May 27, 2020
As a company, it may become necessary for AMG Logistics to gather and process certain information about individuals with whom it has relationship for various purposes such as, but not limited to customer details, the recruitment and payment of staff, relationship management with members, issuers, investors, collection of relevant fees for services rendered, provisions of post-trade services, etc. In light of the emerging data regulatory environment which requires higher transparency and accountability in how companies manage and use personal data, the company must ensure that its business operations align with global best practices on the protection of rights and privacy of individuals.
Third parties to whom the Company outsources all or part of Personal Data Processing activities (“Processing”) must also comply with this Policy.
Personal Data Processing Principles
At AMG Logistics Nigeria Limited, we will process your data in accordance with the relevant laws and regulations and ensure that your personal data is:
• Collected and processed in accordance with specific, legitimate, and lawful purpose consented to by you.
• Adequate, accurate and procured without prejudice to the dignity of human person.
• Stored only for the period within which it is reasonably needed; and
• Secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damage by rain, fire, or exposure to other natural elements
Categories of Personal Data that we collect and process.
We process Personal Data only for specific and explicit purposes which we will communicate to you at or before the moment of Personal Data collection.
We may collect and process the following categories of Personal Data about you:
• Contact data and Business Contact Information: name, company details, postal address, email address, other contact information, including your business contact information and your business bank account and any data that would enable us to maintain our business relationship with you;
• Targeted data: age, interests, any postings, comments or other content that you upload or post on our websites and/or webpages, movements and behaviour on our webpages, websites and online systems;
• Financial Data: This would include details relating to Bank accounts as well as other channels we may require for monetary transfer where necessary;
• Automatically collected data: IP addresses, information about your browser, operating system, your login data, time zone setting and location, browser plug-in types and versions, cookies, operating system and platform, and other technology on the devices you use to access this website and other Personal Data that are relevant and necessary for the use of the service;
• Transaction Data: includes details about payments to and from you and other details of services we provide to you;
• Biometric data: photographs, and images/footage captured on CCTV or other video systems when you access our premises, locations and/or offices, voice recordings for when you register to a conference.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
If you contact us, we may keep a record of the correspondence. Furthermore, we may ask you to complete surveys that we use for research purposes, although you are not obliged to respond to them.
Although we do not generally seek to collect sensitive or special categories of Personal Data about you, we may do so in certain cases where we have the legal right to do so, or where you have expressly consented to this.
Data collected would generally be used to perform contracts with you, provide our services, improve our website services and customer relationships, and carry out surveys as well as other legitimate interests and legal obligations.
We do not collect any sensitive Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions and views, trade union membership, information about your health, genetic data or information about criminal convictions and offences.
Data Collection and Control
We use different methods to collect data from and about you including through:
• Direct interactions:
You may give us your Identity, Contact and Financial Data by filling in forms, accessing or creating an account on our website, corresponding with us by post, phone, email as well as other related medium/platforms. This particularly covers personal data you provide when you apply for our services, give us feedback or contact us.
• Automated technologies or interactions:
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. For example, when you provide your Personal Data through a log in action on our webpages and websites or when you are prompted to complete a form within our webpages and our websites or when you provide information to sign up for a newsletter or register to comment on a forum webpage or website. Our websites and webpages may collect certain information automatically, such as the type of PC device or operating system you use, the amount of time you spend on our websites and webpages, and information about the way you use our websites and webpages. Our websites and webpages may also use certain analytics software that enables us to better understand how our website and webpages functionalities work so that we can continue to improve them.
• The Company is the data controller and responsible for your personal data s you are the Data subject. The Company shall take all necessary steps and measures to ensure that in the event that any third party handles your personal data, such party must do so in strict compliance with the applicable laws and regulations and under a written contract.
Purposes for collecting and processing your Personal Data.
We might process your Personal Data for the purposes listed below:
• Recruitment, for ensuring that we recruit the appropriate employees;
• For providing you with our services and products according to agreed terms and as per your request, hence for the purpose of allowing the commercial terms to be executed between parties and to enable you to have a good customer experience;
• For facilitating our communication with you to ensure business continuity, including for providing you with necessary information, references and recommendations about our services and products;
• For monitoring your use of our systems to enable us to personalize your experience on our websites and webpages (including monitoring the use of our website and any apps and tools you use);
• For improving the security and functioning of our websites, webpages, networks and information, to ensure that you receive an excellent user experience whilst our networks and information are secure;
• For providing you with tailored newsletters and/or notifications, including relevant press releases to help you stay up to date with our services;
• For operating and managing our business operations, for ensuring the proper functioning of our business operations;
• To facilitate, among others, communication in regard to general meetings, the management of the shareholders register, access to the shareholder portal, communication with shareholders and other investor relation activities. For access management purposes, to ensure that both AMG Logistics and yourself are protected when accessing our locations, sites, offices and /or premises;
• For conducting and managing anti-corruption, anti-fraud, anti-bribery checks, to assess and address risk management to avoid non-compliance, setbacks of our business and protecting of our reputation;
• Apply analytics to business operations and data to describe, predict and improve business performance within our tool and/or to provide a better user experience. Specifically, areas within analytics include descriptive analytics, predictive analytics, analytics involving individuals (i.e. clients) use Personal Data, analytics driven by marketing, single customer view and customer journey, talent/employee management analytics, for ensuring the proper functioning of our business operations;
• Marketing our services to you, unless you objected to such processing, so that we can ensure that we can conduct and increase our business.
Legal basis for collection and processing of your Personal Data
• Because we are required to do so for compliance with a legal obligation to which we are subject;
• Because such data is necessary for the performance of a contract to which you and/or the company you represent are a party to;
• Because the processing is necessary for the purposes of the legitimate interests pursued by us, by yourself or by a third party, or;
• Where necessary in order to protect the vital interests of any person;
• Based on your prior consent, to the extent such consent is mandatory under applicable laws.
Data proportionality and quality
We will only collect the Personal Data we need for our purposes and we will not ask for or keep irrelevant details. We shall not hold Personal Data on the off-chance that it might be useful in the future. The Personal Data we maintain shall also be accurate and kept up-to-date at all given times; consequently, we will require that you update us as soon as there is any change in the data you have shared with us. We will rectify or erase any inaccurate or incomplete data, promptly upon becoming aware of any such inaccuracy and/or information gap.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Geographies where we collect and process your Personal Data.
Generally, we do not transfer your personal data outside Nigeria or to an international organisation. However, whenever there is a need to transfer your personal data out of Nigeria or to an international organisation arises, we shall ensure that we comply with the relevant laws and regulations.
As an organization, we may transfer Personal Data collected by us on an aggregated or individual level to various divisions, subsidiaries, joint ventures and affiliated companies of AMG logistics around the world in accordance with applicable laws. Your Personal Data will not be disclosed to anyone outside the AMG logistics unless permitted or required under applicable legislation.
Nevertheless, where there is a need, we may share your Personal Data with third parties, such as, services providers, professional advisors, lawyer offices, tax consultants, corporate commercial transactions, public authorities. Before doing so, we take steps to protect your Personal Data. Any third-party service providers and professional advisors to whom your Personal Data are disclosed, are expected and required to protect the confidentiality and security of your Personal Data and may only use your Personal Data in compliance with applicable data privacy laws and/or contractual stipulations.
Personal Data retention.
We will retain the data for as long as you use the website and as long we have an on-going relationship with you and for a reasonable time thereafter. Please note that some or all of the data may be required in order for the website to function properly, and we may be required to retain certain information by law. We might retain your Personal Data longer, based on your legitimate interest or consent (i.e. to provide you with the history of the containers booking).
We maintain specific records management and retention policies and procedures, so that Personal Data are deleted after a reasonable time according to the following retention criteria:
• We retain your Data as long as we have an on-going relationship with you (in particular, if you have an account with us).
• We will only keep the data while your account is active or for as long as needed to provide services to you.
• We retain your Data for as long as needed in order to comply with our legal and contractual obligations.
In such a case we will retain your Personal Data for as long as you request us to do so but not more than for a reasonable period of time, and in any case not more than 4 years after our relationship with you have been severed.
