Privacy Policy

Privacy Policy


This Privacy Policy issued by HALDANE MCCALL PLC provides information on the collection, use, sharing and processing of personal information by HMK Plc and its third parties when you use HMK Plc’s websites and services, download documents from us, subscribe for newsletters, interact with HMK during in-person meetings, at HMK Plc’s sponsored events, and in the context of other marketing and branding activities. It constitutes our commitment to your privacy on our channels of engagement and in our premises and explains the choices you have in relation to these processing activities.

Please note where there are changes to the Privacy Policy due to the need to comply with regulatory requirements or meet changing business needs, the updated version will be found on our website.

Who we are?

HALDANE MCCALL PLC (the “Company”/”HMK Plc”) was incorporated in 27th of March, 2012 as a Private Limited Company with focus on real estate business, property management and hospitality. It has successfully developed and marketed luxury residential apartments in the upper neighbourhood of Ikeja GRA, an upper class segment of the Lagos metropolis. It runs the popular Suru Express Hotel Brand. It has upscaled to a Public Liability Company and its shares are about to be listed on the Nigerian Exchange Group (NGX).

Definition and Interpretation

Under the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA);

Personal Data is defined as: “any information relating to an identified or an identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, device data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, genetic, or social identity of that natural person.


Company (referred to as either “the Company”, “We”, “Us” or “Our” in this agreement) refers

to Haldane McCall Plc, 2 Shonny Highway Shonibare Estate, Maryland, Lagos. Service refers to the website, online channels, and product offerings.

Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the service, to provide the service on behalf of the Company, to perform services related to the service or to assist the Company in analysing how the service is used.


You means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.

Your privacy rights

This Privacy Policy describes your privacy rights regarding our collection, use, storage, sharing and protection of your personal information. It applies to the HMK Plc’s website and all database, applications, services, tools and physical contact with us, regardless of how you access or use them.


If you have created a username, identification code, password or any other piece of information as part of our access security measures, you must treat such information as confidential, and you must not disclose it to any third party.


Additionally, as a data subject you have the following rights:

  1. Right to confirmation – you can ask us to confirm whether we are processing personal data concerning you.
  2. Right to be informed – this is information on the personal data we are processing and the purpose for which we are processing them.
  3. Right of access – you have the right to be provided with copies of your personal data that we are processing.
  4. Right to rectification – if you think the personal data that we hold on you is inaccurate or incomplete you can request us to correct this.
  5. Right to erasure – if you want us to delete the personal data we are holding for you then you can request us to do so.
  6. Right to restrict processing – if you oppose the way how we are processing your personal data then you have the right to inform us accordingly and we will restrict the processing on the basis of your right.
  7. Right to data portability – if you want us to forward your personal data to a different organization or person then you have the right to inform us and we will transfer your personal data respectively (without adversely affecting the rights of others).
  8. Right to withdraw your consent – you can withdraw your previously given consent to the processing of your personal data at any time by contacting us using the contact form provided. Please note that such withdrawal of consent shall not affect the lawfulness of processing based on consent before withdrawal.

If you want to exercise one or more of these rights, please contact one of our staff or use the general contact address provided above. You can request your rights free of charge unless your request is clearly unfounded, repetitive or excessive. Alternatively, in these circumstances we may refuse to comply with your request. In accordance with the NDPR and NDPA, we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. In addition to the above rights, as a data subject you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).


We reserve the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion you have failed to comply with any of the provisions of this Privacy Policy.

If you know or suspect that anyone other than you know your security details, you must promptly notify us at

Who is responsible for your personal information?

HMK Plc is your data controller and is responsible for processing your personal information described in this Privacy Policy. HMK Plc uses the personal identifiable information you provide to communicate with you in response to your enquiries, to provide the services you request, and to manage our correspondence with you. Any personal identifiable information gathered by HMK Plc will be used for these purposes only. We will not disclose or divulge such data outside of HMK Plc, other than to third party providers that assist us in providing the services. HMK Plc does not share, sell, rent or trade personal identifiable information with third parties for their promotional purposes.

You accept this Privacy Policy when you give consent upon access to our platforms, or use our services, content, features, technologies or functions offered on our website, digital platforms or visit any of our offices for official or non-official purposes (collectively the “HMK Plc’s services”). This Privacy Policy governs the use of the HMK Plc’s services.

What personal information do we collect?

When you use the HMK Plc’s services, we collect information sent to us by your computer, mobile phone or other electronic access device. The automatically collected information includes but is not limited to data about the pages you access, computer IP address, device ID or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, standard web log data, still and moving images.

We may also collect information you provide us including but not limited to – information on web form, survey responses, email address, phone number, organization you represent, official position, and other correspondence with the HMK Plc’s representatives. We may also collect information about your transactions, enquiries and your activities on our platform or premises.


