This privacy policy (“Policy”) applies to the website(s) and mobile application(s) (hereinafter referred to as, the "Sites") provided by Blupik Global Services Limited (“BGSL”, “we”, “us”, “our”), and other products/services of BGSL. This Policy discloses our data protection practices on our Sites, products and subscriber-based services (“Services”), inclusive of the type of personal data that we collect, our method of collection of personal data, use of personal data and procedures for sharing personal data with third parties.
The Sites covered by this Policy include our existing websites, mobile applications and all other additional websites and mobile applications produced and managed by Blupik Global Services Limited. Details of existing Sites include the following:
Xcel Media - www.xcelmediaonline.com; www.xcelmediaonline.net; GTV – www.gospelonline.org; Newsnow – newsnow.xcelmediaonline.com;
We value the trust you place in us and understand that your privacy is of utmost importance to you. In light of this, we make use of the highest standards to ensure secure transactions and the privacy of customer information. We are committed to protecting your personal data (i.e. any information you provide to us through which you can be identified) in accordance with the provisions of the Nigeria Data Protection Regulation 2019 (“NDPR”). By visiting the Sites (including all websites and mobile applications which may be added or removed from time to time) you agree to the terms and conditions of this Privacy Policy. If you do not want your personal data processed in accordance with this Policy, please do not use or access the Sites or the Services. We reserve the right, at our sole discretion, to alter and update this Policy from time to time. We therefore invite you to review the current version of this Policy each time you return to the Sites.
The Sites and Services are intended solely for persons who, if they are natural persons, are eighteen (18) years of age or older, and any registration by, use of or access to the Sites and Services by any natural person under eighteen (18) is unauthorized, unlicensed and in violation of this Policy.
By using the Sites, Services and by providing your personal data, you consent to the collection and use of the information you disclose to us in accordance with this Policy, including but not limited to your consent for sharing your personal data in line with the terms contained in this Policy. If we decide to change this Policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. If you do not agree to give consent to the use of personal data as described in this Policy, please do not use or access the Sites or Services.
In accordance with the provisions of the NDPR, prior to the processing of personal data there must be in existence a legal basis for such processing. In compliance with the provisions of the NDPR, we process your personal data in line with the following legal basis:
• Consent: where you have consented to our processing of your personal data for one or more specific reasons. Such consent is given by you through your continuous use of the Services and the Sites.
• Performance of a contract: in order to perform a contract we have with you or a contract to which you are a party to and in order to take necessary steps at your request prior to entering into such a contract.
• Legal obligation: where processing of personal data is required by law. We are required by law to retain certain account opening information and personal data of our customers beyond the date such customers cease to carry on business with us.
• Legitimate interest: in order to protect the vital interests of other data subjects, and in order to carry out the purposes of our business. In addition to this, we have a legitimate interest to prevent fraud, money laundering and to verify identity of data subjects, in order to protect our customers and business, to understand how people interact with our Sites, to provide communication which we think will be of interest to you and to determine the effectiveness of promotional campaigns and advertising.
• Public interest: such processing is necessary for the performance of a task carried out in the interest of the public on in exercise of an official public mandate vested on us.
When you use the Sites or Services, we collect and store your personal data which is provided by you from time to time.
Personal data/ information in this context shall include all data such as: any means of information relating to an identified or identifiable natural person who can be identified by:
• a name;
• an identification number;
• location data, an online identifier;
• address, a photo, an email address;
• bank details;
• posts on social networking websites; and
• other unique identifiers such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM.
• This also applies to personal data/ information regarded as sensitive which could include:
• data relating to religious or other beliefs;
• race, ethnicity;
• political views;
• trade union membership,
• criminal records; or
• any other sensitive personal information.
For the purpose of accessing our Services, the personal data we may collect include: your full legal names, marital status, title, date of birth, gender, business name, email address, mailing address, telephone number, bank account number, payment card details, bank verification number, national identification number, international passport number, means of identification, guarantors contact details, bank statements, usernames, password, your preferences, interests, feedback and survey responses, preference in receiving marketing information from us and our third parties and your communication preferences, etc.
