CREST HILL LAW OFFICE PRIVACY POLICY

Table of Contents

Who we are

1.1 Purpose of This Privacy Policy

This is Crest Hill Law Office Privacy Policy. The Website gives users access to first-rate legal services, using a team of highly qualified and experienced professionals at Crest Hill Law Office.

This Privacy Policy is provided in a sectioned format so you can click through specific areas as set out, or you can download a PDF version of the policy here. Please use the Glossary to understand the meaning of some of the terms used in this Privacy Policy.

1.2 Crest Hill Law Office Role

Crest Hill Law Office is responsible for deciding why and how your personal data is collected and processed, making Crest Hill Law Office “CHLOF” the Data Controller.

Our contact details are: Crest Hill Law Office support@cresthilllawoffice.com.

We have appointed a Data Protection Officer (“DPO”) to help make sure we are transparent and fair about how we use your data and comply with any Law that may affect your privacy.

Our DPO contact details are:

DPO Legal Department, Crest Hill Law Office
No. 4, Rahama Close, off Dunokofia Street, Area 11, Abuja, Federal Capital Territory
Email: Dataprotection@cresthilllawoffice.com

1.3 Changes

It is important that the personal data we hold about you is current and accurate, so please let us know if your personal data changes during your relationship with us.

We may modify this policy at any time. If you do not agree to the changes, you must discontinue using the website.

Data Collection

2.1 What is Personal Data?

Personal data, or personal information, means any information about an individual from which that person can be identified (either on its own or when combined with other information). It does not include data where identity has been removed (anonymized data).

The following are groups of different personal data we may process about you:

  • Identity Data: such as title, names, occupation, username, or similar identifiers.
  • Contact Data: such as addresses, email addresses, and telephone numbers.
  • Financial Data: such as your income, credit card details, or other financial accounts that you may have.
  • Account Data: such as details of your account, history of changes, financial summaries, statements.
  • Transaction Data: such as payment for Services, purchases/other transactions made on your account and payments to and from you.
  • Technical Data: such as device information and identifiers, internet protocol (IP) address, your login data, and versioning data based on the devices you use to access our digital platforms.
  • Survey and Research Data: such as your responses to questionnaires, surveys, feedback requests and design or research activities.
  • Usage Data: such as information about when and how you use our products, services, processes or platforms (e.g. how often you use our mobile applications or how you use your credit card with us).
  • Marketing Data: such as your preference on receiving marketing information from us and information used in your interactions with us (or our partners).

2.2 It is important to tell you that while we need to collect certain personal data, and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at that time.

Collection of Personal Data

We use different methods to collect data from and about you, including through:

  • Direct Interactions:

    This is collected when you:

    • Apply or register for our products or services
    • Use our products or services
    • Use our website or mobile device applications
    • Make contact with us (e.g. making a phone call or sending an email or SMS)
    • Request marketing information to be sent to you.
    • Enter a competition or promotion
    • Give us feedback or take part in research or surveys.
  • Automated Technologies or Interactions:

    As you interact with us either through the website or mobile applications, we may automatically collect data including Technical Data about your equipment, browsing actions, and patterns. This personal data may be collected and other similar technologies.

    Please see our Cookie Policy.

  • Third parties or publicly available sources:

    We may receive personal data about you from various third parties (and public sources) as set out in 'Our third parties'.

  • Other:

    We may receive personal data about you from individuals or people appointed to act on your behalf, family members, employers, and others who are acting in your best interests or providing us with information in relation to your contact details for the provision of our Services.

Use of your Personal Data

We collect and use your personal data for different reasons, to provide, improve, protect, and promote our Services. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for us to perform the contract, we are about to enter into or have entered into with you.
  • Where it is necessary for our Legitimate Interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to provide additional services and support.
  • Where we need to improve our Services by implementing aggregate customer or user preferences.
  • Where we need to comply with a legal or regulatory obligation.
  • When you consent to it.

We are only allowed to use your personal data if we have legal grounds to do so. You can find out more about the types of legal ground that we rely on in the Glossary.

Purposes for which we will use your personal data

We have set out below a description of the ways we plan to use your personal data, the purposes for this usage and which of the legal grounds we rely on to do so. We have also identified what our Legitimate Interests are where appropriate. Note that we may process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.

