Last revised: 1st February 2021
We are committed to protecting your privacy and the confidentiality of your Personal Data. We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate. Our policy complies with the Nigerian Data Protection Regulation (NDPR).
Collection of Personal Data
Personal Data is information that can be directly associated with an identifiable natural person such as a name, address, telephone number, or email address, photo, etc.
We may collect Personal Data when you:
- Use our website – we may automatically collect some information such as information on the website from which you linked to our website, the time and date of your visit and activities.
- Request that we provide you with our products and services.
- Send your CV or apply for a job application and employment.
- Contact our customer service centre whether by post, phone, email, or chat.
We may collect Personal Data received from third parties to the extent that they have represented that they have entered into an agreement with you for the provision of our products or services.
Use of Personal Data
We may use your Personal Data, including non-Personal Data as follows:
- Provide, maintain, and improve our products or services.
- Provide and deliver our products and services you request, process transactions and send you related information, including confirmations.
- Verify your identity and prevent fraud.
- Send you technical notices, updates, security alerts and support and administrative messages.
- Respond to your comments, questions and requests and provide customer service.
- Communicate with you about our products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information we think will be of interest to you.
- Monitor and analyse trends, usage and activities in connection with our services.
- Personalize and improve the services and provide advertisements, content or features that match user profiles or interests.
- Link or combine with information we get from others to help understand your needs and provide you with better service.
- Carry out any other purpose for which the Personal Data was collected.
Data Processing for Advertising Purpose
In the event you contact us for information (e.g. request for information on our products), we may use your Personal Data for market research and to communicate and advertise to you about our products, services, offers, promotions, and rewards.
We may use various cookies on our website, such as:
Category 1 — Strictly Necessary Cookies
These cookies are essential to enable you to browse around our website and use its features.
Category 2 — Performance Cookies
These cookies collect information about how you use our website — for instance, which pages you go to most. This data may be used to help optimize our website and make it easier for you to navigate. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous.
Category 3 — Functionality Cookies.
These cookies allow our website to remember choices you make while browsing. For instance, we may store your geographic location in a cookie to ensure that we show you our localized website (when applicable). These cookies may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity on non-XHS Nigeria websites.
Lawful Basis for Processing Personal Data.
We may use your Personal Data in performance of a contractual agreement, for compliance with legal obligations to which we are subject to, for your vital interest, when we have assessed it is necessary for our or a third-party legitimate interest, or when we obtain consent from you.
Retention of Personal Data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- to provide you with the services you have requested.
- to comply with other law, including for the period demanded by our tax authorities.
- to support a claim or defence in court.
- in accordance with our Retention Policy/Schedule.
Disclosure of Personal Data
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of XHS Nigeria
- Prevent or investigate possible wrongdoing in connection with a service
- Protect the personal safety of others or the public
- Protect against legal liability
Security of Personal Data
XHS Nigeria takes reasonable measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
Your Rights as a Data Subject
- You have a right to a copy of your Personal Data that we hold about you.
- You have a right to freely transfer your Personal Data received from us to any other organisation.
- You have the right to have the Personal Data we hold about you corrected if it is factually inaccurate.
- In some circumstances, you have the right to the deletion of your Personal Data.
- Where certain conditions apply, you have a right to object to the processing of your Personal Data.
- You have the right to restrict processing of certain types of processing we carry out on your Personal Data, such as direct marketing.
- You have a right to lodge a complaint about the way we handle of your Personal Data with the National Information Technology Development Agency (NITDA).
NITDA’s website (https://nitda.gov.ng) has a wealth of useful information in respect of your rights over your personal data. Where we do not act on your request to exercise any of your rights, we shall inform you within one month of the receipt of your request, of the reasons for not taking action.
Breaches / Privacy Violation
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, we shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NITDA.
Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we shall within 7 (Seven) days of having knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.
Any changes we make to this Policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this Policy.
Please note that our website may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Questions or Concerns