Message of the Chief Executive Officer

CoreQuality collects Personal Data from various sources including customers, suppliers, employees, website users, job applicants, contractors, shareholders, partners, and third parties as part of its regular business operations. The company acknowledges the sensitivity of Personal Data and is committed to complying with all relevant Data Protection and Privacy laws in Nigeria where it operates, as well as upholding the highest ethical standards. Protecting Personal Data is integral to all aspects of CoreQuality’s business, including its promise to clients, values, principles, conduct, and overall success. It is crucial to maintain trust with stakeholders. As new regulations and digital advancements emerge, CoreQuality seizes the opportunity to reinforce its integrity in safeguarding Personal Data, a critical aspect of modern life. If you have any questions or comments regarding this policy, please contact us at dpo@corequality.org.

Chief Executive Officer

 

 

 

 

SCOPE

The CoreQuality Data Privacy Policy is applicable to all entities and affiliates within the CoreQuality CB. It outlines the standards of behavior that are required of each employee, officers, and directors of CoreQuality when they collect, handle, and process Personal Data from various sources such as customers, suppliers, employees, contractors, and other third parties.

The basis of this policy revolves around three core commitments:

1. Collecting and processing Personal Data fairly and lawfully
2. Respecting Individual rights and choices
3. Managing Personal Data responsibly

Personal Data refers to information that pertains to an individual and may include various details such as contact information (e.g., name, home and business address, telephone, and email addresses), personal information (e.g., date of birth, citizenship, photos, electronic identification data like cookies, IP addresses, and passwords), employment details (e.g., education and training), and financial particulars (e.g., tax identification and bank account number).

CoreQuality’s Data Privacy Policy establishes uniform and baseline standards that apply in situations where local laws do not impose more stringent regulations. Compliance with this policy is mandatory for all employees, and any breach will result in disciplinary action. The company provides internal guidelines, implementation rules, and training, along with all necessary supporting documentation to ensure adherence to the CoreQuality Data Privacy Policy.

 

 

3 Underlying Commitments

CoreQuality Data Privacy Policy

 

COLLECTING AND PROCESSING DATA FAIRLY AND LAWFULLY

 

BEING OPEN ABOUT THE PERSONAL DATA WE COLLECT AND USE

At CoreQuality, we ensure that individuals are fully informed about the use of their Personal Data.

We are transparent, clear, and honest in our communication about the nature of the data we collect and how we intend to use it. Any use of Personal Data beyond the initially communicated purpose must have adequate information provided to the data subject, and their consent must be obtained by CoreQuality. However, we are authorized to use Personal Data for secondary purposes when implementing internal controls and audits, as well as complying with our statutory and regulatory obligations.

 

 

USING PERSONAL DATA FOR LAWFUL AND SPECIFIC PURPOSES ONLY

CoreQuality ensures that it collects and processes Personal Data lawfully, solely based on

• informed and valid consent or
• legitimate business interests that are necessary for executing contracts, processing payments, fulfilling contractual obligations, or complying with statutory or regulatory requirements.

At CoreQuality, we uphold the principle that consent given by individuals for the collection and use of their Personal Data should be voluntary and based on clear information about how the data will be used.

Individuals have the right to withdraw their consent at any time without undue complications, and we are committed to documenting the date, content, and validity of any such withdrawal.

Moreover, when processing Personal Data on behalf of a client or third party (known as the Data Controller), CoreQuality adheres to the instructions and guidelines provided by the Data Controller, in addition to our own policy.

 

 

ENSURING DATA QUALITY

CoreQuality collects and maintains Personal Data that is appropriate, relevant, and not excessive, ensuring that only the necessary minimum amount of data is obtained for the intended purpose.

The company maintains the accuracy and relevance of Personal Data throughout its possession and corrects any errors promptly. Any secondary usage or further processing of Personal Data is only permitted if it aligns with the original purpose and if new consent or legal basis is obtained if necessary.

CoreQuality retains Personal Data only for the duration required for its intended purpose, as outlined in its specific retention policies, after which the data will be securely deleted, destroyed, or de-identified.

 

RESPECTING INDIVIDUALS’ RIGHTS AND CHOICES

RESPECTING INDIVIDUAL’S RIGHTS

CoreQuality acknowledges the importance of individuals’ rights to their Personal Data and responds to any requests or complaints made in connection with it.

