JUNKYARD DATA PRIVACY POLICY

References in this policy to “we”, “us”, or “Junkyard” are references to Junkyard Techlogistics Limited. References to “you” in this policy refers to any natural persons who are our Data Subjects (Founders, Prospective Employees, Employees, Prospective Clients, Clients, Vendors, Visitors or Alumni) who visit our website or any of our physical offices or interact with any of our controlled information collection links or forms or such other information collection or exchange points, now known or to be developed in the future.  

This Privacy Policy gives you information about how we collect and use your Personal Data, the other parties with whom we may share it and the measures we take to ensure the security of your Personal Data. It also tells you about your rights and choices with respect to your Personal Data and how you can contact us about our privacy practices.

Please note that we also act on behalf of and under the instructions of Clients or Prospective Clients with whom we owe strict professional and statutory obligation of confidentiality. These Clients may act as Data Controllers or Data Processors or in such other capacity for the purpose of giving us legal instructions. When we act on their behalf, we only collect, use and share Personal Data as authorised by our letter of engagement, the law or as may be required for the purpose of establishing, exercising, or defending legal claims, whether in court proceeding, or in an administrative or out-of-court procedure.  When we collect your Personal Data indirectly from other sources, for our own purposes, the provisions of this Privacy Policy and the Applicable Data Protection Law will apply.

1. Our Data Processing Principle

           We process your Personal Data in line with the following recognised principles. At JUNKYARD, Personal Data is:

• processed and collected for specific, explicit, and legitimate purposes, and only further processed in a way that is compatible with such purposes;
• processed in a fair, lawful and transparent manner;
• adequate, relevant, and limited to the minimum necessary for the purpose for which the Personal Data is collected or further processed;
• secured against hazards and breaches, including unauthorised or unlawful processing, access, loss, destruction, damages, cyber-attack, manipulations;
• accurate, complete, not misleading and kept up to date having regard to the purpose for which the Personal Data is collected; and
• retained for such period for which it is reasonably needed. 

2. The Legal Bases for the Use of Your Personal Data

            The legal bases we rely on for processing your Personal Data are:

             Your Consent

The legal bases set out below form the bases of our processing of your personal data. We may in certain instances rely on your consent to process some of the Personal Data we obtain from you to provide Our Services. Consent is your confirmation or agreement to our data collection and processing request.

Where we require your consent, your consent may be obtained through the use of “check boxes”, “accept button”, “toggle button”, “submit button”, “continue button”, “oral confirmation”, “written confirmation” or such other similar method, including your continuous use of Our Services and/or provision of your Personal Data to us where consent is required, to indicate your agreement/consent to the use of your Personal Data. [See the section on Why and How We May Use Your Personal Data.

Where you have taken any action which may indicate consent by accident or mistake, you have the right to withdraw your consent using our JUNKYARD Data Subject Tool. [See the section on Your Right as a Data Subject]

Where we need your consent and this is not provided to us, we may be unable to provide you with (a) Our Services; and/or (b) process  your Personal Data to provide you with Our Services, except where we have other legal bases to do so.

 

Other Legal Bases:

As a company, we may process your information where we have other legal bases to do so. Some of the other legal bases that we may rely on include:

1. 1. Contract (We have a contractual obligation): To fulfil the terms of the contract to which you are a party, or to take steps, upon your request, prior to entering the contract.

1. 1. Compliance with Legal Obligation: To comply with the laws and regulations that are applicable to us in Nigeria and globally and ensure that we are fully compliant with the laws applicable to Our Services on how we must process your Personal Data.

1. 1. Legitimate Interest: For the purposes of our own legitimate interests or for the legitimate interests of others to whom we may lawfully disclose your Personal Data. 

1. 1. Vital interest: To protect your interests where you are incapable of providing your consent.

1. 1. Public Interest: For the performance of a task carried out in the public interest or in the exercise of official authority.

1. 3. The Types and Categories of Personal Data We Collect about You

We may collect, use, store and transfer different types of Personal Data about you which we have categorised as follows:

Compliance Data	This includes records maintained to demonstrate compliance with applicable laws; records related to consumer preferences, such as your opt-ins and opt-outs of marketing programmes; records relating to data subjects’ rights requests and any other types or forms of Personal Data which we process in relation satisfying and demonstrating the fulfilment of our compliance obligations.
Location/Maps	We collect this information from your device when the app is running in the foreground (app open and on-screen) or background (app open but not on-screen). Location information may be saved to your account.
Photos Library	This includes photos submitted for purposes of customer support or to confirm delivery/pickup.
Contact Information	This includes telephone number, email address, physical address, social media handles and any other type or form of information which provide a means by which to contact an identified/identifiable person.
Financial Information	This includes tax identification details, bank account information, income and salary details, etc.
Identity Information	This includes name, date of birth, gender, state of origin, National Identification Number (NIN), IT equipment’s inventory tag numbers, employee ID number, place of birth, nationality information, passport number, driver’s license number and any other type or form of information which is used to uniquely identify an identified/identifiable person.
Identity Documentation	This refers to any type or form of government or JUNKYARD issued identification documents and includes passports, National Identification Number (NIN) card or slip, driver’s licence, birth certificate, employee identity cards and any other type of document used to validate an identified/identifiable person’s identity.
Professional Information	This refers to data relevant to an identified/identifiable person’s professional life or activities such as employment history, department, professional designation, professional skills and expertise, professional achievements and awards, publications, professional memberships, and affiliations.
Sensitive Personal Data	This is all types and forms of data on religion, ethnicity, health (including vaccination details and medical history), race, trade union membership, genetic data, and biometric data of an identified/identifiable person.

