Privacy Policy
Introduction
Ikeyi Shittu & Co. (“ISC”) is committed to protecting the privacy of confidential and “Personal Data” (information that directly or indirectly identifies individuals who may be clients, staff, agents, lawyers, law students, job applicants or others inside or outside the firm).
This Privacy Policy (“Policy”) sets out ISC’s commitment to ensuring that Personal Data processing is carried out in compliance with the Nigeria Data Protection Act (“Act”) as well as all other applicable international data protection laws and policies.
Purpose of this Policy
This Policy is based on the privacy and data protection principles applicable in Nigeria which are similar to the principles for data protection applicable in Europe and other parts of the word. It explains our approach to any Personal Data that we collect from you or which we have obtained about you from a third party and the purposes for which we process your Personal Data. It also sets out your rights in respect of our processing of your Personal Data.
This Policy applies to all Personal Data processed by ISC and is part of ISC’s approach to compliance with data protection and privacy laws and principles. All ISC’s staff are expected to comply with this policy and failure to comply may lead to disciplinary action for misconduct, including dismissal.
Who we are, what we do and how to contact us?
ISC is a full-service law firm providing diverse legal services to local and international clients from its offices in Lagos, Abuja and Enugu. It is a Nigerian registered partnership of lawyers whose registered office is at 1st Floor, No. 21 Boyle Street, Onikan, Lagos, Nigeria. If you have any questions about this Policy, please contact us by sending an e-mail to dpo@isc.ng.
ISC is the data controller responsible for your Personal Data. ISC may also be responsible for processing your Personal Data in some instances.
Data protection principles
ISC complies with the data protection principles set out below. When processing Personal Data, it ensures that Personal Data is:
(a) processed lawfully, fairly and in a transparent manner.
(b) collected for specified, explicit and legitimate purposes.
(c) at all times adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
(d) all times accurate and, where necessary, kept up to date and that reasonable steps are taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed.
(f) processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
Information we collect
The scope of Personal Data we process includes:
(a) background information provided by you or collected by us as part of our recruitment process;
(b) basic information such as name, employer, title, age, relationship affiliations with a person or organization;
(c) contact information such as email address, fax and phone number(s), and physical addresses
(d) financial and tax identification information
(e) contact information of third parties whom you represent to have given their consent to be your emergency contact or referees;
(f) confidential information: provided to us by or on behalf of our clients or generated by us in the course of providing legal services; and
(g) any other information relating to you which you may provide to us.
How data is collected
As a law firm operating primarily in Nigeria, ISC collects data from clients, staff, agents, lawyers, law students, job applicants or others inside or outside the firm in the following circumstances:
(a) When a staff completes the bio data form, health insurance, pension registration, tax identification registration and bank account opening forms as part of the onboarding process in the firm.
(b) When we require Personal Data and identification documents in the provision of our services to our clients.
(c) When legal advice is sought from us by an individual.
(d) In relation to our recruitment process for staff or interns.
(e) When services are provided to us by external or third-party organisations or vendors; and
(f) From contact made via telephone numbers, email, and social media platforms.
How we use your Personal Data
We may use your information for the following purposes:
(a) Fulfilment of services: We collect and maintain Personal Data that you voluntarily submit to us while providing our services to you.
(b) Client services: Our website has a user interface to allow you to request information about our services including electronic enquiry forms and a telephone enquiry service. Contact information may be requested in each case, together with details of other Personal Data that is relevant to your service enquiry. This information is used to enable us to respond to your requests.
(c) Business administration and legal compliance: We use your Personal Data for the following business administration and legal compliance purposes:
(i) to comply with our legal obligations (including remittance of Pay-as-you-earn tax, pension remittance);
(ii) to enforce our legal rights;
(iii) to protect the rights of third parties; and
(iv) in connection with a business transaction such as submission of proposals
(d) Recruitment: We use your Personal Data to assess your suitability for any position for which you may apply at ISC including, associate positions, internship and also any business support or services role whether such application has been received by us online, via email or by hard copy or an in-person application.
