HALDANE MCCALL PLC (the “Company”/”HMK Plc”) was incorporated in 27th of March, 2012 as a Private Limited Company with focus on real estate business, property management and hospitality. It has successfully developed and marketed luxury residential apartments in the upper neighbourhood of Ikeja GRA, an upper class segment of the Lagos metropolis. It runs the popular Suru Express Hotel Brand. It has upscaled to a Public Liability Company and its shares are about to be listed on the Nigerian Exchange Group (NGX).
Under the Nigeria Data Protection Regulation (NDPR);
Personal Data is defined as: “any information relating to an identified or an identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, device data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, genetic, or social identity of that natural person.
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this agreement) refers to Haldane McCall Plc, 2 Shonny Highway Shonibare Estate, Maryland, Lagos.
Service refers to the website, online channels, and product offerings.
Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the service, to provide the service on behalf of the Company, to perform services related to the service or to assist the Company in analysing how the service is used.
You means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.
If you have created a username, identification code, password or any other piece of information as part of our access security measures, you must treat such information as confidential, and you must not disclose it to any third party.
If you know or suspect that anyone other than you knows your security details, you must promptly notify us at email@example.com.
When you use the HMK Plc’s services, we collect information sent to us by your computer, mobile phone or other electronic access device. The automatically collected information includes but is not limited to data about the pages you access, computer IP address, device ID or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, standard web log data, still and moving images.
We may also collect information you provide us including but not limited to – information on web form, survey responses, email address, phone number, organization you represent, official position, and other correspondence with the HMK Plc’s representatives. We may also collect information about your transactions, enquiries and your activities on our platform or premises.
We may also use information provided by third parties like social media sites. Information about you provided by other sites are not controlled by the HMK Plc and we are, therefore, not liable for how such third parties use your information. HMK Plc will only collect information that is necessary for the provision of its service(s) that you have requested.
The purpose of our collecting your personal information is to give you efficient, enjoyable and secure service. We may use your information to;
- Provide the HMK Plc’s services and support;
- Process applications and send notices about your transactions to requisite parties;
- Verify your identity;
- Resolve disputes, collect fees, and troubleshoot problems;
- Manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;
- To administer subscriptions of periodic newsletters;
- Detect, prevent or remediate violation of laws, regulations, standards, guidelines and frameworks;
- Improve the HMK Plc’s services by implementing aggregate customer or user preferences;
- Measure the performance of the HMK Plc’s services and improve content, technology and layout;
- To comply with applicable laws and regulations and to operate our business;
- To analyze, develop, improve and optimize the use, function and performance of our sites and products and services;
- Track information breach and remediate such identified breaches;
- Manage and protect our information technology and physical infrastructure; or
- Contact you at any time through your provided telephone number, email address or other contact details.
We may use data analytics tools to analyze the information generated and stored during your use of our services to improve our services, provide content tailored to your personal preferences, and to monitor our website’s traffic and usage. The other purposes include to develop and provide new and existing functionality and services, and to determine your general location to evaluate how our known clients engage with different parts of our website. All these tools may be provided by third-party service providers and may include the collection and tracking of certain data and information regarding the characteristics and activities of visitors to our website. We may disclose data, including personal information, to such third-party services providers in order to obtain such services. You have the right to object to processing based on our legitimate activities but if you object, this may affect our ability to provide certain services and/or solutions for your benefit.
Your personal data may be stored in a database that we, HMK Plc, can access in order to provide you with our services. Where we need to transfer your data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your data to a country without an adequate data protection law.
We will always hold your information securely. To prevent unauthorised access to your information, we have implemented strong controls and security safeguards at the technical and operational levels. Our website uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure secure transmission of your personal data. You should see the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting server. Any data transmitted during the session will be encrypted before transmission and decrypted at the receiving end. This is to ensure that data cannot be read during transmission.
HMK Plc has also taken measures to comply with global Information Security Management Systems. We, have, therefore, have put in place digital and physical security measures to limit or eliminate possibilities of data privacy breach incidents. These management information security systems include physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres, and information access authorization controls.
Some pages or channels may require links to other websites or organizations other than ours. Please note that the HMK Plc is not responsible and has no control over websites outside its domain. We do not monitor or review the content of other party’s websites which are linked from our website or media platforms.
Opinions expressed or materials appearing on such websites are not necessarily shared or endorsed by us, and HMK Plc should not be regarded as the publisher of such opinions or materials.
Please be aware that we are not responsible for the privacy practices, or content of these sites.
We encourage our users to be aware of when they leave our site, and to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through this site yourself, before disclosing any personal information to them. HMK Plc will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.
HMK Plc will retain your personal data base on its priority level. A default of period of 10 years applies for all categories of data. Where priority level is low, personal data base will be discarded much earlier than the default period. We may also need to retain information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes (e.g., to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from the Regulators, etc.). When we no longer need to use your personal information, we will remove it from our systems and records and/or take steps to encrypt it so that you can no longer be identified.