We may retain your Personal Data where this is advisable to safeguard or improve our legal position (for instance in relation to statutes of limitations, litigation, or regulatory investigations).
We delete your Personal Data when it is no longer needed for the purposes for which it was collected and subsequently processed.
Data Confidentiality and Security
We recognise the importance of protecting data from unauthorised access and the attendant effects of data corruption hence, the company shall:
• Develop security measures including but not limited to protecting systems from hackers
• Set up firewalls and protect email systems
• Store data securely with access to specific authorised individuals
• Develop organisational policy for handling personal data and other sensitive or confidential data.
These security measures are put in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who for the purpose of perfecting a contract with you need to know same. They will only process your personal data on our instructions and they are subject to a duty of confidentiality as governed by a written contract. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We may share your personal data with the parties set out below for the purposes set out for which we will use your personal data above and in compliance with the applicable laws and regulations;
• Service providers who provide IT and system administration services, revenue collection services, electricity billing and printing services, gateway channel services, workforce management services and vending services.
• Professional advisers including consultants, lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• Regulatory agencies and authorities who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as stipulated in a written contract.
Data Subjects rights.
You are entitled, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law, to:
• Request access to the Personal Data we process about you: this right entitles you to know whether we hold Personal Data of you and, if so, obtain information on and a copy of those Personal Data.
• Request rectification of your Personal Data: this right entitles you to have your Personal Data be corrected if it is inaccurate or incomplete.
• Object to the processing of your Personal Data: this right entitles you to request that we no longer process your Personal Data.
• Request the erasure of your Personal Data: this right entitles you to request the erasure of your Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes.
• Request the restriction of the processing of your Personal Data: this right entitles you to request that we only process your Personal Data in limited circumstances, including with your consent.
• Request portability of your Personal Data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of Personal Data that you have provided to us or request us to transmit such Personal Data to another data controller or a third party of your choice.
We may also contact you to ask you for further information in relation to your request to speed up our response. If you wish to exercise any of the rights set out above, please contact us through our Data Protection Officer (DPO). You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we could refuse to comply with your request in these circumstances by writing to you and copying the National Information Technology Development Agency (NITDA).
We may also need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within a reasonable time. Occasionally, it could take us longer time if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Note that most of the Personal Data that we hold about you comes from information you completed, therefore, please ensure that you keep your information correct and up to date by updating your profile/information on the website.
Please note, however, that certain Personal Data may be exempt from the above-mentioned rights pursuant to applicable data privacy or other laws and regulations.
To the extent that the processing of your Personal Data is based on your consent, you have the right to withdraw such consent at any time by contacting our Data Privacy Officer. Please note that this will not affect our right to process Personal Data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal basis than your consent.
If you wish to exercise your right to access your Personal Data, to object to it being processed or to rectify processed data, please contact firstname.lastname@example.org
Data Protection Officer
To ensure that any concerns you may have regarding the protection of your personal data is addressed sufficiently and timeously, we have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy or our privacy practices, including any requests to exercise your legal rights which have been specified in this Policy, please contact the DPO using the details set out below:
Attention: The Data Protection Officer, AMG Logistics Nigeria Limited
Postal address: 7C Creek Road, Apapa, Lagos
Email address: email@example.com
Without prejudice to your right to make a complaint at any time to the National Information Technology Development Agency (NITDA) (www.nitda.gov.ng), the supervisory authority for data protection issues as you have the right at all times to register a complaint directly with NITDA or to make a claim with a competent court for any alleged breach of your data privacy rights, we would appreciate that you contact us in the first instance through the DPO if you have any concerns regarding the protection of your data or this Policy.
In the event of a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Company shall within a reasonable time of becoming aware of the breach:
• promptly assess the risk;
• promptly notify the affected data subject;
• take all necessary measures and steps to ensure that further damage is not caused by the breach;
• take all steps to retract the data (in cases of unauthorised access or disclosure); and
• if appropriate, report the breach to NITDA.
Cookies and other tracking technologies.
Please contact our Data Privacy Officer at firstname.lastname@example.org if you have a general question about how AMG Logistics protects your Personal Data or if you wish to exercise your rights in relation to your Personal Data rights.