Effective Date: May 25, 2019.
This policy applies to Midramo Consulting Limited (collectively “Midramo Consulting”).
Midramo Consulting understands that your privacy is important to you and is committed to safeguarding the confidentiality and privacy of personal information entrusted to it.
This policy applies to personal information which is collected and/or used by Midramo Consulting in its capacity as a controller as that term is defined in the Nigeria Data Protection Regulation, 2019. The contexts in which this might occur are explored under “When do we collect personal information” below.
When we provide Services to clients, we sometimes handle personal information as a processor (for example, storing or archiving of client data for the purpose of preparing returns for compliance with various agencies in our Statutory Compliance services). This means that we process the information solely on the instructions of our clients, who retain control of the information.
Midramo Consulting collects personal information from and on behalf of its clients (e.g. about their employees and customers) to provide business advisory services to those clients. It also processes client personal information to manage its relationship with those clients. Further, Midramo Consulting also collects some personal information from visitors to this website, recruitment applicants, and attendees at Midramo Consulting events.
Midramo Consulting uses personal information to deliver its Services to clients. For its own purposes, it also uses personal information to analyse and improve how it delivers those services, to contact representatives of its clients or prospective clients, and to administer recruitment and events.
If Midramo Consulting uses your personal information, you may have certain important rights which you can exercise. The rights you will be able to exercise will depend on how and why Midramo Consulting uses your information.
The primary point of contact at Midramo Consulting for questions regarding your personal information is firstname.lastname@example.org
Midramo Consulting being the entity that originally collected information from or about you will be responsible for your personal information. If you have a direct interaction with Midramo Consulting (for example, you attend a Midramo Consulting hosted event), the identity of your controller may be disclosed to you in connection with that interaction. If we process your personal information in the course of providing our Services to clients, your controller will be Midramo Consulting.
We collect information about you if:
- you use this (or any other Midramo Consulting) website or other channels;
- you enquire about, or engage Midramo Consulting to provide, its Services (either in a personal capacity, or as a representative for your employer or client);
- the use of your personal information is reasonably necessary to provide our Services (in these circumstances, your personal information may be disclosed to us by our client who may, for example, be your employer or service provider, or we may obtain your personal information from a range of public or subscription sources, from your employers, directly from you, or from your associates or persons known to you);
- you apply for a position with Midramo Consulting;
- you attend an Midramo Consulting hosted or sponsored event or webinar; or
- you contact us with any other enquiry, complaint or notice.
The following is a summary of the types of personal information we collect, and the purposes for which that information is used.
Midramo Consulting collects your name, address, e-mail address, telephone number and any other personally-identifiable information which you voluntarily provide as “comments” when you submit an inquiry through the “Contact Us” tool. Midramo Consulting also collects other background information about you in connection with career-related inquiries that you submit through its website.
If you submit an enquiry to Midramo Consulting about our Services (either over the website, or by emailing, telephoning or meeting with one of our employees), then we will process information such as your name, job title and contact information in order to respond to your enquiry.
If you attend a Midramo Consulting event or webinar, or if you associate with a Midramo Consulting colleague at, for example, an industry event, then Midramo Consulting may collect basic personal information, such as contact details, which you voluntarily provide (for example, by filling in a form or handing over a business card) in order to facilitate your participation in the event, and for the management of our relationship with you as an actual or prospective client.
If you or the organisation you are associated with becomes an Midramo Consulting client, then we may process your personal information in order to:
- carry out “Know Your Client” checks and screening prior to starting a new engagement (as well as basic contact information, this may mean processing compliance related information such as proof of your identity, information about your professional background, history of directorships and, in some circumstance, details of any criminal convictions or adverse media coverage);
- carry out background checks for the purposes of complying with anti-money laundering and terrorist financing laws;
- carry out client communication, service, billing and administration;
- deal with client complaints; and
- administer claims.
Taking account of applicable marketing laws, we also process personal information about our clients (former, current and prospective) in order to:
- send our clients newsletters, know-how, promotional material and other marketing communications;
- invite our clients to events (and arrange and administer those events).
- Perform Services for Our Clients
As discussed above, many of our Services involve the processing of personal information. In the majority of cases, personal information is provided to us in strict confidence, subject to restrictive undertakings on its use / disclosure.
