Document Control Table
|This document lays down the Company’s Privacy Practices.
|Data Protection Officer
|KOA Oil and Gas Limited
|Final V. 1.0
|July 25, 2022
|Date of Review
|July 24, 2024
|Data Subjects’ Access Request (DSAR) Policy, Data Protection Policy, and Information Security Policy.
TABLE OF CONTENTS
|WHAT INFORMATION WE COLLECT ABOUT YOU
|HOW WE PROTECT YOUR PERSONAL INFORMATION
|HOW WE USE YOUR PERSONAL INFORMATION
|HOW YOUR PERSONAL DATA IS OBTAINED
|SHARING YOUR PERSONAL DATA
|RETAINING YOUR PERSONAL DATA
|YOUR RIGHTS AS A DATA SUBJECT
|WHAT CONSTITUTES CONSENT OF A DATA SUBJECT
|CAN I FIND OUT THE PERSONAL DATA THAT KOA HOLDS ABOUT ME?
|WHAT FORMS OF ID WILL I NEED TO PROVIDE FOR A DSAR?
|COMPLIANCE WITH THE REGULATORS
KOA Oil and Gas Limited is an Engineering, Consultancy, and Project Management Company incorporated under the Laws of the Federal Republic of Nigeria.
References in this Policy to “we”, “us” or “KOA” are references to KOA Oil and Gas Limited.
Reference in this Policy to “personal data” means any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information.
- What Information we collect about you
The personal data that we collect and process may include:
- basic information such as name, date of birth, employer, title, and relationship affiliations with a person or organization;
- contact information such as a physical address, email address, fax, and phone number(s);
- background information such as provided by you or collected by us as part of our recruitment or contract employee onboarding processes;
- confidential information provided to us by or on behalf of our clients or generated by us in the course of providing our products/services;
- details relating to your visits to our offices or work sites; and/or
- any other information relating to you which you may provide to us.
- How we protect your personal information
3.1 We are committed to protecting your personal information and implementing appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage.
3.2 Our IT security practices are contained in our Information Security Policy.
- How we use your personal data
Whether we obtain your personal data directly from you or from a third party, we will only use your personal data in connection with our professional activities (including the fulfillment of our contractual or legal/regulatory obligations). These “Authorized Uses” include:
- providing our professional services to our clients;
- managing our business relationship with our service providers and/or vendors, whether in connection with the delivery or procurement of goods and services or as your employer or former employer, including processing payments, accounting, billing, human resource management, and related services;
- acting in compliance with our legal obligations or pursuant to a valid court order;
- further to the vital interest of the data subject;
- processing your requests/information further to your consent during your visit to our offices and online platforms;
- for any purpose relating to the foregoing or for any purpose for which you provided the personal data to us.
- How your personal data is obtained
We often obtain and process your personal data:
- In the course of our recruitment or employee onboarding processes.
- Further to employment, service, or any other contractual obligation, we have with you.
- When you are our vendor/service provider or when you apply to become one.
- When you email us or contact us via our website, or social media platforms or subscribe to any of our products and services/newsletters.
- When you physically visit any of our premises.
- Sharing your personal data
Your personal data may be shared with our related entities and affiliates. Our related entities and affiliates ensure a corresponding level of data protection. Where we share your personal data with third parties, we will do this in accordance with the NDPR, observing appropriate safeguards.
We would like to send you information about our products, services and special offers which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS), or call. We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes. If you have previously agreed to be contacted in this way, you can unsubscribe at any time by contacting us at email@example.com or by using the unsubscribe link in the emails.
- Retaining your personal data
We will delete your personal data at your say so, or when it is no longer reasonably required for the Authorized Uses (subject to our retention policy) or when you withdraw your consent (whichever is applicable), provided that we are not legally required or otherwise authorized to continue to hold such data. We may retain your personal data for an additional period to the extent that deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims or in pursuance of any regulatory, accounting or reporting requirement.
- Your Rights As a Data Subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – You have the right to request a copy of the information that we hold about you.
- Right of rectification – You have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – In certain circumstances, you can ask for the data we hold about you to be erased from our records.
- Right of portability – You have the right to have the data we hold about you transferred to another organization.
- Right to object – You have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – You also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – In the event that KOA refused your request under rights of access, we will provide you with a reason for the refusal. You also have a right to make a complaint to the NITDA.
- What Constitutes Consent of a data subject?
- Visitors: When you visit our website or online platforms and volunteer your personal information; when you physically visit any of our premises or when you voluntarily attend any of our recorded webinars.
- Client: When you engage our services and/or sign a service level agreement with us in that regard, subsequent to the disclosure of personal information.
- Vendor/Supplier: When you approach/engage us for the supply or provision of goods/services.
- Job Applicant: When you send your application/CV in the response to our advertised job offers or a cold email.
- Can I Find Out The Personal Data That KOA Holds about Me?
KOA at your request can confirm what information we hold about you and how it is processed. If KOA does hold personal data about you, you can request the following information:
- Contact details of the Data Protection Officer, where applicable;
- The purpose of the processing as well as the legal basis for processing;
- If the processing is based on the legitimate interest of KOA or a third party, information about those interests;
- The categories of personal data collected, stored, and processed;
- Recipient(s) or categories of recipients to whom the data is/will be disclosed to;
- If we intend to transfer personal data to a third party or international organization, information about how we ensure this is done securely. We will ensure the recipient is in a country on NITDA’s Adequacy list. Where the recipient is in a country outside NITDA’s adequacy list, we shall ensure the execution of the requisite Data Transfer Agreement (DTA) imposing obligations no less than the NDPR on the recipient of the personal data.
- How long the data will be stored;
- Details of your rights to correct, erase, restrict or object to such processing;
- Information about your right to withdraw consent at any time;
- How to lodge a complaint with the supervisory authority (NITDA);
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data;
- The source of personal data if it was not collected directly from you;
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
- What Forms Of ID Will do I Need To Provide for a DSAR?
KOA accepts the following forms of ID (but is not limited to) when information on your personal data is requested:
- Driver’s license;
- National Identity Card;
- Permanent Voters Card.
- Dispute Resolution
- Compliance With The Regulators
- Contact Us
Contact details of the Data Protection Officer: