OverviewIn general terms, this information will take one or more of the following forms:
- Information that you provide to us directly, such as in the situation where you complete an online form or send us a message via our website.
- Information that is automatically sent to us by Your computer's internet browser when you visit our website, such as your computer's technical address or IP Address or information about which particular internet browser you are using and so on.
Our commitment to data privacyWe are fully committed to maintaining the privacy of any information that you provide to us. Furthermore, we commit to ensuring that such data is held securely, used appropriately and only retained for as long as is necessary.
Our systems and services are designed with privacy in mind, and we operate a 'data minimisation' principle wherever possible - that is to say that we will only ever ask you for the minimum amount of information required to provide our services efficiently; we have no desire to retain or maintain any more information than is necessary. We aspire to comply to the fullest extent possible with applicable data protection regulations.
Who we areIn terms of your use of this website, We, Bluesparrow Solutions Limited, act in the capacity of Data Controller, and should you have any questions or concerns about the data we hold about you, we can be contacted using the information below: Data Controller: Bluesparrow Solutions Limited
Email correspondence: email@example.com
Definition of Personal Data
When we refer to Ppersonal Data we mean any information that allows us to identify you personally. Obvious examples include your name, email address, postal address etc. We will always seek to gain your explicit consent to providing this information before we collect it from you, although this may not be the only legal basis on which we collect the data.
Who we share data withWe operate on a strict 'need to know' basis for all data that we work with, and that is particularly true for any personal data. The only people/organisations that are granted access to personal data are:
- Employees of Bluesparrow Solutions Limited who provide design and/or support services.
- Our web hosting technology suppliers, currently Namecheap.com who provide the physical server infrastructures that our website(s) operate on. We ensure that no customer data is transferred to a third party.
How your data is protectedWe take the security of all personal data very seriously, and that data is protected in a number of ways:
- Access control: access to personal data is strictly limited in line with our policy detailed in the 'who we share data with section' on this page. Access is controlled by individual user accounts, where a strong password policy is enforced
- Dedicated security software: We operate dedicated security scanning and access control software on all of our websites. This software is responsible for limiting login attempts to our site, blocking potentially malicious attempts to access our services, and regularly performing full file system scans.
- Data encryption: where data is stored in a cloud facility,such as the storage of website backup files, that data is encrypted both 'in transit' and 'at rest' - meaning that all data is securely obscured both during the process of transfer to the cloud provider, and then additionally when it is in storage at its final location.
This website is also secured with SSL encryption, which means that all traffic to and from our servers is encrypted. This applies to our own administrative access to the website as well as that of users of our services.
Access to your personal dataIn the situation where you have directly provided personal information to us, such as by completing an online form or contacting us for further information, you have a number of rights regarding the personal data that we hold:
- You have the right to obtain from us confirmation about whether any such data is being held.
- You have the right to require that we provide you with whatever data we are holding/processing about you, including the right for that data to be transferred to another data controller.
- Even if you have consented to us processing your personal data, you have the right to withdraw that permission at any time.
- You have the right to require us to rectify any incomplete or incorrect information held about you.
- You have the right to require us to erase the data held about you.
- You have the right to object to the legal basis upon which we are collecting this data, and We have an obligation to consider and respond to that objection.
- You have the right to request the prevention of further processing of your data while your objection is considered.
- You have the right to make a complaint to the relevant data protection authority.
- In most circumstances, you can exercise these rights without paying a fee to us.
Type of Data Collected - OverviewIn general terms, this information will take one or more of the following forms:
When you complete one of the contact forms on our website, we will ask you for a number of pieces of personal information, such as your name, email address and other contact details. This is obviously required for us to respond to your request. If you do not use or submit an online form on the website, no data will be collected in that regard.
Technical Data - Such as IP AddressWhen you visit our website, our systems will log a record of your visit in our server logs, and typically this record will include the technical 'IP' address that is associated with your device and the browser type and version that you are using.
Such server logs are extremely common practice, and are used to monitor technical resources, monitor high-level server activity, and importantly to detect and prevent malicious or fraudulent activity on our systems. This data can also be used, if required, to diagnose reports of technical issues. The storage of IP addresses, allow us to identify patterns of behaviour (such as repeated malicious attempts to access a system).
IP addresses, in and of themselves, do not allow us in any way to identify you as an individual, especially given that it is very common for IP addresses to be dynamically allocated by your service provider, and will therefore often routinely change.
Furthermore, we do not and will not use the content of server access logs to attempt to determine an identifiable individual. We therefore do not consider that data held within server logs falls within the scope of 'personal data', and accordingly we do not seek your consent to collect it.
Website AnalyticsWe use Google Analytics and Matomo to better understand what people look at on our website.
When people visit our site, information about their visit, such as which pages they look at, how long they spend on the site and so on, is sent in an anonymous form to Google Analytics, which is controlled by Google.
