Data Privacy Policy

During the course of your interaction with us, we might obtain your information through the mediums defined below. In addition to the purposes set out below, we may use all or a combination of this information to defend our legal rights and comply with the law and regulatory requirements.

Scenarios via which Personal Data may be collected

Categories of personal information collected

Legal Obligation

Business/Commercial Purpose for Processing

As a recruitment candidate undergoing a recruitment process with any of our Business Units.

• Bio Data (such as name, postal address, telephone, nationality, place of birth, identification documents, and qualification documents).

• Medical test results if successful in our recruitment process and invited for pre-employment medical examination.

 

We will rely on obtaining your explicit consent as a basis to lawfully process your Personal Data, in accordance with the provisions of the NDPR.

Amongst other purposes, for:

• The evaluation of the qualifications and professional experience of candidates.

• An efficient management of the recruitment process.

• Maintaining communication with candidates.

• Assessing the health status of candidates prior to resumption.

As a website visitor, visiting the corporate website of any of our 4 Business Units.

• Biodata (such as name, telephone, and personal email address)

• Cookies (necessary, statistical, marketing)

• JWT Web Tokens

We will rely on obtaining your explicit consent as a basis for lawfully processing your Personal Data, in accordance with the provisions of the NDPR.

Amongst other purposes, to:

• Obtain your feedback and resolve any complaints.

• Understand your preferences via analysing information from cookies.

As a vendor, providing us with a service or goods.

Name, telephone, and business/personal email address of contact persons and/or individuals with a position of significance (Director, Executive Management).

We will rely on the contractual agreement signed with you at the commencement of our business relationship as our legal basis for lawfully processing your personal data, in accordance with the provisions of the NDPR.

Amongst other purposes, for:

• Maintaining communication.

• Effective management of our business relationship with you.

As our distributor, being part of our supply chain in distributing our products to wholesalers and retailers alike.

Name, telephone, and business/personal email address of contact persons and/or individuals with a position of significance (Director, Executive Management).

We will rely on the contractual agreement signed with you at the commencement of our business relationship as our legal basis for lawfully processing your personal data, in accordance with the provisions of the NDPR.

Amongst other purposes, for:

• Maintaining communication.

• Effective management of our business relationship with you.

 

As our customer, using any of our goods or products.

Name, telephone, and business/personal email address of contact persons and/or individuals with a position of significance (Director, Executive Management).

We will rely on the contractual agreement signed with you at the commencement of our business relationship as our legal basis for lawfully processing your personal data, in accordance with the provisions of the NDPR.

Amongst other purposes, for:

• Maintaining communication.

• Effective management of our business relationship with you.

As a visitor to any of our office premises

Biodata (such as name, telephone, and personal email address)

 

We will rely on obtaining your explicit consent as a basis for lawfully processing your Personal Data, in accordance with the provisions of the NDPR.

Amongst other purposes, for security reasons and record keeping.

 

  1. YOUR RIGHTS AS DATA SUBJECTS

You have rights when it comes to our handling of your Personal Data. Those rights include:

  1. The right to request for a copy of your Personal Data we hold.
  2. The right to request that the Company erase your Personal Data if it is no longer valid or necessary for the purposes for which it was collected, or if it is incomplete or inaccurate.
  • The right to rectify or amend inaccurate or incomplete Personal Data.
  1. The right to object to Jotna Group’s processing of your Personal Data if there are compelling legitimate grounds to do so and to the extent permitted by law or regulation.
  2. The right to receive your Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract.
  3. The right to lodge a complaint with the Supervisory Authority (NPDB) where you believe our processing of your data violates the requirements of the Nigeria Data Protection Regulation 2019 (NDPR).
  • The right to request a transfer of your Personal Data to a Third-Party provider of services or Data Controller (data portability).
  • If you have any request to make concerning your Personal Data with us, please contact our Data Protection Officer at dpo@jotna.com.

For requests you make, we would normally require you to provide us with the information necessary to confirm your identity before responding. We shall acknowledge your request within 72 hours and respond within one month unless otherwise required by law.

While we aim to attend to all requests you may make, certain personal information may be exempt from those requests in some circumstances, which may include a need to keep storing or processing information to comply with a legal obligation. If such an exception applies, we will notify you when responding to your request.

  1. TRANSFER OF PERSONAL DATA

Personal data collected by Jotna Group may be transferred within its various divisions or affiliated Business Units, with personnel who have business need to know, as well as transferred to third-party providers, with your consent. The following describes the various scenarios for which we may share your Personal Data with a third party:

Transfer for Service Provision: We employ other companies and individuals to perform functions on our behalf as service providers (these companies may include, logistics companies, security agencies, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on Our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure.

Transfer as a Legal Requirement: We may share your information with other parties when required by law or as necessary to protect our service. 

Cross-border Data Transfer: Jotna Group will not transfer your Personal Data to foreign countries directly. However, we may use business applications and software that have servers located in foreign countries. We will ensure that appropriate safeguards are in place to ensure the protection of your Personal Data being stored out of the country.

Transfer to Related Entities: Your Personal Data may be transferred to any of our Business Units. However, your Data will only be transferred to a Business Unit if the transfer is needed to complete or facilitate the processing to which you have consented or which your contract requires.

  1. HOW WE ENSURE PROTECTION OF YOUR PERSONAL DATA

We use appropriate measures (including physical access controls and secure software and operating environments) to keep your Personal Data confidential and secure.

Please note, however, that these protections do not apply to information you choose to share in public areas, such as third-party social networks.

  1. DATA RETENTION

We ensure that your Personal Data is not retained for longer than is necessary. This is subject to any requirement to retain information, to comply with any applicable law, regulation, professional requirements, or standards.

  1. IN THE EVENT OF A BREACH

Personal Data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data. This includes breaches that are the result of both accidental and deliberate causes.

Because we value the privacy and security of your Personal Data, Jotna Group will take the necessary security measures to protect your data. However, in the event of a privacy breach, Jotna Group will take the necessary steps to contain the incident and shall report such breach to the NDPB and the affected individuals of Personal Data breach within 72 hours of being aware of the breach.

  1. RIGHT TO AMEND THIS PRIVACY NOTICE

Jotna Group may, at any time, change its practices and this Privacy Notice. The amended version will be communicated via the various business communication channels. 

  1. CONTACT INFORMATION

If you have any questions or complaints about our Privacy Policy, please contact us at dpo@jotna.com.

 

By clicking here, I state that I have read and understood this privacy policy.