Illustrative examples of the use of personal information in connection with our Services, and the legal bases we rely upon for using personal information, are set out in Annex 1 (Use of Personal Information for our Services).
If you apply for a position with Midramo Consulting, we will need to collect personal information in order to consider your application, and during any interview and assessment phase.
If you enquire about, or decide to invest in Midramo Consulting, then we will collect (either from you or your investment manager) basic personal information required to deal with you as an investor.
Finally, if you contact us for any other reason, we will collect basic contact details, as well as any other personal information relevant to the reason for your enquiry, in order to resolve that enquiry.
All processing (i.e. use) of your personal information is justified by a lawful basis for processing. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where you request certain Services as an individual client, or where we help advise your employer or service provider on fulfilling an obligation to you under a contract);
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
- the processing is necessary for the performance of a task carried out in the public interest (e.g. background checks for anti-money laundering and terrorist financing purposes); or
- the processing is in our legitimate interests, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of the processing of personal information in connection with the provision of our Services, and also for the purposes of most client on-boarding, administration and relationship management activities).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required by applicable law to obtain your prior consent in order to send you marketing communications.
Midramo Consulting may also disclose your personal information for the purposes of:
- responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests;
- the prevention and/or detection of crime;
- establishing legal rights or to investigate or pursue legal claims;
- a merger, acquisition or corporate restructuring to which Midramo Consulting is subject;
- preventing risk of harm to an individual.
Where we transfer your personal information outside Midramo Consulting to third parties (except where such third parties are Government agencies) who help provide us with any of the activities described in this policy, we obtain contractual commitments, (such as the Standard Contractual Clauses) from them in order to protect your personal information.
Where we receive requests for information from law enforcement, courts or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Midramo Consulting has reasonable technical safeguards, security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Measures we take include placing confidentiality requirements on our staff members and service providers, limiting access to your personal information on a “need to know” basis, and providing training to appropriate Midramo Consulting personnel. We also maintain comprehensive policies addressing data incident response protocols. Our IT Security Program is audited annually.
Despite Midramo Consulting’s best efforts, however, security cannot be absolutely guaranteed against all threats.
Midramo Consulting retains your personal information for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, or any new purposes to which you subsequently consent, or to comply with legal, regulatory and Midramo Consulting policy requirements. This period of time will usually be the period of your, or the relevant client’s, relationship or contract with Midramo Consulting plus a period reflecting the length of time for which legal claims may be made following the termination of such relationship or contract. Some information (such as call recordings, tax records and certain information required to demonstrate regulatory compliance) may need to be kept for longer. Personal information will be kept for a shorter or longer period of time if so required by law or a Midramo Consulting policy, if the information becomes subject to a legal hold (for example, following a communication from our regulator) or if we have identified through a data protection impact assessment that a different retention period is appropriate.
You have the right to access personal information which Midramo Consulting holds about you, together with certain information about how and why your personal information is processed.
You have a right to request us to correct your personal information where it is inaccurate or out of date.
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if it is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the information.
You have the right to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
Please note that Midramo Consulting rarely relies upon consent as a legal basis, and the performance of a contract basis will only be relevant to the extent that you, as an individual, are party to a contract with Midramo Consulting or a client, and our use of your personal information is necessary for the performance of that contract.
You have the right to object to the processing of your personal information at any time, but only where that processing is based on our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can make a request to update or remove information about you by contacting email@example.com. Midramo Consulting will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
Midramo Consulting may send you information related to its services, products and events that we believe are of interest to you. This information may be sent by post or via email. If at any point you no longer prefer to receive marketing communications from Midramo Consulting you can (i) unsubscribe from Midramo Consulting communications sent by email using a link provided in marketing emails sent from Midramo Consulting; or (ii) contact us to exercise your right to prevent all forms of marketing (both post and email).
Midramo Consulting’s websites are not intentionally designed for or directed at children under the age of 13. It is Midramo Consulting’s policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide professional services.
If you have questions or concerns regarding this policy or Midramo Consulting’s personal data processing policies, please contact Midramo Consulting at: firstname.lastname@example.org
ANNEX 1: USE OF PERSONAL INFORMATION FOR OUR SERVICES