Our Privacy Policy

Last Updated: Feburary 23rd ,2023

Introduction

This document is prepared in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Nigerian Data Protection Regulation (NDPR). It sets out how Johan Consults Limited applies and complies with the principles of the regulations in processing the personal data of individuals, clients, vendors, and even third parties that interact with Johan Consults Limited. This privacy policy describe how we collect, secure and process your personal information for the purpose which we collect your personal data for.

Please take your time to read this policy. It is very important to check our privacy page regularly, for any new updates to the policy. If we make any change that we consider to be important, we will inform you by updating the date above alongside with a signal that we have just updated this policy. We shall also contact you using other communication tools at our disposal.

Who we are?

Johan Consults is a leading I.T Management Consulting firm, one which integrates the classic approach to management consulting with cutting-edge technological expertise. This ability to consistently apply contemporary management systems with critical thinking in the age of disruptive technological advances is the success factor for determining our continued successful business performance into the future.

We provide top-notch consulting services as well as innovative products and services for top clients across key industry sectors including Financial Services, Insurance, Healthcare and Bio-Informatics, Life Sciences, Manufacturing and Logistics, Retail and Marketing, Media, Entertainment and Government. In addition, we also focus in providing advisory approach in managing and protecting sensitive information, upholding individuals’ privacy rights, and maintain trust and confidence in data handling practices. We play a vital role in enhancing individual and organizational capabilities, fostering innovation, and driving positive change across various sectors and industries.

Information we collect

The personal data we would collect and process, depending on the particular processing requirement, are under the following categories:

“Device and device event information”: IP address, unique device identifier, the nature of the device which you used to access Our Site, the geographic location of your device, hardware model and settings, operating system details, browser type and version, browser language, system activity and crashes;

“log information”: Details of how, when and for how long you accessed and used Our Site and other site traffic and use information, landing pages, which pages you accessed and viewed, the amount of time spent and what you did on those pages, details about games you played, how you interacted with other site users, and exit pages;

“Location information”: We may use various technologies to determine your actual location, such as geographical data from your device (which is usually based on the GPS or IP location); and “unique application numbers”: Certain services include a unique application number. This number and information about your installation (e.g. the operating system type and application version number) may be sent to us when you install or uninstall such a service or when that service periodically contacts our servers, such as for automatic updates.

“Individual/Company bio data”: These information are collected directly from you before project kick-off. These are, the company’s contact person full name, email address, company RC number, company office address and various company policies/procedure document.

Why do we need the personal data?

We use the information we collect to provide, maintain, and improve our services, to develop new ones, and to protect us, our services, and our users. We constantly strive to improve our users' experience, and so we also use the information we collect to offer you information and content which is more appropriately tailored for you.

We may collect and use your Personal Information to:

Purpose of Processing	Lawful Basis of Processing
To register you as a new user	We need to process this information to meet our contractual obligations.
To use our services	We need to process this information to meet our contractual obligations and to comply with our legal and regulatory obligations.
To communicate with you about any new update on our site, services and any changes to our terms and conditions or Privacy Policy	We need to process this data to meet our contractual obligations; to comply with our legal obligations; and it is our legitimate interest to keep accurate records.
To receive feedback from you about our services	We need to process this data to meet our contractual obligations and it is our legitimate business interest to understand how we can improve our products and services.
To provide customer support services	It is in our legitimate business interests to respond to any communications we receive from you. If you do not provide us with this information, we would not be able to identify you as our customer.
Payment of staff salaries	We need to process this information to meet contractual obligation we both agreed on.
For training purpose	It is in our legitimate interest business interest to provide you with helpful service.

Where Legitimate Interest is considered the legal basis for processing personal data, Johan Consults Limited shall follow the steps below in carrying out a Legitimate Interest Assessment.

1. Determine the Purpose for Processing

In carrying out the purpose test, Johan Consults Limited must establish the exact reason for the processing and how it benefits the organisation. Answers to the following shall be provided to determine the exact purpose for processing:

Description of the processing objective
The likelihood of meeting the objective and how to determine if the objective was met
The benefit of the processing and the significance to the organisation
Description of the possible impact of not processing and any other issues that might be relevant.

2. Determine the Necessity of the Processing

Johan Consults Limited must establish why the processing must take place, how the processing relates to the expected benefits, and any other alternatives and why there were not considered.

