DATA PRIVACY POLICY



Preamble

Leadway Pensure PFA Limited (LPPFA) is dedicated to ensuring that the privacy and personal information of its esteemed Customers and employees (data subjects) are protected. LPPFA is a body that collects and processes personal information and this responsibility may be outsourced to third party (ies).
LPPFA is also committed to complying with extant Nigerian and applicable international laws on data protection. For the purpose of this Data Privacy Policy, references to “LPPFA” or “the Company” shall mean Leadway Pensure PFA Ltd.
By providing the data subject’s personal information or the personal information of a beneficiary through the enrolment form, online or any other means authorized and deployed by LPPFA, the data subject acknowledges that Leadway may only use the information in the manner specified in this Data Privacy Policy.
There may be a need to update this policy periodically, for example as a result of regulatory dictate, new technologies or other developments on data protection and / or privacy laws. This current version of this policy is available on our website (www.leadway-pensure.com) and Leadway Pensure’s mobile app.

ROLE DEFINITIONS:

The following roles are defined for the purpose of this policy:
Data Subject: is any person who can be identified directly or indirectly by an attribute such as name, ID, (e.g. Retirement Savings Account, National Identity Number, NIN or Company ID card) or by one or more factors specific to his or her physical, ethnic or social identity. Data subjects includes Leadway Pensure’s Customers, NOKs of customers, prospects and employees whose details are in the custody of the company.
Data Administrator: means a persons or organization that processes data. For the purpose of this policy, Leadway Pensure PFA Limited is the Data Administrator.
Data Controller: means a person who either alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes for and the manner in which personal data is processed or is to be processed. For the purpose of this policy, the Managing Director is the Data Controller or whoever she/he so delegates.
Data Protection Officer: is appointed by the Data Controller to ensure that the strategy and implementation of data protection requirements are in compliance with the data protection policy and the relevant extant laws. For the purpose of this policy, the data protection officer is defined as the Compliance officer.
Responsibilities of the Data Administrator, Data Controller and Data Protection Officer are clearly outlined in the Nigeria Data Protection Regulation (2019).  


  1. Introduction
When LPPFA collects and processes the personal information of her data subjects, she ensures it adheres to strict controls to ensure that personal data of the data subject is obtained and used in line with the company’s privacy principles. LPPFA handles personal data with a duty of care and use it only for legitimate and specified business purposes within the Pension Industry under the following principles:

  • LPPFA respects the privacy rights of its employees, Customers and other stakeholders, whose personal data are in its custody and use.

  • LPPFA protects personal data by implementing appropriate technical and organizational measures in our data processing operations.

  • LPPFA holds itself accountable for demonstrating compliance with applicable legal and regulatory requirements.
All personal information collected by LPPFA is processed in accordance with the extant data protection laws in Nigeria.

  1. Type of Information Processed by Leadway Pensure PFA Ltd.
The precise nature of the personal data LPPFA collected or processed depends on the nature of the transaction or the data subject’s relationship with LPPFA. However, if the Company is handling the data subject’s personal data as part of its role as a Pension Fund Administrator, the Company shall process in accordance to the following:

2.1. Information about the data subject – for example name, age, gender, date of birth, nationality etc. as required by Regulatory dictates or necessary for optimum service delivery may be collected.

2.2. Means of identification – National Identity Card Number (NIN), International Passport details, Drivers’ License, Voter’s card details, etc. may be collected.

2.3. Contact information – in most cases, the Company may receive the data subject’s email, address, and phone number.

2.4. Online information – for example cookies and IP address (your computer’s internet address), if the data subject uses LPPFA’s websites.

2.5. Financial information – the Company may process information related to payments the data subject make or receive in the context of Pension Contributions.

2.6. Other sensitive personal data (official designation information, marital status, Biometric details, Gender etc.)

  1. Requirement for Consent
3.1. Where data subjects personal information is to be collected, LPPFA shall explain the reason for obtaining the data subject’s data, and obtain his consent for such use. Without such consent, LPPFA may be unable to provide the required services when the need arises. Where data subject provides personal information about third parties, LPPFA may ask such clients to confirm that the third parties have given consent to the data subject to act on their behalf and may be asked to provide LPPFA with a copy of the consent issued.

3.2. Consent will be obtained via the same medium used to obtain personal information or through any other means that is acceptable to LPPFA. Reference will be made to this Policy or a summarized version that can be easily understood by the data subject. The data subject will be required to indicate understanding and acceptance of the terms contained in the policy. This can be via signature for physical documents or a ticked checkbox for electronic platforms.

3.3. Where LPPFA has appropriate, legitimate business need to use client personal information for maintenance of business records including development and improvement of products and services, LPPFA will take extra care to ensure that the data subject’s rights to security and confidentiality is not infringed upon.

  1. Reasons for use and process of data by Leadway Pensure PFA Ltd.
4.1. LPPFA will obtain the consent of the data subject before use and processing of the data for one or more specific purposes made known to the data subject.

4.2. Such personal data obtained with the consent of the data subject shall not be used in any manner other than the stated purpose for which the data was obtained, except with further consent of the data subject whether at the instance of the data subject or upon LPPFA’s engagement with the data subject.

4.3. LPPFA may use data subject’s personal data for a number of reasons:

4.3.1. Maintenance of the data subject’s records with the data administrator in order to provide contracted services

4.3.2. Benefit Processing for Pension Payment

4.3.3. Training

4.3.4. Assessing, improving and developing her products and services

4.3.5. Enhancing our knowledge of risk and the pension industry

4.3.6. Fulfilling legal or regulatory obligations and protecting the Company and her customers against fraud.

4.3.7. For the protection of public interest such as investigation of fraudulent claims and anti-money laundering checks.

4.3.8. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

4.3.9. For the purpose of assessment of proposed data subject’s employability and other employee benefits-related purposes.

4.4. LPPFA applies information protection technologies including access controls, perimeter security, malware management, data loss prevention, backup and recovery. LPPFA’s data centers are also protected against environmental threats. LPPFA’s information security policies and practices apply to all personal information in the Company’s custody.

4.5. LPPFA will only transfer personal information to a third party where the company has ensured that such information is protected and the data subject’s consent has been obtained. LPPFA will procure the privacy policy of the Third Party (PFC, service providers) who may have access to the information to guarantee the safeguard and protection of the personal data of the data subject in the custody of the third party. No consent shall be sought, given or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child abuse, human rights violation, criminal acts and anti-social conducts.

  1. How long do we keep Customers’ information?
We shall hold Customers’ personal information on our systems for: (i) as long as is necessary for the relevant activity or services; (ii) any retention period that is established by National Pension Commission (PenCom).

  1. Available remedies in the event of violation of the privacy policy
Where Data Subject is disgruntled with the way LPPFA has handled his/her personal information or any privacy query or request that have been raised with the Company, the data subject reserves the right to complain to the data protection authority (National Information Technology Development Agency (NITDA)).

  1. Third party data processing contracts
LPPFA shall ensure that data processing of Customers’ personal data by a third party is in adherence to the dictates of the National Data Protection Regulation (NDPR) and that the third party is an NDPR compliant organization.

  1. Review of this privacy statement
LPPFA may modify a part or the whole of this privacy statement from time to time. When changes are made to this privacy notice, the Company will revise the “last updated” date at the top of this privacy notice. The new modified or amended privacy statement will apply from that revision date.