Introduction

G-Tateth (we, our, us) is both a Business Process Outsourcing (BPO) service, specifically customer service outsourcing for financial institutions and a Software-as-a-Service (SaaS) solution, the G-Tateth CRM / contact centre software platform.

We have created this Privacy Policy (the "Policy") to demonstrate our respect for your privacy and to disclose our information collection and sharing practices, which are in line with applicable data protection laws of the locations where we operate (the "Applicable Data Protection Laws"). Regardless of whether you provide us with your Personal Data via our websites, web application or in another manner (e.g. telephone, regular mail or face-to-face interactions including through our extension agents), we strive to honour your privacy preferences and process your Personal Data in compliance with the respective laws governing your location.

Purpose of this Policy

This Policy is based on the privacy and data protection principles and requirements applicable to jurisdictions where we operate. It is applied in view of our overarching desire to comply with the provisions of the Applicable Data Protection Laws, to preserve the confidentiality of your Personal Data and to provide you with our services as effectively as possible within the bounds of the law.

This Policy applies to all Personal Data processed by us and is part of our approach towards full compliance. This Policy is applicable to all our services accessed by you, as well as in our interactions with you, including our processing of your Personal Data. All our staff are required to comply with this Policy.

This Policy outlines how we collect, use, and protect your Personal Data in our interactions with you and in accordance with Applicable Data Protection Laws.

Purpose of Processing and Lawful Basis

Where processing is based on consent, we shall obtain the requisite consent directly from you at the time of collection of your Personal Data. Where we access your Personal Data through a third-party who relies on your consent, we will ensure that the consent is freely given by you and obtained without fraud, coercion or undue influence.

By clicking on the 'Send Message' button on the 'Contact Us' section of our website or platform, you consent to the collection, retention, and use of your information as set forth in this Policy. If you do not agree to this Policy, you may exit and discontinue use of the website/platform.

You can withdraw your consent at any time, but such withdrawal shall not affect the lawfulness of processing based on consent given prior to the withdrawal.

Data Protection Principles

We comply with the data protection principles set out below. When processing Personal Data, we ensure that:

• it is processed lawfully, fairly and in a transparent manner.
• it is collected for specified, explicit and legitimate purposes.
• it is at all times adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
• it is all times accurate and, where necessary, kept up to date and that reasonable steps are taken to ensure that Personal Data that is accurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
• it is kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed; and
• it is processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The Personal Data We Collect

We collect and process certain information about you through the services you use, such as our web application, when you onboard as a user, subscribe to our newsletter as a community member, contact us via web or through social media sites. The specific categories of Personal Data we may collect include, but are not limited to:

We will always strive to minimize the collection of Personal Data to what is necessary for the intended purpose. Where applicable and required by law, we will obtain your consent before collecting certain categories of Personal Data. Our Personal Data collection is always conducted in accordance with Applicable Data Protection Laws and best practices.

It is important to note that certain Personal Data may be necessary to provide you with our services, and refusal to provide such data may impact our ability to serve you effectively. We are committed to ensuring the security and confidentiality of your Personal Data, and our data processing activities are conducted in accordance with this Policy and Applicable Data Protection Laws.

Recipients of Personal Data

We only share your Personal Data with third parties when it is necessary to provide you with our services or to comply with legal or regulatory requirements. Your Personal Data may be shared with the following categories of recipients:

• Our affiliates and international offices
• Third-party partners

Rights of Data Subjects

We have processes in place to ensure that we can facilitate any request made by a Data Subject to exercise their rights under Applicable Data Protection Laws. All staff have received training and are aware of the rights of Data Subjects. Our Data Protection Officer (DPO) working with other trained staff will ensure that all requests will be considered without undue delay and within one month of receipt as far as possible. The contact details of our DPO are indicated in Clause 14 below.

As a Data Subject, you have the following rights:

• Your right of access - You have the right to request for copies of your Personal Data.
• Your right to rectification - You have the right to ask us to rectify your Personal Data, which is inaccurate, incomplete or misleading.
• Your right to erasure - You have the right to ask us to erase your Personal Data held with us, and we will oblige your request without any undue delay, except where we have a legal obligation to continue storing your Personal Data or where any other overriding factor applies.
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your Personal Data.
• Your right to object to processing - You have the right to object to our processing of your Personal Data on grounds relating to your particular situation and we will oblige your request without any undue delay, except where we have a legal obligation to continue processing your Personal Data or where any other overriding factor applies. Such legal obligation may include instances of any judicial proceedings, or regulatory authority which may require us to continue the processing of your Personal Data.
• Right to request the transfer of your Personal Data to yourself or a third-party - We will provide to you, or (where technically feasible) a third-party data controller you have chosen, your Personal Data in a structured, commonly used, and machine-readable format.
• Right to be informed of the existence of automated decision-making, including profiling, its significance and potential impact on the Data Subject and the right to object to or challenge such processing.
• Right to withdraw your consent - You may withdraw your consent by contacting us using the details set out in Clause 14 below. If you withdraw your consent, we may not be able to continue providing and/or performing the associated activity except where another lawful basis applies.
• Right to lodge a complaint with the Nigeria Data Protection Commission, where you are of the opinion that your Personal Data rights have been violated.