Purposes and Legal Grounds

We may process your information to:

  1. Understand how you use products, services, processes and related customer experiences provided by us and other third parties;
  2. Inform the way that we manage our products, services, processes and platforms;
  3. Develop, test and change our products, services, processes and platforms;
  4. Monitor usage and performance of our products, services, processes and platforms; perform analysis (e.g. statistical, market, product analysis), reporting, forecasting and accounting;
  5. Tell you about our products, services, events and activities that may be of interest to you;
  6. Understand how you interact with our marketing; develop, test or change our marketing activities;
  7. Communicate with our third parties to help them understand, improve and fulfil on marketing activities (including supporting behavioral advertising techniques e.g. use of cookie data);
  8. Promote our products and services.

When processing your information for these purposes, we are relying on our Legitimate Interest to help us understand, develop, improve and market our products and services.

We may process your information to:

  1. Allow you to begin using or register for our products or services;
  2. Report activities to law enforcement authority, regulators or court orders in line with our legal, regulatory or business requirements;
  3. Communicate with you to provide updates and information while you are using, registering or continuing to use one of our products or services;
  4. Communicate with you for design or research purposes or to ask you about our current or potential products, services, processes and customer experiences.

When processing your information for these purposes, we rely on our Legitimate Interest to allow you to access our products and services. In addition, in relation to some of the purposes, it is necessary for us to process your information for the Performance of the Contract between us.

We may process your information to:

  1. Enable you to access and use our online services and functionality;
  2. Understand how you use and navigate our online services;
  3. Tailor online experiences or develop and/or change these services;
  4. Service and fulfil on your products and services (e.g. processing transactions, managing account information and settings);
  5. Provide you with rewards, offers or promotions where we (or our partners) think you may be interested;
  6. Keep our records up to date including updating preferences and making changes to your account;
  7. Manage requests from you where you are exercising your data privacy rights;
  8. Develop, improve or change the products and services that you are using;
  9. Offer you additional products, services and promotions;
  10. Monitor usage and performance of our products, services, processes and platforms; perform analysis (e.g. statistical, market, product analysis), reporting, forecasting and accounting.

When processing your information for these purposes, we rely on our Legitimate Interest to fulfil on our products and services. In addition, in relation to some of the purposes, it is necessary for us to process your information for the Performance of the Contract between us.

We may process your information to:

  1. Perform checks to prevent, detect, investigate and report fraud, crime and/or terrorist activity;
  2. Protect the security and resilience of our networks/applications and respond to technical and security incidents;
  3. Devise defense strategies (e.g. in relation to fraud, crime, terrorist or cyber-attack risks) and develop, test or change our defenses.

When processing your information for these purposes, we rely on our Legitimate Interest to manage risk, security and crime prevention. In addition, in relation to some of the purposes, we may process your information to comply with a Legal Obligation.

We may process your information to:

  1. Improve, test, investigate and remediate any issues with our internal processes and practices;
  2. Maintain your data and ensure the data that we hold about you is accurate and up to date.

When processing your information for these purposes, we rely on our Legitimate Interest to manage and improve our business processes.

We may process your information to:

  1. Cooperate with (and respond to) requests from courts, regulators, law enforcement bodies and other institutions (e.g. fraud prevention agencies);
  2. Appropriately handle and process complaints or disputes – this may include contacting relevant parties;
  3. Exercise our rights in relation to complaints, disputes or litigation;
  4. Manage policy affairs, public relations issues, media enquiries or customer interactions with the media;
  5. Manage complaints with third parties;
  6. Manage disputes;
  7. Manage litigation against third parties;
  8. Enable us to provide legal and/or regulatory advice in line with our business activities;

When processing your information for these purposes, we rely on our Legitimate Interest to satisfy our industry, regulatory and legal requirements and exercise our rights. In addition, in relation to some of the purposes, we may process your information to comply with a Legal Obligation or it may be necessary to assist in relation to a task performed in the Public Interest.

We may use third parties for any of the purposes listed above.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

You will receive marketing communications from us if you have requested information from us or provided us with your details when you applied or registered for one of our products or services and, in each case, you have not opted out of receiving that marketing. However, you can ask us to stop sending you direct marketing at any time.

