Who we are
Our website address is: http://bumfash.com.
TABLE OF CONTENTS
1 INTRODUCTION 3
2 SCOPE 3
3 COLLECTING PERSONAL DATA 4
4 USING PERSONAL DATA 4
5 DISCLOSING PERSONAL DATA 5
6 RETAINING PERSONAL DATA 6
7 SECURING PERSONAL DATA 6
8 INTERNATIONAL DATA TRANSFERS 6
9 SUBJECT ACCESS REQUESTS 6
10 UPDATES / AMENDMENTS 7
11 THIRD PARTY WEBSITES 7
13 OPT IN / OPT OUT 7
14 DATA PROTECTION REGISTRATION 8
15 OUR DETAILS 8
16 COMPLAINTS 8
Bumfash Technology Limited is committed to safeguarding the privacy of personal and sensitive personal data and is bound to comply with the Nigeria Data Protection Regulation (2019), along with similar and applicable laws in other countries around the world. This Privacy Notice forms part of Bumfash Technology Limited’s obligation to be open and fair with all individuals whose personal and sensitive personal data Bumfash Technology Limited processes and to provide details around how it processes such personal data and what it does with it.
Bumfash Technology Limited processes the personal data of its customers, employees, temporary staff, contractors such as name, date of birth, contact details and email address, passport and national ID Card number, amongst other things. Processing of this data implies collecting, storing, using, disclosing or disposing of individuals’ personal data.
Individuals’ who leverage Bumfash Technology Limited’s products and services, or use Bumfash Technology Limited website (bumfash.com), may be provided with further privacy notices which may be contained in a separate supplemental notice. These additional privacy notices shall supplement this overarching Privacy Notice.
This Privacy Notice relates to the processing of personal data by Bumfash Technology Limited. Unless otherwise stated, all references to “we” or “our” shall imply all Bumfash Technology Limited processing personal or sensitive personal data as a Data Controller.
None of the lists, or examples provided in this Privacy Notice, are intended to be exhaustive or fully representative of every individual.
The scope of this Privacy Notice covers customers, employees, temporary staff, contractors, third parties personal data (or sensitive personal data, if applicable) in respect of the following: –
Collecting Personal Data
Using Personal Data
Disclosing Personal Data
Retaining Personal Data
Securing Personal Data
International Data Transfers
Subject Access Requests
Updates / Amendments
Third Party Websites
Opt-in / Opt-out
COLLECTING PERSONAL DATA
We may collect and store the following kinds of personal data: –
Information about your computer and about your visits to Bumfash Technology Limited website, including your IP address, geographical location, browser type and version.
Information that you provide to us for the purpose of subscribing to our marketing communications.
Information that you provide to us when using any of the products and services we provide, or that is generated during the course of using those products and services.
Information that you post on our social media platforms.
Information contained in, or relating to, any communication when you call us or that you send to us through our website, email or in writing.
Information that you provide as part of performing money laundering, financial and credit checks as well as for fraud and crime prevention and detection purposes.
Human resources administration information, including payroll and benefits, training and development, performance management, sickness and absence management, grievance and disciplinary procedures as well as equal opportunities monitoring.
Internal finance management information, including personnel expense reimbursement for travel.
Information related to the security and access of our premises, systems and applications.
Information related to the suitability of any potential employees, temporary staff or contractors, including references and educational background.
Information to help us comply with our legal and regulatory obligations, including reporting to and being audited by regulators and external auditors.
Information to help us comply with court orders and to exercise and defend our legal rights.
Any other personal information that may be sent to us and which we use for legitimate business purposes.
Before you disclose to us the personal data of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal data in accordance with this Privacy Notice. Where the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we are mandated to collect this personal information in order to provide you with our products or services. Non provision of this information means that we cannot provide you with the product/services requested.
USING PERSONAL DATA
We may use your personal information to:
Administer, personalise and secure our website.
Enable your use of any product or service that we may provide through our website.
Supply you with our products and services.
Send invoices and payment reminders to you or collect payments from you.
Send you marketing communications.
Deal with enquiries and complaints.
Perform money laundering, financial and credit checks.
Perform HR administration and internal financial management.
Ensure appropriate access to premises, systems and applications.
Perform employee, temporary staff or contractor background checks.
Comply with our legal and regulatory obligations.
DISCLOSING PERSONAL DATA
We only disclose your personal data in the ways set out in this Privacy Notice or subject to any agreements in place between us. The following circumstances may apply:
Across our business, as part of a need to know or as part of improving our existing solutions and services or as part of providing new solutions and services.
To third parties who process personal data on our behalf, such as systems providers or payroll providers.
To third parties who process personal data on their own behalf as Data controllers (e.g. Logistics company who deliver your goods to your doorstep e.g GIG Logistics, Redstar Express, Pickpackets.com etc) but provide us (as Joint Controllers), or you, with a service on behalf of us.