The data contains information about anyone who uses our website from your computer, and there is no way to identify individuals from the data.
We ensure that no personally identifiable information is ever contained within the data sent to our analytics providers, and we also perform a process which partially obscures your IP address information.
As analytics information is not personal data, we do not specifically ask for your prior consent.
Nigerian-British Chamber of Commerce (“NBCC”) is committed to protecting your personal data and respecting your privacy.
This notice explains what personal data we collect about you, why we collect it what we do with it and on what basis. It applies to personal data we collect about you worldwide in the course of recruitment, as well as after you terminate relationship relating to potential employment with us.
By "you" we mean present and past job applicants (by “job” we mean all types of work, internships, and other temporary kinds of works). We have developed separate privacy notices for our employees.
Please note that, if you are successful in your application with us, we may need to collect information relating to your immediate family or people who may serve as your emergency contact or next of kin (i.e., their names, date of birth, their contact information, for the purpose of pre-relocation support of your family). By providing their personal information to us, you confirm that you have received such person's consent, where applicable.
By providing us with information about contacts for reference requests, you confirm that you have received such person's consent, where applicable.
This notice was last updated and published in 2022. To ensure that it remains relevant and up to date we carry out regular reviews. If we collect information about you on a website, we will always post the most up-to-date version of this notice on that website and we will take reasonable steps to notify you of any changes of substance that we make.
2. Controller of Your Personal Data
Nigerian-British Chamber of Commerce (“we”, “us”, “NBCC” or "our") is the data controller of your personal data for the purposes described in this notice.
If you have any questions about NBCC's use of your personal data, please contact the HR department.
3. What personal data we collect
We collect, store, and use information about you in relation to your application for a job as listed in Schedule 1 to this notice.
Occasionally some of the processing will involve special categories of personal data (“sensitive data”1). This information will only be processed where data protection laws permit doing so based on a specific lawful justification. See section 7 for more details. It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes.
4. How we collect your personal data
We may collect your personal data in different ways:
- Directly from you when you apply for a job, enter into an employment contract and during your employment post-employment (or similar) (but linked to your previous employment) activities with us;
- From third parties such as recruitment agencies during the job application process, referees, ex employers, authorities (e.g. tax authorities), regulatory and professional bodies;
- From publicly available sources, such as the internet to the extent it is necessary and relevant for the function (e.g., we may collect information that you have made available on professional networking sites such as LinkedIn). We also create personal data about you in the course of job-related activities prior, during and post your employment/engagement with us.
5. How we use personal data
We will use your personal data (including special categories of personal data) where allowed by law, which means that we need a legal basis in order to process it, which includes the following:
- When it is necessary for the performance of a contracts including any steps that we need to take prior to entering into that contract;
- When we need to process your information in order to comply with a legal or regulatory obligation imposed on us;
- Exceptionally, if it is necessary for vital interests relating to you or another person (for example, avoiding serious risk of harm to you or others) and where you are not capable of giving consent (when consent is required); or
- Where you have provided your consent to use your data, we will only use your consent if strictly necessary in the context of the employment relationship. The withdrawal of the consent will not affect the lawfulness of processing based on this consent before its withdrawal; and
- Where it is needed for reasons of substantial public interest, provided that it is based on the applicable law regulations, such as the reporting of an alleged crime to the investigating authorities.
6. Why we use personal data
We use your personal data for the following purposes:
6.1. For recruitment purposes
We will use your personal data, as it is important for us as a recruiter to fully understand and assess the suitability of potential applicants for a role and verify the information provided to us. We are also under a legal obligation to perform checks around your legal right to work. This means we will:
- Review and assess any information you provide in your job application to establish whether to progress it, contact you to arrange interviews and assessments, to evaluate your performance and provide feedback, and where successful to enter into legal documentation with you (such as employment contract);
- Review and assess any information you provide during interviews and assessments; and
- Where relevant, carry out pre-employment checks and background screening (including criminal record and credit checks, reviewing your heath documents, in all cases to the extent we are allowed to perform such checks under applicable laws); check your legal right to work, verify the information in your CV and the references that have been provided to us.
6.2. After relationship between us in respect of your potential employment are terminated
We may need to continue to process some of your personal data even after the end of such relationship with us, in order to comply with certain obligations as a business. We will keep some of your data for the following (non-exhaustive) reasons:
- To deal with claims or disputes involving you or other job applicants.
- If you want us to keep information about you, which we have collected from you during job application process, in our files, databases or directories for future opportunities within NBCC or our partners, please inform us accordingly by giving your explicit consent in the end of this form. You may inform us that you wish us to retain only a part of such information for the said purpose (in such case we reserve the right to not include you in such files, databases or directories).
We will only use your personal data for the purposes for which we need to collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us or other NBCC Group companies to do so.