4. Source and How is Your Personal Data Collected

We use different methods and sources to collect Personal Data from and about you; and these may include:

• You: When you interact with us, such as when you visit any of our office locations, send us an email, or interact with any of our other data collection or exchange medium.

• Automated technologies or interactions:As you interact with our platforms or website or engage with our emails and online adverts, such as when we record calls made to/with us and use CCTV cameras in our facilities, we may collect information by automated means using technologies such as cookies, browser analysis tools, and server logs.  We may also collect Technical Data about your equipment, browsing actions and patterns.

• Close Circuit Television (CCTV): We use CCTV to help provide a safe and secure environment for our Visitors and Employees; and you may be recorded when you visit any of our office locations.

• Recruitment Exercise:If you apply for a job with us, you may need to provide information about your education, employment, ethnic background, and health status or submit to a health check. Your application will constitute your express consent to our use of this information in order to assess your application or suitability for the role applied for or any other role, carry out recruitment analytics and any monitoring activities which may be required of us under any laws applicable to us as an employer. We may also carry out screening checks (including reference, background, identity, eligibility to work, and vocational suitability checks) when considering you for employment. We may disclose your personal information (including diversity and equal opportunities data) to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees, and your current and previous employers. We may also collect your Personal Data from these parties in some circumstances. Without your Personal Data we may not be able to progress with your applications for employment with us.

• Third Parties sources (including publicly available sources): In certain circumstances, we may need to collect Personal Data such as Professional and Credential Information which may be collected from publicly available sources, your references, and Third Parties that help us conduct internal investigations and other background screenings. Also, your Personal Data may be collected from your employer, trade show and conference organisers, and professional services companies.

• Other Sourcesof collections are further highlighted below in Purpose of Processing: Why and How We May Use Your Personal Data.

5. Purpose of Processing: Why and How We May Use Your Personal Data

We use your Personal Data across our business functions, to help us with specific business purposes as detailed below.

Specific Purpose of processing	Source of Data	Categories Of Data	Categories of Data Subjects	Legal basis
Recruitment and selection	Google Form, LinkedIn Jobs, Emails, SMS, Telephone call, Third-party sources	Identity Information, Credential Documents, Professional Information, Contact Information	Prospective Employees, Employees, Founders	Contractual, Legitimate Interest,
Compensation and benefit	Microsoft Forms, Email, SMS, Employee Records Telephone Call, Health Management Organisation	Identity Information, Identity Documentation, Contact Information, Performance Data, Alumni Data, Referential Data	Employees, Founders	Contractual Consent
Performance management	Third Party Sources, Email	Identity Information, Performance Data	Employees, Founders	Legitimate Interest
Learning and development	Microsoft Teams, Email	Identity Information, Contact Information, Audio/visual Data	Employees, Founders	Legitimate Interest
Employee records and services	Microsoft Forms, Email, SMS, Telephone Call	Identity Information, Identity Documentation, Credential Information, Financial Information, Referential Data, Sensitive Personal Data	Employees, Founders	Vital interests, contractual, Legitimate Interest, Consent
Payables (payment purposes for fulling contractual arrangements)	Email, SMS, Telephone call	Identity Information, Financial Information, Contact Information	Vendor, Employees, Founders	Contractual, Legitimate Interest
Revenue (payment collection from clients and other agreements)	Email, SMS, Telephone call	Identity Information, Contact Information,	Employees, Clients, Founders	Legitimate Interest
Tax & pension management	Email, SMS, Telephone call	Identity Information, Financial Information, Compliance Data	Employees, Clients, Founders	Legal Obligation
Statutory reports and audits	Email, SMS	Identity Information, Financial Information, Compliance Data	Employees, Client, Vendor, Founders	Legal Obligation, Legitimate interest
Business budget process	Email, SMS, Telephone call	Identity Information, Financial Information, Contact Information	Employees, Vendor, Founders	Legitimate Interest
Maintain IT network, personal computers and applications	Email, SMS, Telephone	Identity Information, Technical Data	Employees, Founders	Legitimate Interest

6. Marketing

You may receive marketing communications from us if you have (a) provided your consent or (b) we have recognised lawful basis for doing so.

However, you may exercise your right to object to such contact from us or opt out from the marketing communication at any time through any of the means provided in the section on “Exercising your Rights, Complaints and Remedies”.

We do not share your Personal Data with third-parties for their own marketing purposes without your express consent.

