Privacy Policy

News
Read More
NSE, SEC Train Capital Market Operators on Legal and Regulatory Requirements for the Derivatives Market

DATA PRIVACY POLICY

  • About this Policy
    • This policy explains when and why we collect personal information about our shareholders, investors and staff, how we use it and how we keep it secure and their rights in relation to it.
    • We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you.
    • We reserve the right to amend this Data Privacy Policy from time to time without prior notice. We may be required to amend this Data Privacy Policy due to regulations. For any significant changes you will be notified but you are advised to check our website for the latest Privacy Policy.
    • We will always comply with the Nigeria Data Protection Regulation (NDPR) when dealing with your personal data. For the purposes of the NDPR, we will be the “controller” of all personal data we hold about you.
  • Who are we?
    We are Network Capital Limited.
    We can be contacted at:
    13, Maitama Sule Street, South West, Ikoyi, Lagos, Nigeria
    dpo@networkcapitalltd.com
    Tel: +234 7062002333, +234 8030482468

     

  • What information we collect and why.

    Which informationWhat we doWhy we do itRetention time
    How long do we keep your information
    Clients Biodata such as but not limited to:
    Name, Date of Birth,
    Biometrics,
    Passport Photograph
    Phone number,
    Account Details
    Clearing House
    Number etc.
    • Complete a task
    • Provide a service
    To comply with legal and regulatory obligations and requirementsFor as long as it is necessary to comply with Network Capital Limited legal obligations and statutory functions
    Staff Records such as but not limited to:
    Name, Date of Birth,
    Academic Qualifications,
    Passport Photograph,
    Account Details etc.
    • Complete a task
    • Provide a service
    To comply with legal and regulatory obligations and requirementsFor as long as it is necessary to comply with Network Capital Limited legal obligations and statutory functions
    Service Providers
    Details such as but not limited to:

    CAC documents, PENCOM Details, Tax Identification Number, Account Details etc.
    • Complete a task
    • Provide a service
    To comply with legal and regulatory obligations and requirementsFor as long as it is necessary to comply with Network Capital Limited legal obligations and statutory functions



    • How we protect your personal data
      • We will not transfer your personal data outside Nigeria without your consent.
      • We have implemented generally accepted standards of technology and operational
        security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
      • Please note however that where you are transmitting information to us over the
        internet this can never be guaranteed to be 100% secure.
      • For any payments which we take from you on-line we will use a recognised on-line
        secure payment system.
      • We will notify you promptly in the event of any breach of your personal data which
        might expose you to serious risk.
    • Who else has access to the information you provide us?

       

      • We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where required to do so by law.
      • We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g., to print newsletters and send you mailings). However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
    • How long do we keep your information?

       

      • We will hold your personal data on our systems for as long as you are our client, service provider and staff for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
      • We securely destroy all financial information once we have used it and no longer need it.
    • Your rights
      • You have rights under the NDPR:
        • to access your personal data
        • to be provided with information about how your personal data is processed
        • to have your personal data corrected
        • to have your personal data erased in certain circumstances
        • to object to or restrict how your personal data is processed
        • to have your personal data transferred to yourself or to another business in certain circumstances
        • You have the right to take any complaints about how we process your personal data
          to the National Information Technology Development Agency (NITDA):
          dpo@nitda.gov.ng

    For more details, please address any questions, comments and requests regarding our data
    processing practices to our Data Protection Officer via dpo@networkcapitalltd.com

    DATA PROTECTION POLICY

      • About this Policy
        • This policy explains when and why we collect personal information about our website visitors, how we use it and how we keep it secure and your rights in relation to it.
        • We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you.
        • We reserve the right to amend this Data Privacy Policy from time to time without prior notice. We may be required to amend this Data Privacy Policy due to regulations. For any significant changes you will be notified but you are advised to check our website for the latest Privacy Policy
        • We will always comply with the Nigeria Data Protection Regulation (NDPR) when dealing with your personal data. For the purposes of the NDPR, we will be the “controller” of all personal data we hold about you.
        • Consenting to our use of cookies in accordance with the terms of this policy when you first visit our website permits us to use cookies every time you visit our website.

