Privacy Policy

Last updated: 23rd August, 2024

Ballotchain and its affiliates recognizes its responsibility to ensure and uphold the protection of data on its cloud data base and your privacy. Our Data Protection Policy is in compliance with all data protection requirements as provided by the Nigerian Data Protection Act, 2023 (NDPA). We shall do our best to prevent unauthorized exchange of personal data and completely prevent the manipulation of such data.

This notice applies to personal data we collect, including through this website, other Foundation registration, other website, mobile applications, online portals, electronic forms, surveys, interactive exhibits, and any other channel or mobile feature that we operate (collectively, “our sites”)

This notice may be updated to reflect changes in our practices and applicable law.

Links to third-party sites

This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. This notice does not apply to any third-party sites that may link to, or be accessible from, our sites. We are not responsible for any of the content, features, functionality, or privacy practices of other linked sites or services. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

GLOSSARY

• Affiliated Third Parties includes companies with which we have common ownership or management or other contractual strategic support or partnership relationships with, our advisers, consultants, bankers, vendors or sub-contractors.
• Data is information, which is stored electronically, on a computer, or in certain paper based filing systems.
• Data Controller is a person responsible for determining the manner in which Personal Data would be processed.
• NDPA means the Nigerian Data Protection Act
• Personal Data is the information relating to an identified or identifiable natural person. These include a name, gender, a photo, an email address, bank details, medical information, computer internet protocol address and any other information specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Processing is any activity that involves use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, recording, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
• Sensitive Personal Data includes information about a person’s racial origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life.

THE DATA WE COLLECT

• Data you provide about yourself or others
  We collect your personal data when you voluntarily provide it to us. For example, you may give us: your email address, country of residence, and areas of interest if you choose to receive newsletters, updates, or other information from us; your contact information, and any other personal data you choose to include, if you send a mail, text, or instant message us, or contact us through our sites; and any personal data contained in, or included with, any proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, forms, surveys, or interactive portions of our sites. It is always your choice whether to provide this personal data. However, some personal data must be provided to participate in certain programs, activities, or events (such as to sign up for a newsletter, apply for a job, get a grant or register to participate in one of our events), so the decision not to provide information might limit or eliminate such functions of our sites or your ability to participate in such programs, activities, or events. Please do not disclose more personal data than is requested and do not provide personal data about others unless you are authorized or required to do so by contract or applicable law. You may provide personal data on behalf of another person if you have provided them with a copy of this notice and any applicable supplemental privacy notice, and obtained their explicit consent. We may ask you to provide evidence of that notice and consent.
  Data that maybe requested include:
  • first name, last name, username or similar identifier, title, date of birth and gender.
  • residential address, email address and telephone numbers.
  • information on your employment history, professional and educational information submitted upon applying for employment with us
  • your preferences in receiving marketing communications from us and our Affiliated Third Parties and your communication preferences
• Data we receive from third parties and other sources
  We may receive personal data about you from other sources, including your company/organization, professional references, publicly-available sources, third-party analytics providers, and other third parties. For example, we may receive your personal data if: someone at your company/organization designates you as a contact person for that company/organization or includes information about you in proposal documents; another visitor includes it in any feedback, comments, photos, videos, or other information submitted via online portals, electronic forms, surveys, or interactive portions of our sites; or one of our employees or service providers provides or a third party acting on apparent authority provides it to us when registering you to access our facilities or our sites, apply for a job, or participate in one of our events.
• Payment Processors
  If you make a donation or any purchase via the sites, the transaction may be handled by our service providers or third parties responsible for processing your transaction (“Payment Processors”). Please be aware that Payment Processors have their own privacy policies and those terms will apply to you regarding how that Payment Processor handles your personal data. Depending on your donation or purchase, it may be made via the sites or you may be re-directed to a third-party site for payment. If your donation or purchase is made via the sites, in order for the Payment Processor to process your transaction, we may require payment, credit card, or other credit-related information. If you are re-directed to a third-party site for your donation or purchase, please be sure to review any linked policies provided during payment processing as they will apply to you.
• Interest-based advertising
  We may use third-party service providers to serve our advertisements across the Internet. These companies may use tracking technologies to collect information about your visits to our sites and other websites and your interaction with our advertising and other communications. Some advertisements may be personalized, meaning that they are intended to be relevant to you based on information collected about your visits to our sites and elsewhere over time. Other companies may also use such technology to advertise on our sites.
• Data we collect automatically, including cookies, pixels, and similar technologies
  We may collect some personal data automatically. For example, when you visit our sites, we may collect technical, profile and usage data. Technical Data includes internet protocol (IP) address, domain name, your login data, Internet service provider (“ISP”) information, browser type and version, time zone setting and location, browser plug-in types, languages and versions, operating system and platform, and other technology on the devices you use to access this website. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. Usage Data includes information about how you use our website and services We also may use cookies, pixels, and similar technologies to collect data about your interaction with our sites, including, for example, referring webpage, pages visited on our sites, and crash data. In addition, we may link the information we collect automatically or the information from any cookie or pixel with the information you provide in other contexts on our sites (newsletters, etc.) to personalize, connect and streamline your experience when visiting our sites. For example, this may include connecting your use of our site from your desktop, mobile, or other device. Please see Cookies & Similar Technologies for more information, including how to manage cookies, pixels, and similar technologies. You provide this information through direct interaction when you visit our website, sign up to our newsletters or publications, request marketing materials to be sent to you, respond to surveys, complete our feedback or comment form, provide your business card to any of our staff, sign our visitor management form, complete other forms, apply for employment through our careers page, or contact us to request for any information or other correspondence by post, email, our website or otherwise. We do not intentionally or knowingly collect any Sensitive Personal Data. We ask that you do not send to us nor disclose such Sensitive Personal Data save where required for a specific purpose.

