Privacy Policy

Statement

Leadway Pensure PFA Limited (LPPFA) is dedicated to ensuring that the privacy and personal information of its esteemed Customers and employees (data subjects) are protected. LPPFA is a body that collects and processes personal information and this responsibility may be outsourced to third party(ies).

LPPFA is also committed to complying with extant Nigerian and applicable international laws on data protection. For the purpose of this Data Privacy Policy, references to “LPPFA” or “the Company” shall mean Leadway Pensure PFA Ltd.

By providing the data subject’s personal information or the personal information of a beneficiary through the enrolment form, online or any other means authorized and deployed by LPPFA, the data subject acknowledges that Leadway may only use the information in the manner specified in this Data Privacy Policy.

There may be a need to update this policy periodically, for example as a result of regulatory dictate, new technologies or other developments on data protection and/or privacy laws. This current version of this policy is available on our website (www.leadway-pensure.com) and Leadway Pensure’s mobile app.

Leadway Pensure may consolidate your personal information from across the Group and utilize it for any of the purposes detailed in this statement, as long as we have legal grounds to do so.

Role Definitions

• Data Subject: Any person who can be identified directly or indirectly by an attribute such as name, ID (e.g. Retirement Savings Account, BVN, National Identity Number, NIN or Company ID card) or by one or more factors specific to his or her physical, ethnic or social identity. Includes Customers, NOKs, prospects and employees.
• Data Administrator: Leadway Pensure PFA Limited.
• Data Controller: The Managing Director or delegated authority.
• Data Protection Officer: The Compliance Officer, appointed to ensure compliance with data protection requirements.

Responsibilities of the Data Administrator, Data Controller and Data Protection Officer are outlined in the Nigeria Data Protection Act (2023).

Introduction

When LPPFA collects and processes the personal information of her data subjects, she ensures it adheres to strict controls to ensure that personal data of the data subject is obtained and used in line with the company’s privacy principles. LPPFA handles personal data with a duty of care and uses it only for legitimate and specified business purposes within the Pension Industry under the following principles:

• LPPFA respects the privacy rights of its employees, Customers and other stakeholders, whose personal data are in its custody and use.
• LPPFA protects personal data by implementing appropriate technical and organizational measures in our data processing operations.
• LPPFA holds itself accountable for demonstrating compliance with applicable legal and regulatory requirements.
• All personal information collected by LPPFA is processed in accordance with the extant data protection laws in Nigeria.

Type of Information Processed by Leadway Pensure PFA Ltd.

The precise nature of the personal data LPPFA collects or processes depends on the nature of the transaction or the data subject’s relationship with LPPFA. However, if the Company is handling the data subject’s personal data as part of its role as a Pension Fund Administrator, the Company shall process in accordance with the following:

• Information about the data subject: e.g. name, age, gender, date of birth, nationality, as required by regulatory dictates or necessary for optimum service delivery.
• Means of identification: National Identity Card Number (NIN), International Passport details, Driver’s License, Voter’s card details, etc.
• Contact information: email, address, phone number.
• Online information: cookies and IP address, if the data subject uses LPPFA’s websites.
• Financial information: payments made or received in the context of Pension Contributions.
• Other sensitive personal data: official designation, marital status, biometric details, BVN, gender, etc.

Requirement for Consent

Where data subjects’ personal information is to be collected, LPPFA shall explain the reason for obtaining the data subject’s data, and obtain consent for such use. Without such consent, LPPFA may be unable to provide the required services. Where data subject provides personal information about third parties, LPPFA may ask such clients to confirm that the third parties have given consent to act on their behalf and may be asked to provide LPPFA with a copy of the consent issued.

Consent will be obtained via the same medium used to obtain personal information or through any other means acceptable to LPPFA. Reference will be made to this Policy or a summarized version that can be easily understood by the data subject. The data subject will be required to indicate understanding and acceptance of the terms contained in the policy (via signature for physical documents or a ticked checkbox for electronic platforms).

Where LPPFA has appropriate, legitimate business need to use client personal information for maintenance of business records including development and improvement of products and services, LPPFA will take extra care to ensure that the data subject’s rights to security and confidentiality are not infringed upon.

Reasons for Use and Processing

• Maintaining records and providing contracted services.
• Pension benefit processing.
• Training and product/service development.
• Risk assessment and industry knowledge improvement.
• Legal/regulatory compliance and fraud prevention.
• Public interest (fraud investigation, AML checks).
• Archiving, research, or statistical purposes.
• Employment assessment and employee benefits.

LPPFA applies information protection technologies including access controls, perimeter security, malware management, data loss prevention, backup and recovery. Data centers are protected against environmental threats.

Transfers to third parties require safeguards and consent. No consent shall be sought or accepted in circumstances that propagate atrocities, hate, child abuse, human rights violations, criminal acts, or anti-social conduct.

LPPFA may use data for marketing activities within the group, subject to applicable laws.

Data Retention

Customer information is retained for as long as necessary for services or as required by the National Pension Commission (PenCom).

Remedies for Violation

Data subjects may lodge complaints with the Nigeria Data Protection Commission (NDPC) if dissatisfied with how LPPFA handles personal information.

Third Party Data Processing Contracts

LPPFA shall ensure that data processing of Customers’ personal data by a third party is in adherence to the dictates of the Nigeria Data Protection Act (NDPA 2023) and that the third party is an NDPA compliant organization.

Rights of Data Subject

The Nigeria Data Protection Act grants you specific rights concerning our use of your personal data, including the right to:

• Request access to review, modify, or delete personal data.
• Request a copy of personal data collected or processed.
• Request correction of inaccurate data.
• Request cessation of personal data processing.
• Lodge a complaint with a competent Data Protection Authority.
• Request transfer of personal data to another organization in a machine-readable format.

See full rights in the NDPA 2023: Nigeria Data Protection Act 2023

Review of Privacy Statement

LPPFA may modify a part or the whole of this privacy statement from time to time. When changes are made, the Company will revise the “last updated” date at the top of this privacy notice. The new modified or amended privacy statement will apply from that revision date.

Contact Information

LPPFA may modify a part or the whole of this privacy statement from time to time. When changes are made to this privacy notice, the Company will revise the “last updated” date at the top of this privacy notice. The new modified or amended privacy statement will apply from that revision date. 

For further enquiries, please contact:

Phone: +234-1-2800850 ext. 8051
Email: dpo@leadway-pensure.com