    Who are we?
    We are Network Capital Limited.
    We can be contacted at:

    13, Maitama Sule Street, South West, Ikoyi, Lagos, Nigeria
    Tel: +234 7062002333, +234 8030482468
    dpo@networkcapitalltd.com

      • Collecting personal information
        The following types of personal information may be collected, stored, and used:

         

          • information about your computer including your IP address, geographical location, browser type and version, and operating system;
          • information about your visits to and use of this website including the referral source, length of visit, page views, and website navigation paths;
          • information, such as your email address, that you enter when you register with our website;
          • information that you enter when you create a profile on our website—for example, your name, profile pictures, gender, birthday, relationship status, interests and hobbies, educational details, and employment details;
          • information, such as your name and email address, that you enter in order to set up subscriptions to our emails and/or newsletters;
          • information that you enter while using the services on our website;
          • information that is generated while using our website, including when, how often, and under what circumstances you use it;
          • information relating to enquiries, complaints and feedback you make through our website, which includes your name, address, telephone number, email address, and credit card details;
          • information that you post to our website with the intention of publishing it on the internet, which includes your user-name, profile pictures, and the content of your posts;
          • information contained in any communications that you send to us by email or through our website, including its communication content and meta-data;
          • any other personal information that you send to us.

        Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.

      • Using your personal information
        Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website. We may use your personal information for the following:

         

        • administering our website and business;
        • personalizing our website for you;
        • enabling your use of the services available on our website;
        • processing withdrawal applications on your retirement savings account (RSA);
        • updating your profile on our database if need be;
        • sending statements, invoices, and payment reminders to you, and collecting payments
          from you;
        • sending you non-marketing commercial communications;
        • sending you email notifications that you have specifically requested;
        • sending you our email newsletter, if you have requested it (you can inform us at any time if
          you no longer require the newsletter);
        • sending you marketing communications relating to our business or the businesses of
          carefully-selected third parties which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
        • providing third parties with statistical information about our users (but those third parties
          will not be able to identify any individual user from that information);
        • dealing with inquiries and complaints made by or about you relating to our website;
        • keeping our website secure and prevent fraud;
        • verifying compliance with the terms and conditions governing the use of our website
          (including monitoring private messages sent through our website private messaging service);

        If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
        Your privacy settings can be used to limit the publication of your information on our website and can be adjusted using privacy controls on the website.
        We will not, without your express consent, supply your personal information to any third party for their or any other third party’s direct marketing.

      • Disclosing personal information
        We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as reasonably necessary for the purposes set out in this policy.

         

        We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) as reasonably necessary for the purposes set out in this policy.

        We may disclose your personal information:

        • to the extent that we are required to do so by law;
        • in connection with any ongoing or prospective legal proceedings;
        • in order to establish, exercise, or defend our legal rights (including providing information to
          others for the purposes of fraud prevention and reducing credit risk);
        • to the purchaser (or prospective purchaser) of any business or asset that we are (or are
          contemplating) selling; and to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

           

          Except as provided in this policy, we will not provide your personal information to third parties.

      • International data transfers
        • Information that we collect may be stored, processed in, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
        • Information that we collect may be transferred to the following countries which do not have data protection laws equivalent to those in force in Nigeria, the United States of America, Russia, Japan, China, and India.
        • Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
        • You expressly agree to the transfers of personal information described in this Section 6.
      • Retaining personal information
        • This Section 7 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations regarding the retention and deletion of personal information.
        • Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
        • Without prejudice to article 7.2, we will usually delete personal data based on our data retention policy.
        • Notwithstanding the other provisions of this Section 7, we will retain documents (including electronic documents) containing personal data:
          • to the extent that we are required to do so by law;
          • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
          • in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
      • Security of your personal information
        • We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.
        • We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
        • All electronic financial transactions entered into through our website will be protected by encryption technology.
        • You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
        • You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
      • Amendments
        We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.

         

      • Third party websites
        Our website includes hyper-links to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
      • Updating information

    Please let us know if the personal information that we hold about you needs to be corrected or updated.

    PRIVACY NOTICE

    • Scope
      All data subjects whose personal data is collected, in line with the requirements of the Nigeria
      Data Protection Regulation.

       

    • Responsibilities
      • The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to Network Capital Limited collecting/processing their personal data.
      • All Employees/Staff of Network Capital Limited who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
    • Privacy notice
      Network Capital Limited  has an established reputation for providing financial market services to business enterprises, government (all tiers) and high net worth individuals of a very high standard in terms of service delivery, professionalism and integrity.
      Our assigned Data Protection Officer Mr. Ibukun Rapheal Bamidele can be contacted directly via:
      Website: www.networkcapitalltd.com
      Email: dpo@networkcapitalltd.com
      Address: 13, Maitama Sule Street, South West, Ikoyi, Lagos, Nigeria

      Tel: +234 7062002333, +234 8030482468

       

    • Consent
      By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
      Consent is required for Network Capital Limited  to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data, we will always tell you why and how the information will be used.

