CYBERPEDIA INTERNET GOVERNANCE INC. DATA PRIVACY POLICY

PREAMBLE:

Data Privacy Notice

The Privacy Policy (the “Policy”) is designed to enable Cyberpedia Internet Governance Inc. (the “Cyberpedia” or the “Company” or “Our” or “We”) to define its structure and approach to collecting, handling and processing of data for both internal and external clients. This Policy will help Cyberpedia to explicitly describe the use of the data collected, how it will be handled, its processing and ensure transparency with all the processes aforementioned. This Policy also aims to explain when and why Cyberpedia collects personal information about its shareholders, clients, investors, employees and other stakeholders (collectively referred to as “Data Subject” or “You”), how the personal information is used, kept secured and the rights of the aforementioned Data Subject in relation to it.

For the purposes of the Nigeria Data Protection Act 2023, Cyberpedia will be the “controller” of all personal data we hold about you.

Your Trust is Our Priority

When you use our services, you entrust us with your information. We understand this is a significant responsibility and strive to safeguard your information while empowering you with control. This Privacy Policy explains what data we collect, why we collect it, and how you can manage, access, and delete your information.

WHERE-OF;

• This Policy is established in compliance with: Section 37 of the Constitution of the Federal Republic of Nigeria (CFRN) 1999 (as amended), The Nigeria Data Protection Act (NDPA), 2023 and all other applicable data privacy legislation.
• It outlines our approach to data privacy principles when processing the personal data of:
• Client
• Staff
• Vendors
• Visitors
• Any third party interacting with Cyberpedia .
• For individuals, this Policy emphasizes their rights under the NDPA. It applies to all data subjects whose personal data we collect and process.
• Data Protection Officer and Employee Responsibilities; 

Cyberpedia's designated Data Protection Officer (DPO) is accountable for ensuring this Policy's accuracy and timeliness. The DPO also oversees proper notification of data subjects before data collection and processing, including data collected through our website. All employees who handle personal data must adhere to the provisions outlined in this Policy.

• What we do

At Cyberpedia we’re here to help you understand your options. Whether you’re an individual or business, we can help you improve how you look online and protect your personal information. Beneath is a breakdown of some of the things we do for you and why your data is needed;

• We easily scan and remove malicious search results, social media posts, or exposed private information online;
• We critically consider your portfolio and curriculum vitae, identifying negative items showing up which can damage your career whereas having a positive presence leads to career opportunities. This as well require us to access your information contained in the portfolio and curriculum vitae.
• We offer back-end fulfillment of online reputation management services, so you can deliver more value to your customers. Rank higher and win more customers with the industry’s leading reputation management software for individuals and businesses. Thus this may require us to look at personal information of your company and its clients.
• We provide risk management advice and counsel.
• Scope Of this Policy

This Policy shall cover the parent company, subsidiaries, third parties, clients, visitors and stakeholders of Cyberpedia.

ARTICLE 1: OUR COMMITMENT TO DATA PROCESSING PRINCIPLES

We are committed to processing your personal data in accordance with the principles outlined in Section 24 of the Nigeria Data Protection Act (NDPA). These principles ensure that your data is handled:

• Fairly, lawfully, and transparently: We will always obtain your consent or rely on another lawful basis for processing your data. We will also be transparent about how your data is used.
• For specified, explicit, and legitimate purposes: We will only collect and process your data for the purposes we have clearly communicated to you, and we will not use it for any other reason without your consent.
• Adequately, relevantly, and limited to what is necessary: We will only collect the minimum amount of data necessary to fulfill the purpose for which it is collected.
• Accurately and kept up to date: We will take reasonable steps to ensure your data is accurate and, where necessary, kept up to date.
• In a manner that ensures appropriate security: We will implement robust security measures to protect your data against unauthorized access, disclosure, alteration, or destruction.

Beyond Compliance: Accountability and Data Protection Triad

Furthermore, we go beyond compliance with the NDPA. We are committed to demonstrating accountability in our data processing practices and upholding the data protection triad of confidentiality, integrity, and availability. This means we will be responsible for our actions and ensure your data remains confidential, accurate, and accessible when needed.

ARTICLE 2:- CONSENT OF DATA SUBJECT

We respect your right to control your personal data.  Subject to legal requirements, your consent is our primary justification for processing your data. You have the right to grant, withhold, or withdraw your consent at any time.

For a detailed explanation of consent in data processing, please refer to Sections 26, 34, 36, and 38 of the Nigeria Data Protection Act (NDPA) 2023.

