Privacy Policy

  • Home
  • Privacy Policy

Effective Date: January 9, 2026

Last Updated: January 9, 2026

At The Godwin Agbon Foundation, we treat your privacy with the utmost importance. Our Data Protection and Privacy Policies outline the measures we have put in place to protect and securely safeguard your personal information whenever you visit our website or interact with our team. These policies have been carefully reviewed, approved, and provided by our legal advisors.

Our Policies Include

a. Privacy Policies

  • Data Collection
  • Your Personal Data and how it is Used
  • Change of Purpose
  • Your Personal Data Rights
  • Persons who have access to your Personal Data
  • Security & Confidentiality
  • Transfer of Personal Data outside Nigeria
  • Retention of Personal Data
  • Third Party Links

b. Cookie Policy

c. Subject Access Request (SAR) Response Procedure

We regularly review and update our Data Protection and Privacy Policies. Any changes will be communicated to you through our website and/or via email.

Glossary

Affiliated Third Parties

Organizations with which we share common ownership or management, as well as entities with whom we have contractual, strategic, support, or partnership relationships. This includes our advisers, consultants, bankers, vendors, and subcontractors.

Data

Information that is stored electronically, on a computer system, or within certain paper-based filing systems.

Data Controller

An individual or entity responsible for determining how and why Personal Data is processed.

NDPR

The Nigerian Data Protection Regulations.

NITDA

The National Information Technology Development Agency.

Personal Data

Any information relating to an identified or identifiable natural person. This includes, but is not limited to, name, gender, photograph, email address, bank details, medical information, internet protocol (IP) address, and any information relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

Processing

Any activity involving the use of Personal Data. This includes collecting, recording, storing, or holding data, as well as performing any operation or series of operations on the data. Such operations may include organizing, updating, retrieving, using, disclosing, transferring, erasing, or destroying Personal Data. Processing also covers the transfer of Personal Data to third parties.

Sensitive Personal Data

Information relating to an individual's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health status, or sexual life.

1. Data Collection

We may collect, use, store, and transfer various types of Personal Data about you, which we have categorized as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, date of birth, and gender.
  • Contact Data includes residential address, email address, and telephone numbers.
  • Human Resource Data includes employment history, professional details, and educational information submitted when applying for employment with us.
  • Technical Data includes internet protocol (IP) address, domain name, login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology used to access our website.
  • Profile Data includes your username and password, records of purchases or orders, interests, preferences, feedback, and survey responses.
  • Usage Data includes information on how you interact with and use our website and services.
  • Marketing and Communications Data includes your preferences regarding marketing communications from us and our Affiliated Third Parties, as well as your communication preferences.

We collect this information through direct interactions with you, including when you visit our website, subscribe to our newsletters or publications, request marketing materials, respond to surveys, complete feedback or comment forms, submit business cards to our staff, complete other forms, apply for employment through our careers page, or contact us for information or correspondence via post, email, our website, or other means.

As you interact with our website, we may automatically collect Technical Data relating to your device, browsing activities, and usage patterns. This information is collected through the use of cookies and similar technologies. Please refer to our Cookie Policy for more details.

We do not intentionally or knowingly collect Sensitive Personal Data. We therefore request that you do not submit or disclose such information to us, except where it is required for a specific and lawful purpose.

2. Use of Your Personal Data

We collect, process, and store your Personal Data primarily to enable us to effectively engage with you and improve our services. Your Personal Data may be used for the following purposes:

  • To monitor, assess, and enhance your experience when visiting our website.
  • To analyze website traffic, including determining visitor numbers and understanding how users navigate the website.
  • To invite you to participate in surveys or provide feedback on specific matters.
  • Where you request information from us through a form or other electronic means, to respond to your request and maintain records of such interactions for quality assurance and service improvement purposes.
  • To keep you informed about our activities, programmes, and events, where you have provided explicit consent.
  • To notify you of updates or changes to our website or relevant processes.
  • To provide information about other products or services that may be of interest to you, where you have expressly consented to receive such communications.
  • To share your Personal Data with Affiliated Third Parties, including service providers engaged to perform services on our behalf, where such data is necessary for the delivery of those services.
  • Where we have entered into a contractual relationship with you, to use your Personal Data as required to fulfil our contractual obligations.
  • To schedule, process, or manage appointments with our staff.
  • To comply with legal or regulatory requirements, or to report suspected criminal or unethical activities.
  • To securely store your Personal Data on our systems or on the systems of approved third-party service providers for archiving and backup purposes.

Please note that we do not disclose personally identifiable information to advertisers. However, we may occasionally share aggregated or anonymized statistical information about website visitors.