       

      You may withdraw consent at any time by contacting us at the details provided or in line with Withdrawal of Consent Procedure.

    • Disclosure
      Network Capital Limited will not pass on your personal data to third parties without first obtaining your consent. We do not share your personal data without first obtaining your consent.
    • Retention period
      Network Capital Limited  will process personal data for the purposes of your enquiry and store information in line with statutory obligations and our cookie policy. Settings that enable our products to operate correctly or maintain preferences maybe stored on your device to assist you when returning to our site. Wherever possible personal data will be minimized and securely destroyed. Storage of personal data will follow statutory retention requirements.

       

    • Your rights as a data subject
      At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

       

      • Right of access – you have the right to request a copy of the information that we
        hold about you.
      • Right of rectification – you have a right to correct data that we hold about you that
        is inaccurate or incomplete.
      • Right to be forgotten – in certain circumstances you can ask for the data we hold
        about you to be erased from our records.
      • Right to restriction of processing – where certain conditions apply to have a right to
        restrict the processing.
      • Right of portability – you have the right to have the data we hold about you
        transferred to another organisation.
      • Right to object – you have the right to object to certain types of processing such as
        direct marketing.
      • Right to object to automated processing, including profiling – you also have the
        right to be subject to the legal effects of automated processing or profiling.
      • Right to judicial review: in the event that Network Capital Limited Limited  refuses your request under rights of access, we will provide you with a reason as to why.
        You have the right to complain as outlined in clause 3.6 below.
        All of the above requests will be forwarded on should there be a third party
        involved in the processing of your personal data.
    • Complaints
      In the event that you wish to make a complaint about how your personal data is being processed by Network Capital Limited (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Network Capital Limited  data protection representative the assigned Data Protection Officer / NDPR Owner, details as in 3.1.
    • On-line privacy statement
        • Personal data
          Under the Nigeria Data Protection Regulation (NDPR) personal data is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
        • How we use your information
          This privacy notice tells you how we, Network Capital Limited, will collect and use your personal data. We acquire and use information relating to commercial organisations and individuals for a variety of reasons:

           

          1. Delivery of our services
          2. Communications
          3. Legal obligations
          4. Marketing purposes

          If you are requested to provide us with personal information you can of course refuse. If you choose not to provide the data that we require to provide our services then we may not be able to deliver that service for you.

        • The personal data collected from you

      Contact data: We will request your full name, postal address, phone number and e-mail address.

      Special category data: We may request on occasion such data about you that may be necessary to facilitate the execution of our services. This maybe data such as your current health for a vulnerability assessment.

      Payment data: Where it is necessary to process your payment, if you are repaying debt or for payments of services supplied to you, then sensitive information, such as your debit card number, security code and cardholders address maybe requested but not stored by us. The payment is processed by our staff using secure processing websites with secure links operated by our approved card merchant service providers. The information is not stored on our systems or held with any of our personnel.

      Business and relationships: We may collect such personal information that you provide to us relating to your contacts and business relationships.

      Content: We may collect the content of any data files and communications that you may send us for the purposes of carrying out your instruction, together with any relevant physical documents that you may give us as well, when these are necessary to provide you with the offered service. Data we collect may include but not limited:

          • address, subject line and body of an email
          • video and/or audio recording of a video message
          • written content of a text, similar app or other content of an instant message
          • relevant social media messages

      We may also collect information that you provide us with regards to client feedback for services provided. This information will be retained in line with our retention policy.

      The personal data we collect will be used for the following purposes but not limited to:

          • To carry out our business activities
          • To enforce using the appropriate legal process
          • Update existing information
          • Manage our products and services
          • Monitor and keep records of communications
          • To improve the operations of our business where possible
          • To comply with legal and regulatory obligations and requirements

      Any legitimate interests pursued by us, or third parties we use, are as follows:

          • Develop business partnerships
          • To comply with legal and regulatory obligations and requirements
        • Need to collect and store personal data
            • In order for us to provide you with the services we offer we need to collect personal data for:

           

            • General information processing: though we do not undertake automated decision making or profiling of personal data.
            • Legitimate Business requirements
            • Perform contractual and payment obligations
            • Meet legal obligations and requirements

          In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. In terms of being contacted for marketing purposes Network Capital Limited  would contact you for additional consent.

        • Sharing personal data

      Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with Network Capital Limited  procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

        • Use of personal data

      Network Capital Limited  will process (collect, store and use) the information you provide in a manner compatible with the Nigeria Data Protection Regulation (NDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Personal data may be held in addition to these periods depending on individual business needs.

