Overview:
Dangote Petroleum Refinery & Petrochemicals Fze hereinafter referred to as “DPRP” is committed to protecting the privacy and confidentiality of Personal Information about its employees, customers, business partners and other identifiable individuals. The DPRP’s policies, guidelines and actions support this commitment to protecting Personal Information. Each employee bears a personal responsibility for complying with this Policy in the fulfillment of their responsibilities.
Purpose:
DPRP respects the privacy of its employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees, and candidates for employment and recognizes the need for appropriate protection and management of Personal Information.
Scope:
This Policy sets the minimum standard and shall guide and apply to all employees and third parties such as customers, business partners, vendors, service providers, suppliers, and agents of DPRP even if local law is less restrictive. Supplemental policies and practices will be developed as needed to meet the local legal or departmental requirements. Supplemental policies and practices may provide for more strict or specific privacy and protection standards than are set forth in this Policy.
Policy:
DPRP is guided by the following principles in Processing Personal Information:
- Notice
- Choice
- Accountability for onward transfer
- Security
- Data Integrity and purpose limitation
- Access
- Recourse, Enforcement and Liability
i. Notice:
When collecting Personal Information directly from individuals, DPRP strives to provide clear and appropriate notice about the:
- Purposes for which it collects and uses their Personal Information.
- Types of non-Agent third parties to which DPRP may disclose that information, and
- Choices and means, if any, DPRP offers individuals for limiting the use and disclosure of their Personal Information.
ii. Choice:
Generally, DPRP offers individuals a choice regarding how Personal Information is processed, including the opportunity to choose to opt-out of further processing or, in certain circumstances, to opt-in. However, explicit consent from individuals is not required when processing Personal Information for:
- Purposes consistent with the purpose for which it was originally collected or subsequently authorized by the individual.
- Purposes necessary to carry out a transaction relationship.
- Purposes necessary to comply with legal requirements, or
- Disclosure to an Agent.
iii. Accountability for onward transfer:
Regarding the transfer of Personal Information to either an Agent or Controller, DPRP strives to take reasonable and appropriate steps to:
- Transfer such Personal Information only for specified purposes and limit the Agent or Controller’s use of that information for those specified purposes.
- Obligate the Agent or Controller to provide at least the same level of privacy protection as is required by this Policy.
- Help ensure that the Agent or Controller effectively Processes the Personal Information in a manner consistent with its obligations under this Policy.
- Require the Agent or Controller to notify DPRP if the Agent or Controller determines it can no longer meet its obligation to provide the same level of protection as is required by this Policy, and
- Upon notice from the Agent or Controller, take further steps to help stop and remediate any unauthorized Processing.
iv. Security:
DPRP takes reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Information.
v. Data Integrity and Purpose Limitation:
DPRP will only Process Personal Information in a way that is compatible with the purpose for which it has been collected or subsequently authorized by the individual. DPRP shall take steps to help ensure that Personal Information is accurate, reliable, current, and relevant to its intended use.
vi. Access:
DPRP provides individuals with reasonable access to their Personal Information for purposes of correcting, amending, or deleting that information where it is inaccurate or has been Processed in violation of its data privacy principles.
vii. Recourse, Enforcement and Liability:
Violation of this Policy by an employee or contractor of DPRP, will result in appropriate discipline up to and including termination. Violation by an Agent, Controller or other third party of this Policy will result in the exercise of appropriate legal remedies available at law or in equity including termination for material breach of contract.
Purpose of collecting and use of Personal Information:
DPRP may from time to time, Process certain Personal Information from or about employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees, and candidates for employment, including information recorded on various media as well as electronic data.
DPRP will use these Personal Information to provide customers, business partners, vendors, service partners and suppliers with information and services and to help DPRP personnel better understand the needs and interests of these customers, business partners, vendors, service partners and suppliers. Specifically, DPRP uses information to help complete a transaction or order, to facilitate communication, to market and sell products and services, to deliver products/services, to bill for purchased products/services, and to provide ongoing service and support. Occasionally DPRP personnel may use Personal Information to contact customers, business partners, vendors, service partners and suppliers to complete surveys that are used for marketing and quality assurance purposes.
DPRP may also share Personal Information with its business partners, vendors, service providers and suppliers to the extent needed to support the customers’ business needs. Suppliers are required to keep confidential Personal Information received from DPRP and shall not use it for any purpose other than as originally intended or subsequently authorized or permitted.