3. Change of Purpose

We will only use your Personal Data for the purposes outlined above unless we reasonably determine that it is necessary to use the data for another purpose that is compatible with the original purpose. If you require further explanation on how such processing aligns with the original purpose, please contact us.

Where it becomes necessary to use your Personal Data for an unrelated purpose, we will notify you in advance and seek your explicit consent before proceeding.

4. Your Personal Data Rights

Data Protection Laws grant you certain rights regarding the Personal Data we collect and process about you. These rights include:

a. Right to Withdraw Consent

You have the right to withdraw any consent previously given to us or our Affiliated Third Parties. We obtain your consent before using your Personal Data, and such consent is always given freely and voluntarily. In line with regulatory requirements, consent is not implied, and you are provided the opportunity to review our Data Protection and Privacy Policy before giving consent.

Where Sensitive Personal Data is involved, consent must be explicit and provided in writing. The Personal Data of minors (individuals under the age of 18) is protected, and consent is obtained from a parent, guardian, or legally authorized representative in accordance with applicable laws.

You may opt out of receiving marketing communications at any time by adjusting your preferences on our website or by using the unsubscribe or opt-out links included in our marketing messages.

b. Right to Erasure

You may request the deletion of your Personal Data held by us, subject to any legal or regulatory retention obligations and the technical time required to complete such deletion.

c. Right of Access and Objection

You have the right to request access to your Personal Data and to object to its processing. Where your Personal Data is stored electronically in a structured format, you are entitled to receive it in a commonly used electronic format.

d. Right to Rectification

You have the right to request updates or corrections to your Personal Data at any time where such information is inaccurate or has changed.

e. Right to Data Portability

You have the right to receive your Personal Data and request that it be transferred to another Data Controller, where applicable.

f. Right to Lodge a Complaint

You have the right to lodge a complaint regarding the processing of your Personal Data.

You may exercise any of the above rights in accordance with our Data Subject Access Request (DSAR) Procedure.

5. Persons with Access to Your Personal Data

Access to your Personal Data is restricted to our employees who require it for legitimate business purposes. In addition, the following trusted third parties may have access to your Personal Data:

  • Service providers, including customer relationship management platforms, used to manage our contact database and send email communications.
  • Affiliated Third Parties who process Personal Data for the purposes outlined in this Policy and who are bound by contractual obligations to maintain comparable data protection standards under a third-party data processing agreement.
  • Professional service providers such as IT support providers and website hosting services.

We only transfer Personal Data to Affiliated Third Parties that provide adequate safeguards for the protection of your information and are contractually required to comply with applicable data protection laws. We do not sell, and will never sell, your Personal Data.

All Affiliated Third Parties are required to respect the security and confidentiality of your Personal Data, process it only for specified purposes, and act strictly in accordance with our instructions. Our professional service providers are not permitted to use your Personal Data for their own independent purposes.

6. Security and Confidentiality

All Personal Data submitted to us is stored on secure, encrypted servers with restricted access limited to authorized personnel responsible for system maintenance and security. We have implemented appropriate physical, technical, and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction.

While we take all reasonable steps to safeguard your information, no security system is entirely foolproof, and absolute security cannot be guaranteed. In the event of a Personal Data breach, such incidents will be managed in accordance with our Personal Data Breach Management Procedures.

Where required, any data breach will be reported to the National Information Technology Development Agency (NITDA) within 72 hours of occurrence. Where the breach poses a significant risk to your rights or freedoms, we will notify you promptly, outlining the nature of the breach, steps taken to address it, and measures implemented to prevent future occurrences.

Our employees are under a strict obligation to maintain the confidentiality of all Personal Data in our possession.

Please note that the transmission of data over the internet is not entirely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security of data transmitted electronically. Any electronic transmission of Personal Data is therefore undertaken at your own risk.

7. Transfer of Personal Data Outside Nigeria

The Personal Data we collect may be transferred to, stored in, or processed in countries outside Nigeria for the purposes outlined in this Policy. Data protection laws in such countries may differ from, and in some cases be less stringent than, those applicable in Nigeria.

By accepting this Policy or providing your Personal Data to us, you expressly consent to the transfer and processing of your Personal Data outside Nigeria. Notwithstanding this, we will take all reasonable measures to ensure that your Personal Data is handled securely and that any international transfer is conducted in compliance with applicable data protection laws and only to recipients that have implemented adequate safeguards to protect your information.

8. Retention of Personal Data

We retain your Personal Data only for as long as is reasonably necessary to fulfil the purposes set out in this Policy and to comply with applicable legal, regulatory, tax, accounting, or reporting requirements.

Your Personal Data may be retained for a longer period where there is a complaint, or where we reasonably anticipate litigation arising from our relationship with you.

