CFAO Automotive (“CFAO”, us, we, the Company) is committed to ensuring the privacy and confidentiality of your Personal Data. CFAO is required to comply with the Nigeria Data Protection Regulation (NDPR) as issued by the National Information Technology
Personal Data to the extent as allowed by law when you provide us with details of your Personal Data, by clicking on the “accept” button or by continuing the use of our website. We may request for further consent in the event that your Personal Data is required to be transferred to a third party for marketing purposes or when it is to be further processed in a manner which would require your further consent.
You may withdraw your consent at any time before, during and after we process your Personal Data. Personal Data is information that can be directly used to identify you and includes any offline or online data that makes a person identifiable such as names, addresses, phone number, passport ID, usernames, digital footprints, photographs, financial data, assets and liabilities etc (hereinafter collectively referred to as “Personal Data”).
We may use and transfer your Personal Data either with your consent, for compliance with a legal obligation to which we are subject or when we have assessed that it is necessary for the purposes of the legitimate interests pursued by us or by a third party to whom it may be necessary to disclose information. We may also use your Personal Data to further develop the quality of our services.
(iii) Types of Personal Data
CFAO collects and processes Personal Data from you when you: (i) register online or place an order for any of our products or services; (ii) voluntarily complete a customer survey or provide feedback on any of our message boards or via email; (iii) use or view our websites via your browser’s cookies; or (iv) visit any of our locations. Such Personal Data may include your name, age, date of birth, residential address and email address.
We may also automatically collect some technical information when you visit our website such as the pages that you viewed. This information helps us understand customer interests and helps us improve our website.
(iv) Use of Personal Data
CFAO only uses your Personal Data for the primary purpose for which you have given the information to us unless one of the following applies: (i) you have consented for us to use your information for another purpose; (ii) CFAO is required or authorised by law to disclose your information for another purpose (see related secondary purposes set out below); (iii) the disclosure of your information by CFAO will prevent or lessen a serious and/or imminent threat to somebody’s life, health or safety or to public health or public safety; or (iv) the disclosure of your information by CFAO is reasonably necessary for the enforcement of a criminal law or a law imposing a penalty or sanction, or for the protection of public revenue.
(v) Access by 3rd Parties
In the course of providing services to you, we may share your Personal Data with trusted third parties. We provide only information they need to perform their specific services and we will work closely with them to ensure that your privacy is respected and protected at all times. In the event that we no longer require their services, any of your data held by them will be irrecoverably deleted.
For fraud management or in line with public interest, we may share information about fraudulent or potentially fraudulent activity in our system which may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your Personal Data to law enforcement, regulatory or government body upon a valid request to do so. These requests however will be assessed on a case-by-case basis and the privacy of our customers shall be considered.
(vi) Storage of Personal Data
CFAO may also enter into arrangements with third parties to store data we collect or to access the data to provide services (such as data processing), and such data may include Personal Data, outside of Nigeria. CFAO will take reasonable steps to ensure that the third parties do not break the NDPR requirements. The steps CFAO will take may include ensuring the third party is bound by privacy protection obligations which are the same (or substantially the same) as those which bind CFAO and requiring that the third party has information security measures in place which are of an acceptable standard and approved by CFAO. In all such transfers, CFAO will ensure compliance with the provisions of the NDPR.
(vii) Data Security
CFAO will take reasonable steps to protect your Personal Data from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect your privacy.
(viii) Your Rights
CFAO collects Personal Data only for the purposes identified in this Policy and such information cannot be reused for another purpose that is incompatible with the original purpose except with your further consent. The rights you can exercise with respect to your Personal Data with us include but are not limited to the following:
- be informed of and entitled to provide consent prior to the processing of Personal Data for purposes other than that for which the Personal Data were collected;
- request that CFAO restricts processing of your Personal Data;
- request for information regarding any specific processing of your personal data;
- such other rights as provided by the Nigeria Data Protection Regulation and other subsidiary legislation.
(ix) Access and Correction
You can choose to exercise the following rights in relation to your Personal Data:
- Right to access your Personal Data that we hold about you;
- Right to request an amendment to Personal Data that we hold about you should you believe that it contains inaccurate information;
- Right to request that we erase your Personal Data, under certain conditions;
- Right to object to our processing of your personal information, under certain conditions.
If you wish to exercise any of these rights, please contact the Data Protection Officer, CFAO Nigeria Limited, Plot 1090 Adeola Odeku Street, Victoria Island, Lagos or by email: firstname.lastname@example.org.
We limit a One-month period to respond to your access request to your Personal Data in our possession. However, if the one-month timeline cannot be met or where we determine that the request made by you is excessive in nature, we will take steps to inform you and suggest alternative courses of action such as extension of the time of which to provide the information requested or request for cost for requests of an excessive nature. CFAO subjects itself to copy the regulatory authority in all such correspondence.
(x) Cookies and Other Technologies.
(xi) Retention Period
The maximum number of years that CFAO will retain your Personal Data will be six (6) years from when same is no longer required. After this period, we will ensure that your Personal Data is destroyed in a safe and secure manner.
(xii) Breach/ Privacy Violation
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, CFAO shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NITDA. Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we shall within 7 (Seven) days of having knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.