KENNEDIA CONSULTING’S PRIVACY POLICY

KENNEDIA CONSULTING LIMITED (“the Company”, “we”, “our” or “us”) is a company duly incorporated under the laws of the Federal Republic of Nigeria as a human resource (HR) and outsourcing firm that specializes in talent management, recruitment, business advisory, learning and development, accounting, taxation services and HR consulting services.

This Privacy Policy, in compliance with the Nigeria Data Protection Act (NDPA) 2023 and other applicable data protection laws in Nigeria, stipulates our approach to handling your data and your rights with regards to our collection, use, storage and sharing of your personal data, which may be collected by the Company in the course of providing you with our services.  This Privacy Policy also applies to our website [www.kennediaconsulting.net] as well as all related sites, services, and tools regardless of your access or usage.

Personal Data encompasses all information retained or gathered concerning our employees, customers, stakeholders, vendors, and other relevant parties, whether obtained directly or indirectly. This encompasses both offline and online data that renders an individual identifiable, including but not limited to names, addresses, contact numbers, passport identification, usernames, passwords, digital traces, images, financial particulars, assets and liabilities, insurance, savings, investments, as well as health and high-risk data associated with products and services procured from us, (hereinafter collectively referred to as “Personal Data”).

Personal data may be acquired from third-party sources or gathered through our website(s) and other digital platforms. This policy ensures that data is collected, stored, and managed in a fair, transparent, and respectful manner, with a focus on individual rights. Considering the evolving nature of government regulations, technological advancements, and developments in data protection laws and privacy, we advise regularly visiting our website for the latest privacy policy updates.

We utilize the personal data we collect to deliver and improve our services. By using our services, website, and associated digital channels, sites, and tools, you consent to the collection and use of your Personal Data as outlined in this Privacy Policy. If you do not agree, you have the option to withdraw your consent at any time. However, please be aware that withdrawing consent may prevent the Company from providing any services to you.

Please read this Privacy Policy carefully as this sets out the basis on which any personal data, we collect from you, or that you provide to us, will be processed by us.

 

 

INTERPRETATION AND DEFINITION

Interpretation

The words of which the initial letter is capitalized shall have the meanings defined under the following paragraphs. The following definitions shall have the same meaning regardless of whether they appear singular or plural.

Definitions

In this Privacy Policy:

“Country” refers to Nigeria;

“Service” refers to the use of any service or product offered by the Company;

“You” refers to the customer or user of any service of the Company. “Your” shall be construed accordingly.

Top of Form

 

OUR PRIVACY PRINCIPLES

• Your Personal Data is obtained as a means by which we may contact you; either by telephone, text (SMS), email messaging, social media, etc;
• Personal Data you provide is processed fairly, lawfully and in a transparent manner.
• Personal Data you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose for which we collected it.
• Your Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
• Your Personal Data is kept accurate and, where necessary kept up to date.
• Your Personal Data is kept no longer than is necessary for the purposes for which the Personal Data is processed.
• We will take appropriate steps to keep your Personal Data secure.
• Your Personal Data is processed in accordance with your rights.
• We will only transfer your Personal Data to a party/entity agreed by both parties where the need arises or the area where we have taken the required steps to ensure that your Personal Data is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.
• The Company will not sell your Personal Data and we also will not permit the sale of Personal Data by any companies who provide services to us.

 

HOW DO WE COLLECT YOUR PERSONAL DATA?

• Through online application forms, resumes, and cover letters.
• When you fill out an anonymous or identifiable survey or vote in a poll on our website.
• Through quotes and application forms.
• Through performance reviews, evaluations, and feedback forms.
• Via email, phone calls, or in-person conversations.
• When you provide your details to us either online or offline.
• Via live chat, chatbot and profilers.