In determining appropriate retention periods, we consider factors such as the volume, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorized use or disclosure; the purposes for which the data is processed; whether those purposes can be achieved by alternative means; and applicable legal or regulatory obligations.

Where Personal Data forms part of a document, the retention period specified in our document retention policy for that category of document shall apply.

9. Third-Party Links

Our website or email communications may contain links to third-party websites, plug-ins, or applications. Clicking on such links or enabling these connections may allow third parties to collect or share data about you.

We do not control these third-party platforms and are not responsible for their privacy practices or policies. When you leave our website, we encourage you to review the privacy policy of every website you visit.

10. Events Privacy Notice

Where you register for or participate in events organized or supported by us, your Personal Data may be processed in accordance with this Policy and any specific privacy notice provided in relation to the event. Event-related communications may also include links to third-party platforms, and we encourage you to review the privacy policies of such platforms before providing your Personal Data.

Cookie Policy

  1. Our organization and advertisers may occasionally collect information about your device to support our services. This information is collected in an aggregated and statistical manner for analytical purposes and to improve our website and services.
  2. The data collected through cookies does not personally identify you. It consists solely of aggregated statistical information about visitors and how they interact with our website. No identifiable Personal Data is shared through cookies at any time.
  3. In line with the above, data may also be collected about general website usage through cookie files. Cookies are small files automatically stored on your device's hard drive, allowing information to be transferred to your computer. These cookies help us analyze website performance and enhance user experience.
  4. You may choose to accept or decline cookies through your browser settings. You may also set your browser to notify you when cookies are being placed on your device. Please note that disabling cookies may limit access to certain features or areas of our website that rely on cookies to function properly.
  5. Some third-party advertisers featured on our website may also use cookies. We do not control these cookies and are not responsible for their use. Such cookies are only downloaded when you interact with or click on third-party advertisements.

Subject Access Request (SAR) Response Procedure

If you wish to exercise any of your data protection rights, you can submit a formal request using the button below:

  1. Click the button above to complete and submit your Subject Access Request Form.
  2. We will acknowledge receipt of your request within five (5) working days and may request additional information where necessary to verify your identity.
  3. Upon receipt of a request, we will log the request and verify the identity of the requester using the information provided in the Subject Access Request Form, together with a valid form of identification such as an international passport, driver's license, national identification card, or any other acceptable means of identification.
  4. Where a request is made by a third party (such as a legal representative or relative), we will verify their authority to act on your behalf and may contact you directly to confirm consent before disclosing any information.
  5. Once identity verification is completed, we will compile and provide the requested information in a concise, transparent, intelligible, and easily accessible format, using clear and plain language. The information may be provided in writing, electronically, or orally where appropriate, provided identity has been sufficiently verified. We may contact you for clarification or additional information to enable us to respond more efficiently.
  6. Where the requested information relates to another individual, we will seek that individual's consent before disclosure. If disclosure adversely affects the rights and freedoms of others and consent cannot be obtained, we will inform you promptly and provide reasons for our decision.

Fees and Timeframes

  • 7.1. We will respond to your request within one (1) month of receipt. Where a request is complex or multiple requests have been submitted, this period may be extended. In such cases, we will notify you and keep you informed of progress. If we are unable to act on your request, we will notify you within one month, stating the reasons and informing you of your right to lodge a complaint with the National Information Technology Development Agency (NITDA), in accordance with the NDPR.
  • 7.2. Where a request relates to a perceived violation of your data protection rights, we will take appropriate remedial steps upon confirmation. Such steps may include investigation, reporting to relevant authorities, recovery or correction of Personal Data, and enhancement of data protection controls. You will be informed of the actions taken.
  • 7.3. Information provided in response to a request will generally be provided free of charge. However, where a request is manifestly unfounded, excessive, repetitive, or burdensome, we may:
    • charge a reasonable fee reflecting the administrative cost of responding to the request; or
    • refuse to act on the request and notify you in writing, copying the National Information Technology Development Agency (NITDA).

Exceptions to Data Subject Access Rights

To the extent permitted by applicable laws, we may refuse to act on a request where at least one of the following applies:

  • Compliance with a legal obligation to which we are subject;
  • Protection of your vital interests or those of another natural person; or
  • Where processing is necessary for reasons of public interest or in the exercise of an official public mandate vested in us.

Contacting Us

We welcome any questions, requests, or concerns regarding our Data Protection and Privacy Policies or our privacy practices. Please contact us via:

By using this website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your Personal Data as described herein.

Subject Access Request Form

×
Provide as much detail as possible to help us process your request efficiently
Describe your authorization or attach relevant documentation