Koya

Privacy & Security Policy

INTRODUCTION

By accessing or using the Services, or by accepting our Terms and Conditions (the “Terms”) or any other terms that incorporate this Privacy Policy by reference, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understood this Privacy Policy and that you consent to the collection, use, and sharing of information as discussed below. If you do not agree with this Privacy Policy, do not access or use the Services or the Platform. This Policy is incorporated into and made a part of our Terms and Conditions.

This Privacy Policy reflects how Softcom Limited (“We” or “Softcom”) provides its services (the “Services”). This Privacy Policy has been adopted by Softcom; a private limited liability company duly established under the relevant Laws of the Federal Republic of Nigeria. The Privacy Policy also applies to members, partners and affiliates of Softcom, unless such members have adopted a separate privacy policy. The Privacy Policy has been adopted in compliance with the legal requirements of the Federal Republic of Nigeria and shall be applicable to all product offerings of Softcom.

Softcom provides Services to its end users (“Users” or “You”) by integrating with an Application Programming Interface (“API”), which also enables the platform to receive and process User information while also providing information from Softcom. This Privacy Policy addresses how Softcom handles all User information, including User information provided by You, User information provided by other platforms and User information obtained by Softcom from third parties.

Softcom’s Privacy Policy describes the ways we collect, use and share User information. We may amend this Privacy Policy at any time by posting a revised version. The revised version will be effective at the time we post it, unless we provide additional notice or an opportunity to “opt-in” because changes are material or retroactive.

Also, by using a platform that has been integrated with Softcom’s API, You accept the practices described in the platform’s Privacy Policy, which You should review carefully. Any information you enter on the platform’s website or application, or on Softcom pages, fields, or resourcesthat are integrated with the platform’s website or application, may be shared with the owner of the Platform website or application, subject to applicable laws. Softcom is not responsible for the content or information practice of other platforms.

We take our customers’ privacy very seriously and ensure always to maintain the highest standards of confidentiality.

1. USERS’ PRIVACY RIGHTS 

1.1. This Policy describes the User’s privacy rights regarding the Softcom’s collection, use, storage, sharing and protection of a User’s personal information on the Koya Learning Management System and the Open Koya Platform (the “Platforms”) and in respect of the Services.

1.2. If a User creates a username, login code, password or any other piece of information as part of the Platform’s access security measures, such information will be treated as confidential, and will not be disclosed to any third party. We reserve the right to disable any User login code or password at any time if in Softcom’s opinion a User has failed to comply with any of the Terms (including this Privacy Policy). If a User is aware or suspects that anyone other than his/herself is aware of a User’s security details, kindly notify Softcom as soon as possible via the address below.   Softcom Limited Data Protection Officer 8, Oduduwa Crescent, Ikeja GRA, Lagos. dpo@softcom.com 

1.3. In the event that you use another platform which has been integrated with the Softcom’s application programming interface (API) (the “Third Party Site”), you acknowledge and agree that you have carefully read and understood the terms of use (including the privacy policy) of the Third Party Site.

1.4. You further acknowledge and agree that Softcom is authorized to share any data which you enter on any of the “Platform”) with Third Party Sites, subject to applicable laws of the Federal Republic of Nigeria. Provided always that Softcom shall not bear any liability for data shared by Users with Third Party Sites or such other platforms accessed through the use of the Platform.

2. USERS’ PERSONAL INFORMATION

Personal Information that can be used to identify, contact or locate a User is “Personal Identifiable Information” (“PII”). Automatically provided information that uniquely identifies a device or browser is not personally identifiable information unless it is linked to a particular User “Personal Identifier Data” (“PID”). Softcom collects PII and PID across three cardinal points.

  • a) PII intentionally provided by a User;
  • b) PID and PII provided by a third-party for the purpose of verifying and/or augmenting a User’s PII; and
  • c) PID automatically provided as a result of User’s engagement with the Platform.

2.2 Personal Information Provided by a User

2.2.1 Users can be classified as a user and an Administrator. A user is a person having an individual account that was assigned by the administrator to enable the user access the functionalities of the Platform while an Administrator could also be an individual and/or a business subscribing for learning and/or learning management on the platform.

