top of page

Privacy Policy

Privacy Policy

Table of Contents

  • 1. Introduction

    Everyone has rights regarding the way in which their personal data is handled. We regard the lawful and correct treatment of personal information as integral to the successful operation of this platform and to maintaining the confidence of the people we work and communicate with. To this end we fully endorse and adhere to the principles of the relevant Laws.

    1.1 Definitions

    Data:  Information stored electronically, on a computer, server or in certain paper-based filing systems.

    Data Controller: MRL® Public Sector Consultants Ltd has determined the purposes for which, and the manner in which, your Personal Data is processed.

    Data Users: authorised users, whose work involves processing your Personal Data. Data Users are responsible for the proper use of the data they process and must protect the data they handle in accordance with this Privacy Policy.

    Data Processor: Any person or organisation that processes personal data on our behalf and in accordance with our specific instructions.

    Data Subjects: All living individuals about whom we hold Personal Data. All Data Subjects have legal rights concerning the processing and storage of their personal information.  

    MRL® Ltd, us, we, or our: the legal entity MRL® Public Sector Consultant Ltd.

    Personal Data: Information which can be used to directly or indirectly identify a living individual.

    Processing: Any activity in which the data is used, including (but not limited to) obtaining, recording, organising, amending, retrieving, using, disclosing, erasing, destroying and/or holding the data. The term “processing” also includes transferring personal data to third parties.

    Sensitive Personal Data: Information about a person's race, ethnicity, political opinions, convictions, religion, trade union membership, physical and/or mental health, and sexual preference. Sensitive personal data can only be processed with the express consent of the person concerned.

    The Act: The Nigeria Data Protection Act 2023 which regulates the way in which all Personal Data Sensitive Personal Data is held and processed.

    Third Party: Any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorised to process or receive personal data.

    Supervisory Authority: The Authorised Body which is empowered to govern and manage how the NDPA is implemented and abided by. In Nigeria, the Supervisory Authority is the: Nigeria Data Protection Commission.

    You, your, yourself: data subject who uses the Web Portal.

  • This policy outlines the data protection policies and procedures we have adopted and to which we abide to ensure we are complaint with the Nigeria Data Protection Act 2023 (“The Act”). The purpose of this policy and any other documents referred to in it, is to clearly list and identify the legal requirements, procedures and rights which must be established when we obtain, process, transfer and/or store your personal data. This policy will assist you in understanding the obligation, responsibilities and rights which arise from the Data Protection Laws.

  • In accordance with the Nigeria Data Protection Act 2023 anyone processing Personal Data must comply with the six principles of good practice. These provide that Personal Data must:

    • be processed in a fair, lawful and transparent manner;

    • only be used for specified, explicit and legitimate purposes for which it was collected;

    • be adequate, relevant and limited for the purpose for which it is being processed;

    • be accurate and kept up-to-date;

    • not be kept longer than necessary to fulfil the purpose of its collection;

    • be kept secure and protected from unauthorised processing, loss, damage or destruction, damage or any form of data breach.

  • a. Fair, Lawful and Transparent Processing

    For Personal Data to be processed lawfully, the basis for the processing must be one of the legal grounds set out in The Act. These include, among other things, your written consent to the processing, or that the processing is necessary for the performance of our contract with you.

     

    In the event we collect Personal Data directly from you, this Notice should assist in informing you about:
     

    1. The purpose or purposes for which we intend to process your Personal Data

    2. The types of third parties, if any, with which we may share or disclose your Personal Data.

    3. The means with which you can limit our processing and disclosure of your Personal Data

     

    If we receive Personal Data about you from other sources, we will provide you with this information as soon as possible thereafter.

    b. Processing for Specified, Limited and Legitimate Purposes

    In the course of our business, we shall process the Personal Data we receive directly from you (for example, by you completing forms, questionnaires or by sending us papers or from you corresponding with us by mail, phone, email or otherwise) and your Personal Data which we receive from any other source for a legitimate purpose.