7. Why we use special categories of personal data (“sensitive data”)
In some cases, the Personal Data that we process will also include sensitive information according, e.g. information on criminal proceedings and sanctions or diversity related information (ethnical origin). For the purposes of this Notice, the term Personal Data also includes Sensitive Data.
The processing of sensitive data is restricted and we will only do this in case it is:
- Necessary for the purposes of carrying out the obligations and exercising specific rights of the respective NBCC Group company or of yourself in the field of employment and social security and social protection law;
- Related to personal data which are manifestly made public by yourself;
- Necessary for the establishment, exercise or defence of legal claims;
- Necessary for the assessment of the working capacity of the potential employee;
- In other cases provided by applicable law.
Except as stated in this section above or in schedule 1 below, we do not collect personal data about racial or ethnic origin, political opinions, religious or philosophical beliefs, as well as data concerning a person's sex life or sexual orientation. If we need other sensitive data about you, we will inform you accordingly and ask for your explicit consent, where necessary.
8. Automated decision making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
As a rule, we do not use of automated decision-making as described above. We do not base our decision whether or not to employ you or for any other HR related reason solely on automated processing of your personal data.
9. Who we share your personal data with, why and how
We will share your personal data, where relevant, with companies, organisations and individuals such as:
- Suppliers, vendors, contractors who supply goods, perform services and process your personal data for us for any of the purposes listed above, based on our instructions, including but not limited to (a) providers of HR platforms, (g) business travel management services providers, (h) consultants and other professional advisers and experts. We always take steps to ensure that all those third parties provide sufficient guarantees to implement appropriate technical and organisational measures and ensure the protection of your rights, including of keeping your personal data confidential and secure and only use it for the purposes that we have specified and have informed you of, particular for system maintenance support and the hosting of data;
- Regulators to the extent required by the applicable laws;
- Competent authorities (e.g. tax authorities), courts and other public bodies as required by the applicable law;
- Law enforcement agencies so that they can detect, prevent crime, prosecute offenders and (including fraud) and protect national security;
- Other third parties when it is required to protect us against harm to the rights, property or safety of our employees, contractors, clients or the public, as required or permitted by law.
10. Where your personal data is held or transferred to
We do not transfer personal data outside Nigeria. In the event that we share your personal data with processors within Nigeria, we will ensure that appropriate legal safeguards and measures are put in place.
11. How we protect your personal data
We follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised person accessing it. NBCC's internal policies set out the standards we follow to keep your information secure. When information is kept by other parties providing a service to us, they are expected to adhere to standards set by the relevant law. For further information, please refer to NBCC's internal policies.
12. How long we keep hold of your personal data
We will only retain your personal data for as long as permitted by applicable law or necessary to fulfil the purposes we collected it for.
We will retain your personal information for the duration of the recruitment process in connection to the position you applied for and we may retain and use your personal information to consider you for other positions. We will also hold some personal information about you as required for legal or regulatory purposes and for the length of any applicable limitation period for claims which might be brought against us later.
If you are successful in applying for a position, your personal information will be retained for the purposes of your contract with us, as set out within our NBCC Employees Data Privacy Notice and in accordance with our data retention policy.
For unsuccessful candidates, NBCC will use its reasonable endeavours to remove your records from its systems 6 to 12 months following the last documented candidate activity.
If you have given your explicit consent to the storage of your data in files, databases or directories of the NBCC for future opportunities within the NBCC or with its partners, then the period specified in such consent will apply. Please contact our HR department if you need any information regarding retention periods applicable to your personal data.
13. Your rights
You have a number of rights in relation to our handling of your data. These include the following:
- Access: you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive information regarding the personal data we hold about you, to obtain a copy of it, and to check that we are lawfully processing it.
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances (e.g., if you withdrew your consent to process your personal data for specified therein purposes). There are also certain occasions where we may refuse a request for erasure, for example, where the personal data is required for compliance with laws and regulations, with our obligations under our contract and for other legal reasons such as in connection with claims.
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
- Transfer: you may request the transfer of certain of your personal data to another party.
- Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) you may object to processing on this ground.
- Right to withdraw consent: in the limited circumstances where you may have provided your consent to the collection and processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. The withdrawal only applies to any future processing not what we have done in the past.
We may also need to keep some information in order to fulfil your requests, if you make one of the forgoing requests.
14. How to exercise your rights
If you want to exercise any of these rights, please contact your contract person in the HR department.
15. Contact details - questions or complaints
If you would like to receive additional information about this Notice, have any questions around how we handle your personal data or would like to make any complaints, please contact your contact person in the HR department. You also have a right to lodge a complaint with the data protection authority.
Changes to this notice
This notice may be changed from time to time.1 “Sensitive data” are defined as data about your health, data that reveal your race or ethnic background, political views, religious or ideological beliefs or union membership, data related to your sexual orientation, biometrical data or data related to criminal convictions or criminal offences.