 

SOURCES OF PERSONAL DATA

• Through investigations, disciplinary actions, or other HR-related matters.
• Through training evaluations, assessment results, or other learning and development programs.
• When you enquire about, or engage the Company to provide its services (either in a personal capacity, or as a representative for your employer or client);
• When you apply for a position through the Company;
• When you contact us with any other enquiry, complaint or notice.
• When we acquire a company or employer, or assets of a company or employer that has your information;
• When you attend the Company’s hosted or sponsored event or webinar;

 

WHAT KIND OF PERSONAL DATA DO WE COLLECT?

The information that we collect depends on our relationship with you. We may collect the following information about you:

• Personal Data contact details such as name, email address, home/office address and telephone number.
• Identification information such as your date of birth, national identity number, bank verification number including other identification number from your international passport, driving license and other valid means of identification.
• Financial information such as bank details.
• Public information about your work and education history, including professional affiliations;
• Information you provide on your public social media profiles related to your professional and educational history, such as LinkedIn;
• Company data such as the name, size and location of the company you work for, your role within the company as well as publicly available company information and activity associated with company data;
• Details provided on job application forms, notes and assessments from interviews, references, and background checks.
• Assessment results like psychometric tests, work samples or portfolios submitted by candidates, and visa or work permit information, if applicable.
• If you submit an enquiry to us about our services (either over the website, or by emailing, telephoning or meeting with one of our colleagues), then we will process information such as your name, job title and contact information in order to respond to your enquiry.

 

HOW DO WE USE YOUR PERSONAL DATA?

We have set out below, the main reasons why we process your Personal Data as well as the applicable circumstances:

• Carry out “Know Your Customer” checks and screening prior to starting a new engagement (as well as basic contact information, this may mean processing compliance related information such as proof of your identity, information about your professional background and, in some circumstance, details of any criminal convictions or adverse media coverage;
• To comply with: local or foreign laws, regulations, voluntary codes, directives, judgments or court orders, agreements between any member of the Company and any authority, regulator, or enforcement agency; policies (including our policies), good practice, government sanctions or embargoes, reporting requirements under financial transactions legislation and demands or requests of any authority, regulator, tribunal, enforcement agencies including but not limited to the Nigerian Financial Intelligence Unit (“NFIU”) and the Economic and Financial Crimes Commission (“EFCC”), or exchange bodies.
• If you apply for a position to or through the Company, we will need to collect personal information in order to consider your application, and during any interview and assessment phase;
• We may use your Personal Data to analyze, develop, improve and optimize the use, function and performance of our sites, products and services;
• To manage the security and operation of our sites, facilities, and networks and systems;
• Where we need to communicate with you to resolve complaints or other issues;
• Where we need to protect against any suspected illegal, malicious and/or fraudulent activity;
• Where we need to identify and repair errors and bugs on our website;
• Where you have provided your consent to our use of your Personal Data. We will usually ask for your consent in relation to processing your sensitive Personal Data or when providing marketing information to you (including information about other products and services). This will be made clear when you provide your Personal Data. If we ask for your consent, we will explain why it is necessary. Where you provide sensitive Personal Data about a third party, we may ask you to confirm and provide proof that the third party has provided his or her consent for you to act on their behalf.
• Where we have appropriate legitimate business needs to use your Personal Data such as maintaining our business records, developing, and improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.

 

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

The Company will not disclose your personal information to third parties unless we have your explicit consent or are required to do so by law. However, we may share such information with our affiliates when necessary to fulfill the purposes for which the information was collected or supplied. Additionally, third-party contractors, consultants, and vendors engaged by us may have access to your personal information to facilitate provision of our services. These third parties are obligated to adhere to our data protection requirements, ensuring a level of security provided by us. Moreover, they typically enter into written agreements with us that address the protection of your personal information.

It is important to point out that we may disclose your personal information for the purposes of:

• responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests;
• the prevention and/or detection of crime;
• establishing legal rights or to investigate or pursue legal claims;
• a merger, acquisition or corporate restructuring to which the Company is subject;
• preventing risk of harm to an individual.