If you ask us to stop sending you marketing messages, you will still receive communications pertaining to your account, our products, and services or relationship with us.

We may also use third parties to conduct marketing activities on our behalf.

Cookies

For more information about the cookies we use, please see our Cookie Policy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal ground which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Use of Information for automated decisions

Automated Decision Making

Automated Decision Making, including profiling, is the processing of personal data (that we have collected or are allowed to collect from others) by automated means and without human involvement to evaluate personal aspects about you.

In particular, we may process data to analyze or predict (amongst other things) your personal preferences, interests or behaviours. This means that automated decisions without human involvement could be made about you for example in relation to the products and services we offer you.

Here are the types of automated decisions we make:

Detecting Fraud

Where you apply for (or register for) one of our products or services, we use automated processes to detect and help prevent fraud.

We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behavior to be consistent with money laundering or known fraudulent conduct; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity.

We may also continue to monitor your accounts, your product usage and your transactions to determine whether your account is being used for fraudulent activities.

We utilize data from several sources to help us identify fraud risks:

  • Information you have provided;
  • Information we may collect or already hold about you; and
  • Information provided by third parties (including fraud prevention agencies)

We combine data from these sources and defined logic to identify threats and prevent fraud losses. If we think there is a risk of fraud, we may stop activity on your account and/or refuse access.

Providing you with access to products and services

When you apply (or register) for one of our products or services, we perform checks to ensure that these are suitable for your circumstances and that we manage our business risks.

To do so, we utilize data from several sources:

  • Information you have provided;
  • Information we may collect or already hold about you; and
  • Information provided by third parties.

These checks may include (but are not limited to):

  • Checks to ensure you meet conditions for the provision of our Services;
  • Checks to identify money laundering, criminal / terrorist activity or cyber security threats that may pose a risk to you and our business.

Where we identify circumstances or threats that introduce a risk to you or our business, we may not be able to provide you with access to our products or services.

Managing, tailoring and marketing our products and services

Where we have an existing relationship with you, we may use profiling and automated decision making to help manage this relationship. We use these techniques to ensure that we manage your accounts, products or services appropriately; help you get the best out of our products and services; and provide you with promotions or offers that we think you will be interested in.

We use data that you provide along with internal and third-party data to place you into groups with similar types of people. We call these groupings 'segments' and these are used to help us understand, test and tailor our products, services and marketing more appropriately depending on identified segment types. Some examples of how we use profiling and decision making are:

  • Optimizing and fulfilling on communications different communication approaches are suitable for different types of people so we use segmentation to provide you with the most appropriate communications for you;
  • Sending marketing and offers different marketing approaches may be used with certain segments where we think our marketing will perform more effectively;
  • Tailoring or managing products we may tailor our products or services based on a segment that you are grouped into.

This approach helps us to manage our accounts, products, services and marketing more effectively and meet industry and regulatory requirements. This profiling and automated decision making may lead to changes to products or services or in the way that we interact with you (communications or marketing).

Your rights in relation to automated decision making

You have rights in relation to certain automated decision making which means that before the end of the period of one month beginning with receipt of the automated decision you can request us to:

  • Reconsider the decision; or
  • Take a new decision that is not based solely on automated decision making and ask that a person review it.

If these rights apply you will be notified. If you want to know more about these rights, please contact us. support@cresthilllawoffice.com.

Fraud prevention agencies

Before we provide products or services to you, we also undertake checks for the purposes of preventing fraud, and to verify your identity. These checks require us to process personal data about you.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud, and to verify your identity.

Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, and device identifiers including IP address.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data on the basis that we have a Legitimate Interest in preventing fraud, and to verify your identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the products and services you have requested.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six (6) years.

Consequences of Processing

A record of any fraud risk will be retained by fraud prevention agencies, and may result in others refusing to provide products or services to you.

Disclosures of your personal data

We may share personal data about you with various third-party and public sources as set out in Our Third Parties section.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Our Third Parties

We use third parties to enable, perform, or improve a range of our business processes in certain instances. These may require us to share your data with third parties and/or they may share your data with us.