We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). We have also grouped our cookies into the following categories, to make it easier for you to understand why we need them;
Functionality: These cookies enable technical performance of our websites and allow us to ‘remember’ the choices you make and your preferences.
Performance/Analytical: These cookies allow us to collect certain information about how you navigate our sites. They help us to understand which parts of our websites are interesting to you and which are not as well and what we can do to improve them.
Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies. The cookies used on our website include those which are strictly necessary cookies for access and navigation, cookies that track usage (performance cookies) and remember your choices (functionality cookies). We may use the information we obtain from your use of our cookies for the following purposes;
- To recognize your computer when you visit our website.
- To retain clients’ email addresses and passwords when they log in to our ‘Member’s Area’.
- To track you as you navigate our website.
- To improve our website’s usability.
- To analyze the use of our website – such as how many people visit us each day.
- In the administration of our website.
Our site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use our site and ways that we can improve your experience. These cookies may track things such as how long you spend on our site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
We also use social media buttons and/or plug-in on our site that allows you to connect with your social network in various ways. For these to work the following social media sites including Twitter, LinkedIn, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of our site. Therefore, it is recommended that you do not disable cookies.
Along with other submissions previously stated, the following governing principles and specific rules will apply;
- Personal data shall be collected and processed in accordance with specific, legitimate and lawful purposes consented to by the data subject.
- Such processing shall be accurate and without prejudice to the dignity of the human person.
- Such personal data shall be stored only for period within which it is reasonably needed.
- Such personal data shall be secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damage by rain, fire, or exposure to other natural elements.
- Anyone or member of staff that is entrusted with or in possession of the personal data of a data subject or client, owes a duty of care to that data subject or client.
- Anyone or member of staff that is entrusted with or in possession of the personal data of a data subject or client, shall be accountable for his/her acts and omissions, in respect of data processing.
- In accordance with the NDPR, data processing shall be deemed lawful if at least one of the following applies;
- The data subject or client has given consent to the processing of his or her personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject or client is party, or in order to take steps at the data subject or clients request, prior to entering into the contract.
- Processing is necessary for compliance with a legal obligation to which the Company or its staff is subject.
- Processing is necessary in order to protect the vital interests of the data subject or client, or of another natural person.
- Processing is necessary for the performance of a task carried out in the public interest, or in the exercise of official public mandate vested in the Company.
- In accordance with the NDPR, in procuring consent the following shall apply;
- No data shall be obtained except the specific purpose of collection is made known to the data subject or client.
- The data controller (the Company or its staff) is under obligation to ensure that consent of a data subject or client has been obtained without fraud coercion or undue influence.
- Where processing is based on consent, the Company/staff must be able to prove that the data subject or client has consented to the processing of his/her personal data and has the legal capacity to give such consent.
- If such consent is given in the form of a written declaration which also concerns other matters, the request for consent shall be presented in an intelligible and easily accessible form, using clear and plain language and no part of the shall infringe provisions of the NDPR.
- Prior to giving consent, the data subject or client shall be informed of his right and the ease to withdraw his consent at any time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- To demonstrate that consent has been freely given, we should be able to show that the performance of a contract or provision of a service, is conditional on consent to the processing of personal data that is necessary, but not excessive for the performance of that contract, or such that data may be transferred to a third party.
- No consent shall be sought, given or accepted, in any circumstances that may engender direct or indirect propagation of atrocities, hate, child rights violation criminal acts and anti-social conduct.
- As party to any data processing contract, we shall take reasonable measures to ensure the other party does not have a record of violating the principles set out in the NDPR and is accountable to NITDA, or a regulatory authority, for data protection within or outside Nigeria.
- The right of a data subject or the Company’s client to object to the processing of his/her data shall always be safeguarded. Accordingly, a client shall have the option to object to the processing of personal data where the Company intends to process data for the purpose to any form of data processing free of charge.
All existing staff with access to or are involved with the processing of personal data at the date of the introduction of this Policy, or who subsequently have access to or become involved in the processing of personal data, will be required to sign off to the fact that they have familiarized themselves with this Policy document as well as the provisions of the NDPR.
In the event of any breach of this Policy, the staff that discovers the breach or Line Manager shall immediately bring it to the attention of the DPO and/or the IT Director. The DPO shall immediately inform the IT Director and write a report, detailing all the circumstances of the breach. Breaches of this Policy will be dealt with in accordance with provisions contained in the staff handbook and may involve summary dismissal and further legal proceedings.
This Private Policy is in line with the provisions of Nigeria Data Protection Regulation, 2019 (Regulation). This Regulation describes how organizations including HMK Plc must collect, handle and store personal information and applies regardless of whether data is stored electronically, on paper or on other materials.
A Data Protection Compliance Organisation (DPCO) will be engaged to perform a data protection audit and file a report with NITDA within the stipulated time frame.