ARTICLE 3:- OUR SCOPE OF DATA PROCESSING

The table below outlines the different categories of personal data we collect, the purposes for which we collect it, and the lawful basis for processing that data. Please kindly note that this is not an exhaustive list, and we comply with the NDPA while respecting your rights.

ARTICLE 4:- How Cyberpedia Internet Governance Inc. Collects Your Information

• Directly from You:
• Account Creation and Service Usage: When you register for an account, log in, or use our services through our website or mobile app, we collect information you provide. This includes forms you fill out, policy transfers, uploaded documents, and communications sent by email, phone, or post.
• Inquiries and Other Communications: We collect information when you make inquiries or send any other communication to Cyberpedia Internet Governance Inc. directly or indirectly.

• Website Browsing:

i. Cookies and Similar Technologies: As you browse our website, we automatically collect information about your browsing patterns and technical data about your device using cookies, server logs, and other similar technologies. You can manage your cookie preferences on any of our websites.

• From Third Parties and Public Sources:
• Technical Data: We may obtain technical data about your device from analytics providers, advertising networks, and search information providers.
• Contact, Financial, and Transaction Data: We may collect contact, financial, and transaction data from providers of technical services, payment processors, credit bureaus, and anti-fraud services.
• Financial Crime Prevention: We use third-party services to verify information related to financial crime, fraud, sanctions, and Politically Exposed Persons (PEPs).
  • Recordings and Images:
• Phone Calls: We may record or monitor your phone calls with us for regulatory compliance, training purposes, quality assurance, staff and customer safety, and to resolve queries or issues.
• CCTV: We use CCTV cameras on our premises for the safety and security of our staff and customers.

ARTICLE 5:- YOUR DATA SUBJECT RIGHTS

We take your data privacy rights seriously.  In addition to the right to grant, withhold, or withdraw consent, you have the following rights under the Nigeria Data Protection Act (NDPA) (Sections 34 and 35):

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal data we possess.
• Right to Object: You have the right to object to how we use your personal data, in certain situations. You can also request that we limit the way we use your information.
• Right to Data Portability: You can request a copy of your personal data in a format that allows you to easily transfer it to another service provider.
• Right to Erasure: You have the right to request that your data be deleted from our systems.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain situations.
• Right to Object to Automated Decision-Making: You have the right to object to automated decisions made about you and to request human intervention.
• Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your data at any time; To opt-out of interest-based advertising by advertisers on our services visit info@cyberpedia.app or you can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below in Article 22.

For detailed information on these rights and the complaint process, please refer to Part VI of the NDPA.

ARTICLE 6: DATA RETENTION AND SECURITY

6.1 Commitment to Data Protection

Cyberpedia is committed to protecting your personal data in accordance with the Nigeria Data Protection Act (NDPA) 2023. We implement appropriate technical and organizational measures to ensure the security, integrity, confidentiality, availability, and resilience of your data.

6.2 Data Retention Periods

The retention period for your personal data is determined by the purpose for which it is collected. We only collect and store data that is:

• Necessary: We limit data collection to what is reasonably required by law or best practice to serve you or respond to inquiries about our transactions with you.
• Legitimate: We only process data for purposes that are lawful and have a justified basis.

We take our responsibility to protect your privacy very seriously. This commitment aligns with your right to privacy as guaranteed by the 1999 Constitution of the Federal Republic of Nigeria and other relevant international instruments/treaties.

The following table outlines the typical retention periods for different categories of data. Please note that these are general guidelines, and the specific retention period for your data may vary depending on the circumstances.

Note further that when your personal data is no longer needed or beyond the stipulated retention period or where there is no law mandating us to further maintain the records, Cyberpedia will delete or destroy it from it’s systems and records, or take steps to securely archive it while protecting your identity and privacy rights as the case may be.

ARTICLE 7:- MANDATROY DATA COLLECTION 

Certain types of personal data are essential for us to fulfill our contractual obligations or legal requirements towards you.  Without this information, we may be unable to provide the services you expect.

For further clarification on our data processing practices, please contact our designated Data Protection Officer (DPO) as detailed in Article 12 below.

ARTICLE 8:- TRANSFER OF DATA TO A THIRD-PARTY

8.1 Third-Party Services Offered Through Our Platform

Cyberpedia Internet Governance Inc. may partner with third-party service providers who offer valuable services to you through our platform.  These providers will rely on their own lawful bases for processing your personal data in connection with these services.  The types of data typically processed may include your contact information.

8.2 Your Right to Control Your Data

For any services that rely on your consent, you have the right to decline participation and further restrict the processing of your personal data.  You can easily unsubscribe from any promotional communications related to these optional services.

