CFAO collects and process personal information from you when you: (i) register online or place an order for any of our products or services; (ii) voluntarily complete a customer survey or provide feedback on any of our message boards or via email; (iii) use or view our websites via your browser’s cookies; or (iv) visit any of our locations. Such personal information may include your name, age, date of birth, residential address and email address.

CFAO only uses your personal information for the primary purpose for which you have given the information to us unless one of the following applies: (i) you have consented for us to use your information for another purpose; (ii) CFAO is required or authorised by law to disclose your information for another purpose (see related secondary purposes set out below); (iii) the disclosure of your information by CFAO will prevent or lessen a serious and/or imminent threat to somebody’s life, health or safety or to public health or public safety; or (iv) the disclosure of your information by CFAO is reasonably necessary for the enforcement of a criminal law or a law imposing a penalty or sanction, or for the protection of public revenue.

CFAO may store the personal information we collect from you in various forms including physical copies or on electronic media. CFAO will comply with the NDPR, and this Privacy Policy, in respect of your personal information in whatever form that information is stored by us.

CFAO may also enter into arrangements with third parties to store data we collect or to access the data to provide services (such as data processing), and such data may include personal information, outside of Nigeria. CFAO will take reasonable steps to ensure that the third parties do not break the NDPR requirements. The steps CFAO will take may include ensuring the third party is bound by privacy protection obligations which are the same (or substantially the same) as those which bind CFAO and requiring that

the third party has information security measures in place which are of an acceptable standard and approved by CFAO.

CFAO will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect your privacy.

You can choose to exercise the following rights in relation to your personal information:

• Right to access your personal information that we hold about you;
• Right to request an amendment to personal information that we hold about you should you believe that it contains inaccurate information;
• Right to request that we erase your personal information, under certain conditions;
• Right to object to our processing of your personal information, under certain conditions.

If you wish to exercise any of these rights, please contact contact the Data Protection   Officer, CFAO Nigeria Limited, Plot 1090 Adeola Odeku Street, Victoria Island, Lagos or by email: it*****@cf**.com.

The maximum number of years that CFAO will retain your personal information in hard copy will be six (6) years from when same is no longer required. Digital records may be retained indefinitely.

If you have questions or comments about this Privacy Policy, you can contact the Data Protection Officer, CFAO Nigeria Limited, Plot 1090 Adeola Odeku Street, Victoria Island, Lagos or by email: it*****@cf**.com