To third parties with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes.
To any prospective buyer in the event we sell any part of our business, or its assets, or if substantially all of our assets are acquired by a third party.
To any regulator (Central Bank of Nigeria- CBN, National Information Technology Development Agency- NITDA), external auditor or applicable body or court where we are required to do so by law or regulation or as part of any investigation.
To any central or local government department (e.g. Ministries and Department of State) and other statutory or public bodies, such as the Federal Inland Revenue Service (FIRS), Ministry of internal Affairs etc.
We do not sell, rent or trade any of your personal data.
We will not, without your consent, disclose or supply your personal data to any third party for the purpose of their or any other third party’s direct marketing.
RETAINING PERSONAL DATA
Personal data that we process, for any purpose or purposes, shall not be kept for longer than is necessary. Bumfash Technology Limited bases its record retention and processing on any legitimate interest, consent, legal, regulatory or contractual obligations.
Where the continued retention and/or processing of your personal data is based upon our legitimate interest, in all instances this legitimate interest is so that as a business we can functionally and satisfactorily provide you with services offered, whilst also remaining a responsible provider to you, to us and to the wider society.
Where the processing of your personal data is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing, where we do not have any overriding legitimate interest, legal, regulatory or contractual obligations for continued retention of such data.
SECURING PERSONAL DATA
Where Bumfash Technology Limited acts as the controller of personal data, it will ensure that necessary and adequate safeguards are in place to prevent unauthorised access, loss, misuse or alteration of your personal data.
We store all personal information on secure servers with relevant access, encryption and firewall controls.
Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.
Passwords must be kept confidential and not disclosed to a third party. Bumfash Technology Limited does not ask you for your password.
INTERNATIONAL DATA TRANSFERS
Personal data that we collect, is encrypted using a SHA-256 Key Fingerprint bit key encryption standard, before it is transferred and stored in the UK and EEA . Should we need to transfer personal data outside of the UK, or European Economic Area in the future, such personal data will be covered by binding corporate rules or standard contractual clauses (Model Contract Clauses) to ensure it is processed appropriately.
When data is processed outside of the UK or European Economic Area, we will notify you.
SUBJECT ACCESS REQUESTS
You may instruct us to provide you with any personal data we hold about you as part of a Subject Access Request. The provision of such information will be subject to: –
Appropriate evidence of your identity, such as a passport, driving licence as well as a recent bank statement or utility bill.
In certain instances, where exemptions exist, we may withhold personal data that you request, and which are permissible by law.
You have the right to rectification and may wish to contact us if the personal data that we hold about you needs to be corrected or updated.
You have the right to object to us processing your data, and the right to request we restrict the processing of your data.
We do not perform any auto-profiling of individuals.
UPDATES / AMENDMENTS
In order to remain compliant with any legal and regulatory obligations, or as part of our evolving business practices, we may update this Privacy Notice from time to time by publishing a new version. In certain instances, we may notify you.
THIRD PARTY WEBSITES
We are not responsible for the practices employed by Third Party Websites linked to or from our Website nor the information or content contained therein. Often links to other websites are provided solely as reference points to information on topics that may be useful to the users of our Website. Please remember that when you use a link to go from our Website to a Third-Party Website, our Privacy Notice will no longer apply. Your browsing and interaction on any other Website, including Third Party Websites, which have a link on our Website, are subject to that Website’s own Privacy Notice.
OPT IN / OPT OUT
You have the right, at any time, to ask us not to process your personal data for marketing purposes.
You can opt-out of receiving email communications simply by clicking the unsubscribe link, which is contained within marketing emails.
You may instruct us at any time not to process your personal data for marketing and communications purposes by means of ‘opting-out’.
Please note it can take up to 30 days for a request to be fulfilled because of pre-planned or ongoing marketing activity.
Bumfash Technology Ltd is registered and Incorporated under the Corporate Affairs Commission Act xxxxx
You can contact us as follows: –
Email: [email protected]
Telephone: +234 07011441955
In Writing: Data Protection Officer
Bumfash Technology Limited
Ijokodo Estate, Ibadan
If you feel your rights have not been respected, or do not feel a situation was resolved satisfactorily, you have the right to lodge a complaint with the Nigeria Information Technology Development Agency (NITDA).
You can contact them as follows: –
No 28,Port Harcourt Crescent, Off Gimbiya Street P.M.B 564, Area 11, Garki Abuja, Nigeria
Phone: +234 92 920 263
Mobile: +2348168401851, +2347052420189
Email: [email protected]
Kofo Abayomi Street Victoria Island Lagos, Lagos State.
No. 2 Herbert Macauley Street, Amadi Flats, Old GRA, Port Harcourt, Rivers State.
Our website address is: http://bumfash.com.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.