Privacy Policy
The Privacy Policy (the “Policy”) is designed to enable Alpha10 Fund Management Limited (the “Parent Company”) and its subsidiaries hereinafter collectively referred to as (the “Alpha10” or the “Company”) to define its structure and approach to collection, handling and processes of data of both internal and external clients. This Policy will help Alpha10 to explicitly describe the use of the data collected, how it will be handled, its processing and ensure transparency with all the process aforementioned. This Policy also aims to explain when and why the Alpha10 collects personal information about its shareholders, clients, investors, employees and other stakeholders (collectively referred to as “Data Subject” or “You”), how the personal information is used, kept secured and the rights of the aforementioned Data Subject in relation to it. Alpha10 may collect, use and store the personal data of a Data Subject, as described in this Privacy Policy. Alpha10 reserve the right to amend this Privacy Policy from time to time without prior notice. Notwithstanding, for any significant changes the Data Subject shall be notified but you are advised to check our website for the latest Privacy Policy. Alpha10 will always comply with the Nigeria Data Protection Regulation (NDPR) when dealing with the personal data of Data Subject. For the purposes of the NDPR, Alpha10 will be the “controller” of all personal data we hold about you.
1. INTRODUCTION
The Privacy Policy (the “Policy”) is designed to enable Alpha10 Fund Management Limited (the “Parent Company”) and its subsidiaries hereinafter collectively referred to as (the “Alpha10” or the “Company”) to define its structure and approach to collection, handling and processes of data of both internal and external clients. This Policy will help Alpha10 to explicitly describe the use of the data collected, how it will be handled, its processing and ensure transparency with all the process aforementioned. This Policy also aims to explain when and why the Alpha10 collects personal information about its shareholders, clients, investors, employees and other stakeholders (collectively referred to as “Data Subject” or “You”), how the personal information is used, kept secured and the rights of the aforementioned Data Subject in relation to it. Alpha10 may collect, use and store the personal data of a Data Subject, as described in this Privacy Policy. Alpha10 reserve the right to amend this Privacy Policy from time to time without prior notice. Notwithstanding, for any significant changes the Data Subject shall be notified but you are advised to check our website for the latest Privacy Policy. Alpha10 will always comply with the Nigeria Data Protection Regulation (NDPR) when dealing with the personal data of Data Subject. For the purposes of the NDPR, Alpha10 will be the “controller” of all personal data we hold about you.
2. OBJECTIVES OF THIS POLICY
This Policy is aimed at ensuring the following:
i. Providing all Data Subject, the comfortability needed in sharing their personal information.
ii. ii. To guide any third-party entity that intends to do business with the Alpha10 on the way and manner data and information are managed.
iii. iii. To establish trust and a transparent process with all Data Subject in the management of data and information.
3. SCOPE OF THIS POLICY
This Policy shall cover the parent company, subsidiaries, third parties and stakeholders of Alpha10.
4. INFORMATION REQUIRED OR REQUESTED FROM DATA SUBJECT
Information Use Reason Retention Time describe how long do we keep your information. Name, Surname Name, First Name, Middle Name are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Date of birth/age related information are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Gender is required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Photo(s) and video(s) are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Bank account detail(s) are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Phone number(s) are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Email address is required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
National Health Insurance (NHIS) details are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Academic qualification(s) details are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Contractors and Service Providers details are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Bank verification number (BVN) is required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Pension fund administrator (PFA) details are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
Employment details are required to complete a task, provide service, comply with legal and regulatory obligations (KYC) and other requirements for as long as it is necessary to comply with Alpha10 obligations and statutory functions.
5. DATA PROTECTION PRIVACY POLICIES
At Alpha10, we treat your privacy with the highest priority. Our Data Protection Privacy Policy details the measures we take to preserving and safely guarding your privacy when you visit our website or communicate with our personnel.
This Policy has been approved and provided by our legal advisors. These policies include:
a. Privacy Policies
i. Data Collection
ii. Your Personal Data and how it is Used
iii. Change of Purpose
iv. Your Personal Data Rights
v. Persons who have access to your personal Data
vi. Security and Confidentiality
vii. Transfer of Personal Data outside Nigeria
viii. Retention of Personal Data
ix. Third Party Links
b. Cookies Policy
c. Subject Access Request Response Procedure
6. DEFINITIONS AND INTERPRETATION
Affiliated Third Parties includes companies with which we have common ownership or management or other contractual strategic support or partnership relationships with, our advisers, consultants, bankers, vendors or sub-contractors.
