Our Data Protection Policy
Effective Date: July 23, 2025
Version: 1.0
Owner: Data Governance & Compliance Office
Approved By: Management Board
1. Purpose
The purpose of this policy is to ensure that GIDSA SE LTD handles all personal, sensitive, and business-critical data in compliance with applicable laws and best practices, including the Nigeria Data Protection Act (NDPA 2023), GDPR (where applicable), and other global data protection frameworks.
It establishes the standards for data collection, storage, usage, sharing, access, and destruction.
2. Scope
This policy applies to:
All GIDSA SE LTD staff, contractors, consultants, and third-party service providers.
All data processed by or on behalf of GIDSA SE LTD in physical or electronic format.
All clients, partners, employees, and user data hosted on our platforms (Secure BetaPro).
3. Data Categories Covered
Personal Identifiable Information (PII): names, contact info, ID numbers, location data
Client Data: project files, contracts, case records, emails
Employee Data: payroll, medical, performance, and HR records
Digital Platform Data: analytics, session data, logs, account information
Sensitive or Classified Data: security intelligence, IP, designs, or business secrets
4. Our Data Protection Principles
GIDSA SE LTD is committed to the following key principles:
| Principle |
Commitment |
| Lawfulness |
We collect data only for lawful, explicit, and legitimate purposes. |
| Transparency |
We clearly inform users about how their data is collected and used. |
| Data Minimization |
Only data necessary for operations or compliance is collected. |
| Accuracy |
We take reasonable steps to ensure data remains accurate and up to date. |
| Storage Limitation |
Data is retained only as long as required by law or business need. |
| Security |
We use technical and organizational safeguards to protect data. |
| Accountability |
We maintain audit trails and logs of data handling for compliance review. |
5. Rights of Data Subjects
All individuals whose data is held by GIDSA SE LTD have the following rights:
Right to access their data
Right to correct or update inaccuracies
Right to data portability
Right to withdraw consent at any time
Right to object to data processing
Right to request deletion (Right to be forgotten)
Right to lodge complaints with the relevant data protection authority
To exercise any of these rights, individuals may contact: privacy@gidsase.com
6. Data Collection & Use
We only collect data necessary for:
Fulfilling contractual obligations
Providing services through our platforms and products
Communication, billing, and customer service
Recruitment, HR, and employee management
Legal and regulatory compliance
Internal analytics, service improvement, and innovation
7. Data Storage & Retention
Data is stored securely in ISO 27001-certified data centers, both on-premise and cloud-based.
We use encryption, access control, firewalls, and threat detection for data protection.
Retention periods are determined by regulation, contract, or internal policy (usually 2 - 7 years).
After expiry, data is securely destroyed or anonymized.
8. Data Sharing & Third Parties
Data is never sold or shared for unauthorized purposes.
We only share data with third-party vendors under strict Data Processing Agreements (DPAs).
All third-party processors must comply with our data protection and security standards.
9. Data Breach Management
In the event of a data breach:
A Data Breach Response Team (DBRT) will be activated within 1 hour.
Affected individuals and authorities will be notified within 72 hours (or as required).
The incident will be contained, documented, and remedial measures implemented.
10. Staff Responsibilities
All employees and contractors must:
Handle data responsibly and ethically
Complete regular data protection and cybersecurity training
Report any suspected data breach or mishandling immediately
Use only approved systems and tools for storing or processing data
11. Enforcement & Compliance
Violations of this policy may result in disciplinary action, termination of contracts, or legal consequences.
Compliance audits will be conducted regularly to assess adherence.
12. Review & Updates
This policy will be reviewed annually or upon significant change in legal requirements or business operations.
Data Protection Officer (DPO):
Email: dpo@gidsase.com
Web: www.gidsase.com