We may also use information provided by third parties like social media sites. Information about you provided by other sites are not controlled by the HMK Plc and we are, therefore, not liable for how such third parties use your information. HMK Plc will only collect information that is necessary for the provision of its service(s) that you have requested.

What we do with your Personal Information

The purpose of our collecting your personal information is to give you efficient, enjoyable and secure service. We may use your information to;

  • Provide the HMK Plc’s services and support;
  • Process applications and send notices about your transactions to requisite parties;
  • Verify your identity;
  • Resolve disputes, collect fees, and troubleshoot problems;
  • Manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;
  • To administer subscriptions of periodic newsletters;
  • Detect, prevent or remediate violation of laws, regulations, standards, guidelines and frameworks;
  • Improve the HMK Plc’s services by implementing aggregate customer or user


  • Measure the performance of the HMK Plc’s services and improve content,

technology and layout;

  • To comply with applicable laws and regulations and to operate our business;
  • To analyze, develop, improve and optimize the use, function and performance of our sites and products and services;
  • Track information breach and remediate such identified breaches;
  • Manage and       protect our         information                       technology                      and physical infrastructure; or
  • Contact you at any time through your provided telephone number, email address or other contact details.
Usage of third party data analytic tools

We may use data analytics tools to analyze the information generated and stored during your use of our services to improve our services, provide content tailored to your personal preferences, and to monitor our website’s traffic and usage. The other purposes include to


develop and provide new and existing functionality and services, and to determine your general location to evaluate how our known clients engage with different parts of our website. All these tools may be provided by third-party service providers and may include the collection and tracking of certain data and information regarding the characteristics and activities of visitors to our website. We may disclose data, including personal information, to such third- party services providers in order to obtain such services. You have the right to object to processing based on our legitimate activities but if you object, this may affect our ability to provide certain services and/or solutions for your benefit.

How we protect your personal information

Your personal data may be stored in a database that we, HMK Plc, can access in order to provide you with our services. Where we need to transfer your data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your data to a country without an adequate data protection law.


We will always hold your information securely. To prevent unauthorised access to your information, we have implemented strong controls and security safeguards at the technical and operational levels. Our website uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure secure transmission of your personal data. You should see the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting server. Any data transmitted during the session will be encrypted before transmission and decrypted at the receiving end. This is to ensure that data cannot be read during transmission.

HMK Plc has also taken measures to comply with global Information Security Management Systems. We, have, therefore, have put in place digital and physical security measures to limit or eliminate possibilities of data privacy breach incidents. These management information security systems include physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres, and information access authorization controls.

Engagement with other websites & premises

Some pages or channels may require links to other websites or organizations other than ours. Please note that the HMK Plc is not responsible and has no control over websites outside its domain. We do not monitor or review the content of other party’s websites which are linked from our website or media platforms.


Opinions expressed or materials appearing on such websites are not necessarily shared or endorsed by us, and HMK Plc should not be regarded as the publisher of such opinions or materials.

Please be aware that we are not responsible for the privacy practices, or content of these sites.

We encourage our users to be aware of when they leave our site, and to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through this site yourself, before disclosing any personal information to them. HMK Plc will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

Retention of your personal information

HMK Plc will retain your personal data base on its priority level. A default of period of 10 years applies for all categories of data. Where priority level is low, personal data base will be discarded much earlier than the default period. We may also need to retain information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes (e.g., to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from the Regulators, etc.). When we no longer need to use your personal information, we will remove it from our systems and records and/or take steps to encrypt it so that you can no longer be identified.

Privacy policy & other IT Policies

Some principles and procedures applicable to HMK Plc’s Data Protection and Privacy Policy are covered by other existing IT policies that are obtainable in the Comprehensive IT Policy of HMK Plc. Some of the policies concern includes: Clean Desk Policy, Account Management Policy, Physical Access Control Policy, Backup Policy, and Acceptable Use of Information Systems among others.

Data Protection Officer

You as data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning the collection and use of your data. The contact data

of our Data Protection Officer is:

Name:   Emmanuel Banwuna


Cookies Policy

About Cookies

Cookies are small files placed on your computer’s hard drive that enables the website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferences in order to present contents, options or functions that are specific to you. Like most interactive websites, our website uses cookies to enable the tracking of your activity for the duration of a session. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies on our website

We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). We have also grouped our cookies into the following categories, to make it easier for you to understand why we need them;

Functionality: These cookies enable technical performance of our websites and allow us to ‘remember’ the choices you make and your preferences.


Performance/Analytical: These cookies allow us to collect certain information about how you navigate our sites. They help us to understand which parts of our websites are interesting to you and which are not as well and what we can do to improve them.