ARTICLE 9:- TECHNICAL INFORMATION AND COOKIES

9.1 Website Data Collection and Cookies

Our website, like many others, collects certain information from visitors. This includes your IP address and other standard browsing data that your web browser shares with websites you visit. This information helps us understand user behavior and improve your website experience.

9.2 Cookies and Your Preferences

Cookies are small text files downloaded to your device (computer or phone) when you visit a website. They store a limited amount of data and serve the purpose of remembering your preferences.  This can be helpful, as cookies can pre-populate choices you've made previously, even across different browsing sessions.  However, it's important to note that not all websites use cookies responsibly.

9.3 Our Commitment to Privacy

We are committed to respecting your privacy rights under the NDPA.  All methods we employ to automatically interact with you on our website are designed to do so without compromising your privacy. This includes ensuring our cookies have robust security protocols in place to prevent any potential misuse.

ARTICLE 10:- PERSONAL DATA SECURITY AND INTEGRITY

10.1 Data Security and Regulatory Compliance

Cyberpedia Internet Governance Inc. is committed to safeguarding your personal data using the latest security technologies and robust protocols.  We employ a multi-layered approach to prevent cyberattacks, unauthorized access, data loss, or corruption. 

10.2 Meeting Legal Requirements

We understand our legal obligations under the Nigeria Data Protection Act (NDPA). We actively fulfill these obligations through:

• Compliance with the Nigeria Data Protection Act 2023
• Conducting Data Privacy Assessment 
• Employee training on data protection practices
• Obtaining strict data security warranties from vendors (where applicable)

10.3 Measures to keep you data’s integrity and in confidence

• Cyberpedia shall establish adequate controls in order to protect the integrity and confidentiality of Personal Data, both in digital and physical format and to prevent personal data from being accidentally or deliberately compromised.
• Personal data of Data Subjects must be protected from unauthorized viewing or access and from unauthorized changes to ensure that it is reliable and correct.
• Any personal data processing undertaken by an employee who has not been authorized to carry such out as part of their legitimate duties is un-authorized.
• Employees may have access to Personal Data only as is appropriate for the type and scope of the task in question and are forbidden to use Personal Data for their own private or commercial purposes or to disclose them to unauthorized persons, or to make them available in any other way.
• Human Resources Department shall inform employees at the start of the employment relationship about the obligation to maintain personal data privacy. This obligation shall remain in force even after employment has ended.

10.4 Data Breach Notification

In accordance with the NDPA, we are required to report any data breach that poses a high risk to your rights and freedoms to the Nigerian Data Protection Commission within 72 hours of the incident.  This allows for immediate action and rectification.

For further information on these requirements, please refer to Sections 28, 39, and 40 of the NDPA.

ARTICLE 11:- JOB APPLICANTS

11.1 Application Information

When you apply for a position at Cyberpedia, you will be required to submit the following information such as Name and contact details, Educational background and work history, Other relevant background information for your application and Personal details of referees, next of kin, and guarantors. Providing this information is essential for us to process your application.

11.2 Data Usage for Recruitment

Cyberpedia Internet Governance Inc. uses the information you submit to evaluate your suitability for the position you have applied for. This includes:

• Assessing your skills and experience against the job requirements
• Tracking feedback and interactions throughout the recruitment process

We may also use this data to analyze internal recruiting processes to:

• Identify effective recruitment sources
• Improve integration and training programs
• Enhance the interview model for better hiring decisions

11.3 Optional Communications and Data Sharing

With your consent, we may use your information to communicate about Cyberpedia Internet Governance Inc. events and send you relevant publications. We may also share your data with affiliated companies and third-party service providers (e.g., recruitment agencies, background check providers, IT system providers) located in or outside your country of residence.

11.4 Data Retention

We retain your application data for a maximum period of three years.

11.5 Data Subject Rights and Contact

To exercise your data subject rights or request deletion of your information, please contact our Data Protection Officer at info@cyberpedia.app 

ARTICLE 12:- MAINTAINING ACCURATE INFORMATION

We strive to maintain accurate and up-to-date personal data about our users.  If your personal information changes during your relationship with Cyberpedia, please notify us promptly.  You can easily update your information by contacting our Data Protection Officer (DPO) at info@cyberpedia.appThis aligns with your right to rectification under the NDPA.

ARTICLE 13:- CHILDREN'S PRIVACY

Our services are generally not intended for children under 13. However, in some rare cases, we may offer specialized services for children. In these instances, we take extra precautions to safeguard their privacy and data security.