 

INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

We may need to transfer your Personal Data in our possession to third parties outside Nigeria. Such transfers will only be done in accordance with the applicable data protection regulations in such jurisdiction. While undertaking the international transfer of your information, we will put security measures in place to reasonably protect your data during transmission. We shall, among other things, confirm whether the country is on the National Information Technology Development Agency (“NITDA”) Whitelist of countries with adequate data protection principles.

 

HOW LONG DO WE KEEP RECORDS FOR?

 

We keep your Personal Data for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations. The length of time we retain Personal Data for depends on the purposes for which we collect and use it as required to comply with applicable laws and to establish, exercise or defend our legal rights.

 

 YOUR RIGHTS

You can ask us to do various things with your Personal Data. For example, at any time you can ask us for a copy of your Personal Data, ask us to correct mistakes, change the way we use your information, or even delete it. We will either do what you have asked or explain why we cannot, usually because of a legal or regulatory issue.

You have the following rights in relation to our use of your Personal Data.

1. The right to access your Personal Data: 

You are entitled to a copy of the Personal Data we hold about you and certain details of how we use it. Your Personal Data will usually be provided to you in writing, unless otherwise requested. We may charge you a reasonable fee to cover the cost for repeated requests.

1. The right to rectification: 

We take reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

1. The right to erasure: 

In certain circumstances, you have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of Personal Data we hold about you and why we have collected it, there may be some legal and regulatory obligations which may mean that we cannot comply with your request.

1.   Right to restriction of processing: 

In certain circumstances, you are entitled to ask us to stop using your Personal Data, for example where you think that the Personal Data, we hold about you may be inaccurate or where you think that we no longer need to process your Personal Data.

1. Right to data portability: 

You have the right to ask that we transfer any Personal Data that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for the security of your Personal Data.

1. The right to withdraw consent:

For certain uses of your Personal Data, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your Personal Data. Please note that in some cases we may not be able to process the required services if you withdraw your consent.

1. Right to object to processing

You have the right to object to the processing of your personal information at any time. You will be informed that you have a right to object at the point of data collection. You may also access this Privacy Policy at any time to be updated on your rights.

1. Changing and accessing your Personal Data: 

To the extent required by applicable law, you may be able to request that we inform you about the Personal Data we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your Personal Data. We will respond to your access requests within the period specified by relevant legislation and make all required updates and changes within the time specified by applicable laws.

When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Where the timeline specified in an applicable law cannot be met, we will communicate same to you and take steps to notify you where we require an extension.

 

HOW WE PROTECT PERSONAL DATA

We view safeguarding Personal Data as a fundamental business practice. Therefore, we implement commercially appropriate organizational, physical, technical, and procedural safeguards and measures to protect your Personal Data in our possession or control. These measures aim to prevent unauthorized or accidental access and misuse to the best of our ability. Further, we state that we have in place strict measures and technologies to prevent fraud and intrusion. Accordingly, our employees are trained in data protection and security to respect and preserve confidentiality, integrity and availability of information held by us. We also adopt organizational measures, for example, limiting access on a “need-to-know” basis; and technological measures, for example, the use of passwords and encryption.

 

BREACH/PRIVACY VIOLATION

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information, we shall within 72 (seventy-two) hours of having knowledge of such breach, report the details of the breach to the Nigeria Data Protection Commission (NDPC). Furthermore, we shall within 7 (seven) days of having knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach. You may contact our Data Protection Officer (DPO) upon becoming aware of any breach of your Personal Data or if your access credentials have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Data.

 

MARKETING 

We may share information with our other entities or affiliates in order to inform you of other products and services that may be of interest to you or members of your family.

We would like to keep you informed, from time to time about relevant products and services. We may do this by mail, email, telephone or other electronic methods such as text message. We may also run specific marketing campaigns through social media and digital advertising that you may see which are based on general demographics and interests.

Personal Data is not used for these campaigns. If you do not want to see any campaigns, then you will need to adjust your preferences within social media settings and your cookie browser settings. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.

Please note that we may retain any data provided to us on our websites for a limited period. The information may be used for us to better understand your needs.