2.2.2 A user subscribed to the Koya Learning Management System will be required to provided personal details such as name, gender, student identification number, matriculation number, email, particulars of degree, courses offered and personal interest.

2.2.3 A user subscribed to the Open Koya Platform will be required to provided personal details such as name, gender, email, bank and card details, occupation, industry, personal interests.

2.2.3 A Koya Learning Management Service administrator will be required to provide personal details such as name, email, date of birth including his employer’s details and courses offered while an Open Koya administrator will be required to provide his personal details and an active email account.

2.3 Information Provided by Third-Party

2.3.1 Softcom may need to verify a user’s identity for the purpose of meeting with regulatory compliance and/or fulfilling a contractual obligation and same may be done by integrating with identity verification services, and such other platforms as may be necessary for verifying a User and/or augmenting the services provided by the Platform.   2.4 Automatically Provided Information

2.4.1 The Platform may automatically record certain information about or related to your use of the Platform that is made available through your computer or device.

2.4.2 We may collect internet protocol (IP) address browser type, device ID, internet service provider (ISP), information about your computer and software, links materials You request, your approximate location, referring/exit pages, date/time stamp, and other metadata. Platforms may embed Javascript code into page loads, which instructs Users’ web browsers to make web requests back to our servers to collect information about the User page views and other activities.

2.4.3 We collects certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.

2.4.4 We also uses persistent cookies to collect, store and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only us can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Platform.

2.4.5 We may employ a software technology called clear gifs or web beacons that help us better manage content on the Platform as well as on the Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar function to cookies and are used to track the online movements of the Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.  

3. GOVERNING PRINCIPLES

Softcom will comply with the principles outlined below for the purpose of collecting, storing and using a User’s personal information.

  • a) Data shall be collected and processed with a specific, legitimate and lawful purpose which shall be consented to by the User before collection and processing;
  • b) Data may be further processed for archiving, scientific research, historical research and statistical purposes for public interest without the obtaining the consent of the User;
  • c) Data collection and processing shall be adequate, accurate and with consideration for dignity of human person;
  • d) Data shall only be stored for the period which is reasonably needed and as required by any written law; and
  • e) Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.

 

4. PURPOSE OF COLLECTION

Softcom collects Users’ personal information to provide an efficient and secure User experience and may retain such personal data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Information gathered on the Platforms for each User

  • a) fulfill legal and contractual obligations to Users
  • b) develop, operate, support, maintain enhance and provide the services on the Platform;
  • c) process payment transactions;
  • d) provide receipts and reports on User’s account;
  • e) resolve disputes arising from using the Platform;
  • f) customize measure, and improve the Services offered on the Platform;
  • g) protect the interests and rights of the Platforms
  • h) enforce our agreements on the Platforms as well as our Terms and Conditions;
  • i) detect and prevent fraud and other potentially illegal activities;
  • j) combine PII and PID from other sources using proprietary algorithms to calculate risk scores and fraudulent scores;
  • k) for administrative, operational and reporting purposes;
  • l) promote marketing communication (taking into consideration the option to opt out);
  • m) manage and protect the Site’s information technology and physical infrastructure; and
  • n) measure the performance of the Platform and improve content, technology and layout.

5. SHARING INFORMATION WITH THIRD PARTIES

5.1. We may share User information with third-party service providers for the purpose of validating user credentials; securing data storage, marketing, customer service, and other applicable services and We require that these third-parties providers use PII and PID only in connection with the services they perform for Softcom.   5.2. Softcom also may share non-personally identifiable User information with third parties that help us better understand how Users use our Service or help us detect and prevent fraud and other unauthorized or suspicious activity. These third parties may use cookies and other technologies to collect non-personally identifiable information about Users and combine it with similar information collected from others. They may use this information to help Softcom to better understand our Users, and to help their other customers better understand the Users.

5.3. Softcom may share User information in the event of a merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, or in the event of insolvency, bankruptcy or receivership in which User information is transferred to one or more third parties as one of our business assets. Should such an event occur, Softcom will endeavor to assure that the acquirer, successor, or assignee (as the case may be) follows this Privacy policy with respect to User information. If User information could be used contrary to this Privacy policy, Users will receive prior notice as well as the opportunity to opt out.

