This Data Policy was last updated on the 5th of February 2024.
While we have not made any material changes to the way we collect and process data about our users, we have updated this policy to make it shorter, easier to read, and to comply with the Nigerian Data Protection Law 2023 and the EU General Data Protection Regulation.
Unless we link to a different policy or state otherwise, this Data Protection Policy applies when you visit or use the Company’s website, mobile applications, APIs, or related services (the “Services”).
By using the Services, you agree to the terms of this Data Protection Policy. You shouldn’t use the Services if you don’t agree with this Policy or any other agreement that governs your use of the Services.
Legum Limited (‘Legum’, ‘Company’) collects and processes certain personal information about individuals with whom it has a relationship including but not limited to current, past and prospective employees, customers, users of our infrastructure, subscribers and other stakeholders in its daily business operations.
This framework seeks to introduce the Data Protection Policy Principles covering data subjects of Legum Limited.The Policy seeks to achieve the following:
The scope of this policy covers all rights of data subjects regarding the collection, use, and retention of Personal Data.
This policy makes reference to the Privacy Policy, Consumer Protection and Recourse Mechanism Policy, and Dispute Resolution Policy which when combined together provide for a coordinated recourse mechanism recovery and reduce chaos.
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Data” means characters, symbols, and binary on which operations are performed by a computer, which may be stored or transmitted in the form of electronic signals, stored in any format or on any device.
“Database” means a collection of data organized in a manner that allows access, retrieval, deletion, and procession of that data; it includes but is not limited to structured, unstructured, cached, and file system-type databases.
“Data Administrator” means a person or organization that processes data.
“Data Controller” means a person who either alone, jointly with other persons, or in common with other persons, or as a statutory body, determines the purposes for and the manner in which personal data is processed or is to be processed.
“Data Portability” means the ability for data to be transferred easily from one IT system or computer to another through a safe and secure means, in a standard format.
“Data Subject” means an identifiable person; one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.
“Personal Data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, and others.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
“Record” means public records and reports in credible news media.
“Sensitive Personal Data” means data relating to religious or other beliefs, sexual tendencies, health, race, ethnicity, political views, trade union membership, criminal records, or any other sensitive personal information.
“Third Party” means any natural or legal person, public authority, establishment, or any other body other than the Data Subject, the Data Controller, the Data Administrator, and the persons who are engaged by the Data Controller or the Data Administrator to process personal data.
“User” means any person or entity who uses our products or services.
The Law, which came into force on the 12th of June, 2023, regulates the gathering, storing, and processing of personal data (regardless of whether the data is stored electronically, on paper, or on other materials) and protects the rights and privacy of all living individuals (including children). The law applies to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.
Legum Limited will be the data controller under the terms of the Data Protection Law. This means that the Company is responsible for controlling the use and processing of personal data. Legum Limited shall appoint a Data Protection Officer (DPO) for the purpose of ensuring adherence to this Law, relevant data privacy statements, and data protection directives of the Company.
Legum Limited commits to processing Personal Data in accordance with the Data protection policy Principles as follows: