Introduction
This Privacy Policy is developed by the Securities and Exchange Commission (SEC Nigeria) in compliance with the Nigerian Data Protection Regulation 2019 and other similar regulations. It is also a demonstration of the SEC Nigeria’s commitment to the protection of personal data of its stakeholders especially those who visit the Commission’s website and those who may electronically submit their personal data to the Commission.
SEC Nigeria generally does not require you to give us personal information when browsing our website, and, beyond the automatically collected data specified below, we do not collect personal information from you unless you specifically and knowingly choose to provide such information to us.
For the limited instances where personal information is collected either automatically or volunteered by the web user, the following constitute the Commission’s undertakings in handling such Personal Information.
Data Subject’s Privacy Rights
This Privacy Policy describes your privacy rights in relation to your personal information which SEC Nigeria might collect, use, store, or share when you use our services. It applies to SEC Nigeria’s website and all database applications, services, tools and physical contact with the Commission regardless of how you access or use them.
If you have created a username, identification code, password or any other piece of information as part of our access security measures, you must treat such information as confidential, and must not disclose it to any third party. SEC Nigeria reserves the right to disable your identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion you have failed to comply with any of the provisions of these Conditions. If you know or suspect that anyone other than you knows your security details, you must promptly notify us at sec@sec.gov.ng
Data Subject’s consent
“Data Subject” as used in this policy means a person who can be identified directly or indirectly by reference to any information supplied to the Commission. “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her in the manner specified in this policy. You accept this Privacy Policy when you give consent upon access to our platforms, or use our services, content, features, technologies or functions offered on our website, digital platforms or visit any of our offices for official or non-official purposes. We may amend this Privacy Policy at any time by posting a revised version on our website, or placing such notice at conspicuous points at our office premises. The revised version would be effective 5-days from the date of such publication.
Collectable Personal Information
When you use any of the services offered by SEC Nigeria, we collect information automatically sent to us by your computer, mobile phone or other electronic access device. Such information includes but is not limited to:
We may also collect information you provide us including but not limited to information on web form, survey responses account update information, email, phone number, organization you represent, official position, correspondence with SEC Nigeria support services and telecommunication with SEC Nigeria. We may also collect information about your transactions, enquiries and your activities on our platform or premises.
We may also use information provided by third parties like social media sites. However, Information about you provided by other sites are not controlled by SEC Nigeria and we are therefore not liable for how they use it.
Purpose of collecting Personal Data
We generally do not collect your name, email, mailing address or similar identifying information without your knowledge when you visit our website to read or download information, such as filings, press releases or publications. However, we will automatically collect and maintain certain statistical information about your visit for the following purposes:
Technical methods used to collect and store personal information – cookies
Cookies are small files placed on your computer’s hard drive that enables the website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferences in order to present contents, options or functions that are specific to you. Like most interactive websites, our website uses cookies to enable the tracking of your activity for the duration of a session. Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the browser. Session cookies do not collect information from the user’s computer. They will typically store information in the form of a session identification that does not personally identify the user.
How we protect your personal information
We store and process your personal information on our computers in Nigeria. Where we need to transfer your data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your data to a country without an adequate data protection law. We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres, and information access authorization controls.
Third Party Disclosure
We generally do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties in some limited cases.
As a government agency, we may also provide other Ministries, Departments, Agencies (MDA), other organs of government, private sector operators performing government functions, with information such as your name, contact details, or other details you provide us for the purpose of performing our statutory mandate to you or third parties.
We work with third parties, especially government agencies to carry out our regulatory functions and statutory obligations. In doing so, a third party may share information about you with us, such as your email address or mobile phone number.
You accept that your pictures and testimonials on all social media platforms can be used by SEC Nigeria for limited promotional purposes. This does not include your trademark or copyrighted materials.
From time to time we may send you relevant information such as news items, enforcement notice, statutorily mandated notices and essential information to aid the implementation of our mandate. We may also share your personal information in compliance with National or international laws; crime prevention and risk management agencies and service providers.
Security of personal data
We will always hold your information securely. To prevent unauthorized access to your information, we have implemented strong controls and security safeguards at the technical and operational levels. This site uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure secure transmission of your personal data. You should see the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting server. Any data transmitted during the session will be encrypted before transmission and decrypted at the receiving end. This is to ensure that data cannot be read during transmission.
SEC Nigeria has also taken measures to comply with global Information Security Management Systems (ISMS) we therefore have put in place digital and physical security measures to limit or eliminate possibilities of data privacy breach incidents.
Data Confidentiality Rights and available remedies in the event of violation of the privacy policy
Section 37 of the Constitution provides that: “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”
Your information is regarded as confidential and will not be divulged to any third party except under legal and/or regulatory conditions. You have the right to request sight of, and copies of any and all information we keep on you, if such requests are made in compliance with the Freedom of Information Act and other relevant enactments. While SEC Nigeria is responsible for safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details, adherence with physical security protocols on our premises, dealing with only authorized officers of the Commission and so on.
In line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify the users via email within 7 business days; we will notify the users via in site notification also within 7 business days. We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires that not only should individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
Timeframe for remedy
Where a breach of this privacy policy has occurred, the timeframe set out by the Public Officers Protection Act for seeking redress shall apply. The Commission must be given at least 14 days notice in writing stating the cause of action, the remedies sought and other important information concerning the prospective action to be taken against it.
Links to Other Websites and Premises
Certain transaction processing channels may require links to other websites or Organisations other than ours. Please note that SEC Nigeria is not responsible and has no control over websites outside its domain. We do not monitor or review the content of other party’s websites which are linked from our website or media platforms. Opinions expressed or materials appearing on such websites are not necessarily shared or endorsed by us, and SEC Nigeria should not be regarded as the publisher of such opinions or materials. Please be aware that we are not responsible for the privacy practices, or content of these sites. We encourage our users to be aware of when they leave our site and to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through our site yourself, before disclosing any personal information to them. SEC Nigeria will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.
Governing Law
This Privacy Policy is made pursuant to the Nigeria Data Protection Regulation (2019) and other relevant Nigerian laws, regulations or international conventions applicable to Nigeria. Where any provision of this Policy is deemed inconsistent with a law, regulation or convention, such provision shall be subject to the overriding law, regulation or convention.