      • The personal data that Network Capital Limited  holds about you
        If Network Capital Limited  does hold personal data about you, you can request the following information:

         

        • Identity the contact details of the person or organisation that has determined how
          and why to process your data.
        • Contact details of the data protection officer, where applicable.
        • The purpose of the processing as well as the legal basis for processing.
          If the processing is based on the legitimate interests of Network Capital Limited or a third party, information about those interests.
        • The categories of personal data collected, stored and processed.
        • Recipient(s) or categories of recipients that the data is/will be disclosed to.
        • If we intend to transfer the personal data to a third country or international
          organisation, information about how we ensure this is done securely.
        • The National Information Technology Development Agency (NITDA) has approved
          sending personal data to some countries because they meet a minimum standard
          of data protection. In other cases, we will ensure there are specific measures in
          place to secure your information.
        • How long the data will be stored.
        • Details of your rights to correct, erase, restrict or object to such processing.
        • Information about your right to withdraw consent at any time.
        • How to lodge a complaint with the supervisory authority.
        • Whether the provision of personal data is a statutory or contractual requirement, or
          a requirement necessary to enter into a contract, as well as whether you are
          obliged to provide the personal data and the possible consequences of failing to
          provide such data.
        • The source of personal data if it wasn’t collected directly from you.
        • Any details and information of automated decision making, such as profiling, and
          any meaningful information about the logic involved, as well as the significance and
          expected consequences of such processing.
        • What forms of ID will I need to provide in order to access this?
          Network Capital Limited accepts:
          Passport Photograph
          National ID Card
          Driver’s License
          Voter’s card (Permanent)
          Nigerian International passport
    DATA SUBJECT ACCESS REQUEST POLICY
      • About this Policy: scope, purpose and users
      • ⦁ This procedure sets out the key features regarding handling or responding to requests for access to personal data made by data subjects, their representatives or other interested parties. This procedure will enable Network Capital Limited (further: “Company”) to comply with legal obligations, provide better customer care, improve transparency, enable individuals to verify that information held about them is accurate, and increase the level of trust by being open with individuals about the information that is held about them.
      • This procedure applies broadly across all entities or subsidiaries owned or operated by the Company but does not affect any state or local laws or regulations which may otherwise be applicable.
      • This procedure applies to employees that handle data subject access requests such as the Data Protection Officer.
      • ⦁ Data Subject Access Request (DSAR)

      • A Data Subject Access Request (DSAR) is any request made by an individual or an individual’s legal representative for information held by the Company about that individual. The Data Subject Access Request provides the right for data subjects to see or view their own personal data as well as to request copies of the data.
      • A Data Subject Access Request must be made in writing. In general, verbal requests for information held about an individual are not valid DSARs.
      • ⦁ A Data Subject Access Request can be made via any of the following methods: email or post. DSARs made on-line must be treated like any other Data Subject Access Requests when they are received, though the Company will not provide personal information via social media channels.

      • The Rights of a Data Subject

    The rights to data subject access include the following:

      • Know whether a data controller holds any personal data about them.
      • Receive a description of the data held about them and, if permissible and practical, a copy of the data
      • Be informed of the purpose(s) for which that data is being processed, and from where it was received
      • Be informed whether the information is being disclosed to anyone apart from the original recipient of the data; and if so, the identity of those recipients
      • The right of data portability. Data subjects can ask that their personal data be transferred to them or a third party in machine readable format (Word, PDF, etc.). However, such requests can only be fulfilled if the data in question is: 1) provided by the data subject to the Company, 2) is processed automatically and 3) is processed based on consent or fulfilment of a contract.
      • If the data is being used to make automated decisions about the data subject, to be told what logic the system uses to make those decisions and to be able to request human intervention.

        The Company must provide a response to data subjects requesting access to their data within 30 calendar days of receiving the Data Subject Access Request unless local legislation dictates otherwise.