· Data is information, which is stored electronically, on a computer, or in certain paper-based filing systems.
· Data Controller is a person responsible for determining the manner in which Personal Data would be processed.
· Data Subject is an identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.
· DPO means Data Protection Officer;
· DPIA means Data Protection Impact Assessment;
· NDPR means the Nigerian Data Protection Regulations, 2019.
· NITDA means the National Information Technology Development Agency.
· Personal Data is the information relating to an identified or identifiable natural person. These include a name, gender, a photo, an email address, bank details, medical information, computer internet protocol address and any other information specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
· Processing is any activity that involves use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, recording, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
· Sensitive Personal Data includes information about a person’s racial origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life.
7. PRIVACY POLICY
7.1. DATA COLLECTION
The Alpha10 may collect, use, store and transfer different kinds of Personal Data about you which is grouped together as follows:
· Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
· Contact Data includes residential address, email address and telephone numbers.
· Human Resource Data includes information on your employment history, professional and educational information submitted upon applying for employment with us.
· Technical Data includes internet protocol (IP) address, domain name, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
· Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
· Usage Data includes information about how you use our website and services.
· Marketing and Communications Data includes your preferences in receiving marketing communications from us and our Affiliated Third Parties and your communication preferences.
You provide this information through direct interaction when you visit the Alpha10 website, sign up to its newsletters or publications, request marketing materials to be sent to you, respond to surveys, complete its feedback or comment form, provide your business card to any of its staff, sign its visitor management form, complete other forms, apply for employment through its careers page, or contact Alpha10 to request for any information or other correspondence by post, email, its website or otherwise. As you interact with the Alpha10 website, the Alpha10 will automatically collect technical data about your equipment, browsing actions and patterns. The Alpha10 collects this data by using cookies, and other similar technologies. Please see the Alph10 Group Cookies Policy for further details. The Alpha10 do not intentionally or knowingly collect any Sensitive Personal Data. Please do not send to the Alpha10 nor disclose such Sensitive Personal Data except where required for a specific purpose.
7.2. YOUR PERSONAL DATA AND HOW IT IS USED
Primarily, the Alpha10 collects, processes and stores your Personal Data to help Alpha10 better connect with you. The following are the purposes for which the Alpha10 collects your Personal Data:
· To monitor, review, evaluate and improve your experience when you visit the Alpha10 website.
· To analyse the traffic on the Alpha10 website, including determining the number of visitors to the website and analyse how they navigate the website.
· To invite you to complete a survey or provide feedback to the Alpha10 on specific matters.
· At any time, you request information from us via a form or other electronic transmission the Alpha10 may use your Personal Data to fulfil 7 that request and keep a record of such request and how it was handled, for quality assurance and service improvement purposes.
· To keep you updated on the Alpha10 activities, programmes and events where your explicit consent has been given.
· To notify you of changes to the Alpha10 websites or relevant processes.
· The Alpha10 may also use your information or allow Affiliated Third Parties such as its subsidiaries or partners use your Personal Data, to offer you information about unrelated products or services you may be interested in. The Alpha10 or such Affiliated Third Parties can only communicate with you if you have expressly consented to such communication and data use.
· The Alpha10 may share your personal data with Affiliated Third Parties such as service providers who we have engaged to assist with providing certain services on our behalf, for which they require your personal data.
· Where the Alpha10 has any contracts with you which create a commitment, the Alpha10 may require contact or use of your information to perform the contract.
· To process or manage your appointments with any of the Alpha10 staff.
· To fulfil legal/ regulatory obligations or to report any criminal or unethical activity.
· To store either on our central computer system or a third-party Computer’s central computer system for archiving and back up purposes. Be aware that the Alpha10 do not reveal identifiable information about you to its advertisers, though the Alpha10 may at times share statistical visitor information with its advertisers.
8. CHANGE OF PURPOSE
The Alpha10 will only use your Personal Data for the aforementioned purposes, unless the Alpha10 reasonably consider that it needs to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the Alpha10. If the Alpha10 need to use your Personal Data for an unrelated purpose, the Alpha10 will notify you and request for your express consent.
9. YOUR PERSONAL DATA RIGHTS
Data Protection Laws provides you with certain rights in relation to the information that the Alpha10 collect about you.
