- On other websites used by us for scheduling and planning purposes, e.g., Survey Monkey, and all our electronic digital platforms.
- In email, text, and other electronic messages between you and the SON
- Through Webinar, Webex, zoom’’’/ and other online workshops or events sponsored by us
- Through interaction with the International Organization for Standardization (ISO), and the International Electro technical Commission (IEC)
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We only collect information from or about you that is reasonably necessary for us to provide you or those on whose behalf you act the relevant service, business relationship and/or communication that is consistent with the nature of such service, business relationship and/or communication. As a result, we collect several types of information from and about users of our SON Sites, including:
- Information by which you (or those on whose behalf you act) may be personally identified, such as name, postal address, e-mail address, telephone number, or any other information the website collects that is defined as personal or personally identifiable information under an applicable law, and any other identifier by which you may be contacted (” Personal Information”);
- Information that is about you but does not identify you individually; and/or
- Information about your internet connection, the equipment you use to access our SON Sites and usage details.
As detailed below, we collect this information in three ways:
- Directly from you when you provide it to us;
- Automatically as you navigate through the SON Sites; information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and
- Indirectly from other sources, including from you or your principal’s involvement in ISO and IEC, developing Nigerian Industrial Standards, conformity assessment activities, and research, consulting and educational services.
INFORMATION YOU PROVIDE TO US DIRECTLY
The information we collect on or through our SON Sites may include:
- Information that you provide by filling in forms on our SON Sites. This includes information provided at the time of becoming a member of SON Technical committee, registering to use our SON Sites, subscribing to one of our services, posting material, or requesting further services. We may also ask you for information when you register for an event sponsored by us or when you report a problem with SON ;
- Records and copies of your correspondence (including email addresses), if you contact us;
- Your responses to surveys that we might ask you to complete for research or scheduling purposes; and
- Your search queries on the SON Sites.
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the SON Sites, or transmitted to other users of the SON Sites or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we do our best to protect your Personal Information, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the SON Sites with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.;
INFORMATION WE COLLECT AUTOMATICALLY THROUGH DATA COLLECTION TECHNOLOGIES
As you navigate through and interact with our SON Sites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our SON Sites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the SON Sites; and
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and does not include Personal Information, but we may maintain such data or associate it with Personal Information we collect in other ways or receive from third parties. Automatic data collection helps us to improve our SON Sites and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns;
- Store information about your preferences, allowing us to customize our SON Sites according to your individual interests;
- Speed up your searches; and
- Recognize you when you return to our SON Sites.
The SON Sites automatically collect visitor data, which is not personally identifiable. The data is used to understand the use of the site and to better understand the needs of our visitors. The type of information that is collected about you for analytics may include demographics for age, gender, geographic location and language. The SON Sites also collect information about which pages were visited, how long a visit lasted, and browser type or device and other information which is not personally identifiable.
The technologies we use for this automatic data collection may include:
- Web Beacons. Pages of our SON Sites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit SON, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity)
INFORMATION WE COLLECT FROM OTHER SOURCES
As you participate in standardization, conformity assessment, and related educational and research activities, you may undertake activities or work with entities that, in turn, provide information which is collected by our Organization Here are a few examples of how we collect information from other sources.
SON is the sole Nigerian representative to ISO, and SON has a team that interfaces with ISO and plays an active role in ISO’s governance. Similarly, SON, through the IEC National Mirror Committee, serves as the focal point for Nigerian parties interested in development, promulgation and use of globally-relevant standards for the electro technical industry. When you or your principal participate in ISO and IEC standards development processes, we might acquire information from or about you, including in connection with your participation in SON Technical Committee Groups, for voting, committee’s meetings, events, educational programs and research.
National Registry of Conformity Assessment practitioners NRCAP is engaged in the assessment of conformance to standards, undertaking work and training in areas such as testing, certification, and accreditation of management systems, laboratories, products, and inspection bodies in a global marketplace.
We do not control these third parties’ tracking technologies or how such technologies may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any Personal Information
- To present our SON Sites and their contents to you;
- To provide you with information, products, or services that you request from us;
- To fulfill the purpose for which you provided the information;
- To provide you with notices about your SON membership account, including expiration and renewal notices;
- To notify you about changes to our SON Sites or any products or services we offer or provide through it;
- To allow you to participate in interactive features on our SON Sites;
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- To support our business by providing information to trusted businesses, contractors, service providers and other third parties who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
- When we have your consent, to provide information to third parties to market their products or services to you. We contractually require these third parties to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. For more information, see Choices About How We Use and Disclose Your Information;
- If we believe that disclosure is necessary or appropriate to protect the rights, property, or safety of SON, our customers, or website users, and others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- In any other way we may describe when you provide the information; and
- For any other purpose for which you consent.
We may also share your information among our companies and use your information to contact you about our own and third-parties’ goods and services that may be of interest to you. For more information, see Choices About How We Use and Disclose Your Information.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We do not sell your information.
CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
We strive to provide you with choices regarding the personal information you provide to us.
We have created mechanisms to provide you with the following control over your information:
- Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by checking the relevant box located on the form on which we collect your data (the registration form) or email info@son,gov.ng. You can also always opt-out by logging into the Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to firstname.lastname@example.org;
- Promotional Offers from Us. If you do not wish to have your email address/contact information used by SON to promote our own or third parties’ products or services, you can opt-out by checking the relevant preferences located on the form on which we collect your data (the registration form) or at any other time by logging into the Website and adjusting your user preferences in your account profile by checking or unchecking the relevant preferences or by sending us an email stating your request to email@example.com. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to SON as a result of a product purchase, warranty registration, product service experience or other transactions;
- We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way
- ACCESSING AND CORRECTING YOUR INFORMATION
You can review and change your Personal Information by logging into the SON Sites and visiting your account profile page.