Please note that the specific timeframe for responding to requests may vary depending on the complexity of the request. Within one month of our receipt of your request, we will either respond or notify you if we require additional time to process your request.

Data Retention Period

We will retain your Personal Data in accordance with Applicable Data Protection Laws, for no longer than is necessary to achieve the purpose for which it was collected. We will also retain some Personal Data after your relationship with us has ended for archiving and record purposes. The retention period will be determined by various criteria, including:

• the purpose for which we keep your Personal Data, e.g. to defend or take legal action;
• if we have a legal obligation to retain Personal Data for a defined period, e.g., some laws and regulations may mandate that some Personal Data must be retained for a specific period; and
• if we must withhold destruction because of ongoing litigation, a court order or an investigation by law enforcement agencies or a regulator.

When your Personal Data is no longer necessary for the above purposes, we will securely destroy such information or de-identify it.

Cross-border Transfers

We operate systems that may make your Personal Data accessible to our affiliates around the world and may often transfer your Personal Data to these affiliates. Where we share or transfer your Personal Data, we will do this in accordance with Applicable Data Protection Laws and will take appropriate safeguards to ensure its protection. These include ensuring that:

• All recipients of Personal Data transferred to other countries are subject to a law, binding corporate rules, contractual clauses, code of conduct, or certification mechanism that affords an adequate level of protection with respect to the transferred Personal Data; or

In the absence of the above, we only transfer Personal Data to other jurisdictions if:

• you have granted and not withdrawn consent to such transfer after having been informed of the possible risks of such transfers due to the absence of adequate protections;
• transfer is necessary for the performance of a contract to which you are a party or in order to take steps at your request, prior to entering into a contract;
• transfer is for your sole benefit and (i) it is not reasonably practicable to obtain your consent to that transfer, and (ii) if it were reasonably practicable to obtain such consent, you would likely give it;
• transfer is necessary for important reasons of public interest;
• transfer is necessary for the establishment, exercise, or defense of legal claims; or
• transfer is necessary to protect your vital interests or of other persons, where you are physically or legally incapable of giving consent.

How we Secure your Personal Data

We take ultimate responsibility for safeguarding your Personal Data as processed by us and maintaining its confidentiality and integrity. We implement robust security measures and follow industry best practices to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• Encryption: We use encryption techniques to protect Personal Data being processed by us, including in the course of transmitting same to third parties. This ensures that your Personal Data remains confidential during transit.
• Access Control: We restrict access to your Personal Data to authorized personnel only, and access is granted on a need-to-know basis. Our employees and third-party service providers are subject to strict confidentiality obligations.
• Regular Security Audits: We conduct regular security audits and assessments of our systems and infrastructure to identify and address potential vulnerabilities.
• Data Backup: We regularly back up your data to prevent data loss and ensure business continuity in the event of unforeseen circumstances.
• Incident Response Plan: We have established an incident response plan to promptly address any data breaches or security incidents and to notify the appropriate authorities and affected individuals, as required by law.
• User Authentication: We implement strong user authentication methods to ensure that only authorized users have access to your account and Personal Data.
• Data Minimization: We only collect and retain the minimum amount of Personal Data necessary for the intended purpose, reducing the risk of unauthorized access and misuse.
• Network Security: We implement firewall protection, intrusion detection systems, and secure network configurations to safeguard against external threats and unauthorized access.
• Employee Training and Awareness: We conduct regular security awareness training for our employees to ensure compliance with data protection policies and best practices.

While we take every reasonable precaution to protect your Personal Data, it is important to acknowledge that no system can be entirely immune to security risks. We encourage you to take steps to safeguard your Personal Data, such as using strong and unique passwords, keeping your login credentials confidential, and promptly reporting any suspicious activity.

In the event of a Personal Data Breach that could result in a high risk to your rights and freedoms, we will notify you. Our commitment is to continuously enhance our security practices to ensure the safety of your Personal Data.

Third-Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Personal Data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Contact Us

Right to Lodge a Complaint

Changes to this Policy

We reserve the right to update or modify this Policy to reflect changes in our data processing practices or legal requirements. We will notify you of any material changes by posting the updated Policy on our website or by other means of communication, where appropriate. We encourage you to review this Policy periodically to stay informed about how we are processing your Personal Data.