· The right to withdraw consent previously given to Alpha10 or our Affiliated Third Parties. In order to make use of your personal data, Alpha10 would have obtained your consent. For consent to be valid, it must be given voluntarily. In line with regulatory requirements, consent cannot be implied, and Alpha10 ensure that you have the opportunity to read our data protection privacy policy before you provide your consent. Consent in respect of Sensitive Personal Data must be explicit and will be given by you in writing to the Alpha10. The consent of minors (under the age of 18) will always be protected and obtained from the minor’s representatives in accordance with applicable regulatory requirements. You can ask the Alpha10 or Affiliated Third Parties to stop sending you marketing messages at any time by unsubscribing or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you.
· The right to request that the Alpha10 deletes your Personal Data that is in its possession, subject however to retention required for legal purposes and the time required technically to delete such information.
· The right to request for access to your Personal Data or object to the Alpha10 processing same. Where personal data is held electronically in a structured form, such that you have a right to receive that data in a common electronic format.
· The right to update your Personal Data that is kept with the Alpha10. You may do this at any time your personal data changes and you wish to update the Alpha10.
· The right to receive your Personal Data and have it transferred to another Data Controller, as applicable.
· The right to lodge a complaint. You may exercise any of the above stated rights following our Data Subject Access Request Procedure.
10. PERSONS WHO HAVE ACCESS TO YOUR PERSONAL DATA
Alpha10 uses a customer relationship management tool to help manage its contact database and send out email communications to you.
In addition to Alpha10 staff who have a business need to know, the following trusted third parties have access to your information:
· The Alpha10 Affiliate Third Parties who require your information for the same purposes described in this Policy and who have adopted similar privacy policy standards further to contractual obligations to the Alpha10 under a third-party data processing agreement the Alpha10 has entered with them.
· Professional service providers such as IT service providers and website hosts.
· Regulatory authorities.
Alpha10 will transfer your Personal Data to only those Affiliated Third Parties who the Alpha10 are sure can offer the required level of protection to your privacy and information and who are also contractually obligated to us to do so. The Alpha10 do not and will not at any point in time sell your Personal Data. The Alpha10 require all Affiliated Third Parties to respect the security of your personal data and to treat it in accordance with the law. The Alpha10 do not allow our professional service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with its instructions.
11. SECURITY & CONFIDENTIALITY
Information submitted by you is stored on secure servers the Alpha10 has which are encrypted and access is restricted to only authorised persons in charge of maintaining the servers. the Alpha10 have put in place physical, electronic and procedural processes that safeguard and protect your information against unauthorised access, modification or erasure. However, the Alpha10 cannot guarantee 100% security as no security program is completely fool proof. In the unlikely event that the Alpha10 experience any breach to your personal data, such breach shall be handled in accordance with the Alpha10 Data Privacy Policy. All such breaches shall be notified to the NITDA within 72 hours of occurrence and were deemed necessary, based on the severity and potential risks, we shall notify you of such occurrence, steps taken and remedies employed to prevent a reoccurrence. The Alpha10 staff also have an obligation to maintain the confidentiality of any Personal Data held by us. As you know, transmission of data on the internet is never guaranteed regarding safety. It is impossible to completely guarantee your safety with electronic data and transmission. You are therefore at your own risk if you elect to transmit any data electronically.
12. TRANSFER OF PERSONAL DATA OUTSIDE NIGERIA
The Personal Data the Alpha10 collects may be transferred to and processed in another country other than your country of residence for the purposes stated above, with your consent. The data protection laws in those countries may be different from, and less stringent than the laws applicable in your country of residence. By accepting this Policy or by providing your Personal Data to the Alpha10, you expressly consent to such transfer and Processing. The Alpha10 will however take all reasonable steps to ensure that your data is treated securely and transfer of your Personal Data will only be done in accordance with the requirements of applicable laws and to parties who have put in place adequate controls to secure and protect your Personal Data.
13. RETENTION OF PERSONAL DATA
The Alpha10 shall retain your Personal Data for no longer than reasonably necessary for the purposes set out in this Policy and in accordance with legal, regulatory, tax, accounting or reporting requirements. The Alpha10 may retain your Personal Data for a longer period in the event of a complaint or if the Alpha10 reasonably believes there is a prospect of litigation in respect to the relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which the Alpha10 has processed your Personal Data and whether the Alpha10 can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Where your Personal Data is contained within a document, the retention period applicable to such type of document in our document Retention Policy shall apply.
14. THIRD PARTY LINKS
The Alpha10 website or its email communication may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The Alpha10 do not control these third-party websites and are not responsible for their privacy statements. When you leave the Alpha10 website, you are encouraged to read the privacy policy of every website you visit.
