CLIENT AND THIRD-PARTY PRIVACY POLICY

Jackson, Etti & Edu (“JEE” or “the firm”) is committed to collecting, maintaining, and using personal information about our clients and business contacts responsibly. The provisions of data protection laws in Nigeria imposes strict conditions on the firm. The firm has made a commitment through its internal policies to apply a consistent standard across the firm when collecting, using, and managing personal information.

This privacy notice explains how we may collect, use and disclose information about clients and other business and firm contacts, and describes the rights you may have in respect of your own personal information. Please read it carefully.

CONTENT

  1. Introduction
  2. Purpose of this Privacy Policy
  3. Who is the Controller for the personal data processed?
  4. Changes to your personal data
  5. The information we collect and how we use it
  6. How your personal data is collected
  7. How we use your data
  8. Processing your personal data for recruitment activities
  9. Service providers
  10. Keeping your information up to date
  11. Marketing and exercising your right to opt-out of marketing
  12. Third party marketing
  13. With whom we share personal data
  14. Data security
  15. Data retention
  16. Your rights

 

1. INTRODUCTION

Jackson, Etti & Edu provides this privacy policy (this “Privacy Policy”) to inform users about our policies and procedures regarding the collection, use, processing, deletion, security, and disclosure of personal data and information that is subject to protection under applicable data protection, data privacy and data security laws, including the Nigerian Data Protection Regulation (NDPR) (such data and information collectively, “Personal Data”) received from users of the website owned and operated by JEE, including those found at http://jee.africa; and received from other persons or entities that have entered into written agreements with us that expressly reference this Privacy Policy (as applicable).

This privacy policy applies to the processing of personal data by JEE in connection with any:

“Client Supplier”: provision of products and services by JEE to actual and prospective clients;

“Supplier Services”: provision of products and services to JEE by suppliers or service providers;

“Visitors Services”: provision by JEE of facilities, including conference rooms, local area network (for instance, Wifi) and other relevant facilities and services to visitors to any JEE offices; and

“Recruitment Activities”: provision of the personal data of a candidate or individual (whether by such candidate or individual or by a third party) for a position at JEE other than through JEE’s usual recruitment process.

References in this notice to “you” or “your” are references to individuals whose personal data JEE processes in connection with client services, supplier services, or visitor services. For the avoidance of doubt:

  • any reference in this policy to our “clients” or “suppliers” includes their employees or other staff whose personal details we process;
  • this privacy notice also applies to JEE’s processing of personal data of individuals who could be (or could be the employees or staff of) transaction counterparties or rival bidders to, or litigants in legal proceedings involving, our actual or prospective clients; and
  • if you have provided your personal data to JEE for recruitment activities (whether directly or through a third party this notice is only designed to provide you with information about how we will process your personal data up to the point that you apply for a position or placement with JEE. Details of the processing undertaken for recruitment activities are set out in Clause 8. If you have any questions about the processing of your personal data for recruitment purposes, please contact DPO@jee.africa

JEE may from time to time update this privacy policy by posting an updated version of the Privacy Policy to the Website. The date on which this Privacy Policy was last updated is set forth above. Your use of the Website after any updated version is posted means that you accept and understand such updated Privacy Policy. In addition, the Website makes use of cookies as described in further detail below.

 

2. PURPOSE OF THIS PRIVACY POLICY

This notice aims to give you information about how JEE collects and processes your personal data. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.

This notice can be accessed on our website but is not our website privacy notice or cookie policy. Our website privacy notice and cookie policy are accessible from the privacy section of our website.

 

3. WHO IS THE CONTROLLER FOR THE PERSONAL DATA PROCESSED?

A “controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of JEE as controller. Unless we notify you otherwise JEE is the controller for your personal data.

Our Data Protection Officer (DPO) oversees compliance with data protection within JEE. If you have any questions about this notice, including any requests to exercise your rights, please contact our Data protection Officer using the contact details set out below:

Email: DPO@jee.africa

4. CHANGES TO YOUR PERSONAL DATA

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact your relationship Counsel or the person you usually deal with at the firm. You can also contact the firm’s Data Protection Officer at DPO@jee.africa

 

5. THE INFORMATION WE COLLECT AND HOW WE USE IT

Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).

JEE may use your personal information for a variety of purposes, as outlined in the following sections. JEE is committed to collecting and using only the personal information that is necessary for the provision of legal services to our clients; to establish and/or maintain its business relationship with business and/or firm contacts; to respond to your requests and inquiries, and to make individuals aware of and keep them informed of opportunities, services and events which it reasonably considers may be of interest to them and/or which they have otherwise confirmed their preference to receive from the firm. In the past 12 months, JEE has collected the following categories of personal information:

  • “Identity Data”: including your first name, middle names, maiden name, last name, marital status, title, date of birth, passport number, photographic identification and gender;
  • “Contact Data”: including your billing address, delivery address, email address and telephone number;
  • “Account Information”: including security-related information such as usernames and passwords, authentication methods and roles, service-related information, and similar data.
  • “Financial Data”: including your bank account and payment card details;
  • “Services Data”: including details about payments to and from you and other details of services you have purchased from us, or we have purchased from you;
  • “Usage Data”: includes information about your use of our website, our client knowledge portal, our local area networking facilities (including WiFi) and similar electronic services. Additional information about personal data we process based on your usage of our website is available in the privacy notice for our website (which can be accessed from the privacy section of our website;
  • “Technical Data”: includes information collected when you access our website, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using;
  • “Marketing and Communications Data”: including your marketing and communication preferences. We also track when you receive and read marketing communications from us and which of our events you attend, which information we use to improve our marketing services, provide you with more relevant information and improve the quality of our marketing materials. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you. If you participate in Zoom, Microsoft Teams or similar online meeting, event, web conference or videoconference, the content of the call or meeting (video and audio) may be recorded by JEE. Recordings retained by the firm may be used for legitimate business purposes.

Events

If you attend an event that is run by or in association with the firm (whether online or in person), we will collect contact details as part of event registration. We may also request a delivery address (which may be your home address) for the purpose of sending a gift or other item to those attending the event.

Where an event is run in association with a partner organization or hosted at an external venue, we may need to share your personal details with the partner, event organizer or venue.  This will be made clear to you before you sign up for the event.  Only the minimum information will be shared as necessary for the purposes of running the event.

If the event is run in association with a partner organization, they will be responsible for informing you about any marketing they may wish to undertake and obtaining your consent where necessary.

If the event is run online, we may make a video and/or audio recording. You will be informed about this prior to the event so that you can choose whether or not to attend a recorded session, or whether to withhold your personal details during the event.

  • “Professional Information”: including your job title, email address, phone number and addresses.

Personal Information collected at our premises: if you visit our premises, your image may be captured on CCTV systems operated by the firm or the entity which manages our premises. Building access control systems may also capture the location, time and date of your entry and exit to our offices. Where required by local law or regulation, we may also collect health screening information (including temperature) or other wellness data necessary to facilitate the safe functioning of our offices.

 

6. HOW YOUR PERSONAL DATA IS COLLECTED

We use different methods to collect personal data from and about you, including through the channels set out below.

Direct interactions: You give us your personal data in your direct interactions with us. Such personal data includes Identity Data, Contact Data, Financial Data, Services Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data, Professional Information, and/or Professional History which you give us from time to time (i) by filling in forms on our website; (ii) through other electronic platforms which we offer or which we have agreed with you to use, (iii) by corresponding with us by email or post, (iv) by speaking to us in person or over the telephone, or (v) whilst visiting our offices.

Such direct interactions include, for example, instances when you:

  • enquire about or apply for our client services (for instance, when you sign up to our Sector Hub);
  • market or provide your supplier services to us;
  • give us personal data necessary for a specific client service we are performing for you
  • give us your business card at an event or a meeting, or otherwise personally give us your personal data (for example, by leaving your contact details at the reception of one of our offices);
  • give us your personal data via an electronic platform which we make available or which we have agreed with you to use in connection with our client services (for instance, any e-billing system which you require us to use) or in connection with your supplier services (for example, an electronic platform that you supply to us);
  • subscribe to our publications or otherwise ask for our marketing;
  • participate in our marketing, recruitment or other promotional events;
  • participate in our client seminars and similar events; or
  • give us feedback (for example, by completing a survey).

Website, cookies, and marketing: You give us your personal data, which includes Profile Data, Usage Data, Technical Data, Professional Information and/or Marketing and Communications Data, when you use our website, or review the publications or marketing we send you.

Third-party sources: We receive Identity Data, Contact Data, Financial Data, Professional Information and Special Categories of Personal Data about you from third parties, when we:

  • provide our client services or other parties send us your personal data to enable the provision of those service;
  • you provide your personal data to a third party for the purpose of sharing it with us, for instance recruitment agencies and consultants may provide your personal data to us for recruitment activities; and

we interact with governmental or regulatory bodies or other authorities (in relation to you or on your behalf.

7. HOW WE USE YOUR DATA

We will only process (i.e., use) your personal data when the law allows us to, that is, when we have a legal basis for processing.

We use your personal data in the following circumstances:

  • “Performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
  • “Legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
  • “Vital interests”: where necessary to protect your vital interest or that of another person.
  • “Consent and explicit consent”: where you have provided your consent or explicit consent to processing your personal data.

With limited exceptions (for instance, in relation to some of our electronic marketing), generally we do not rely on consent as the legal basis for processing your personal data. You have the right to withdraw consent to electronic marketing at any time by following the unsubscribe instructions in such marketing materials or by contacting us at (the email address for data subjects to withdraw consent for receiving marketing materials) Please refer to Section 11 (Marketing and exercising your right to opt-out of marketing) for more information about how we use your personal data for marketing purposes and your rights.

 

8. PROCESSING YOUR PERSONAL DATA FOR RECRUITMENT ACTIVITIES

When your personal data is passed to us for recruitment activities, we will only use this personal data in order to contact you about recruitment and other opportunities which you may have requested. If you apply for any role within JEE for example a position or Internship scheme your personal data will be processed in accordance with our privacy policy.

 

9. SERVICE PROVIDERS

Third parties providing services to JEE are referred to as “Vendors.” JEE will put in place contracts with Vendors which address the requirements of relevant privacy laws. Vendors will be required to use appropriate security measures to protect personal information and will be prohibited from using personal information other than as instructed by the firm.

Vendors who process personal information on behalf of the firm may be located in Africa, United States, Europe, the UK or other countries around the world. JEE will ensure that Vendors comply with any applicable legal requirements for transferring personal information outside the jurisdiction in which it was originally collected.

If you would like more information about the Vendors we work with, please contact the Data Protection Officer at DPO@jee.africa

10. KEEPING YOUR INFORMATION UP TO DATE

JEE makes every effort to maintain the accuracy and completeness of the personal information held by the firm. To help us ensure we have the most up to date information about you, it is important that you inform us of any updates to your contact details or other personal information. Please contact your Client Relationship Partner or the person you usually deal with at the firm. You can also contact our Data Protection Officer at DPO@jee.africa

 

11. MARKETING AND EXERCISING YOUR RIGHT TO OPT-OUT OF MARKETING

We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.

We would encourage you to make such requests via the forms and links provided for that purpose in the marketing materials we send you or by contacting our Marketing team at (The email address of our BD team). You may alternatively make any such request to your usual contact at the firm or to our Data Protection Officer at DPO@jee.africa . In any event, such request can be made at any time free of charge.

 

12. THIRD PARTY MARKETING

We do not share your personal data with any organizations outside of JEE for marketing purposes.

 

13. WITH WHOM WE SHARE YOUR PERSONAL DATA

We do not sell or rent any of the Personal Data we collect about you to third parties.

We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data, as detailed in Section 7 (How we use your personal data).

  • Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
    1. any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency
    2. our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us;
    3. any financial institutions providing finance to us;
    4. service providers who provide information technology and system administration services to us; and
  • If you ask us to do so in relation to the client services or visitor services we are providing or the supplier services you are providing, we may disclose your personal data to other persons or entities as instructed (for example, if we are acting for you in litigation proceedings, we will share your personal data with our external counsel or advisors in order to provide advice to you).
  • We may share your personal data with persons or entities outside of JEE for the purposes of obtaining feedback or references in relation to client services provided to you. For example, we may share your corporate contact details with legal directories for the purpose of obtaining a reference in relation to client services provided to you. Where appropriate, we will confirm with you that you are willing to be contacted for this purpose.

We require any person or entity to whom we disclose personal data to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

14. DATA SECURITY

We consider the protection of Personal Data to be a sound business practice, and to that end we employ commercially appropriate organizational, physical, technical, and procedural safeguards and measures to protect your Personal Data in our possession or under our control, to the extent possible, from unauthorized or accidental access and improper use.

Unfortunately, the transmission of information via the Internet is not completely secure, and we cannot guarantee the security of your Personal Data transmitted to or through the Website; any such transmission is at your own risk. Once we have received your Personal Data, we will use the procedures and security features described above to try to prevent unauthorized access of your Personal Data.

 

15. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defense of legal claims.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you would like to know more about the retention periods we apply to your personal data, please contact us at DPO@jee.africa

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

 

16. YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is JEE’s policy to respect your rights and JEE will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.

Details of your rights are set out below:

  • right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
  • right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
  • right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
  • right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
  • right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us, but you require the personal data to be retained to establish, exercise or defend a legal claim;
  • right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behavior will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e., electronically);
  • right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data for the performance of a task in the public interest, (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information.

You may exercise any of your rights by contacting our Data Protection Officer at DPO@jee.africa . You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.