These third parties may include (but are not limited to):

  • Third parties that enable us to understand, develop, improve, and market our products and services:
    • Product, marketing, and industry monitoring services and tools;
    • Market research, surveying, consultancy, and benchmarking services;
    • Product/service/communications design and development services;
    • Marketing partners, affiliates, and intermediaries;
    • Analytics and incident management services.
  • Third parties that work with us to help us fulfill and service your accounts, products, or services:
    • Communications fulfillment or development service providers;
    • User account management services;
    • Payment services, payment schemes, and network services;
    • Transaction enablement and dispute services.
  • Third parties that support the running of our business processes:
    • Business process systems and support providers;
    • Technical platforms, software, and tools providers (e.g., tools that we use to optimize and test on our website or mobile applications);
    • Platform management and support services;
    • Data storage, transfer, and processing services;
    • Disaster recovery solution services;
    • Public relations support and consultancy services.
  • Third parties that work with us to ensure we reach the best possible outcome:
    • Regulators, advisory entities, and consumer rights/advice bodies;
    • Customer/User complaints and dispute resolution services.
  • Other third parties, bodies, or institutions where we are required by regulation, law, industry practices, or to detect/prevent fraud, crime, terrorist activity, or business risks e.g., regulators, law enforcement bodies, crime prevention bodies and sharing information with other institutions to help detect and prevent fraud.

Some of our third parties may be international.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long your personal data will be used

There are a number of reasons why we need to keep hold of your personal data and our aim is to only retain it for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

How long we keep it for depends on the type of data we are holding and why we need it. To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure of your personal data
  • The purposes for which we process your personal data and whether we can achieve those purposes through other means
  • The applicable legal requirements

If you apply and/or register for our products and/or services, we will retain your personal data for up to seven years after your relationship with us ends.

If your application for one of our products is declined or you decide not to progress with the application, we will retain your personal data for up to 18 months after your application or quotation search was made.

We may keep your data for longer than explained above if we cannot delete it for legal, regulatory, or technical reasons. If we do, we will continue to make sure your privacy is protected.

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Right of access to your personal data

This enables you to receive a copy of the personal data we hold about you.

Right to rectification

This enables you to have any incomplete or inaccurate data we hold about you corrected.

Right of erasure ("right to be forgotten")

This enables you to ask us to delete or remove personal data in certain circumstances.

Right to object

This enables you to object to processing of your personal data in certain situations.

Right to restriction of processing

This enables you to ask us to suspend the processing of your personal data in certain scenarios.

Right to data portability

This enables you to receive your personal data in a structured, commonly used, machine-readable format.

Right to complain to the NITDA

This enables you to make a complaint to the National Information Technology Development Agency (NITDA).

Right to object to direct marketing

This enables you to object to direct marketing at any time.

Right to withdraw consent

This enables you to withdraw your consent at any time.

No fee usually required. You will not have to pay a fee to access your personal data or to exercise any of the other rights.

What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights.

Time limit to respond: We try to respond to all legitimate requests within one month.

Contact Us: If you wish to exercise any of the rights set out above, please contact us at support@cresthilllawoffice-com.preview-domain.com.

Glossary

Comply with a Legal Obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Legitimate Interest means we have a business or commercial reason to use your data. We can use your data to pursue Legitimate Interest of our own or of other service providers. When we rely on our Legitimate Interest, we make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of the Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Process means anything we do with your data such as collecting, using, storing, sharing, monitoring, analyzing and deleting it.

Public Interest means the processing is necessary for either carrying out a specific task in the public interest which is laid down by law, or exercising official authority, e.g. a public body's task, functions, duties or powers which is laid down by law.

Range of Products and Services means our website or tools available on our website.

Substantial Public Interest means those laid down in data protection laws.

Governing Law

This Privacy Policy is made pursuant to the Nigeria Data Protection Regulation (2023) and other relevant Nigerian laws, regulations, or international conventions applicable to Nigeria. Where any provision of this Policy is deemed inconsistent with a law, regulation, or convention, such provision shall be subject to the overriding law, regulation, or convention.

By voluntarily entering information on our platform, you are consenting to our use of it in accordance with this Privacy Policy. Before this information is submitted to our systems you acknowledge your understanding of this Policy.

Copyright © Crest Hill Law Office
Webmail
Contact:
+234 0 9 291 8500