SWISS PHARMA NIGERIA LIMITED
DATA PRIVACY POLICY

Swiss Pharma Nigeria Limited (“Swipha”) respects your privacy and takes its responsibilities with regard to the management of personal data very seriously. We do not take lightly the trust you have reposed in us, in providing us with your personal information. This Data Privacy Policy (the “Privacy Policy”) describes how Swipha processes your personal data and is a guide to help you understand:

(1) The Information We Collect
(2) How We Collect and Use Your Personal Data
(3) Consent and Access Rights
(4) Personal Data Protection Principles
(5) User Responsibility
(6) Data Security
(7) Links to Third Party Websites
(8) Third Party Access
(9) Violation of Privacy
(10) Data Retention
(11) How to Contact Us

Swipha reserves the right to make changes to this Privacy Policy at any time and for any reason. You will immediately be notified about any changes and all changes will be effective immediately unless otherwise specified.
Swipha’s obligations and the exercise of such obligations pursuant to this Data Privacy Policy shall be subject to its obligations under Nigerian Data Protection Regulation 2019.

1. The Information We Collect
We collect the following information: name, date of birth, residential and contact address, telephone number, email address, marital status, nationality, gender, tax identity number, bank details.

2. How We Collect and Use Your Personal Data
2.1 Swipha collects the above-mentioned information using forms, email and physical requests, cookies, JWT and web tokens.
2.2 When you send an email to Swipha or use any other form of communication , we may retain the information from such communication in order to process your inquiries, respond to your requests and improve our services. When you access Swipha’s services, our servers automatically record information that your browser sends whenever you visit a website.
2.3 We use the above-mentioned information to obtain legal advice, for due diligence, transactions, litigation, regulatory compliance, marketing, business development, listing on directories, publicity, human resources management, recruitment, event planning and hosting, in-house security, research, analysis and vendor registration.

3. Consent and Access Rights
3.1 We require your consent for the processing of your personal data and where a document deals with several matters, we shall obtain your consent in a manner which clearly distinguishes it from the other matters in the document.
3.2 Notwithstanding paragraph 3.1 above, we can process your personal data in the absence of consent where:

a. processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, prior to entering into a contract;

b. processing is necessary for compliance with a legal obligation to which we are subject.

c. processing is necessary in order to protect your vital interests or that of another natural person; and

d. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official public mandate vested in us.

3.3 If we intend to use your personal data for a purpose which is different from the purpose for which your personal data was obtained, we will seek your consent prior to the use of your personal data for that other purpose.

3.4 In the event of any arrangement whereby Swipha sells or transfers all, or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation) to third parties, you hereby consent that your personal data held by Swipha can be transferred or assigned to third parties who may become the controllers and/or processors of your personal data that was held by Swipha prior to such arrangement. Swipha shall at all times ensure that you are notified when your personal data is intended to be transferred to third parties in the circumstances outlined in this clause. Swipha will provide the third party with its Data Protection Policy and Privacy Policy and will not be responsible for the failure of the third party to honor the commitments made in this Privacy Policy and the Data Protection Policy.

3.5 No Consent shall be sought, given or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti-social conducts.

3.6 You may withdraw your consent at any time and may request access to your personal information in our possession. We can, however, deny you access to the information where we determine that your request is unreasonable. Where Swipha has reasonable doubts concerning the identity of the person making the request for information, Swipha reserves the right to request additional information necessary to confirm the identity of the person making the request.

3.7 You reserve the right to request the deletion or modification/amendment of your personal data in our possession.
3.8 In all cases of access deletion or modification/amendment of personal information, we shall request for an adequate proof of identification to enable us to confirm that you are the owner of the personal data sought to be accessed or modified/amended. Upon modification/amendment of personal data, Swipha shall notify the requester of such the completion of the modification/amendment.

4. Personal Data Protection Principles
When we process your personal data, we are guided by the following principles, which require personal data to be:

a) processed lawfully, fairly, in a transparent manner and with respect for the dignity of the human person.
b) collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
d) accurate and where necessary kept up to date.
e) removed or not kept in a form which permits identification of data subject for longer than is necessary for the purposes for which the personal data is processed.
f) processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage.

5. User Responsibility

You are required to familiarise yourself with this policy and to ensure that the information you provide to us is complete, accurate and up to date.

6. Data Security
6.1 Swipha implements and maintains appropriate safeguards to protect personal data, considering the risks to you, presented by unauthorised or unlawful processing or accidental loss, destruction of, or damage to your personal data.

6.2 Safeguarding will include the use of encryption and pseudonymisation where appropriate. It also includes protecting the confidentiality (i.e. that only those who need to know and are authorised to use personal data have access to it), integrity and availability of the personal data. We regularly evaluate and test the effectiveness of those safeguards to ensure the security of our processing of personal data.

6.3 You should, however, be aware that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures, we cannot guarantee absolute security. Swipha, therefore, accepts no liability for any damage or loss, however caused, in connection with transmission over the Internet or electronic storage.

7. Links to Third Party Websites
The Swipha website when it is set up may contain links to other websites owned and operated by third parties. These links are provided for your information and convenience only and are not an endorsement by Swipha of the content of such linked websites or third parties. The information that we collect from you will become available to these websites if you click the link to the websites. These linked websites are neither under our control nor our responsibility. Swipha, therefore, makes no warranties or representations, express or implied about the safety of such linked websites, the third parties they are owned and operated by and the suitability or quality of information contained on them. This Privacy Policy does not apply to these websites and we cannot guarantee the safety and privacy of your information, thus, if you decide to access these linked third-party websites and/or make use of the information contained on them, you do so entirely at your own risk. Swipha accepts no liability for any damage or loss, however caused, in connection with accessing, the use of or reliance on any information, material, products or services contained on or accessed through any such linked website. We advise that you contact those websites directly for information on their privacy policy, security, data collection and distribution policies.

8. Third Party Access
8.1 Swipha only shares personal information with other companies or individuals in the following limited circumstances:

a) We have your consent.
b) We provide such information to other professional advisers or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

c) We strongly believe that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms of service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Swipha, its users or the public as required or permitted by law.

8.2 Swipha is at all times, responsible for the security and appropriate use of such personal data as long as it remains with Swipha.

9. Violation of Privacy
9.1 We have put in place procedures to deal with any suspected personal data breach and will notify you of any personal data breach and let you know the steps we have taken to remedy the breach and the security measures we have applied to render your personal data unintelligible.
9.2 All suspected breach of personal data will be remedied with 1 (one) month from the date of the report of the breach.
9.3 If you know or suspect that a personal data breach has occurred, you should immediately contact the Data Protection Officer at ismail.olaoye@swiphanigeria.com, dpo@swiphanigeria.com marcellina.iluke@swiphanigeria.com

9.4 Swipha will not be responsible for any personal data breach which occurs as a result of:

a) an event which is beyond the control of Swipha, including but not limited to government action;

b) an act or threats of terrorism;

c) an act of God (such as, but not limited to fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Swipha’s data protection measures;

d) war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo;

e) rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Swipha’s data protection measures.

f) the transfer of your personal data to a third party on your instructions; and

g) the use of your personal data by a third party designated by you.

10. Data Retention
We shall retain your personal data for as long as is necessary to implement, administer and manage your request and contract with the Company, or as required to comply with legal or regulatory obligations, including under tax and security laws.

11. How to Contact Us

For any enquiries you have in relation to this Privacy Policy, please feel free to contact our Data Protection Officer at ismail.olaoye@swiphanigeria.com, dpo@swiphanigeria.com