     

    We shall only process your Personal Data to fulfil and/or enable us to satisfy the terms of our obligations and responsibilities in our role as your Data Controller and Processor or for any other specific purposes permitted by The Act. Should we deem it necessary to process your Personal Data for purposes outside and/or beyond the reasons for which it was originally collected, we will contact you first to inform you of those purposes and our intent and may also apply for your consent.

    c. Adequate, Relevant and Limited Processing

    We will only collect and process your Personal Data as required to fulfil the specific purpose/s identified in this policy.

    d. Accurate and Up-to-date Data

    We shall ensure that all Personal Data held is accurate and up to date and will check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. If you become aware that any of your Personal Data is inaccurate, you are entitled to contact us and request that your Personal Data is amended. We will take all reasonable steps to amend or where necessary erase inaccurate or out-of-date data.

    e. Storage Limitation

    We will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. Once Personal Data is no longer required, we will take all reasonable steps to destroy and erase it.

    f. Keeping Your Personal Data Secure

    Our employees and contracted personnel are bound to our privacy policies, procedures and technologies which maintain the security of all your Personal Data from the point of collection to the point of destruction.

     

    We maintain data security by protecting the confidentiality, integrity and availability of your Personal Data, and when we do so we abide by the following definitions:

     

    • Confidentiality - We ensure that only people authorised to use your personal data can access it.

    • Integrity - We will make certain that your Personal Data is accurate and suitable for the purpose for which it is processed.

    • Availability - We have established procedures which mean only our authorised Data Users should be able to access your Personal Data if they need it for authorised purposes.

     

    We use the following software provider to host electronic data, including personal data, Heart Internet. This provider states that it is compliant with EU Data Privacy Frameworks and/or applies equivalent/adequate safeguards. Its privacy notice can be found here:

    https://www.heartinternet.uk/terms/heart-internet-privacy-statement

  • We collect and process information about you only where we have a lawful basis for doing so, and as such when we process your personal information it will be done in a lawfully, fairly, and transparent manner.

     

    In accordance with Section 25(1) of the Nigeria Data Protection Act 2023, we will only collect and use your information only where:

     

    • you give us consent to do so for a specific purpose; or

    • it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;

    • it satisfies a public or legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;

    • you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or

    • we need to process your data to comply with a legal obligation.

     

    Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

  • We only collect information that you voluntarily provide to us when you may opt to join our newsletters or otherwise when you contact us. The information we collect can be categorised as:

     

    1. Personal Data – we will only collect and process personal information where you have consented to this privacy policy or as otherwise permitted by applicable law, we process the following categories of personal information:

      1. Name

      2. Email

     

    1. Sensitive Personal Data – we will only collect and process sensitive information where you have consented to this privacy policy or as otherwise permitted by applicable law.

  • There may also be other times when we may need to share your Personal Data. This section discusses how, when, why and who we might share your Data.

    Third Party Disclosure

    In the course of us fulfilling our role as Data Controller it will be necessary for us to disclose your Personal Data in certain situations:

    • To enforce or apply any contract or other agreement with you.

    • We may disclose any information about you (including your identity) if we determine that such disclosure is necessary and compliant with any applicable law, regulation, legal process or lawful government request.

    • We may also disclose your information when we determine that applicable law requires or permits such disclosure, including exchanging information with third other companies and organisations for fraudulent protection purposes.

    • To protect our rights, property, or safety and that of our employees, members, or others, in the course of investigating and preventing money laundering and fraud.

    • There may also be situations in which it is necessary for us to disclose your Personal Data to other third parties.

  • The personal information we collect is stored and processed in Nigeria and the United Kingdom, where we or our data users maintain our operation facilities. By using this portal and providing us with your personal information, you consent to the disclosure to these overseas parties.

    We will ensure that any transfer of personal information to countries outside Nigeria will be protected by appropriate safeguards by ensuring such countries have standard and adequate data protection laws and security measures in place; such as the  UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, applicable in the United Kingdom.

  • Subject to the provisions of the Act, we will process and manage all your Personal Data in line with your rights;

    In particular your rights including but not limited to:

    1. confirmation as to the information being stored or processed by the data controller or data processor;

    2. obtaining a copy of your personal data;

    3. the correction or deletion of personal data that is inaccurate, out of date, incomplete or misleading;

    4. the erasure of personal data (subject to our overriding legal obligations);

    5. withdrawing consent to the processing of personal data and to the processing of personal data for direct marketing purposes;

    6. requesting access to any data we hold about you;

    7. objecting to the processing of your personal data;

    8. not be subject to automated decision making;

    9. be notified of a data security breach which affects your rights and freedoms, without undue delay;

  • Subject to the provisions of the Nigeria Data Protection Act 2023, as mentioned above, you have the right to make certain requests regarding your personal data under the applicable law. These include:

    Access and portability requests

    You are entitled to request information about the different categories of personal data and purposes of data processing; recipients or categories of recipients who receive your Personal Data, details on how long your Personal Data is stored for, information on your Personal Data's source and whether the Data Controller uses automated decision-making.