      • Requirements for a valid DSAR
      • In order to be able to respond to the Data Subject Access Requests in a timely manner, the data subject should:
        • Submit his/her request using a Data Subject Access Request Form.
        • Provide the Company with sufficient information to validate his/her identity (to ensure that the person requesting the information is the data subject or his/her authorized person).
      • Subject to the exemptions referred to in this document, the Company will provide information to data subjects whose requests are in writing (or by some other method explicitly permitted by the local law), and are received from an individual whose identity can be validated by Company
      • However, Company will not provide data where the resources required to identify and retrieve it would be excessively difficult or time-consuming. Requests are more likely to be successful where they are specific and targeted at particular information.
      • Factors that can assist in narrowing the scope of a search include identifying the likely holder of the information (e.g. by making reference to a specific department), the time period in which the information was generated or processed (the narrower the time frame, the more likely a request is to succeed) and being specific about the nature of the data sought (e.g. a copy of a particular form or email records from within a particular department).
      • DSAR process
      • Request
        Upon receipt of a DSAR, the Data Protection Team will log and acknowledge the request. The requestor may be asked to complete a Data Subject Access Request Form to better enable the Company to locate the relevant information.
      • Identify verification
        The Data Protection Team needs to check the identity of anyone making a DSAR to ensure information is only given to the person who is entitled to it. If the identity of a DSAR requestor has not already been provided, the person receiving the request will ask the requestor to provide two forms of identification, one of which must be a photo identity and the other confirmation of address.
        If the requestor is not the data subject, written confirmation that the requestor is authorized to act on behalf of the data subject is required.

         

      • Information for DSAR
        Upon receipt of the required documents, the person receiving the request will provide the Data Protection Team with all relevant information in support of the DSAR. Where the Data Protection Team is reasonably satisfied with the information presented by the person who received the request, the Data Protection Officer will notify the requestor that his/her DSAR will be responded to within 30 calendar days. The 30-day period begins from the date that the required documents are received. The requestor will be informed by the Data Protection Team in writing if there will be any deviation from the 30-day time-frame due to other intervening events.

         

      •  
      • Review of Information
        ⦁ The Data Protection Team composed of cross department representative will collate the relevant and required information as requested in the DSAR.
        The Data Protection Team must ensure that the information is reviewed/received by the imposed deadline to ensure the 30-calendar day time-frame is not breached. The Data Protection Officer will ask the relevant department to complete a “Data Subject Disclosure Form” to document compliance with the 30-day requirement.

         

      • Response to access requests
        The Data Protection Team will provide the finalized response together with the information retrieved and/or a statement that the Company does not hold the information requested, or that an exemption applies.

        The Data Protection Team will ensure that a written response will be sent back to the requestor. This will be via email, unless the requestor has specified another method by which they wish to receive the response (e.g. post).

        The Company will only provide information via channels that are secure. When hard copies of information are posted, they will be sealed securely and sent by recorded delivery.

         

      • Archiving
        After the response has been sent to the requestor, the DSAR will be considered closed and archived by the Data Protection Team
      • Exemptions
      • An individual does not have the right to access information recorded about someone else, unless they are an authorized representative.
      • The Company is not required to respond to requests for information unless it is provided with sufficient details to enable the location of the information to be identified, and to satisfy itself as to the identity of the data subject making the request.
      • ⦁ In principle, the Company will not normally disclose the following types of information in response to a Data Subject Access Request:
        • Information about other people – A Data Subject Access Request may cover information which relates to an individual or individuals other than the data subject. Access to such data will not be granted, unless the individuals involved consent to the disclosure of their data.
        • Repeat requests – Where a similar or identical request in relation to the same data subject has previously been complied with within a reasonable time period, and where there is no significant change in personal data held in relation to that data subject, any further request made within a six months period of the original request will be considered a repeat request, and the Company will not normally provide a further copy of the same data
        • Publicly available information – The Company is not required to provide copies of documents which are already in the public domain
        • Opinions given in confidence or protected by copyright law – The Company does not have to disclose personal data held in relation to a data subject that is in the form of an opinion given in confidence or protected by copyright law.
      • DSAR Refusals

    There are situations where individuals do not have a right to see information relating to them. For instance:

    • If the information is kept only for the purpose of statistics or research, and where the results of the statistical work or research are not made available in a form that identifies any of the individuals involved.
    • Requests made for other, non-data protection purposes can be rejected.
    • If the responsible person refuses a Data Subject Access Request on behalf of the Company, the reasons for the rejection must be clearly set out in writing. Any individual dissatisfied with the outcome of his/her Data Subject Access Request is entitled to make a request to the Data Protection Officer to review the outcome.
    • Responsibilities
    • The overall responsibility for ensuring compliance with a DSAR rests with the Data Protection Officer.
    • If the Company acts as a data controller towards the data subject making the request then the DSAR will be addressed based on the provisions of this procedure
    • If the Company acts as a data processor the Data Protection Officer will forward the request to the appropriate data controller on whose behalf the Company processes personal data of the data subject making the request.