MINORS

Our sites are not intended for minors (individuals under the age of 18, or equivalent minimum age depending on jurisdiction), and we do not knowingly collect personal data from minors. If you become aware of any personal data we have collected from a minor, please contact us. If we learn that we have collected personal data from a minor, we will take steps to delete the data without notice as soon as possible.

How we use your data

Purpose:

We may use your personal data to:

• Send you information that you have expressly chosen to receive;
• Process or manage your appointments with any of our staff;
• Keep you updated on our activities, programs and events where your explicit consent has been given;
• Monitor, review, evaluate and improve your experience when you visit our website;
• Invite you to complete a survey or provide feedback to us on specific matters;
• Review and respond to proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, electronic forms, surveys, or interactive portions of our sites [for our legitimate interests and/or to perform a contract with you];
• Notify you of changes to our websites or relevant processes;
• Administer and inform our program strategies and charitable activities [for our legitimate interests];
• Analyse the traffic on our website, including determining the number of visitors to the website and analyse how they navigate the website;
• Administer, safeguard, and improve our sites, systems, facilities, events, and other business operations [for our legitimate interests]; protect our rights and the safety of others [for our legitimate interests]; contribute to our archive of information in the public interest [for our legitimate interests]; and/or comply with applicable law, court order, subpoena, or legal process served on us [to comply with legal obligations];
• We may share your personal data with affiliated third parties such as service providers who we have engaged to assist with providing certain services on our behalf, for which they require your personal data;
• We may also use your information or allow affiliated third parties such as our affiliate companies or partners use of this personal data, to offer you information about unrelated products or services you may be interested in. We or such affiliated third parties can only communicate with you if you have expressly consented to such communication and data use;
• Where we have any contracts with you which create a commitment, we may require contact or use of your information to perform the contract;
• Comply with legal/ regulatory obligations or to report any criminal or unethical activity;
• Store either on our central computer system or a third-party computer's central computer system for archiving and back up purposes;

CHANGE OF PURPOSE

We will only use your Personal Data for the aforementioned purposes, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, we will notify you and request for your express consent. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

Additional purposes

Additional purposes for using your personal data may be described in a supplemental privacy notice.

Persons who have access to your Personal Data

• Data shared with employees, agents, affiliates, service providers, and partners
  We may share your personal data with our employees, agents, and affiliates who have a business need to know, our services providers (including contingent workers, consultants, contractors, vendors, and out-sourced service providers) to process it for us based on our instructions and for no other purpose, and with partners that are collaborating with us to fund projects or host events. We do not share your personal data with any third party (including our service providers) for marketing purposes unless you have provided consent for us to do so. If you believe personal data you provided to us is being misused by a third party, please contact us right away. We will transfer your Personal Data to only those Affiliated Third Parties who we are sure can offer the required level of protection to your privacy and information and who are also contractually obligated to us to do so. We do not and will not at any point in time sell your Personal Data. We require all Affiliated Third Parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our professional service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

Your Personal Data Rights

Data Protection Laws provides you with certain rights in relation to the information that we collect about you:

• The right to withdraw consent previously given to us or our Affiliated Third Parties. In order to make use of your personal data, we would have obtained your consent. For consent to be valid, it must be given voluntarily. In line with regulatory requirements, consent cannot be implied, and we ensure that you have the opportunity to read our data protection privacy policy before you provide your consent. Consent in respect of Sensitive Personal Data must be explicit and will be given by you in writing to us. The consent of minors (under the age of 18) will always be protected and obtained from the minor's representatives in accordance with applicable regulatory requirements. You can ask us or Affiliated Third Parties to stop sending you marketing messages at any time by logging onto the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you.
• The right to request that we delete your Personal Data that is in our possession, subject however to retention required for legal purposes and the time required technically to delete such information.
• The right to request for access to your Personal Data or object to us processing the same. Where personal data is held electronically in a structured form, such you have a right to receive that data in a common electronic format.
• The right to update your Personal Data that is kept with us. You may do this at anytime your personal data changes and you wish to update us.
• The right to receive your Personal Data and have it transferred to another Data Controller, as applicable.
• The right to lodge a complaint.

You may exercise any of the above stated rights following our Data Subject Access Request Procedure.

Transfer of Personal Data outside Nigeria

The Personal Data we collect may be transferred to and processed in another country other than your country of residence for the purposes stated above. The data protection laws in those countries may be different from, and less stringent than the laws applicable in your country of residence.

By accepting this Policy or by providing your Personal Data to us, you expressly consent to such transfer and Processing. We will however take all reasonable steps to ensure that your data is treated securely and transfer of your Personal Data will only be done in accordance with the requirements of applicable laws and to parties who have put in place adequate controls to secure and protect your Personal Data.

• Other visitors to our sites
  If you submit feedback, comments, photos, videos, or other information to interactive portions of our sites, such submission may be made publicly available to anyone who visits those areas of our sites. Other visitors may access, re-post, or use such submission. Even if you remove or delete your submission, copies may remain in cached or archived areas of our sites or retained by other visitors. Please use your discretion when submitting personal data in these contexts.

Storage and Protection of Data

Information submitted by you is stored on secure servers we have which are encrypted and access is restricted to only authorised persons in charge of maintaining the servers. We have put in place physical, electronic and procedural processes that safeguard and protect your information against unauthorised access, modification or erasure.

• Storage and transfers
  Your personal data may be stored in your region or in any other country where we or our service providers have facilities. We may also allow employees and service providers located around the world to access personal data as provided in this notice. Our staff also have an obligation to maintain the confidentiality of any Personal Data held by us.If your personal data is subject to GDPR, UK GDPR, or POPIA, we will ensure your legal rights and protections travel with any such “transfer” of your personal data as required by applicable law. We will also comply with similar applicable laws regarding the storage and transfer of personal data in other jurisdictions where your personal data may be collected or provided.
• Storage period
  We will store your personal data until it is no longer needed to fulfill the purpose(s) for which it was collected or as otherwise required or permitted by law. After such time, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate it from any further use until deletion is possible. We may dispose of any data in our discretion without notice, subject to applicable law. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.Where your Personal Data is contained within a document, the retention period applicable to such type of document in our document retention policy shall apply. Please contact us if you would like more details regarding our retention periods for different categories of personal data.
• Protection
  Transmission of data on the internet is never guaranteed regarding safety. It is impossible to completely guarantee your safety with electronic data and transmission. You are therefore at your own risk if you elect to transmit any data electronically. However, we maintain appropriate technical and organizational measures, including performing regular self-assessments and data privacy impact assessment, to prevent unauthorized disclosure of, or access topersonal data. We limit access to personal data and require that employees authorized to access personal data maintain the confidentiality of that data. We hold our service providers to at least the same data privacy and security standards to which we hold ourselves. Our standard information security requirements for service providers are available here. In the unlikely event that we experience any breach to your personal data, such breach shall be handled in accordance with our Personal Data Breach Management Procedures. All such breaches shall be notified to the relevant Nigeria Data Protection Commission within 72 hours of occurrence and based on the severity and potential risks, shall notify you of such occurrence, steps taken and remedies employed to prevent a reoccurrence.
• How you can access and control your data; your rights
  To the extent provided by applicable laws, you may have the right to obtain confirmation that we hold personal data about you; to access, correct, or delete your personal data; to withdraw any consent you previously provided to us; to object to or restrict our processing of your personal data in any other context; to deactivate, block, anonymize, or delete personal data as appropriate; or to request and receive a copy of the personal data you have provided us and to transmit this data to a third party. To exercise any of these rights that you are not able to do directly, please contact us. You may also have the right to lodge a complaint with the applicable data protection authority. If you reside in South Africa, you have the right to submit a complaint to the Information Regulator here:
• Law enforcement
  We may share your personal data with law enforcement, other government agencies or authorities, or third parties as required by applicable law, court order, subpoena, or legal process served on us.
• Legal bases under the GDPR, UK GDPR, or POPIA
  If you are in the European Economic Area (EEA), the United Kingdom (UK) or South Africa, we will collect and use your personal data only if we have one or more legal bases for doing so under the GDPR, UK GDPR, or POPIA. The legal bases depend on your interaction with us and our sites. This means we collect and use your personal data only where: you have given your consent for one or more specific purposes; it is necessary to perform a contract we are about to enter into or have entered into with you; it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; it is necessary to protect the vital interests of you or another natural person; or it is necessary to comply with a legal obligation. We will indicate the legal basis or bases on which we are relying for each purpose. Where we are relying on consent as the legal basis, we will notify you and seek additional consent before using your personal data for a new purpose that is inconsistent with the original purpose for which we collected it. We will not intentionally collect any “special categories of data” under the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (“UK GDPR”), or the Protection of Personal Information Act (“POPIA”) without your explicit consent for one or more specified purposes or as otherwise permitted or required by applicable law. Special categories of data include personal data (a) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or (b) concerning health or data concerning a natural person's sex life or sexual orientation.

