Data Privacy Notice for Heroes & Heroines Multi-purpose Cooperative Society Limited (henceforth “the cooperative”)
The cooperative takes your privacy seriously and is fully committed to keeping your data private. The processing and sharing of personal information come with significant rights on your part and significant responsibilities on us as an institution.
This Data Privacy Notice is provided to achieve our responsibilities under the General Data Protection Regulation (GDPR) which requires greater accountability and transparency from organizations regarding your personal information, and which gives you greater control over how we use it. Data Privacy Notice therefore, clarifies how and when we collect personal data from and about you, why we do so, and how we treat this information and serves as a guide as to how personal data is managed by the cooperative. It also elucidates your rights concerning the collection of personal information and how you can exercise those rights.
The term Personal Data as used in the Privacy Notice means any information about you such as your name, contact details, bank account details, etc. Personal Data does not include data from which you can no longer be identified such as an anonymized aggregate data.
Personal Data We Collect
We collect personal data when you open an account, request further information about our products, fill out a form, apply for a job through our website, or if you contact us by letter, telephone, email, or any other means of electronic or personal communication. Personal data includes: your contact details such as your address, email address, telephone number, status/job title, means of identification (issue date and expiry date), nearest bus stop/landmark, BVN. etc.
We may also automatically collect some technical information when you visit our website, such as IP address and information about your visit such as pages that you viewed. This information assists us to understand customer interests and aids us to improve our website.
Usage of personal data
We process personal data to communicate with you or provide further information about our products, how we can serve you better, respond to your purchase or sell orders, process your application for employment with the cooperative, or fulfill our contractual obligations with you. We may also process your data to comply with provisions of applicable laws. We will therefore process your data only:
- If you have consented for us to do so
- If we need it to perform the contract we have entered into with you
- If we need it to follow legal obligations or
- If we (or a third party) have a legitimate interest that is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests include the provision of legal services by us, administrative or operational processes within the cooperative and direct marketing.
Although we will only use personal data for the purpose for which we collected it, if there is a need to use your data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. We may anonymize your personal data so that it can no longer be associated with you in which case it is no longer personal data.
Sharing of Personal Information
We respect your privacy and limit the disclosure of your personal data to third parties. We do not sell, give or trade any personal data that we obtain from you to any third party for data mining or marketing purposes. However, we may share your data with service providers engaged by us to provide services to the cooperative subject to appropriate data security and protection.
We may also share your information where there is a regulatory or statutory obligation to disclose such personal data in accordance with provisions of applicable laws.
Data protection principles
All processing of personal data must be conducted in accordance with the data protection principles set out in relevant legislation. Our policies and procedures are designed to ensure compliance with the following principles: –
Personal data must be processed lawfully, fairly and transparently:
Lawful – the legal basis for processing personal data is normally based on relevant legislation. We are permitted by law to process information for administrative schemes, statutory schemes and core functions. Where there is no statutory basis, then we will request your consent at the time that the information is collected.
Fairly – For processing to be fair, we have to make certain information available to you. This applies whether the personal data was obtained directly from you or other sources.
Transparently – We will provide a Data Privacy Statement upfront whenever you are sharing personal information with the cooperative. We will ensure that the information provided is detailed and specific, and that the information is written in plain English which will be understandable and accessible.
Our Responsibilities under GDPR
- Personal data can only be collected for specific, explicit and legitimate purposes – We will collect and process personal data only for the purposes for which it is collected and will be clearly stated.
- Personal data must be adequate, relevant and limited to what is necessary for processing – We will ensure that in designing new and current methods of data collection, whether online, forms or offline, that only the personal data required to establish your identity and provide the service will be processed.
- Personal data must be accurate and kept up to date with every effort to erase or rectify without delay – We will ensure that your data is accurate and complete. We need accurate and up-to-date data to ensure that the correct services are provided to the correct recipients. Where we have shared your data with a third party, we will update them as to any changes to your data, unless this is impossible or requires disproportionate effort.
- Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing – We will implement appropriate policies and procedures to ensure that personal data is retained only for the minimum period required to provide the services in question. Once this period has passed, we may destroy the personal data, anonymize it or use any other appropriate method.
- Personal data must be processed in a manner that ensures appropriate security- We will implement appropriate technical and organization measures to ensure that appropriate security of the processing of personal data is implemented. This includes encryption, restricted access to files and physically securing the data.
- Accountability for demonstrating compliance – We will ensure that we maintain adequate records of its processing and evidence that we have complied with this policy and related policies and procedures.
- Data Sharing – We may need to share your data with a third party on occasion to provide services.
Security and Retention of Your Personal Data
Personal data will be kept private and every effort will be made to secure it by restricting access to your Personal Data on a need-to-know basis. Staff and third parties that carry out any work on our behalf will comply with appropriate security standards to protect your Personal Data.
Personal data will be retained for as long as necessary to fulfill the purpose for which it was collected and processed including the purpose of satisfying any legal, regulatory, accounting or reporting requirements. For the appropriate retention period, consideration will be given to the amount, nature and sensitivity of the Data, potential risk of harm from unauthorized use or disclosure and applicable legal requirements.
Upon expiry of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.
You can exercise the following rights concerning your Personal Data with the cooperative:
- Right to be informed – Organizations must tell individuals, what data of theirs is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
- Right of access by the data subject – You have the right to request access to your data. This can be done by contacting the cooperative at the contact details below and completing a Subject Access Request form.
- Right to withdraw consent – Where we have collected your data based on consent, you have the right to withdraw your consent at any time. This could affect our ability to provide you with services.
- Right to rectification – You have the right to have your data rectified where inaccuracies or incompleteness have been identified.
- Right to erasure (Right to be forgotten) – Where we process personal data it is normally because there is a statutory basis for the processing. Where we receive a request from you looking to exercise your right of erasure, then we will assess whether the data can be erased without affecting our ability to provide future services to you or fulfill statutory obligations.
- Right to restriction of processing – You can ask us to restrict the processing of your personal information in certain circumstances. We will implement and maintain appropriate procedures to assess whether a request to restrict the processing of your data can be implemented. Where the request for restriction of processing is carried out, then we will write to you to confirm the restriction has been implemented and when the restriction is lifted.
- Right to data portability – The cooperative processes personal data it collects because there is normally a statutory basis for the processing. Where personal data on data subjects have been collected by consent or by contract, the data subjects have a right to receive the data in electronic format to give to another data controller.
- Right to object – You have a right to object to the processing of your data in specific circumstances. Where such an objection is received, we will assess each case on its merits.
- Right not to be subject to automated decision making – You have the right not to be subject to a decision based solely on automated processing, where such decisions would have a legal or significant effect concerning you.
- Right to complain – The cooperative will implement and maintain a complaints process whereby you will be able to contact the Data Protection Officer. The Data Protection Officer will work with you to bring the complaint to a satisfactory conclusion for both parties.
18 or Under
- We are concerned about protecting the privacy of children aged 18 or under. If you are aged 18 or under‚ you must get a parent/guardian’s permission before you provide any personal information to the cooperative.
Personal data breaches
A ‘personal data breach’ is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. (e.g. – the most common breach incidents that can occur are correspondence issuing to an unauthorized third party). Any loss of personal data in paper or digital format is considered to be a personal data breach.
Changes To Privacy Notice
Due to constant changes in technology and regulatory requirements, we may need to change our privacy notice or update it from time to time. The most recent version can always be accessed on the web site.
For further information or clarification on this notice, feel free to contact the cooperative using:
12. Our Contact:
3 Atabara Street