You may also send us an email at firstname.lastname@example.org to request access to, correct or delete any Personal Information that you have provided to us. We cannot delete your Personal Information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Online transactions utilize a secure server and automated credit or debit card authorization service. For security reasons, this system will store approval codes, but not credit card numbers. Credit card information must be re-entered for all future transactions.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our SON Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the SON Sites.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our SON Sites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any settings or security measures contained on the SON Sites.
NIGERIA CITIZENS PRIVACY RIGHTS
The Legal Framework of Data Privacy and Protection Laws in Nigeria
Although Nigeria does not have a specific statute regulating Data Privacy and protection, the NITDA commendably came up with the Nigeria Data Protection Regulations (NDPR) in 2019 which specifically addresses Data Privacy and Protection in Nigeria. Asides from the NDPR, there are other laws which touch on Data Privacy and Protection in Nigeria, which are briefly highlighted below.
Section 37 of Nigeria’s 1999 constitution forms the foundation of data privacy rights and protection in Nigeria. Section 37 guarantees and protects the right of Nigerians to privacy with respect to their homes, correspondence, telephone conversations and telegraphic communications. It deems Privacy in this respect a fundamental right which is enforceable in a court of law when breached. Prior to the NDPR, most cases of data privacy breaches were enforced under this section.
The Nigeria Data Protection Regulation (NDPR) 2019
Albeit a subsidiary legislation, the NDPR is the major law specifically aimed at addressing data privacy and protection in Nigeria. The regulation was issued by the National Information Technology Development Agency (NITDA) in 2019 to comprehensively regulate and control the use of data in Nigeria a copycat of the EU GDPR, the regulation touches on principles of data processing, the requirement of Data Compliance Officers, requirement of data subject’s consent for collecting and processing data, requirements for international transfers of data and rights of data subjects, inter alia. It also prescribes penalty for non-compliance with the regulation. Details of NDPR are contained in The Nigeria Data Protection Regulation (NDPR) 2019
The NCC Consumer Code of Practice Regulation 2007
Part VI of the Nigerian Communications Commission (NCC) regulation, generally deals with the protection of consumers’ data in the telecoms sector. Reg. 35 requires all licensees to take reasonable steps to protect the information of their customers against improper or accidental disclosures. It prescribes that licensees shall not transfer this information to a third party except as permitted by the consumer or commission or by other applicable laws or regulation. Data collected by the licensee must be such that is reasonably required for business purposes and not to be kept for longer than necessary. This law extends not only to electronic or written data but also to verbal data recorded by the licensee It also provides for notification of the consumer of the use and disclosure of data obtained from them.
The NCC Registration of Telephone Subscribers Regulation 2011
Regulation 9 and 10 of the NCC Registration of Telephone Subscribers Regulation 2011, deals with the data privacy and protection of subscribers. It provides for confidentiality of personal information of subscribers stored in the central database or a licensee’s database. It also provides that this information shall not be released to a third party nor transferred outside Nigeria without the prior written consent of the subscriber and commission, respectively. This regulation also regards the information stored in the Central Database as the property of the federal government of Nigeria.
The Freedom of Information Act 2011
Section 14 of the Freedom of Information Act protects personal data. It restricts the disclosure of information which contains personal information by public institutions except where the involved data subject consents to its disclosure or where the information is publicly available. The Act also provides that a public institution may deny the application for disclosure of information that is deemed privileged by law (e.g. Attorney-client privilege, doctor-client privilege).
The Cybercrimes (Prohibition, Prevention, etc.) Act 2015
The Cybercrimes (Prohibition, Prevention, etc.) Act, Nigeria’s foremost law on cybercrimes criminalizes data privacy breaches. Generally, this Act prohibits, prevents and punishes cybercrimes in Nigeria. It prescribes that anyone or service provider in possession of any person’s personal data shall take appropriate measures to safeguard such data.
The Child Rights Act 2003
The Child Rights Act protects the privacy rights of children. The Act protects and guarantees the right of every child to privacy, family life, home, correspondence, telephone conversation and telegraphic communications subject to the supervision or control of the parents or guardians.
The Consumer Protection Framework 2016
The Central Bank of Nigeria’s Consumer Protection Framework prohibits financial institutions from disclosing the personal information of their customers. It also ensures that these financial institutions take appropriate measures to safeguard customers’ data and necessitates the prior written consent of their customers before sharing these data with anyone.
The National Identity Management Commission (NIMC) Act 2007
Section 26 of this Act requires the approval of the Commission before a corporate body or anybody can have access to data stored in their database. The Act also empowers the NIMC to collect, collate and process data of Nigerian citizens and residents.
The National Health Act (NHA)2014
The NHA which regulates health users and healthcare personnel restricts the disclosure of the personal information of users of health services in their records. It also ensures that healthcare providers take the necessary steps to safeguard such data.
The Federal Competition and Consumer Protection Act 2019
This Act stipulates that the Federal Competition and Consumer Commission shall ensure that business secrets of all parties concerned in investigations conducted by it are adequately protected during all stages of the investigation or inquiry.