5.4. Softcom may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Softcom believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Softcom’s property or legal rights (including, but not limited to, enforcement of Softcom’s Terms of Service, Merchant Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.

5.5. Except as expressly disclosed in this Privacy policy, Softcom will not sell or disclose User information to third parties. Softcom will not sell, rent, share, or trade personally identifiable information to third parties (other than the Platform through which Softcom collected such information) for their promotional purposes. Softcom may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.

5.6. We will share personally identifiable information with third parties only to best provide Softcom’s services and in special situations, such as legal investigations and merger. We may also share non-identifiable information with third parties that help us prevent fraud and analyze website acti

6. SECURITY OF USERS’ PERSONAL INFORMATION

6.1. Softcom has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction.

6.2. Softcom uses computer safeguards such as firewalls and data encryption and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.

6.3. Softcom takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss, Softcom encrypts such information and transmits it under Secure Socket Layer (SSL).

7. LOCATION

7.1. By virtue of hosting on AppleStore and GooglePlay, Softcom stores and processes User information on dedicated servers located in secure data centers that may be located within the United States and in other jurisdictions.

7.2. If you use the Services from the European Union or other regions of the world with laws governing data collection and use that differ from laws of the Federal Republic of Nigeria, then you understand and consent to the transfer of your User information to the Federal Republic of Nigeria or other jurisdictions for the uses identified above in accordance with this Privacy policy.

7.3. You acknowledge and agree that the privacy and data security laws in place in the Federal Republic of Nigeria or other jurisdictions may be different from the privacy and data security laws in force in the country in which you reside.

7.4. By voluntarily providing User information, you hereby agree that you are consenting to our collection, use, storage, and disclosure of such User information in accordance with this Privacy policy.

8. DATA CONFIDENTIALITY RIGHTS

8.1. A User’s information is regarded and will be held as confidential.

8.2. A User has the right to request sight of, and copies of any and all personal information on the Platforms.

8.3. A User’s role in fulfilling confidentiality duties include, but are not limited to, adopting and enforcing appropriate security measures.

8.4. Softcom will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

9. REPORTING A PERSONAL DATA BREACH

9.1 Softcom is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User  also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.

9.2 Softcom has placed procedures around the Site to deal with any suspected personal data breach and will notify a User or the relevant regulator (where legally required to do so). Any suspected breach of personal data of a User will be remedied with one (1) month from the date of the report of the breach.

9.3 All evidence relating to a personal data breach should be preserved to enable Softcom maintain a record of such breaches, as required by the data protection laws.

9.4        Softcom will not be responsible for any personal data breach which occurs as a result of: a) an event which is beyond the control of Softcom; b) an act or threats of terrorism; c) an act of God (such as, but not limited to pandemics, fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Softcom’s data protection measures on the Site; d) war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo; e) rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Softcom’s data protection measures for the Site; f) the transfer of a User’s personal data to a third party on his/her instructions; and g) the use of a User’s personal data by a third party designated by a User.  

10. CONTROL

10.1. Softcom allows you to manage your account and information online and on the Platform at www.koya.co. Once you log in you may update your personal information, assuming your account is in good standing. In that case, we will retain only the personal information required by law or that we deem necessary.

10.2. Softcom aims to provide you with access to your personal information at every point during the usage of our Service. In the event that the information is wrong, we have established channels that will assist in quickly changing or updating any of such information, however subject to proof as the need may be; and unless there is a legitimate legal or business reason to keep such information, we will strive to delete the information upon being aware.

10.3. For business and legal reasons, we aim to keep our services in a manner that protects personal information from incidental, accidental or malicious damage. Therefore, your deletion of personal information from our services does not immediately delete residual copies from our servers and we may not remove such personal information from our backup systems.  

11. POLICY UPDATES

11.1. Softcom reserves the right to change this Policy at any time without notice to Users.
11.2. You can always see the most updated changes to the this Privacy Policy on www.koya.co or by contacting us at support@koya.co In the event we modify our privacy policy, we may contact you via email and provide you with notice of the change and a link to review the new privacy policy.  

12. GOVERNING LAW

This Policy is made pursuant to the provisions NDPR and any other relevant Nigerian laws.

July 22, 2020.

Softcom Limited.