    You also have “Data Portability” rights which includes the right to request a copy of your Personal Data be sent to you or transmitted to another Data Controller.

    You can also request access to a copy of your Personal Data, unless providing a copy would impose unreasonable costs on us as the data controller.

    Correction requests

    You are entitled to request we correct inaccurate, out of date, incomplete, or misleading Personal Data and we will update or erase the information as required, subject to overriding legal obligations.

    Erasure requests

    You can exercise your “right to be forgotten” and can request we erase your Personal Data. Once receiving a request, we must erase the Personal Data without delay, unless an exception applies that permits us to continue processing your data. Details of such exceptions are contained in The Act and include situations where we might need to retain the information to carry out our official duties and/or comply with legal obligations and/or for the establishment of exercising or defending legal claims, or it is in the public interest to retain your Personal Data.

    Restriction requests

    You may request restrictions be applied to the processing of your Personal Data for some specific reasons such as you contest the accuracy of the data, the processing is unlawful or if we no longer need to process your Personal Data. You can also request restrictions be applied if the processing is being done for public interest or third-party reasons.

    If such a request is received, we can continue to store your Personal Data, but may only process it under certain circumstances, such as: you give consent for us to continue processing your data or we need to establish, exercise, or defend legal claims or we need to protect the rights of another individual or legal entity or for important public interest reasons.

    Objection requests

    You may also object to your Personal Data being processed under certain circumstances, including for direct marketing purposes and profiling related to direct marketing. If we receive such an objection, we will stop processing your Personal Data unless we can show a public interest or legitimate ground for processing your Personal Data which overrides your interests and the basis of your request.

    Verifying your request

    To excerise any of these rights, please contact us at mrl@mrl.uk.com. Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

  • We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we store and process.

     

    For your comfort, below is a notice of the safeguards we have put in place to protect your constitutional rights to privacy. Some of the measure put in place include our Data Protection Policies, Data Access and Authorisation and Authentication, Data Protection Impact Assessments, Secure storage and Recovery systems, Data Breach Policies and more.

     

    However, despite our safeguards and best efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that unauthorised persons or intermissions will not be able to defeat our security and improperly collect, access or modify your information.

     

    We will do our best to protect your personal information by implementing robust data protection protocols, however transmission of personal information to and from this Portal is at your own risk and you should only access the Portal within a secure environment.

     

    If you have any concerns regarding a data breach, please contact us at mrl@mrl.uk.com.

  • In accordance with the Act, we will not hold data any longer than it is necessary in relation to the purposes of which the data is collected or processed. We will also not hold the data where there is no longer a lawful basis to do so. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect yours, ours or the vital interests of another natural person.

     

    While we retain this information, we will protect it within lawfully acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.

  • We do not use automated decision making.

  • If you feel that your questions or concerns regarding your Personal Data have not been dealt with adequately or that your request has not been fulfilled by us, you can use our complaints procedure by contacting our Data Protection Officer, Dr Roni Ajao at mrl@mrl.uk.com or by emailing us at mrl@mrl.uk.com.

     

    If, at the conclusion of our complaints procedure you do not feel that we have adequately dealt with your complaint you may make a complaint directly to the supervisory authority; NDPC: Nigeria Data Protection Commission’s Office at:

    No.12 Dr Clement Isong Street, Abuja

    Tel:+234 (0) 916 061 5551

    Email: INFO@NDPC.GOV.NG

  • MRL® Public Sector Consultants Ltd (“MRL® Ltd”) has determined the purposes for which, and the manner in which, your Personal Data is processed. The company’s registered office is located at Pepple House, 8 Broad Street, Great Cambourne, Cambridge CB23 6HJ.

     

    This policy belongs to the MRL® Public Sector Consultants Limited which is registered by Companies House in the United Kingdom.

    We are registered as a Data Controller of Major Importance by the Nigeria Data Protection Commission and as a Data Controller on the Register kept by the Information Commissioner's Office UK.

  • We may update this privacy notice at our discretion and to reflect current acceptable data compliant practices. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to also review this privacy notice frequently to be informed of how we are protecting your information.

     

    Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

  • If you have any questions or suggestions about our terms of Use, please email us at mrl@mrl.uk.com.

bottom of page