Here's what you can expect:

• Strong Data Protection Measures: We implement robust data protection measures to ensure the confidentiality and security of any child's information we collect.
• Limited Data Collection: We only collect the minimum amount of data necessary to provide the specialized service.
• Parental Consent Required: In all cases involving children, we require verifiable parental consent before collecting or using any data.

For detailed information on the requirements for parental consent under the Nigeria Data Protection Act (NDPA) 2023, please refer to Section 31.  You may also contact our Data Protection Officer (DPO) for further clarification.

ARTICLE 14:- CAVEAT ON WEBSITE LINKS

Our website may contain links to other websites operated by third parties.  These links are provided for your convenience only and do not constitute an endorsement by Cyberpedia Internet Governance Inc. of the content, products, or services offered on those external sites.

Cyberpedia's privacy policy applies only to our website.  We encourage you to review the privacy policies of any third-party websites you visit to understand their data collection and usage practices.

ARTICLE 15: TRANSFER TO THIRD PARTIES AND COUNTRIES (CROSS BORDER TRANSERS)

In carrying out our mandate effectively, we may require the services of third parties who may be within or outside Cyberpedia’s jurisdiction (Nigeria). Where this is the case, Cyberpedia will enter into a Data Processing Agreement with the third party and also ask for consent if the purpose of processing was not initially stated at inception and be satisfied that the third party has adequate measures in place to protect the data against accidental or un-authorised access, use, disclosure, loss, or destruction. In such a case where the disclosure is to third parties outside the jurisdiction of the NDPA, Cyberpedia will ensure that the third party meets the core global regulatory standards prior to the transfer. This may include transferring the personal data to the third party where Cyberpedia is satisfied that:

• The country of the recipient has adequate data protection controls established by legal or self-regulatory regime. However in a case not covered by an adequacy decision from the NDPC;
• It has a contract in place that uses existing data protection clauses with approval of NDPC to ensure adequate protection.
• It is making the transfer under approved binding corporate rules

Examples of such services include but are not limited to the following:

• Internet connectivity,
• Cloud storage,
• Data analytics,
• Data security, and
• Software development.

In transferring your data to third parties, we shall be guided by the Nigeria Data Protection Act 2023. See PART VIII of the Nigeria Data Protection Act, 2023.

ARTICLE 16: DATA PROTECTION HELP DESK 

We have provided a platform to respond promptly and satisfactorily to all your requests, suggestions and complaints. We have a Data Protection Officer (DPO) who is responsible for prompt action on your data privacy. Contact the DPO via this link: info@cyberpedia.app Our DPO serves as the internal mechanism to carry out the following services amongst others:

• Data protection regulations compliance and breach services
• Data protection and privacy advisory services
• Data protection capacity building
• Data regulations contracts drafting and advisory
• Data protection and privacy breach remediation planning and support services
• Information privacy audit
• Data privacy breach impact assessment
• Data protection and privacy due diligence investigation

ARTICLE 17: DATA DELETION

You can request the deletion of your personal data at any time. We will take reasonable steps to delete your personal data upon request, subject to any legal or regulatory requirements. We have established procedures for the secure deletion of personal data that has exceeded its retention period or is no longer necessary for business purposes. These procedures are designed to ensure the complete and irreversible destruction of your data while maintaining data security. The outline of our data deletion process is as follows:

• Identification: We regularly review our data storage systems to identify personal data that has reached the end of its designated retention period or is no longer required for legal or business purposes.
• Scheduling: Data identified for deletion is placed on a scheduled deletion list. This schedule considers the type of data, legal requirements, and potential risks associated with deletion delays.
• Overwriting: Data slated for deletion is overwritten with random characters or patterns. This process renders the original data unreadable and unrecoverable.
• Verification: After overwriting, we verify that the data deletion process has been successful and the original data is no longer accessible.
• Audit Trail: We maintain an audit trail of all data deletion activities. This trail includes details like the type of data deleted, the date of deletion, and the individual responsible for the deletion.

In addition to our automated deletion processes, you can also request the deletion of your personal data at any time through our Data Subject Access Request Form. We will take all reasonable steps to fulfill your request within a commercially reasonable timeframe, subject to any legal or regulatory requirements. There may be certain situations where we are unable to completely delete your personal data. This may occur if: - 

• We are required by law to retain your data for a specific period. 
• The data is necessary to resolve a legal dispute or enforce our terms of service.
• The data has been anonymised and is no longer personally identifiable. 

In these cases, we will take steps to limit the processing of your data to the extent necessary.

ARTICLE 18- DATA SUBJECT ACCESS REQUEST

18.1 Data Subject Access Requests (DSARs)

A Data Subject Access Request (DSAR) allows you to access your personal data held by Cyberpedia. This data may include your name, contact information, demographics, and any other information that can directly or indirectly identify you.