Our primary goal in collecting the above stated personal data is to provide you with a safe, efficient, smooth and customised experience. This allows us to provide Services and features that most likely meet your needs, and to customise the Sites to make your experience safer and easier.
We collect information you provide directly to us, for example, we collect information when you register or log on to the Sites, create an account, subscribe to a Service, participate in any interactive features on our Services, fill out a form, take part in surveys, post on our message boards, upload any documentation, request customer support, make an enquiry, communicate with us by email, phone or post, interact with us on social media, etc.
We will also collect your information where you partially complete and/or abandon any information inputted in the Sites and may use this information to contact you to remind you to complete any outstanding information.
Every computer connected to the internet is given a domain name and a set of numbers that serve as that computer’s internet protocol “IP address”. When you use the Sites, our web servers automatically recognize your domain name and IP address. The domain name and IP address reveals nothing personal about you other than the IP address from which you have accessed the Sites. We are able to see information relating to your browsing patterns and technical data about the equipment you use to access the website through the use of cookies, server logs and other similar technologies. You can select your preference from the cookies settings on any of our websites.
We may also collect technical data from third parties/ public sources such as analytics providers, advertising networks, search information providers. We may obtain contact, financial and transaction data from providers of technical, payment, credit referencing and delivery services based both inside and outside Nigeria. We utilize third-party service providers to secure information related to financial crime, fraud, sanctions and politically exposed persons.
We do not own personal data provided and will only store such data for a period reasonably needed and we will do our best to ensure that such personal data is secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, unauthorized dissemination, manipulation of any kind, damage by rain, fire or exposure to other natural elements.
We will not sell, share, transfer or rent out any personal information to others in ways different from what is disclosed in this Policy, and our terms and conditions of use. We may share generic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers.
Providing us with information about others
If you provide us with personal data about someone else, you are responsible for ensuring that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the personal data and that you explain to them how we collect, use, disclose and retain their personal data or direct them to read our Policy.
In order to provide you with access to the Services, or to provide you with better service in general, we may combine information obtained from other sources (for example, a third-party developer whose application you have authorized) and combine that with information we collect through the Sites.
The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.
We may use your personal data for the following purposes:
• To provide the requested Services and support to you;
• To process transactions and send notices about your transactions to requisite parties;
• To verify your identity;
• To resolve disputes and troubleshoot problems;
• To manage risk, detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;
• To detect, prevent or remediate violations of policies or applicable user agreements;
• To improve our services by implementing aggregate customer preferences;
• To manage and protect our information technology infrastructure;
• To contact you at any time through your provided telephone number, email address or other contact details;
• To notify you about activities on your account, troubleshoot problems with your account and collect fees or monies owed;
• To monitor traffic patterns and usage of the Sites to help to improve the Sites design and layout;
• To record and store communications made via phone, skype or the website chat function;
• To personalize your experience on our Sites or communications/advertising;
• To provide customer service, including to respond to your enquiries and fulfill any of your requests for information;
• To send you important information regarding the services and/or other technical notices, updates, security alerts, support and administrative messages;
• To poll your opinions through surveys or questionnaires; and
• As BGSL believes to be necessary or appropriate:
o To comply with a legal obligation. This applies where the processing is necessary for Blupik Global Services Limited to comply with the law;
o To enforce or apply this Policy; and
o To protect BGSAL’s legitimate interests, privacy, property or safety, and/or those of a third party as long as your rights do not override those interests.
We may monitor and record our communications with you, including e-mails and phone conversations for training, quality assurance purposes, and to meet our legal and regulatory obligations in general.
Fraud prevention
We may process your personal data on the basis that we have a legitimate interest to prevent fraud and money laundering, and to verify your identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services you have requested.