Lawful basis for data processing
We rely primarily on your consent which we obtain from you to process your Personal Data. We also process your Personal Data on the following lawful bases:
(a) for the performance of a contract we may have signed with you;
(b) for compliance with our legal obligation;
(c) to protect your vital interest or that of other colleagues; and
(d) for the fulfilment of ours or a third party’s legitimate interest.
Responsibility for the security of processed Personal Data
The partners and the management of ISC take ultimate responsibility for data protection. Consistent with our professional obligations, it has always been the policy of the firm to exercise the utmost discretion regarding the information our clients entrust to us.
We maintain physical, electronic and procedural safeguards intended to maintain the confidentiality of Personal Data, including that provided by a visitor to this website and provided while using other services. We however do not guarantee that our safeguards will always work. But we take every step reasonable to ensure the security features on our systems are up to date.
We require consultants and our service providers generally to maintain data protection consistent with reasonable and appropriate obligations of data processors as contained in the service level agreement we may have signed with you.
Disclosure and transfer of Personal Data
As a Firm with legal practice in different parts of the country, we operate systems that may make data related to your matters accessible from our various offices across Nigeria and often transfer client data which may include Personal Data between our offices. Where we share or transfer your Personal Data, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its protection.
Retaining your Personal Data
We may retain information provided by you, including Personal Data, for as long as necessary to comply with our legal obligations, or to achieve the purposes for which the information was originally collected. We will delete all Personal Data received once it is no longer reasonably required for the purpose for which it was connected or consent has been withdraw (whichever is applicable), provided that we are not legally required or otherwise authorized to continue to hold such data. We may retain your Personal Data for an additional period to assert or defend legal claims during any relevant retention period.
Data Subject Rights
You have the following rights in respect of your Personal Data that we hold:
(a) Right of access: You have the right to obtain confirmation of whether, and where, we are processing your Personal Data; information about the categories of Personal Data we are processing, the purposes for which we process your Personal Data and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your Personal Data; and a copy of the Personal Data we hold about you. Where in exercise of our discretion to refuse grant of request or access or impose a condition for the grant of
access pursuant to law, we will notify you of our decision and available supervisory authority to which you may lodge a complaint.
(b) Right of portability: You have the right, to receive a copy of the Personal Data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your Personal Data to another person.
(c) Right to rectification: You have the right to obtain rectification of any inaccurate or incomplete Personal Data we hold about you without undue delay.
(d) Right to erasure: You have the right to be forgotten in which instance you may require us to delete your Personal Data from our record,
(e) Right to restriction: You have the right to withdraw your consent to specific purpose for data processing for which you may have given your express consent. You have the right to restrict processing of your Personal Data where: (i) the accuracy of your Personal Data is being verified (ii) you oppose the erasure of your Personal Data in circumstances processing such Personal Data is unlawful (iii) we have no need for your Personal Data but you require the record of the Personal Data for the establishment or exercise of a legal defence or claim contest the accuracy of your Personal Data in our record
(f) Right to object to automated processing, including profiling: You also have the right to object to the legal effects of automated processing or profiling.
If you wish to exercise any of these rights, please contact us at dpo@isc.ng .
If you have any complaints regarding our compliance with this Policy, please contact our Data Protection Officer via the contact details provided below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of your Personal Data within thirty (30) days in accordance with this Privacy Policy and in accordance with the Applicable Law.
You have the right to lodge a complaint to the Nigeria Data Protection Commission
Privacy policy updates
We reserve the right to make changes to this Policy at any time and for any legitimate reason. We will notify you about any changes by updating the “Last Updated” widget at the bottom of this Policy.
Any changes or modifications will be effective immediately upon posting the updated Policy on our website. We will require to give consent again on the website after an update to the policy.
How to Contact Us
For general enquiries about our Policy please feel free to contact us at dpo@isc.ng. If you have any specific questions or complaints about our Policy including about the collection, use or sharing of your information or access to your information, please contact our Data Protection Officer at dpo@isc.ng or by post to ‘The Data Protection Officer’ at the address below.