Introduction

This privacy policy tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

Who are we?

We are Cybervergent.

You can contact us by email at info@cybervergent.com or by telephone on +234 (1) 290 0808.

The contact details of our Data Protection Officer are:
Frank Iheonu, with email address info@cybervergent.com


How we use your information

When you use our platform

During account creation and documents upload on the Cybervergent platform, we might collect and process some of your personal information.

We only collect the personal data essential for you to create an account on the digital trust platform. The information we collect includes: Your personal information in relation to your account such as your name, email address, business name, organization type, etc.

When you use our website

When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better. Some of the cookies we use are strictly necessary for our website to function, and we do not ask for your consent to place these on your computer.

However, for those cookies that are useful but not strictly necessary we will always ask for your consent before placing them.

When you submit an enquiry via our website

When you submit an enquiry via our website, we ask you for your name, contact telephone number and email address.

We use this information to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry to follow up on your interest and ensure that we have answered to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale.

Your enquiry is stored and processed; we might sometimes share this information with our OEMs. We also use your information to make automated decisions that might affect you. We have kept enquiry emails for two years. CRM records are kept for three years after the last contact with you.

When you sign up for newsletters on our website

When you sign up for newsletters or purchase products from us online, we ask you for your name, address, contact telephone number and email address. We also record your IP (Internet Protocol) address, which is the address of your computer on the Internet.

Your information is stored on our website and on our cloud server. We use the information you provide to make any automated decisions that might affect you. We keep your order information for an indefinite period until you unsubscribe.


Why we need your personal data

We collect personal data about you to enable:

  • Creation of account on the digital trust platform.
  • Audit processes
  • Provide customer support to you
  • Support for other purposes with your consent.

Lawful Bases for Processing Personal Data

We process personal data only where a valid lawful basis exists under the Nigeria Data Protection Act (NDPA) 2023. Depending on the nature and purpose of the processing activity, we may rely on one or more of the following lawful bases:

Consent

We may process your personal data where you have freely given your specific, informed, and unambiguous consent for a particular processing activity. This may include situations such as receiving marketing communications, participating in surveys, or using optional services that require your authorization.

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of any processing carried out before such withdrawal.

Performance of a Contract

We may process personal data where such processing is necessary to enter into, perform, or manage a contractual relationship with you. This includes activities required to provide requested products or services, manage customer accounts, process transactions, respond to service requests, or fulfill obligations arising from an existing agreement. Where personal data is required to perform a contract, failure to provide such information may affect our ability to provide the requested service.

Compliance with Legal Obligations

We may process personal data where necessary to comply with applicable legal, regulatory, or statutory obligations. Such obligations may arise from laws, regulations, directives, court orders, or requirements issued by competent authorities. Examples include compliance with regulatory reporting requirements, anti-money laundering obligations, fraud prevention measures, record retention requirements, lawful requests from public authorities, and other obligations imposed by applicable laws.

Legitimate Interests

We may process personal data where such processing is necessary for our legitimate interests or those of a third party, provided that such interests do not override the fundamental rights, freedoms, and privacy interests of the data subject.

Legitimate interests may include:

  • Protecting the security of our systems, networks, and information assets;
  • Preventing fraud, unauthorized access, and other harmful activities;
  • Managing and improving our services and business operations;
  • Conducting internal administration, analytics, and performance monitoring;
  • Establishing, exercising, or defending legal claims; and
  • Protecting our commercial, operational, and business interests.

Before relying on this lawful basis, appropriate assessments are conducted to ensure that the processing is necessary, proportionate, and balanced against the rights and freedoms of affected individuals.

Vital Interests

We may process personal data where such processing is necessary to protect the life, health, safety, or other vital interests of the data subject or another natural person. This lawful basis is typically relied upon in emergency situations where obtaining consent is impracticable or impossible, and the processing is required to prevent serious harm or protect an individual's well-being.

Public Interest or Exercise of Official Authority

We may process personal data where such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us by applicable law. This may include activities undertaken to support regulatory obligations, statutory responsibilities, public sector initiatives, law enforcement cooperation, or other functions authorized by law.

Where this lawful basis is relied upon, we ensure that the processing activity is supported by an appropriate legal mandate and carried out in accordance with applicable legal and regulatory requirements.


Data Retention — How Long We Keep Personal Data

We retain personal data only for as long as necessary to achieve the purposes for which it was collected and processed, including the provision of our services, compliance with legal and regulatory obligations, resolution of disputes, enforcement of contractual rights, and protection of our legitimate business interests.

The retention period applicable to personal data varies depending on several factors, including the nature of the personal data, the purpose of processing, the sensitivity of the information, and any applicable legal, regulatory, contractual, or operational requirements. Certain categories of records may be retained for prescribed periods to comply with statutory obligations, regulatory directives, audit requirements, financial reporting obligations, or lawful requests from competent authorities.

Where personal data is no longer required for the purpose for which it was collected, and there is no lawful basis or legal obligation requiring its continued retention, we will take appropriate measures to securely delete, destroy, anonymize, or otherwise dispose of the data in a manner that prevents unauthorized access, disclosure, or reconstruction.

We periodically review the personal data under our custody or control to ensure that it remains accurate, relevant, and is not retained longer than necessary. Retention periods are determined in accordance with our records management and data retention policies, taking into consideration applicable legal, regulatory, operational, and business requirements.

Where technically and operationally feasible, personal data that is no longer required for identification purposes may be anonymized and retained for statistical, research, analytical, or reporting purposes in accordance with applicable laws and regulatory requirements.

All data retention and disposal activities are conducted in accordance with the principles of storage limitation, accountability, and security under the Nigeria Data Protection Act (NDPA) 2023 and other applicable data protection and privacy laws.


Your Rights as a Data Subject

  • By law, you can ask us what information we hold about you and ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
  • If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
  • If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
  • You have the right to ask us to stop using your information if you believe we are not doing so lawfully.
  • Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.
  • To submit a request regarding your personal data by email or telephone, please use the contact information provided above in the 'Who Are We' section of this policy.

Your Right to Complain

If you have a complaint about our use of your information, we will prefer you to contact us directly in the first instance so that we can address your complaint.


Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolve. If we want to use your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, ask for your consent.