CONTACT

We welcome any queries, requests you may have regarding our Data Protection Privacy Policies, or our privacy practices. Contact us at info@ballotchain.com

Newsletters, auto-generated emails, and updates from us often include links to access, correct, or delete your personal data and to manage any subscriptions directly. If you do not wish to receive promotional communications from us, you can opt-out by following the instructions contained in the messages you receive. Even if you opt-out of receiving these promotional communications, we reserve the right to send you certain communications relating to our sites, including administrative messages. We do not offer you the opportunity to opt-out of receiving those communications. For more information about interest-based advertising, including how you can manage advertising, please see above “Interest-based advertising.”

SUBJECT ACCESS REQUEST RESPONSE PROCEDURE

• Where you wish to exercise any of your data privacy rights you shall make a formal request by completing the Subject Access Request Form (SAR Form) and sending the completed form via email to us at info@ballotchain.com
• We shall contact you within 5 working days of the receipt of the SAR Form to confirm receipt of the subject access request and may request additional information to verify and confirm the identity of the individual making the request.
• On receiving any request from you, we shall record the request and carry out verification of the identity of the individual making the request using the details provided in the SAR Form and a valid means of identification such as international passport, driver's license, national identification card or any other acceptable means of identification.
• Where the request is from a third party (such as relative or your representative), we will verify their authority to act for you and may contact you to confirm their identity and request your consent to disclose the information.
• When your identity is verified, we shall coordinate the gathering of all information collected with respect to you in a concise, transparent, intelligible and easily accessible form, using clear and plain language with a view to responding to the specific request. The information may be provided in writing, or by other means, including, where appropriate, by electronic means or orally provided that your identity is proven by other means. We may also contact you to ask you for further information in relation to your request to speed up our response.
• Where the information requested relates directly or indirectly to another person, we will seek the consent of that person before processing the request. However, where disclosure would adversely affect the rights and freedoms of others and we are unable to disclose the information, we will inform you promptly, with reasons for that decision.

Fees and Timeframe

We shall ensure that we provide the information required by you within a period of one month from the receipt of the request. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. However, where we are unable to act on your request, we shall inform you promptly at least within one month of receipt of the request of the reasons for not taking action and give you the option of lodging a complaint with the NDPC.

Where the request relates to any perceived violation of your rights, we shall take appropriate steps to remedy such violations, once confirmed. Remedies shall include but not limited to the investigation and reporting to appropriate authorities, recovering the personal data, correcting it and/ or enhancing controls around it. You shall be appropriately informed of the remedies employed.

Any information provided to you by us shall be provided free of charge. However, where requests are manifestly unfounded or excessive in particular because of their repetitive or cumbersome nature, we may:

• charge a reasonable fee taking into account the administrative costs of providing the information or communication, taking the action required or making a decision to refuse to act on the request; or
• write a letter to you stating refusal to act on the request and copying the Nigeria Data Protection Commission (NDPC).

Exceptions to Data Subjects Access Rights

To the extent permitted by applicable laws, we may refuse to act on your request, if at least one of the following applies:

• in compliance with a legal obligation to which we are subject;
• protecting your vital interests or of another natural person; and
• for public interest or in exercise of official public mandate vested in us.