We take our customers’ privacy very seriously and ensure always to maintain the highest standards of confidentiality.
1. USERS’ PRIVACY RIGHTS
1.1. This Policy describes the User’s privacy rights regarding the Softcom’s collection, use, storage, sharing and protection of a User’s personal information on the Koya Learning Management System and the Open Koya Platform (the “Platforms”) and in respect of the Services.
1.4. You further acknowledge and agree that Softcom is authorized to share any data which you enter on any of the “Platform”) with Third Party Sites, subject to applicable laws of the Federal Republic of Nigeria. Provided always that Softcom shall not bear any liability for data shared by Users with Third Party Sites or such other platforms accessed through the use of the Platform.
2. USERS’ PERSONAL INFORMATION
Personal Information that can be used to identify, contact or locate a User is “Personal Identifiable Information” (“PII”). Automatically provided information that uniquely identifies a device or browser is not personally identifiable information unless it is linked to a particular User “Personal Identifier Data” (“PID”). Softcom collects PII and PID across three cardinal points.
- a) PII intentionally provided by a User;
- b) PID and PII provided by a third-party for the purpose of verifying and/or augmenting a User’s PII; and
- c) PID automatically provided as a result of User’s engagement with the Platform.
2.2 Personal Information Provided by a User
2.2.1 Users can be classified as a user and an Administrator. A user is a person having an individual account that was assigned by the administrator to enable the user access the functionalities of the Platform while an Administrator could also be an individual and/or a business subscribing for learning and/or learning management on the platform.
2.2.2 A user subscribed to the Koya Learning Management System will be required to provided personal details such as name, gender, student identification number, matriculation number, email, particulars of degree, courses offered and personal interest.
2.2.3 A user subscribed to the Open Koya Platform will be required to provided personal details such as name, gender, email, bank and card details, occupation, industry, personal interests.
2.2.3 A Koya Learning Management Service administrator will be required to provide personal details such as name, email, date of birth including his employer’s details and courses offered while an Open Koya administrator will be required to provide his personal details and an active email account.
2.3 Information Provided by Third-Party
2.3.1 Softcom may need to verify a user’s identity for the purpose of meeting with regulatory compliance and/or fulfilling a contractual obligation and same may be done by integrating with identity verification services, and such other platforms as may be necessary for verifying a User and/or augmenting the services provided by the Platform. 2.4 Automatically Provided Information
2.4.1 The Platform may automatically record certain information about or related to your use of the Platform that is made available through your computer or device.
2.4.3 We collects certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.
2.4.4 We also uses persistent cookies to collect, store and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only us can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Platform.
2.4.5 We may employ a software technology called clear gifs or web beacons that help us better manage content on the Platform as well as on the Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar function to cookies and are used to track the online movements of the Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.
3. GOVERNING PRINCIPLES
Softcom will comply with the principles outlined below for the purpose of collecting, storing and using a User’s personal information.
- a) Data shall be collected and processed with a specific, legitimate and lawful purpose which shall be consented to by the User before collection and processing;
- b) Data may be further processed for archiving, scientific research, historical research and statistical purposes for public interest without the obtaining the consent of the User;
- c) Data collection and processing shall be adequate, accurate and with consideration for dignity of human person;
- d) Data shall only be stored for the period which is reasonably needed and as required by any written law; and
- e) Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
4. PURPOSE OF COLLECTION
Softcom collects Users’ personal information to provide an efficient and secure User experience and may retain such personal data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Information gathered on the Platforms for each User
- a) fulfill legal and contractual obligations to Users
- b) develop, operate, support, maintain enhance and provide the services on the Platform;
- c) process payment transactions;
- d) provide receipts and reports on User’s account;
- e) resolve disputes arising from using the Platform;
- f) customize measure, and improve the Services offered on the Platform;
- g) protect the interests and rights of the Platforms
- h) enforce our agreements on the Platforms as well as our Terms and Conditions;
- i) detect and prevent fraud and other potentially illegal activities;
- j) combine PII and PID from other sources using proprietary algorithms to calculate risk scores and fraudulent scores;
- k) for administrative, operational and reporting purposes;
- l) promote marketing communication (taking into consideration the option to opt out);
- m) manage and protect the Site’s information technology and physical infrastructure; and
- n) measure the performance of the Platform and improve content, technology and layout.
5. SHARING INFORMATION WITH THIRD PARTIES
5.4. Softcom may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Softcom believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Softcom’s property or legal rights (including, but not limited to, enforcement of Softcom’s Terms of Service, Merchant Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.
5.6. We will share personally identifiable information with third parties only to best provide Softcom’s services and in special situations, such as legal investigations and merger. We may also share non-identifiable information with third parties that help us prevent fraud and analyze website acti
6. SECURITY OF USERS’ PERSONAL INFORMATION
6.1. Softcom has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction.
6.2. Softcom uses computer safeguards such as firewalls and data encryption and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.
6.3. Softcom takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss, Softcom encrypts such information and transmits it under Secure Socket Layer (SSL).
7.1. By virtue of hosting on AppleStore and GooglePlay, Softcom stores and processes User information on dedicated servers located in secure data centers that may be located within the United States and in other jurisdictions.
7.3. You acknowledge and agree that the privacy and data security laws in place in the Federal Republic of Nigeria or other jurisdictions may be different from the privacy and data security laws in force in the country in which you reside.
8. DATA CONFIDENTIALITY RIGHTS
8.1. A User’s information is regarded and will be held as confidential.
8.2. A User has the right to request sight of, and copies of any and all personal information on the Platforms.
8.3. A User’s role in fulfilling confidentiality duties include, but are not limited to, adopting and enforcing appropriate security measures.
8.4. Softcom will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.
9. REPORTING A PERSONAL DATA BREACH
9.1 Softcom is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.
9.2 Softcom has placed procedures around the Site to deal with any suspected personal data breach and will notify a User or the relevant regulator (where legally required to do so). Any suspected breach of personal data of a User will be remedied with one (1) month from the date of the report of the breach.
9.3 All evidence relating to a personal data breach should be preserved to enable Softcom maintain a record of such breaches, as required by the data protection laws.
9.4 Softcom will not be responsible for any personal data breach which occurs as a result of: a) an event which is beyond the control of Softcom; b) an act or threats of terrorism; c) an act of God (such as, but not limited to pandemics, fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Softcom’s data protection measures on the Site; d) war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo; e) rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Softcom’s data protection measures for the Site; f) the transfer of a User’s personal data to a third party on his/her instructions; and g) the use of a User’s personal data by a third party designated by a User.
10.1. Softcom allows you to manage your account and information online and on the Platform at www.koya.co. Once you log in you may update your personal information, assuming your account is in good standing. In that case, we will retain only the personal information required by law or that we deem necessary.
10.2. Softcom aims to provide you with access to your personal information at every point during the usage of our Service. In the event that the information is wrong, we have established channels that will assist in quickly changing or updating any of such information, however subject to proof as the need may be; and unless there is a legitimate legal or business reason to keep such information, we will strive to delete the information upon being aware.
10.3. For business and legal reasons, we aim to keep our services in a manner that protects personal information from incidental, accidental or malicious damage. Therefore, your deletion of personal information from our services does not immediately delete residual copies from our servers and we may not remove such personal information from our backup systems.
11. POLICY UPDATES
11.1. Softcom reserves the right to change this Policy at any time without notice to Users.
12. GOVERNING LAW
This Policy is made pursuant to the provisions NDPR and any other relevant Nigerian laws.
July 22, 2020.