COOKIES POLICY
1. The Alpha10 advertisers and organisation may have the occasion to collect information in regard to your computer for our services. The information is gained in a statistical manner for the Alpha10 use or advertisers on our site.
2. Data gathered will not identify you personally. It is strictly aggregate statistical data about the Alpha10 visitors and how they used the Alpha10 resources on the site. No identifying Personal Data will be shared at any time via cookies.
3. Close to the above, data gathering can be about general online use through a cookie file. When used, cookies are automatically placed in your hard drive where information transferred to your computer can be found. These cookies are designed to help us correct and improve our site’s services for you. You may elect to decline all cookies via your computer or set up alerts to prompt you when websites set or access cookies. Every computer has the ability to decline file downloads like cookies. Your browser has an option to enable the declining of cookies. If you do decline cookie downloads you may be limited to certain areas of Alpha10 site, as there are parts of the Alpha10 site that require cookies.
4. Any of our advertisers may also have a use for cookies. the Alpha10 is not responsible, nor do the Alpha10 have control of the cookies downloaded from advertisements. They are downloaded only if you click on the advertisement.
SUBJECT ACCESS REQUEST RESPONSE PROCEDURE
1. Where you wish to exercise any of your data privacy rights you shall make a formal request by completing the Subject Access Request Form (SAR Form) and
sending the completed form via email to us at dpo@alpha10group.com.
2. The Alpha10 shall contact you within 5 working days of the receipt of the SAR Form to confirm receipt of the subject access request and may request additional information to verify and confirm the identity of the individual making the request.
3. On receiving any request from you, the Alpha10 shall record the request and carry out verification of the identity of the individual making the request using the details provided in the SAR Form and a valid means of identification such as international passport, driver’s license, national identification card or any other acceptable means of identification.
4. Where the request is from a third party (such as relative or your representative), the Alpha10 will verify their authority to act for you and may contact you to confirm their identity and request your consent to disclose the information.
5. When your identity is verified, the Alpha10 shall coordinate the gathering of all information collected with respect to you in a concise, transparent, intelligible and easily accessible form, using clear and plain languages with a view to responding to the specific request. The information may be provided in writing, or by other means, including, where appropriate, by electronic means or orally provided that your identity is proven by other means. The Alpha10 may also contact you to ask you for further information in relation to your request to speed up its response.
6. Where the information requested relates directly or indirectly to another person, the Alpha10 will seek the consent of that person before processing the request. However, where disclosure would adversely affect the rights and freedoms of others and the Alpha10 is unable to disclose the information, the Alpha10 will inform you promptly, with reasons for that decision.
7. FEES AND TIMEFRAME
i. The Alpha10 shall ensure that it provides the information required by you within a period of one month from the receipt of the request. Occasionally, it could take the Alpha10 longer than a month if your request is particularly complex or you have made a number of requests. In this case, the Alpha10 will notify you and keep you updated. However, where the Alpha10 is unable to act on your request, the Alpha10 shall inform you promptly at least within one month of receipt of the request of the reasons for not taking action and give you the option of lodging a complaint with the NITDA, in line with the NDPR 2019.
ii. Where the request relates to any perceived violation of your rights, the Alpha10 shall take appropriate steps to remedy such violations, once confirmed. Remedies shall include but not limited to the investigation and reporting to appropriate authorities, recovering the personal data, correcting it and/ or enhancing controls around it. You shall be appropriately informed of the remedies employed.
iii. Any information provided to you by the Alpha10 shall be provided free of charge. However, where requests are manifestly unfounded or excessive in particular because of their repetitive or cumbersome nature, the Alpha10 may:
a. charge a reasonable fee taking into account the administrative costs of providing the information or communication, taking the action required or making a decision to refuse to act on the request; or
b. write a letter to you stating refusal to act on the request and copying the NITDA.
8. EXCEPTIONS TO DATA SUBJECTS ACCESS RIGHTS
To the extent permitted by applicable laws, the Alpha10 may refuse to act on your request, if at least one of the following applies:
i. in compliance with a legal obligation to which the Alpha10 are subject.
ii. protecting your vital interests or of another natural person.
iii. for public interest or in exercise of official public mandate vested in the Alpha10.
CONTACT US
The Alpha10 welcome any queries, requests you may have regarding our Data Protection Privacy Policies, or our privacy practices. Please feel free to contact us at dpo@alpha10group.com or by completing the Subject Access Request Form (SAR Form).