ZSR Nigeria Limited Global Data Protection Policy
Introduction
ZSR Nigeria Limited (“ZSR” or “the Company”) is committed to protecting the privacy and security of personal data. This Global Data Protection Policy outlines the principles and practices ZSR adheres to in order to comply with global data protection regulations, including the General Data Protection Regulation (GDPR), Nigeria Data Protection Regulation (NDPR), and other applicable data protection laws.
1. Purpose and Scope
This policy applies to all employees, contractors, and partners of ZSR who handle personal data. It covers all personal data processed by ZSR in relation to its student recruitment activities, including the collection, use, storage, and transfer of personal data.
2. Data Protection Principles
ZSR adheres to the following data protection principles:
- Lawfulness, Fairness, and Transparency**: Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: Personal data is accurate and, where necessary, kept up to date. Inaccurate personal data is erased or rectified without delay.
- Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organisational measures.
3. Legal Basis for Data Processing
ZSR processes personal data on the following legal bases:
- Consent : The data subject has given consent for one or more specific purposes.
- Contractual Necessity : Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal Obligation : Processing is necessary for compliance with a legal obligation to which ZSR is subject.
- Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by ZSR or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
4. Data Subject Rights
ZSR respects the rights of data subjects and ensures they can exercise their rights, which include:
- Right to Access : Data subjects can request access to their personal data and obtain information about how it is being processed.
- Right to Rectification : Data subjects have the right to request correction of inaccurate personal data.
- Right to Erasure: Data subjects can request the deletion of their personal data under certain conditions.
- Right to Restrict Processing : Data subjects can request the restriction of processing of their personal data.
- Right to Data Portability : Data subjects can request the transfer of their personal data to another controller.
- Right to Object: Data subjects can object to the processing of their personal data based on legitimate interests or direct marketing purposes.
- Right to Withdraw Consent : Where processing is based on consent, data subjects have the right to withdraw consent at any time.
5. Data Security
ZSR implements appropriate technical and organizational measures to ensure the security of personal data, including:
- Access Controls: Limiting access to personal data to authorized personnel only.
- Data Anonymization: Where possible, personal data is anonymized to protect the identity of data subjects.
- Regular Security Audits: Conducting regular audits and assessments to identify and address security vulnerabilities.
- Incident Response Plan: Establishing procedures to respond to data breaches, including notification to affected data subjects and relevant authorities as required by law.
6. Data Transfers
ZSR ensures that any transfer of personal data to a third country or international organization is conducted in compliance with applicable data protection laws. Transfers are only made to countries or organizations that provide an adequate level of data protection, or where appropriate safeguards are in place.
7. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. ZSR establishes retention periods for different types of data and ensures that data is securely deleted or anonymized when it is no longer needed.
8. Compliance and Accountability
ZSR is committed to compliance with this policy and applicable data protection laws. The company appoints a Data Protection Officer (DPO) to oversee data protection activities and ensure adherence to this policy. Regular training is provided to employees to raise awareness of data protection responsibilities.
9. Policy Review
This Global Data Protection Policy is reviewed and updated regularly to ensure its effectiveness and compliance with changing legal requirements and best practices. All amendments are communicated to employees and relevant stakeholders.
10. Contact Information
For questions or concerns regarding this policy or data protection practices at ZSR Nigeria Limited, please contact:
Data Protection Officer
ZSR Nigeria Limited
KAF MALL, 130 Ikotun-Idimu Road, Alake Bus stop, Ikotun, Lagos
datacompliance@zsrng.com
2348159692122