Alternative Petroleum and Power Limited (hereafter referred to as “APPL“), takes its customers’ privacy very seriously. This Data Privacy Policy stipulates the basis for the collection, use and disclosure of personal data by APPL and its subsidiaries in line with applicable data protection laws. Personal Data comprises all the details we hold or collect on our employees, customers, stakeholders vendors and other interested parties, directly or indirectly and includes any offline or online data that makes a person identifiable such as names, addresses, phone numbers, passport ID, usernames, passwords, digital footprints, photographs, financial data, assets and liabilities, insurance, savings and investments, health and high-risk information about products and services purchased from us (hereinafter collectively referred to as “Personal Data”). These data may be received from third parties or collected using our website(s), mobile app, USSD code and other digital channels.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. For the purposes of this Privacy Policy, references to “we” or “us” shall refer to APPL and its entities/subsidiaries.

From time to time, we may need to make changes to this privacy policy, for example, as a result of government regulations, new technologies, or other developments in data protection laws or privacy generally. You should check the APPL website periodically to view the most up-to-date privacy policy.

Our Privacy Principles

• Personal Data you provide is processed fairly, lawfully and in a transparent manner;
• The personal Data you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose for which APPL collected it;
• Your Personal Data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
• Your Personal Data is kept accurate and, where necessary kept up to date;
• Your Personal Data is kept no longer than is necessary for the purposes for which the Personal Data is processed;
• We will take appropriate steps to keep your Personal Data secure;
• Your Personal Data is processed in accordance with your rights;
• We will only transfer your Personal Data to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your Personal Data is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards;
• APPL and its subsidiaries will not sell your Personal Data and we also will not permit the selling of customer data by any companies who provide a service to us

How do we collect your Personal Data?

We collect Personal Data directly from you:

• via enquiry, registration, claim forms, feedback forms and forums
• when you purchase any of our products or services;
• when you fill out a survey or vote in a poll on our website;
• through quotes and application forms;
• via cookies. You can find out more about this in our cookies policy;
• via our telephone calls with you, which may be recorded;
• when you provide your details to us either online or offline;
• via live chat, chatbot and profilers; and
• through web analytics tags

We also collect your Personal Data from several different sources including:

• directly from an individual or employer who has a business relationship with us under which you are a stakeholder, for example, you are a third-party related vendor, service provider etc;
• from social media, when fraud is suspected; and

• Other third parties including:
  • your family members or next of kin where you may be incapacitated or unable to provide information relevant to your staff record;
  • contractors, consultants, and business partners who sell our products and services via their platforms and channels;
  • IOCs; aggregators (such as price comparison websites); third parties who assist us in conducting background checks and vendor management due diligence verification; third parties such as companies who provide consumer classification for marketing purposes e.g., market segmentation data; and
  • third parties who provide information which may be used by APPL to inform its risk selection, classification, and mitigations for business decisions

What Personal Data do we collect?

The information that we collect will depend on our relationship with you. Where other people are named on the information collected, we may ask you to provide the information below in relation to those people too, if this is relevant to your dealings with us.

Where APPL is the data controller of your Personal Data, we may collect the following about you:

• Personal Data contact details such as name, email address, home/office address and telephone number;
• details of any other persons included on the document where they are named on the information received and the relationship to you as a third party;
• identification information such as your date of birth, national identity number, and Bank verification number including other identification numbers from your passport, driving licence and other valid means of identification;
• financial information such as bank details;
• information about the nature of your business and commercial assets;
• information obtained through our use of cookies.
• You can find out more about this in our cookies policy; 
• your marketing preferences
• Sensitive Personal Data
• details of your current or former physical or mental health, in case of an employee;
• details concerning sexual life or sexual orientation, for example, marital status

Privacy of Children

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

How do we use your Personal Data?

Under applicable data protection laws, we need a reason to use and process your Personal Data and this is called a legal ground. We have set out below the main reasons why we process your Personal Data and the applicable circumstances when we will do so:

• We may use Cloud storage solutions within or outside Nigeria which are chosen to ensure efficiency and improved performance through up-to-date technology.
• Where we have a legal or regulatory obligation to use such Personal Data, for example, when our regulators such as the Nigeria Energy Regulatory Commission (NERC) the Federal Ministry of the Environment (FME), Nigeria National Petroleum Corporation Limited (NNPCL), the Nigerian Content Development and Monitoring Board (NCDMB), the National Oil Spill Detection and Response Agency (NOSDRA); and our data protection regulator, the National Information Technology Development Agency (NITDA) wish us to maintain certain records of any dealings with you.
• To comply with: local or foreign laws, regulations, voluntary codes, directives, judgments or court orders, agreements between any member of APPL, APPL subsidiaries and any authority, regulator, or enforcement agency; policies (including the APPL Group’s policies), good practice, government sanctions or embargoes, reporting requirements under financial transactions legislation and demands or requests of any authority, regulator, tribunal, enforcement agencies including but not limited to the Nigerian Financial Intelligence Unit (“NFIU”) and the Economic and Financial Crimes Commission (“EFCC”), or exchange bodies;
• Where we need to use your Personal Data to establish, exercise or defend our legal rights, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves;
• Where we need to use your Personal Data for reasons of substantial public interest, such as investigating fraudulent claims and carrying out fraud, credit and anti-money laundering checks, identification checks;
• Where we need to communicate with you to resolve complaints or other issues;
• Where we have a specific legal exemption to process sensitive Personal Data for business engagement or marketing purposes. This exemption applies where we need to process your Personal Data as an essential part of the company’s product offerings, for example, customers’ data.
• Where you have provided your consent to our use of your Personal Data. We will usually only ask for your consent in relation to processing your sensitive Personal Data (such as customer data) or when providing marketing information to you (including information about other products and services). This will be made clear when you provide your Personal Data. If we ask for your consent, we will explain why it is necessary. Without your consent in some circumstances, we may not be able to provide you with the required information under the policy or you may not be able to benefit from some of our services. Where you provide sensitive Personal Data about a third party, we may ask you to confirm and provide proof that the third party has provided his or her consent for you to act on their behalf;
• Where we need to use your Sensitive Personal Data such as health data because it is necessary for your vital interests, this being a life or death matter.