18.2 Submitting a DSAR

You can submit a DSAR in two ways:

• Email: Send an email to info@cyberpedia.app clearly specifying the information you are requesting.
• DSAR Form: Contact the DPO for the DSAR form, fill and email to info@cyberpedia.app

18.3 Verification Process

To protect your privacy and ensure we provide access to the correct data subject, we may request additional information to verify your identity. This verification process may involve:

• Requesting identification documents (e.g., driver's license, international passport, national identity number slip (NIN))
• Verifying information associated with your account
• Response Timeline

We strive to respond to your DSAR within 30 days of confirmation.  Our response will include:

• Confirmation of your request
• The requested information in a clear, concise, and electronic format
• Reasons for Denying Access

In rare instances, we may be unable to provide the information you have requested.  We will explain the reason for denial in such cases.

18.4 Fees

There is no charge for submitting a DSAR. However, a fee may be applied for requests that are:

• Clearly unreasonable
• Submitted too frequently
• Involve repeated requests for the same information within a short timeframe

18.5 Exceptions    To    Data    Subjects    Access    Rights

To the extent permitted by applicable laws, the Cyberpedia may refuse to act on your request, if at least one of the following applies:

• in compliance with a legal obligation to which the Cyberpedia are subject;
• protecting your vital interests or of another natural person; and
• for public interest or in exercise of official public mandate vested in the Cyberpedia.

ARTICLE 19: REMEDIATION

Cyberpedia Internet Governance Inc. is committed to resolving any concerns you may have about your data privacy.  We encourage you to report any complaints or inquiries through our Data Protection Officer (DPO), see Article 22 for contact details.

Our DPO will promptly address your concerns and strive to provide a resolution within 7 business days.  In the unlikely event that a more complex issue requires additional time, we will notify you promptly and take all necessary steps to ensure your rights and interests are protected throughout the process.

ARTICLE 20:- ALTERATION OF PRIVACY POLICY

Cyberpedia Internet Governance Inc. (Data Controller) reserves the right to update this privacy policy periodically.  These updates may be necessary to:

• Enhance data privacy rights for our users.
• Align with evolving public interest considerations.
• Comply with lawful directives from the Federal Government of Nigeria.

Any revisions will be made in accordance with the safeguards outlined in the Nigeria Data Protection Act, 2023 (NDPA) and the 1999 Constitution of the Federal Republic of Nigeria.

ARTICLE 21:- DEFINITIONS AND KEY TERMS

To ensure clarity throughout this Privacy Policy, we define key terms used frequently:

• Cookie: A small piece of data stored by your web browser when you visit a website. It helps websites remember your preferences, login information, and browsing activity.
• Consent:  consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, through a statement or a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
• Cyberpedia Internet Governance Inc. ("we" or “our” or "Cyberpedia”): We are your Data Controller and are responsible for your data under this Privacy Policy.
• Country: Nigeria, the location of Cyberpedia and its founders/owners.
• Customer: An individual, organization, or company that uses our services to manage relationships with their consumers or service users.
• Data Protection Officer (DPO): means the person appointed as such under the Data Protection Laws and in accordance with its requirements. A DPO is responsible for advising Cyberpedia (including its employees) on their responsibilities under the Data Protection Laws, for monitoring compliance with Data Protection Law.
• Device: Any internet-connected gadget like a phone, tablet, computer, or anything else used to access our website and services.
• Internet Protocol (IP) Address: A unique identifier assigned to every device connected to the internet. It can sometimes reveal the general geographic location of a device.
• Closed-Circuit Television (CCTV): We make use of CCTV at our various address to ensure your safety and security, wherein we store video clips and still images for security purposes.
• Personnel: Our employees or those contracted to perform services on our behalf.
• Data: means characters, symbols and binary on which operations are performed by a computer, which may be stored or transmitted in the form of electronic signals, stored in any format or any device.
• Personal Data: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others;
• Service: The services provided by Cyberpedia, as described in our terms and conditions means Cyberpedia’s products and services provided to the customer.
• Third-Party Service: Advertisers, contest sponsors, marketing and promotional partners, and others who provide content on our platform or offer products/services we believe might interest you.
• Data Subject (You): An individual or entity registered with Cyberpedia to use our services.

ARTICLE 22:- CONTACT

Data Controller

If you have any questions, comments and requests regarding your privacy and rights, please let us know how we can help:

Cyberpedia Internet Governance Inc.

+1-424-514-5715

+1-424-514-5715

info@cyberpedia.app

Data Protection Officer

info@cyberpedia.app