1. Information We Collect

We may collect and process the following categories of personal data:

Personal Data: Full name, email address, contact number, nationality, and contact address.

Usage Data: Information on how our website is accessed and used, including your IP address, browser type, pages visited, date/time of visit, device identifiers, and other diagnostic information.

2. How We Use Your Data

Your personal data may be used for the following purposes:

• To provide follow-up correspondence and respond to enquiries/complaints.
• To enable participation in interactive features or selection/recruitment processes.
• To communicate with you regarding services, vacancies, updates, or newsletters.
• To establish or manage a business relationship.
• To comply with legal obligations or government/regulatory requests.
• To monitor, improve, and secure our website.
• To protect our legal rights and defend against claims.

3. Legal Basis for Processing

We will only process your personal data where there is a lawful basis to do so, including:

• Your consent.
• Compliance with a legal obligation.
• Where processing is necessary for the performance of a contract.
• Where it is necessary for our legitimate business interests and does not override your rights.

4. Data Storage & Security

Data is stored on secure platforms with restricted access limited to authorised personnel bound by confidentiality.

• All transmissions are encrypted using HTTPS/SSL protocols.
• Our hosting provider uses firewalls, intrusion prevention, and other safeguards.
• Access controls are periodically reviewed, and data is regularly backed up.

Despite these measures, no system is 100% secure. However, we take reasonable technical and organisational steps to protect against misuse, loss, or unauthorised access.

5. Data Sharing and Disclosure

We may disclose your personal data:

• Where required by law, regulation, or valid legal process.
• To regulators, courts, or government agencies when lawfully requested.
• To trusted service providers under strict confidentiality and data protection agreements.
• With your explicit consent.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Notice, and in line with applicable legal and regulatory obligations. Usage Data may be retained for a shorter period unless required for security, functionality improvement, or compliance purposes.

7. Your Data Protection Rights

Under the NDPA 2023, you have the following rights:

• Right of Access – to request copies of your personal data.
• Right to Rectification – to correct inaccurate or incomplete data.
• Right to Erasure – to request deletion of your data in certain circumstances.
• Right to Restriction of Processing – to request limits on how your data is used.
• Right to Data Portability – to receive your data in a structured, machine-readable format.
• Right to Object – to object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent – where processing is based on your consent.

To exercise any of these rights, please contact us at dpo@initshq.com.

8. Breach Notification

We have procedures in place to detect, investigate, and remediate personal data breaches. Where legally required, we will notify you and the relevant regulator of any breach within the statutory timeframe.

We will not be liable for breaches caused by:

• Force majeure events (natural disasters, war, terrorism, etc.).
• Circumstances beyond our reasonable control.
• Use or disclosure of your data by a third party designated by you.

9. Amendments

We may update this Privacy Notice periodically. Updates will be published on our Website, and your continued use of our services after such updates constitutes acceptance.

10. Governing Law

This Privacy Notice is governed by the Nigeria Data Protection Act, 2023. In case of conflict, the NDPA and regulations of the Nigeria Data Protection Commission (NDPC) shall prevail.