Who do we share your Personal Data with?

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to monitor and analyse the use of our Service, to contact You.
• For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
• With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
• With other users: when You share personal information or otherwise interact in public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures, and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

How long do we keep records for (Record Retention)?

We keep your Personal Data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The length of time we retain Personal Data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

Your Rights

You can ask us to do various things with your Personal Data. For example, at any time you can ask us for a copy of your Personal Data, ask us to correct mistakes, change the way we use your information, or even delete it. We will either do what you have asked or explain why we cannot – usually because of a legal or regulatory issue.

You have the following rights in relation to our use of your Personal Date.

The right to access your Personal Data:

You are entitled to a copy of the Personal Data we hold about you and certain details of how we use it. Your Personal Data will usually be provided to you in writing unless otherwise requested. We may charge you a reasonable fee to cover the cost.

The right to rectification:

We take reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

The right to erasure:

In certain circumstances, you have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of Personal Data we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restriction of processing:

In certain circumstances, you are entitled to ask us to stop using your Personal Data, for example where you think that the Personal Data, we hold about you may be inaccurate or where you think that we no longer need to process your Personal Data.

Right to data portability:

In certain circumstances, you have the right to ask that we transfer any Personal Data that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your Personal Data.

The right to withdraw consent:

For certain uses of your Personal Data, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your Personal Data. Please note in some cases we may not be able to process your insurance if you withdraw your consent.

Changing and accessing your Personal Data:

To the extent required by applicable law, you may be able to request that we inform you about the Personal Data we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your Personal Data. We will respond to your access requests within the period specified by relevant legislation and make all required updates and changes within the time specified by applicable law and as required by law.

When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Where the timeline specified in an applicable law cannot be met, we will communicate same to you and take steps to notify you where we require an extension.

How we protect Personal Data:

We take reasonable measures to protect Personal Data from unauthorized access, disclosure, alteration, or destruction to ensure that Personal Data is accurate and up-to-date as appropriate because:

• We have put in place strict measures and technologies to prevent fraud and intrusion.
• Our employees are trained in data protection and security to respect and preserve confidentiality, integrity and availability of information held by us.

Breach/ Privacy Violation

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal information, APPL shall within 72 (seventy-two) hours of having knowledge of such breach report the details of the breach to NITDA. Furthermore, APPL shall within 7 (seven) days of having knowledge of the occurrence of such breach take steps to inform the Data Subject of the breach incident, the risk to the rights and freedoms of the Data Subject resulting from such breach and any course of action to remedy said breach.

Marketing

We may share information with other APPL entities in order to inform you of other products and services that may be of interest to you or associated companies, but we will only do this where you have provided your consent. You can always change your mind by contacting us using the details shown in your documentation and telling us you no longer wish to be contacted.

If you wish to unsubscribe from emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise, you can always contact us using the details set out in your documentation to update your contact preferences. In such circumstances, we will continue to send you service-related (non-marketing) communications where necessary.

We would like to keep you informed, from time to time about relevant products and services. We may do this by mail, email, telephone, or other electronic methods such as text messages. In order to help us get to know you and identify what products and services may interest you we obtain information about you from other sources inside and outside the APPL Group for example, companies who provide consumer classification and market segmentation data for marketing purposes.

From time to time, we may run specific marketing campaigns through social media and digital advertising that you may see which are based on general demographics and interests. Individual personal information is not used for these campaigns. If you do not want to see any campaigns, then you will need to adjust your preferences within social media settings and your cookie browser settings.

We may also share information that we collect about you for marketing within the APPL Group. If you do not want to receive such promotional materials from us, you can opt out at any time by sending an email to dataprivacy@altpetroleum.com

Please note that we may retain any data provided to us on our websites for a limited period, even if you do not complete your quote. The information may be used to enquire as to why you did not complete your quote or for us to better understand your needs.

Our Contact Information

If you would like any more information about the way we use your information, or if you wish to exercise the rights listed above, please contact us using the details below:

The Data Protection Officer

Alternative Petroleum and Power Limited.

No. 15 Asari Eso Layout, Calabar, Cross River, Nigeria.

Branch Office: 

No 9 Munzali Jibril Street, off Sam Mbakwe Street, APO, Abuja Nigeria

Email: dataprivacy@altpetroleum.com; or  compliance@altpetroleum.com 

You have a right to complain to the Information Regulator if you think that your information has been misused. The contact details are:

National Information Technology Development Agency

Tel: +234929220263, +2348168401851, +2347052420189

Email: info@nitda.gov.ng

Website: www.nitda.gov.ng