7. Cookies Policy

We utilise Cookies to differentiate you from other users, gauge your interaction with our website, and enhance Our Services. Depending on your Cookie management settings and preferences, we may store Cookies on your device when you visit our website or applications. We will exclusively deploy analytics Cookies if you provide consent or accept these Cookies. Certain browsers may automatically accept Cookies, while others can be adjusted to reject Cookies or notify you when a website intends to place a Cookie on your computer. Opting to disable non-essential Cookies could potentially limit your ability to fully experience our website or applications.

8. Disclosure of your Information: How and to Whom We Share Your Personal Data

We may need to share your Personal data with Third Parties for the purpose of providing Our Services to you and will only share your Personal Data where we have a legal basis to rely on.

We do not allow our Third Party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. When these Third Parties process your Personal Data, they do so based on our instruction; they are acting strictly under contract with us, with strict confidentiality and data security provisions, and in accordance with the Applicable Data Protection Law.

9. Data Security

We take reasonable steps and have put appropriate security measures in place to hold information securely in electronic or physical form and to prevent unauthorised access, modification, disclosure or accidental loss.  In addition, we limit access to your Personal Data to employees, agents, contractors and other third parties on a need-to-know basis. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality.

We store information in our access-controlled premises or in electronic databases requiring logins and passwords. Also, we require our third-party data storage providers to comply with appropriate information security industry standards. All employees and third-party providers with access to confidential information are subject to confidentiality obligations.

We maintain administrative, technical, and physical controls designed to protect your Personal Data. We protect against loss or theft, as well as against any unauthorised access, risk of loss, disclosure, copying, misuse, or modification. Some of the security measures we may implement includes secure servers, firewalls, data encryption and granting access only to specific employees in order to fulfil their job responsibilities.

10. Retention Period: How Long Do We Retain Your Data

We will only retain your Personal Data for as long as the information is needed for the purposes set forth in this Privacy Policy or for any additional period that may be required or permitted by law. The length of time your Personal Data is retained depends on the purpose(s) for which it was collected, how it is used, and the requirements to comply with the Applicable Data Protection Law.

You may request that we delete your Personal Data by contacting us via email to [   ]. If we do not have a legal basis for retaining your information, we will delete it as required by the Applicable Data Protection Law and where we retain your Personal Data, we do so in compliance with limitation periods or retention obligations imposed by the Applicable Data Protection Law.

In some circumstances we will anonymised your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

11. Your Rights as a Data Subject

You have a number of rights under the Applicable Data Protection Law in relation to your Personal Data.

You have the right to:

• Be informed on how we process your Personal Data: This Privacy Policy details how we process your Personal Data in compliance with the Applicable Data Protection Law.

• Request access to your Personal Data (commonly known as a “subject access request”): This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. To process your request, we may need to collect specific information from you as a security measure to help us confirm your identity and ensure that your Personal Data is not disclosed to any person who has no right to receive it.

You will not be required to pay any fees for us to process your subject access request. However, we may charge a reasonable fee where processing your request will impose unreasonable cost on us or refuse to comply with your request if you fail to do so. We try to respond to all legitimate requests within one month.

Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

12. Changes to this Privacy Policy

We keep our Privacy Policy under regular review. From time to time, we may change, amend or review this Privacy Policy to reflect changes in the Applicable Data Protection Law, our data protection practices or Our Services. Changes will be posted in all the medium where we display our Privacy Policy.  It is your responsibility to review the amended Privacy Policy. This Privacy Policy governs the use of Personal Data by us, unless otherwise agreed through a written contract. The revised version will be effective immediately after publication.

13. Glossary of Terms

Applicable Data Protection Law	means the Nigeria Data Protection Act (2023), Nigeria Data Protection Regulation (2019), Nigerian Data Protection Regulation (2019): Implementation Framework (2020), and/or any other applicable legislation on the protection of Personal Data in Nigeria.
Cookies	refers to a small data file that is transferred to your computer or mobile device. It enables us to remember your account log-in information, IP addresses, web traffic, number of times you visit, browser type and version, device details, and the date and time of visits.
Data Controller	refers to Junkyard or, where applicable, shall be as set out in the Applicable Data Protection Law.
Data Subjects	refers to a living natural person who can be identified, directly or indirectly.
Our Services
Personal Data	refers to any information relating to an individual from which that person can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social or economic identity of that individual.  Any information that can be used to identify a living or natural person including email address, date of birth, mobile number, residential address, payment card, financial information such as bank account number, government-issued Identity credentials (e.g., national ID number, driver’s licence number, etc), or taxpayer identification number. It may also include information that is linked to you, for example, your internet protocol (IP) address, log-in information, information about your device or device’s web browser.
Processing	refers any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means or, where applicable, shall have the meaning set out in the Applicable Data Protection Law.
Third Parties	refers to persons or organisations external to our JUNKYARD with whom we may share your Personal Data
*Other terms used but not defined shall have the meaning ascribed to them under the Applicable Data Protection Law*