Heritech Consulting (“Heritech,” “we,” “our,” or “us”) is committed to protecting personal data in accordance with applicable data protection laws and global best practices, including the Nigeria Data Protection Act, 2023 (NDPA), the EU General Data Protection Regulation (GDPR), the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention), and related international frameworks.

This Privacy Policy explains how we collect, use, disclose, store, and safeguard personal data obtained through our website, professional engagements, and related activities.

1. Data Controller

For the purposes of applicable data protection laws, Heritech Consulting is the Data Controller.

Address: Abuja, Nigeria
Email: info@heritechconsulting.org

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website
• Clients, partners, and stakeholders
• Individuals engaging with our advisory, policy, regulatory, research, software development, and capacity-building services.

3. Personal Data We Collect

We collect only personal data that is adequate, relevant, and limited to what is necessary for legitimate purposes.

a. Identity and Contact Data

• Full name
• Email address
• Telephone number
• Organization or company name
• Job title or professional role

b. Professional and Engagement Data

• Policy, regulatory, or governance interests
• Information shared during consultations, meetings, or engagements
• Correspondence and records related to advisory or representation services

c. Technical and Usage Data

• IP address
• Browser type and version
• Device and operating system information
• Website interaction and usage data

4. Lawful Basis for Processing

We process personal data only where at least one lawful basis applies, including:

• Consent – where you have given clear consent
• Contractual necessity – where processing is required to perform a contract or engagement
• Legal obligation – where processing is required to comply with applicable laws
• Legitimate interests – where processing is necessary for our professional operations and does not override your fundamental rights

5. Purposes of Processing

Personal data is processed for the following purposes:

• Responding to inquiries and communications
• Delivering policy, regulatory, and advisory services
• Business representation and advocacy activities
• Research, reporting, and capacity development
• Managing events, briefings, and professional engagements
• Improving our website, services, and stakeholder experience
• Meeting legal, regulatory, and accountability obligations

6. Data Minimization and Purpose Limitation

We collect and process personal data:

• Only for specific, explicit, and legitimate purposes
• In a manner that is compatible with those purposes
• Not further processed in a way that is inconsistent with applicable law

7. Data Sharing and Disclosure

We do not sell or commercially exploit personal data.

We may share personal data only where necessary and lawful, including with:

• Trusted service providers acting under contractual confidentiality and data protection obligations
• Professional collaborators and partners engaged for specific assignments
• Public authorities or regulators where disclosure is required by law

All data sharing is limited, purpose-specific, and proportionate.

8. Cross-Border Data Transfers

Where personal data is transferred outside Nigeria or the African continent, we ensure that:

• An adequate level of data protection is maintained, or
• Appropriate safeguards are in place, including contractual protections consistent with NDPA and GDPR requirements

9. Data Retention

Personal data is retained only for as long as necessary to:

• Fulfil the purposes for which it was collected
• Comply with legal, regulatory, contractual, or accountability obligations

Data that is no longer required is securely deleted, anonymized, or archived in accordance with applicable law.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against:

• Unauthorized or unlawful access
• Accidental loss, destruction, or damage
• Alteration or improper disclosure

These measures are reviewed periodically to ensure continued effectiveness.

11. Data Subject Rights

Subject to applicable law, you have the right to:

• Access your personal data
• Request rectification of inaccurate or incomplete data
• Request erasure (“right to be forgotten”)
• Request restriction of processing
• Object to processing based on legitimate interests
• Withdraw consent where processing is based on consent
• Lodge a complaint with a relevant data protection authority

Requests may be submitted using the contact details provided below.

12. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to ensure functionality, analyze usage, and improve user experience. You may manage cookie preferences through your browser settings.

13. Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of third-party sites and encourage users to review their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements, regulatory guidance, or our operations. Updated versions will be published on our website with a revised date.

15. Contact Information

For questions, data requests, or concerns regarding this Privacy Policy, please contact:

Heritech Consulting
Abuja, Nigeria
📧 Email: legal@heritechconsulting.org

Heritech Consulting remains committed to accountability, transparency, and responsible data stewardship in line with Nigerian, African, and global data protection standards.