• These rights include: The right to request access to their Personal Data collected by CoreQuality, including the reasons for such data collection.
• The right to obtain a copy of their Personal Data held by
• The right to request the correction or deletion of any incomplete or inaccurate Personal
• The right to withdraw consent given to CoreQuality for the collection of their Personal Data at any This includes the ability to unsubscribe or opt-out of receiving marketing communications and commercial publications from CoreQuality.

When individuals exercise their rights, CoreQuality will promptly respond to their requests within a reasonable timeframe, or as stipulated by relevant local regulations. Additionally, any grievances raised by individuals concerning violations of these regulations or data privacy laws will be thoroughly investigated and addressed in a timely manner by CoreQuality.

 

RESPECTING INDIVIDUAL’S CHOICES

CoreQuality recognizes the rights of individuals to object to the use of their Personal Data and to opt out of receiving direct marketing communications.

When utilizing Personal Data for marketing purposes, we will communicate clearly and plainly with individuals about the use of their data. We respect the right of our current and potential customers to:

• Only receive marketing communications from CoreQuality if they have provided explicit and specific prior consent, as required by applicable laws, or if CoreQuality can demonstrate that sending such communications is necessary for legitimate business
• No longer receive marketing communications if they have indicated a specific preference setting, opted out, or objected to the use of their data for marketing purposes, and CoreQuality will abide by this

If you have any questions or concerns regarding our use of your Personal Data for marketing purposes, please contact us at dpo@corequality.org.

 

 

SAFEGUARDING THE USE OF SENSITIVE PERSONAL DATA

At CoreQuality, we understand that certain categories of Personal Data require heightened protection due to their sensitivity.

Such data may include health information, biometric and genetic data, religious or political views, race or ethnicity, criminal records, or other information protected by applicable privacy laws. We only collect and process sensitive Personal Data when it is strictly necessary, under the following circumstances:

• The individual has given explicit consent; or
• It is necessary for CoreQuality to comply with employment laws, and statutory obligations, or to protect an individual’s health in emergency medical situations.

We take appropriate measures to safeguard sensitive data by implementing strict procedures and security protocols that limit access to authorized personnel and prevent unauthorized use, disclosure or dissemination of such data.

 

 

MANAGING DATA RESPONSIBLY

TAKING APPROPRIATE SECURITY MEASURES

CoreQuality implements appropriate technical and organizational measures to safeguard Personal Data, ensuring confidentiality, integrity, and availability, and mitigating the risk of unauthorized or unlawful access, alteration, destruction, or disclosure.

The security measures are based on risk assessments that consider the impact on individuals associated with specific types of Personal Data held by CoreQuality. These measures include security and organizational arrangements tailored to the nature of the processing and data to be protected. If a privacy breach affecting an individual’s Personal Data occurs, CoreQuality will promptly notify the individual and relevant authorities as required by applicable laws.

CoreQuality requires its suppliers and subcontractors to comply with its Data Privacy Policies and relevant data protection and privacy laws.

We maintain comparable technical and organizational security arrangements for Personal Data protection.

CoreQuality limits access to Personal Data to employees and suppliers who need to perform specific tasks in relation to such Data.

Appropriate awareness, training, and confidentiality commitments are in place to ensure that Personal Data is not disclosed to unauthorized persons, including CoreQuality employees who do not require access to such information.

 

ENSURING ADEQUATE PROTECTION FOR INTERNATIONAL TRANSFERS

CoreQuality takes necessary measures to safeguard Personal Data before transferring it.

The transfer of Personal Data across national borders within or outside the CoreQuality Group is only carried out if it is justified for business purposes and adequate measures are in place to ensure that the Personal Data continues to receive the same level of protection required in the jurisdiction of origin. This guarantees that Personal Data is always protected irrespective of its destination.

 

MINIMIZING RISK IMPACTS TO INDIVIDUALS

To minimize risks to the privacy rights of individuals, CoreQuality conducts Personal Data Impact Assessments if there is a high probability that the processing could pose a significant threat.

These assessments are conducted before any new services, business opportunities, or acquisitions are pursued by the company, to identify potential risks related to the processing of Personal Data and take necessary measures to eliminate or mitigate them.