3. Balance the identified interest with the Privacy Interest of the Data Subjects

The following questions will be addressed under the balance test:

Who are the data subjects (category)?
What is the relationship between Johan Consults Limited and the data subject
What personal data is to be processed
How will the processing impact the data subject
How will the data subject react to the processing

Johan Consults Limited records this information in line with this policy, data protection impact assessment, and data inventory.

Disclosure of personal data

Disclosure of personal data can have serious consequences for individual/organisations including privacy violations, identity theft, financial fraud, reputational damage, and emotional distress. We would take appropriate measures to protect personal data and ensure compliance with privacy laws and regulations to minimize the risk of authorized disclosure. Johan Consults Limited will not pass on your personal data to third parties without first obtaining your consent. Where there is a need for a third party to process the personal data of data subjects, Johan Consults Limited will enter into a Data Processing Agreement with the third party and be satisfied that the third party has adequate technical and organisation measures in place to protect the data against accidental or unauthorised access, use, disclosure, loss, or destruction.

In a case where the disclosure is to third parties outside the jurisdiction of the GDPR and NDPR, Johan Consults Limited will ensure that the third party meets the core regulatory standards prior to the transfer. This may include transferring the personal data to the third party where Johan Consults Limited has satisfied that:

the country of the recipient has adequate data protection controls established by legal or self-regulatory regime
Johan Consults Limited has a contract in place that uses existing or approved data protection clauses to ensure adequate protection
Johan Consults Limited is making the transfer under approved binding corporate rules
Johan Consults Limited is relying on approved codes of conduct or certification mechanisms, together with binding and enforceable commitments in the foreign country or international organisation to apply the appropriate safeguards in relation to data subject rights
Provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

Right of access

You have the right to request a copy of the information that we hold about you. Access to this information may be subject to an administrative fee if your request is manifestly unfounded, excessive, or repetitive.

Right to rectification

You have a right to insist that we correct data that we hold about you that is inaccurate or incomplete.

Right to restriction of processing

Where certain conditions apply you have a right to restrict the Processing of your data, for instance how we market to you.

Right to data portability

You have the right to have the data we hold about you transferred to another organisation or provided to you in a machine-readable word format.

Right to object to processing

You have the right to object or remove your consent for certain types of Processing such as direct marketing.

Right to raise a complaint

You have the right to complain if you have cause to be concerned about the way we capture, treat, or Process your personal information.

Data security

We implement appropriate, generally accepted technical and organisational measures to protect your personal data against unauthorised or unlawful Processing, accidental loss, destruction, or damage, including encryption where appropriate.

We have taken reasonable technical and organisational measures to secure the integrity of information we collect about you, using accepted technological standards to –

prevent unauthorised access to or disclosure of your Personal Information; and
protect your personal information from misuse, loss, alteration, or destruction.

In Particular:

From time to time we review our information collection, storage and Processing practices, to keep up to date with best practice.
We create a secure back-up for operational and safety purposes.
We create, protect, and retain systems audit records to maintain integrity and enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate systems activity.
We installed anti-virus software on all project lead system to ensure that its free from malwares.

In addition, we also use a data protection and privacy regulation compliance management tool to enhance our compliance with data protection laws and other obligations.

Retention

Your personal data or any other information collected will be stored for as long as necessary to fulfil the purposes described in this policy. However, we will also retain personal data based on relevant provisions of applicable laws, to resolve disputes, and enforce our legal agreements and policies. In compliance with the GDPR/NDPR data retention policy, Johan Consults Limited will process your personal data from when the project start till the completion of the project with the contact person from your firm and will retain the personal data until cessation of business between Johan Consults Limited and your organistion.

This retention period has been established to enable us to use the personal data for the necessary legitimate purposes identified, in full compliance with the legal and regulatory requirements. When we no longer need to use your personal information, we will delete it from our system, and our storage platform.

Please note that your data may be retained for a more extended period, notwithstanding your request to remove your data, where there is a legal requirement to do so.

Compliants

If for any reason you wish to make a complaint about how Johan Consults Limited processes your personal data, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and the Data Protection Officer of Johan Consults Limited.

Below are the details for each of these contacts:

Supervisory Authority: info@ndpc.gov.ng

Johan Consults Limited’s Project Lead: hawa@johanconsults.com

Interested in learning more? Request a demo with one of our analysts.

Products page subscribe form (#4)

Full Name

Company

Business Email

Select Country

Stay on top of global data regulations by subscribing to our newsletter. By submitting this form, you acknowledge the Terms and Conditions and Privacy Policy . We will not share your information and will remove your information upon request.