We may carry out fraud prevention checks using a fraud prevention database. If false or inaccurate information is provided, and/or fraud is identified, details will be passed to the Central Bank of Nigeria and the Economic and Financial Crimes Commission. Additionally, law enforcement agencies may access and use this information.
Data analytics and bench-marking
We may use information generated and stored during your use of our Services for our legitimate activities to enable us to give you the best service and/or solutions and the best experience. These purposes include to:
• deliver advertising or information to you which may be useful to you, based on your use of preferences;
• carry out research and development to improve our Services;
• develop and provide new and existing functionality and Services (including statistical analysis, benchmarking and forecasting Services); and
• provide you with location-based Services (for example location relevant content) where we collect geo-location data to provide a relevant experience.
Whenever we use your information for our legitimate interests, we will ensure that your information is processed on a pseudonymized basis and displayed at aggregated levels, which will not be linked back to you or to any living individual.
You have the right to object to processing based on our legitimate activities but if you object, this may affect our ability to provide certain Services and/or solutions for your benefit.
Your personal data is protected by legal rights enshrined in the NDPR. These rights include the following: • the right to be told how we use your personal data and obtain access to your personal data; • the right to have your personal data rectified or erased or place restrictions on processing your personal data; • the right to object to the processing of your personal data e.g. where the processing is based on our legitimate interests. Please note that this may prevent us from continuing to provide Services to you; • the right to have any information you provided to us on an automated basis returned to you in a structured, commonly used and machine-readable format, or sent directly to another organization, where technically feasible (“data portability”); • where the processing of your personal data is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions; • the right to object to any decisions based on the automated processing of your personal data, including profiling; and • the right to lodge a complaint with the supervisory authority responsible for data protection matters. Please note that if you request for a copy of your personal data, you may be required to pay a fee. If you would like to exercise any of the above stated rights, please follow the following procedures: • put your request in writing and send it to us through your usual registered channel (e.g. by registered email). • specify the right you wish to exercise. • You can also access the Data Subject Access Request (DSAR) portal on our website. For more information or to exercise your data protection rights please, please contact our Data Protection Officer at dpo@bgsltd.com We will endeavor to process all subject access requests within thirty (30) days and if any further extension is required, we will communicate same through existing consented channels – at no cost. However, please note that you may continue to receive existing communications for a transitional period whilst we update your preferences.
We will not retain your personal data for longer than is necessary for the purposes for which such personal data is processed. This means that your personal data will only be retained for as long as it is still required to provide you with the Services or is necessary for legal reasons. When calculating the appropriate retention period of your personal data we consider the nature and sensitivity of the personal data, the purposes for which we are processing such personal data, and any applicable statutory/regulatory retention periods. Using these criteria, we regularly review the personal data that we hold and the purposes for which such is held and processed. Our Payment Card Industry Data Security Standard (“PCIDSS”) obligation means that we are obliged to retain personal data for a minimum of ten (10) years from the end date of our business relationship with you.
When we determine that personal data can no longer be retained (or where you request that we delete your personal data in accordance with your rights contained in the NDPR) we ensure that such personal data is securely deleted, anonymized or destroyed. However, please note that, in some circumstances we may decide to retain your personal data as may be reasonably necessary in accordance with the provisions of the NDPR. In such circumstances, we will anonymize your personal data before retaining same.
Please see details of our data retention and disposal process below:
Type of data | Retention Period | Disposal Process |
---|---|---|
Electronic storage on database | 10 years (regulatory reasons) | Programmatic (automatic) process to remove, at least on a quarterly basis, personal data that exceeds business retention requirements/reviews conducted at least on a quarterly basis |
Hardcopy data (receipts/faxes) | 10 years | Cross-cut shredded/incinerated, pulped |
Hard drives (back-up) | 10 years | Secure wipe program/degauss |
Tape Media (back-up) | 10 years | Physically destroy |
System and network logs | 1 year |