How we use cookies

Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies. The cookies used on our website include those which are strictly necessary cookies for access and navigation, cookies that track usage (performance cookies) and remember your choices (functionality cookies). We may use the information we obtain from your use of our cookies for the following purposes;

  • To recognize your computer when you visit our website.
  • To retain clients’ email addresses and passwords when they log in to our ‘Member’s Area’.
  • To track you as you navigate our website.
  • To improve our website’s usability.
  • To analyze the use of our website – such as how many people visit us each day.
  • In the administration of our website.
Third-party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through our site.
Our site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use our site and ways that we can improve your experience. These cookies may track things such as how long you spend on our site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.


We also use social media buttons and/or plug-in on our site that allows you to connect with your social network in various ways. For these to work the following social media sites including Twitter, LinkedIn, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of our site. Therefore, it is recommended that you do not disable cookies.

Governing Principles and Other Rules of Data Processing
Along with other submissions previously stated, the following governing principles and specific rules will apply;
  • Personal data shall be collected and processed in accordance with specific, legitimate and lawful purposes consented to by the data subject.
  • Such processing shall be accurate and without prejudice to the dignity of the human person.
  • Such personal data shall be stored only for period within which it is reasonably needed.
  • Such personal data shall be secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damage by rain, fire, or exposure to other natural elements.
  • Anyone or member of staff that is entrusted with or in possession of the personal data of a data subject or client, owes a duty of care to that data subject or client.
  • Anyone or member of staff that is entrusted with or in possession of the personal data of a data subject or client, shall be accountable for his/her acts and omissions, in respect of data processing.
  • In accordance with the NDPR, data processing shall be deemed lawful if at least one of the following applies;
  • The data subject or client has given consent to the processing of his or her personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject or client is party, or in order to take steps at the data subject or clients request, prior to entering into the contract.
  • Processing is necessary for compliance with a legal obligation to which the Company or its staff is subject.
  • Processing is necessary in order to protect the vital interests of the data subject or client, or of another natural person.
  • Processing is necessary for the performance of a task carried out in the public interest, or in the exercise of official public mandate vested in the Company.
  • In accordance with the NDPR, in procuring consent the following shall apply;
  • No data shall be obtained except the specific purpose of collection is made known to the data subject or client.
  • The data controller (the Company or its staff) is under obligation to ensure that consent of a data subject or client has been obtained without fraud coercion or undue influence.
  • Where processing is based on consent, the Company/staff must be able to prove that the data subject or client has consented to the processing of his/her personal data and has the legal capacity to give such consent.
  • If such consent is given in the form of a written declaration which also concerns other matters, the request for consent shall be presented in an intelligible and easily accessible form, using clear and plain language and no part of the shall infringe provisions of the NDPR.
  • Prior to giving consent, the data subject or client shall be informed of his right and the ease to withdraw his consent at any time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • To demonstrate that consent has been freely given, we should be able to show that the performance of a contract or provision of a service, is conditional on consent to the processing of personal data that is necessary, but not excessive for the performance of that contract, or such that data may be transferred to a third party.
  • No consent shall be sought, given or accepted, in any circumstances that may engender direct or indirect propagation of atrocities, hate, child rights violation criminal acts and anti-social conduct.
  • As party to any data processing contract, we shall take reasonable measures to ensure the other party does not have a record of violating the principles set out in the NDPR and is accountable to NITDA, or a regulatory authority, for data protection within or outside Nigeria.
  • The right of a data subject or the Company’s client to object to the processing of his/her data shall always be safeguarded. Accordingly, a client shall have the option to object to the processing of personal data where the Company intends to process data for the purpose to any form of data processing free of charge.
The Company shall comply with the rights of data subjects, in conformity with the provisions of part three of the NDPR.
Effectiveness of this Policy and Breaches

All existing staff with access to or are involved with the processing of personal data at the date of the introduction of this Policy, or who subsequently have access to or become involved in the processing of personal data, will be required to sign off to the fact that they have familiarized themselves with this Policy document as well as the provisions of the NDPR.


In the event of any breach of this Policy, the staff that discovers the breach or Line Manager shall immediately bring it to the attention of the DPO and/or the IT Director. The DPO shall immediately inform the IT Director and write a report, detailing all the circumstances of the breach. Breaches of this Policy will be dealt with in accordance with provisions contained in the staff handbook and may involve summary dismissal and further legal proceedings.

Dispute resolution or filing a complaint

If you have any complaints regarding our compliance with this Privacy Policy, please contact our Data Protection Officer. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information within thirty (30) days in accordance with this Privacy Policy and in accordance with applicable law and regulation.

Changes in this privacy policy

If we decide to change our Privacy Policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here or by means of a notice on our homepage.

Compliance with the regulators

This Private Policy is in line with the provisions of Nigeria Data Protection Regulation, 2019 (Regulation). This Regulation describes how organizations including HMK Plc must collect, handle and store personal information and applies regardless of whether data is stored electronically, on paper or on other materials.

A Data Protection Compliance Organisation (DPCO) will be engaged to perform a data protection audit and file a report with NITDA within the stipulated time frame.

Scroll to Top