and security of our user’s personal information. We only require the minimum amount of personal information needed to fulfill our service to our users. Our privacy standards are in compliance with the National Data Protection Regulation (NDPR) and the General Data Protection Regulation (GDPR).

  • 1. Policy Overview.

    • This Privacy Policy describes the process involved in the acquisition, processing, porting, storage, and disposal of your personal data in connection with our websites, portals, web applications, tools, and services. This Privacy Policy also governs your rights regarding the foregoing

  • 2. Scope and Consent.

    • This policy is enforced after you consent to it when you sign-up, and access our products, services, content, technology or functions offered from our websites, WhatsApp bot, and other offerings. However, Clan is not responsible for the handling of information gotten by third-party users/sites through the use of our tools, portal, and services and will not be held liable for any breach or misuse of collected information

  • 3. Data Subject Rights.

    You have rights under the Law in relation to your personal data. You have the right to:

    • Request access to your personal data:

      This is commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to verify that it is been processed lawfully.

    • Request correction of the personal data that we hold about you:

      This enables you to correct any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of the new data you provide to us.

    • Request erasure of your personal data:

      This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be communicated to you, if applicable, at the time of your request.

    • Object to processing of your personal data:

      Where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    • Request restriction or deletion of processing of your personal data:

      You can request a restriction or deletion of your personal data based on the following:
      1. Non-legitimate grounds for the processing
      2. Unlawful processing
      3. Erasure is required for compliance with a legal obligation.
      4. Inaccuracy of personal data.
      5. Change in initial purpose.

    • Request the transfer of your personal data to you or a third party:

      We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    • Withdraw consent at any time:

      Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
    • Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by Contacting Us.
    • All requests shall be made in writing to the Data Protection Officer via email at support@clan.africa.

  • 4. Use of personal information.

    The collection and use of personal data by Clan is guided by certain principles. These principles state that personal data should:

    • Be processed fairly, lawfully and in a transparent manner.
    • Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with such purposes.
    • Be adequate, relevant and limited to what is necessary to fulfill the purpose of processing.
    • Be accurate and, where necessary, up to date.
    • Not be kept for longer than necessary for the purpose of processing.
    • Be processed in accordance with the data subject’s rights.
    • Be kept safe from unauthorized processing, and accidental loss, damage or destruction using adequate technical and organizational measures.
    • To enable us to give you the best service/product and the best and most secure experience.

  • 5. Personal Data Collected and Used in Clan.

    We collect the following personal information in order to provide a personalized and improved experience. Personal Data may be given to us directly by you or by people or companies authorized by you to act on your behalf. We may also collect Personal Data about you from third parties in connection with our services. No Personal Data about you will be collected without your consent.

    Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to provide the services envisaged or requested.

    • Automatic Information:

      In general, website visitors do not need to provide personalized information to Clan. We may collect “aggregate data,” i.e., group data with no personal identifiers such as IP address, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, referral URL, and standard web log data and other information.

      We use this aggregate data to help us understand how the Sites are being used and to improve usability. We also use it to enhance the quality and availability of products and services we offer.

    • Provided Information:

      Personal data that are provided and retained allows Clan provides services to its users. Clan solely holds the information and engages in no contact-sharing program with other organizations. The information collected are:

    • Contact Information:

      first and last name, email address, phone number, town/city/state, Valid Identity Number (which could be BVN, National ID among others), and any other information required to process your information as a user of our platforms.

    • Inquiries:

      When an inquiry is sent to us through our contact form, we use the personal data that you have stated in the contact form to send a response to you. Any personal data received from you shall not be used for any other purpose without your prior consent and knowledge and shall not be disclosed.

    • Promotional Offers from Us

      We may use your Identity, contact, and profile data to form a view on what we think you might be interested in. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

      You will receive marketing communications from us if you have requested information from us or purchased services from us or if you have requested to access or download a resource from us and, in each case, you have not opted out of receiving that marketing.

    • Opting Out

      You can ask us to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you or by Contacting Us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase.

  • 6. Data Retention

    • The data we collect is retained for no longer than necessary to fulfill the stated purposes, or for a minimum period of three (3) years depending on the class of product or service, and may be retained in either a physical or electronic format, according to the Nigerian Data Privacy Regulation (NDPR) 2019.
    • In some circumstances you may be able to ask us to delete your data: see below for further information on the “right to erasure”.

  • 7. Data Storage and Security

    • Clan uses a security-cleared data processor to store files and data on secure cloud-based servers. The data processors are certified under the applicable frameworks and thereby guarantee and operate an appropriate standard of data protection and data security. When your information is processed, we apply the same protections described in this policy and you have the right (upon your request) to be informed of the appropriate safeguards for data protection.
    • We protect your Personal Data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. All data is accessed via secure connections and stored on encrypted servers and encrypted storage services. We also use firewalls and physical access controls for our data centers and information access authorization controls.
    • Despite our best efforts to establish a secure environment for the website, you should be aware that no information is completely secure on the internet. Therefore, you should always take the necessary safeguards and precautions on your own equipment. In the event of an actual or suspected breach of your Personal Data, you shall promptly notify us while we will use our best effort to remedy the breach within the shortest period possible from the date the report is made.

  • 8. Age Restriction

    • You affirm that you are over the age of majority and have the right to contract in your own name, and that you have read the above authorization and fully understand its contents.

  • 9. Archiving / Removal

    • To ensure that personal data is kept for no longer than necessary, the Company puts in place a data retention policy for each area in which personal data is processed and review this process annually. This retention policy considers what data should/must be retained, for how long, and why.

  • 11. Transfer of Personal Data

    • Generally, we do not share your Personal Information with third parties without your consent. For context, third-parties referred to include, business partners, professional advisors, legal or regulatory authority, application program interface (API) Users, security-cleared data processors/subcontractors, who assist us with IT or other related services.
    • We may however share your Personal Information with third parties for the following reasons;
      1. When and if we have a good-faith belief that access, use, preservation, or disclosure, of the information, is reasonably necessary for compliance with a legal obligation.
      2. To enforce applicable terms of service.
      3. Investigation of potential violations; address fraud, security, or technical concerns;
      4. Or to protect against harm to the rights, property, or safety of other users or the public as required by law or by an order of a court.

    • Transfer of Personal Data to Third Countries:

      Clan partners with various technology vendors from time to time. This shall result in a transfer of personal data to a third country or international organization.

      In order to ensure an equal level of security for such transfer in accordance with the NDPR, Clan has chosen to work only with vendors that have entered Standard Contractual Clauses with Clan.

  • 12. Changes to this Policy

    • We may update this Policy from time to time without any prior notice to you or consent. Thus, you are advised to consult this Platform periodically for any changes. We will notify you of any changes by posting the revised Policy on this Platform. Please note that changes shall be effective immediately after they are updated on this Platform.

  • 13. Contact

    • If you want to lodge a complaint over our processing of your personal data or have further requests, please contact the Data Protection Officer directly at support@clan.africa.
    • Clan also maintains an incidence response plan used in dealing with incidents relating to unlawful disclosure, loss, alteration, destruction, access to our user’s personal data collected, transmitted, stored or processed in any way.
    • We will work with the National Information Technology Development Agency (NITDA) to resolve any issues that we cannot resolve with you directly.