DPRP also collects Human Resources Data in connection with administration of its Human Resources programs and functions and for the purpose of communicating with its employees. These programs and functions may include compensation and benefit programs, employee development planning and review, performance appraisals, training, business travel expense and tuition reimbursement, identification cards, access to DPRP’s facilities and computer networks, employee profiles, internal employee directories, Human Resource record keeping, and other employment related purposes.
DPRP also collects and uses Personal Information to consider candidates for employment opportunities within its business units. Human Resources Data may be shared with third party vendors and service providers for the purpose of enabling the vendor or service provider to provide service and/or support to DPRP in connection with these Human Resources programs and functions. DPRP will not share Human Resources Data with third parties for non-employment related purposes. DPRP requires third parties receiving Personal Information to apply the same level of privacy protection as contained in this Policy and as required by applicable law.
Lawful Basis for Processing Data:
Without prejudice to the principles set out in Section 5 and conditions set out in Sections 7 and 8 of the Nigeria Data Protection Regulation 2019 (NDPR 2019) and Sections 34(1)-Sections 37(1) of the Nigeria Data Protection Act 2023 (NDPA 2023), DPRP reserves the lawful right to process personal data either received or submitted because of use of any of DPRP’s services. Usage of any of DPRP’s services entails that at least one of the following below is applicable and acts as a lawful basis to process personal data.
- Given consent by the Data Subject to the processing of personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering a contract.
- Processing is necessary for compliance with a legal obligation to which DPRP is subject.
- Processing is necessary to protect the vital interests of the Data Subject or of another natural person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official public mandate vested in the controller.
International Data Transfer:
Data that DPRP collects may be stored, processed, and transferred between any of the countries in which DPRP operates, to enable DPRP to use the information in accordance with this Policy. It is important to note that other countries of operation are not subject to the guidelines of the NDPR 2019 and/ or the NDPA 2023 DPRP is subject to the policies set out within such countries with regards data privacy.
Data that DPRP collects may be transferred to any of the countries where DPRP has any of its operational activities domiciled.
An individual (employee /recruitment candidate) expressly agrees to the transfers of personal data described in this Section.
Retaining Personal Data:
This Section sets out DPRP’s data retention policies and procedures, which are designed to help ensure that DPRP complies with the legal obligations regarding the retention and deletion of personal data.
Personal data that are processed by DPRP for the purpose of customer engagement, recruitment, or required as part of the process for employment, shall not be kept for longer than is necessary for that purpose.
DPRP collects and stores the minimum amount of personal data for the period required and ensures that third-party data of customers, business partners, vendors, service providers, suppliers, and employees’ data in its possession, remains relevant. Customers and employee’s
personal data would be retained only for as long as is necessary and in line with prevailing best practice.
DPRP will retain documents (including electronic documents) containing personal data:
- To the extent that is required by law.
- If DPRP believes that the documents may be relevant to any ongoing or prospective legal proceedings, recruitment process, employment gained, or customer engagement; and to establish, exercise, or defend the legal rights (including providing information to others for the purposes of fraud prevention) of DPRP.
Cookies:
DPRP’s website uses session cookies. These cookies expire at the end of the user session when the browser is closed. They do not contain any information that personally identifies a user, but personal data that is stored about a user may be linked to the information stored in and obtained from cookies. Consenting to the use of cookies in accordance with the terms of this Policy when a user first visits DPRP’s website permits DPRP to use cookies every time a user visits DPRP’s website.
Administration:
Responsibility for compliance with this Policy rests with the heads of the individual functions, and departments together with any individual employees collecting, using or otherwise Processing Personal Information. Heads of functions and department heads, in coordination with the Legal Department, are responsible for implementing further standards, guidelines and procedures that uphold this Policy, and for assigning day-to-day responsibilities for privacy protection to specific personnel for enforcement and monitoring.
This Policy is meant to be implemented in conjunction with supplementary data privacy policies specific to a country, or department, if required. These supplementary data privacy policies will account for differences in data protection requirements by jurisdiction or function and will specify individual roles and responsibilities. DPRP will implement supplementary data privacy policies as required to follow applicable laws.
In the event of any conflict between this Policy and any supplemental data privacy policy, this Policy will supersede the supplemental data privacy policy to the extent that the supplemental data privacy policy is less restrictive. Local data privacy policies may provide for stricter data privacy and protection standards than are set forth in this Policy. In the event local data privacy law provides for stricter data privacy and protection than this Policy, the local data privacy law will supersede this Policy in that jurisdiction to the extent necessary to comply with stricter local law.
To exercise your right to query, access and amend your personal data, you can contact us by email on pet-refinery.sales@dangote.com