When you use our Portal, you may provide us with:

• Personal Identification Information: Full name, date of birth, gender, nationality, and government-issued identification numbers
• Contact Information: Email address, phone number, postal address, and emergency contact details
• Professional Information: Organization name, job title, professional qualifications, and business registration details
• Financial Information: Bank account details (for payment-related submissions), tax identification numbers
• Submission Content: Documents, proposals, complaints, requests, and any attachments you upload
• Communication Records: Messages, responses, and correspondence through the Portal

When you access the Portal, we automatically collect:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, submission history
• Log Data: Access times, error logs, referring URLs
• Cookies and Similar Technologies: Session cookies, authentication tokens, and preference settings

We use your information for the following purposes:

2.1 Primary Purposes

• Processing and managing your submissions
• Communicating with you about your submissions and requests
• Verifying your identity and preventing fraud
• Providing customer support and responding to inquiries
• Fulfilling NDDC's governmental and regulatory functions

2.2 Secondary Purposes

• Improving and optimizing the Portal's functionality
• Analyzing usage patterns to enhance user experience
• Generating anonymized statistical reports
• Ensuring security and preventing unauthorized access
• Complying with legal obligations and government audits

We may share your information with:

3.1 Within NDDC

• Relevant departments and directorates processing your submission
• State offices when submissions relate to their jurisdiction
• Internal audit and compliance teams

3.2 Third Parties

• Government Agencies: Other federal, state, or local government bodies when required for processing or by law
• Service Providers: Technology vendors, cloud service providers, and contractors who assist in Portal operations (under strict data protection agreements)
• Financial Institutions: Banks and payment processors for payment-related submissions
• Legal Authorities: Law enforcement, courts, or regulatory bodies when legally required

3.3 We Do NOT

• Sell your personal information to third parties
• Share your information for commercial marketing purposes
• Transfer your data internationally without adequate safeguards

We implement comprehensive security measures to protect your information:

4.1 Technical Safeguards

• SSL/TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA) for user accounts
• Regular security assessments and penetration testing
• Intrusion detection and prevention systems
• Automated backup and disaster recovery systems

4.2 Organizational Safeguards

• Role-based access control (RBAC) limiting data access to authorized personnel
• Regular staff training on data protection and security
• Incident response procedures for data breaches
• Compliance with ISO 27001 security standards

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach affecting your data as required by law.

We retain your information for the following periods:

• Active Submissions: Retained until the submission is fully processed and closed
• Completed Submissions: Retained for a minimum of 7 years in accordance with government records retention requirements
• Account Information: Retained for the duration of your account plus 3 years after closure
• Audit Logs: Retained for 10 years for compliance and accountability purposes

After the retention period, data is securely deleted or anonymized for statistical purposes.

Under the Nigeria Data Protection Regulation (NDPR), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request your data in a machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact our Data Protection Officer using the contact information below. We will respond to your request within 30 days.

We use the following types of cookies:

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect Portal functionality.

The Portal is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately.

We may update this Privacy Policy periodically. When we make material changes, we will:

• Post the updated policy on this page with a new "Last Updated" date
• Notify you via email if you have an account
• Display a prominent notice on the Portal

We encourage you to review this policy regularly. Your continued use of the Portal after changes constitutes acceptance of the updated policy.

If you believe your privacy rights have been violated, you may:

• Contact our Data Protection Officer directly
• Lodge a complaint with the National Information Technology Development Agency (NITDA)

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: