1. OUR COMMITMENT TO DATA PROTECTION

AEO Law Practice, (the “firm”) takes its data protection and information security responsibilities very seriously. The effective management of all personal data, including its security and confidentiality, lies at the heart of our business and underpins our practices and processes. This is not only conditioned by Applicable Date Protection Laws within our jurisdiction, but is also driven by our commitment to our clients and to meet their expectations of having in place robust compliance and risk management practices and protocols.

Through this privacy notice (the “Notice”), we would like to inform you about the processing of your personal data in the context of your visit to and use of this website and in the course of our business. Although our approach to data protection across our business aims to be as consistent as possible and to align with all Applicable Laws , the specific requirements, rights and obligations relating to personal data and/or our data processing activities can be different. The following descriptions of data processing, rights and obligations, and in particular the limitations to data processing derive from the the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act  2023 (NDPA) and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by these laws.

This Notice is in addition to, and does not relieve, remove or replace, our rights and responsibilities under the NDPR and NDPA 2023. In case of a conflict between a provision or requirement of the aforementioned laws and a provision of this Notice, the former shall take precedence.

2. OUR WEBSITE AND ONLINE SERVICES

In this section, we inform you about the processing of personal data in the context of your visit to, and use of, our website. Unless stated otherwise, the firm, generally controls (or jointly controls) the processing of the personal data in this regard.

2.1 OUR WEBSITE

Description and purposes of the processing	When visiting our website, your browser will contact our webserver to retrieve the sites you wish to visit. In this context, personal data such as your IP address is transferred by your browser (i.e. by HTTP/S requests) to us. This connection data is processed by our webserver to enable access to and the display of our website. Our webserver automatically saves a record of the pages you visited (so-called ‘logfiles’ or ‘session records’). We use these logfiles to ensure the security of our website, in particular to prevent unauthorised interference with it, and to enable us exercise our legal rights and obligations in regard to such unauthorised interference. Furthermore, we analyse session records to optimise our website. The results cannot be linked to your person.
Legal basis for the processing and legitimate interests for the processing	Generally, the processing activities in the context of your visit to and use of our website are based on our legitimate interests to operate an internet website for general information and communication purposes, to optimise our website and to protect it from attacks. Exceptionally, we may process personal data to fulfil our legal obligations, in particular with regard to the relevant authorities in cases of unauthorised interference with our website.
Recipients	Our IT department has access to logfiles and will pass them on to other internal or external recipients including to the relevant authorities if necessary to exercise our legal rights regarding any unauthorised interference with our website. Our website is hosted on our behalf by the hosting services provider Zoho Technologies Ltd. (#2B Bayo Olagoke Close, off Admiralty Road, Lekki Phase 1, Lagos).
Retention period	Logfiles are normally erased after 90 days. They may be stored for a longer period if necessary for the above-mentioned purposes, including for the exercise of our legal rights. All other data is erased immediately after processing the HTTP/S request.
Possible consequences of failure to provide personal data	Without processing the above mentioned personal data, you cannot display and visit our website.

 

2.2 WE USE SOCIAL PLUG-INS

Data Controller	We do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social media plug-in to the social network provider. Any data processing is determined solely by the network service provider. In the interest of transparency, we would like to inform you about the processing of your personal data in this context.
Description and purposes of the processing	To improve your user experience, our website includes social media plug-ins of the large social media networks Twitter, LinkedIn. These plug-ins allow you to directly post links to and other content from our websites on the relevant network. Upon you opening a website on which a social media plug-in is embedded, the respective social network provider Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in. For further information on the processing of personal data, please contact the respective social media provider or refer to their respective privacy policy: Twitter: twitter.com/privacy LinkedIn: linkedin.com/legal/privacy-policy
Legal basis for the processing and legitimate interests for the processing	The processing of personal data in this context by us, if any, is based on our legitimate interests to: (i) improve our website’s user experience thereby making it more attractive and thus increasing user traffic; and (ii) make our content more visible and thereby promote our business. For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy: Twitter: twitter.com/privacy LinkedIn: linkedin.com/legal/privacy-policy
Recipients	We do not have access to, nor share, any personal data in this context. For sharing of personal data by the social media provider, please contact the respective social media provider.
Transfer of personal data to third countries or international organisations	We do not transfer personal data to third countries. However, the social media plug-in will connect to the webserver of the social media network in the United States of America and Ireland. For further information on transfers and relevant safeguards regarding them, please contact the respective social media provider or refer to their respective privacy policy: Twitter: twitter.com/privacy LinkedIn: linkedin.com/legal/privacy-policy
Retention period	We do not store any personal data in this context. For storage of personal data by the social media provider, please contact the respective social media provider or refer to their respective privacy policy: Twitter: twitter.com/privacy LinkedIn: linkedin.com/legal/privacy-policy
Possible consequences of failure to provide personal data	Without processing the above mentioned personal data, you will not be able to post links to and other content from our website.

2.3 WE USE COOKIES AND SIMILAR TECHNOLOGIES

This notice supplements our privacy policy and provides information about how we use cookies and similar technologies.

Use of cookies and similar technologies

Cookies are small text files placed on your computer or other device by websites that you visit. Cookies are widely used in order to make websites and other applications work, or work more efficiently, and help them remember certain information and recognize your internet browser. Cookies may last until you close your browser (“session” cookies) or over repeat visits (“persistent” cookies).

We use cookies and similar technologies to:

• Assist you in efficiently and safely navigating and experiencing our services;
• Enable you to register, login, provide feedback and otherwise interact with our services;
• Store and honor your preferences and settings;
• Measure and analyze usage and performance data; and
• Assist us with promotional and marketing efforts (including interest-based advertising).

If you access any of our services subject to a subscription agreement or other contract between us and your organization, cookies and similar technologies will be used as necessary for the performance of that contract and for our legitimate business operations related to providing the service.

TYPES OF COOKIES

We use the following types of cookies:

• Essential cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
• Performance cookies:These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
• Functionality cookies:These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
• Targeting cookies:These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.
• Social media cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.
• Anonymized analytical cookies: These cookies ensure that anonymous data about your surfing behavior is collected every time you visit the website. This way we can see how visitors use the website and improve on that basis. We use anonymized analytical cookies for:
• tracking the number of visitors to our web pages;
• tracking the amount of time each visitor spends on our web pages;
• keeping track of the order in which, a visitor visits the different pages of our website;
• assessing which parts of our site need updating;
• measuring and optimizing the performance of our marketing campaigns;
• redirecting traffic from different channels.

Details about the cookies set by our websites and by third parties, including service providers acting on our behalf, are listed directly on the site or in the cookie control tool made available on the site.

How to manage cookies

Data Controller	Data processing activities in the context of global business development initiatives are generally controlled by AEO Law Practice and is designated as a single point of contact for data subjects under the NDPR and NDPA.
Description and purposes of the processing	In the conduct of our business we engage in different business development and related activities with current and potential clients and other relevant third parties. For these purposes, we process certain “business development data” such as: contact information (e.g. name, work address, telephone numbers, e-mail, position), communication data, and other business-related information; data on (marketing) preferences and fields of interest; and/or data on past participation in marketing initiatives. These data are provided directly by, or obtained from, the relevant data subject or other business contacts and sources (e.g. business information services, public sources or registers).
Legal basis for the processing and legitimate interests for the processing	The processing is based on our legitimate interest to pursue business development initiatives, or, as the case may be, in order to take steps at the request of a data subject prior to entering into a contract.
Recipients	As a local firm with an online presence in the conduct of our business, we share certain business development data within the organization and third party applications like Google Analytics. On a case-by-case basis, we may also share certain business development data with our business partners (for example law firms from our “StrongerTogether” network) and certain other parties that assist us with our business development activities in the ordinary course of our business (e.g. marketing services providers).
Transfer of personal data to third countries or international organisations	As a local law firm with an online presence, we may share business development data with certain third parties supporting us with the administration of our activities in the ordinary course of our business. Adequate safeguards for personal data transfers where necessary with certain other third parties) will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Applicable Data Protection Laws. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities.
Retention period	We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it.
Possible consequences of failure to provide personal data	Where we collect business development data directly from you, you continue to retain full discretion over how and what you disclose to us. There are no negative consequences if you do not provide us business development data.

You can manage the use of certain types of cookies by amending your cookies settings via the links in the cookie list on the site or in the cookie control tool made available on the site. You also may be able to block or delete cookies by selecting the appropriate settings on your browser privacy preferences menu.

You can also manage many cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the US-based YourAdChoices, the Canada-based AdChoices or the EU-based Your Online Choices.

Certain content and features in our services depend on cookies to function. For example, authentication cookies are used to identify and recognize registered users and to enable them to gain access to requested content or features. If you choose to block cookies, you cannot sign in or use certain content or features. If you choose to delete cookies, any settings and preferences dependent on those cookies will be lost.

USE OF WEB BEACONS AND OTHER TECHNOLOGIES

Some of our websites, applications and electronic communications contain electronic tags known as web beacons, gifs or pixel tags, unique identifiers and similar technologies that help deliver cookies, measure online activity, provide more relevant advertising, or analyze the effectiveness of our promotional campaigns or other operations.

We may also use technologies from third-party data security providers to maintain online security and protect our websites and other services against fraud and abuse.

3. PROMOTING OUR SERVICES

In this section of our Notice, we inform you about the processing of personal data in relation to promoting our services and how we ensure compliance with the NDPR and NDPA (or other applicable legal requirements with equivalent effect). Where we collect data from other nationals the NDPA and NDPA does not apply, as it would apply to Nigerians resident in our jurisdiction and Nigerians in diaspora these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively Applicable Data Protection legislations.

3.1 GENERAL

We will only process your personal information where we are permitted to do so by law, meaning when we have one or more legal basis to do so.  This provision explain how we process your personal information depending on the context of how personal information typically comes into our care, and include further information about the legal basis or bases that we rely on in those circumstances. 

In certain circumstances, we rely on the legal ground known as ‘legitimate interests’ to process your personal information.  This is where the processing of your personal information is necessary to pursue our legitimate interests in a way which is reasonably expected as part of running our business, but which is not detrimental to you and would have minimal impact on your privacy.  We undertake an assessment of any potential impact on your privacy before we process your personal information for our legitimate interests.

Insofar as we wish to use your personal information for purposes other than those mentioned above, we will check whether these additional purposes are compatible with the original purposes within the meaning of the Nigerian extant legislations on data processing.  Depending on the circumstances, we will inform you about the change of purpose and obtain your consent for the further processing of your personal information.

If you would like more details about the specific legal basis we are relying on to process your personal information where more than one legal basis has been set out in the relevant subsection below, please email us as at PrivacyTeam@aeolawpractice.com.

 

3.2 We process special category personal data, as necessary, with your consent.

3.2.1 TYPES OF PERSONAL DATA

• Identification information, e.g. title, name, the company you work for, and your job title or position.
• Contact information, e.g. your address, email address, phone number, and marketing preferences.
• Personal data contained in documents and correspondence exchanged with you or relating to you, including statements and opinions of yours or statements about you or opinions of you.
• Financial information, e.g. bank and payment card details.
• Technical information, e.g. IP address, details of visits made to our premises such as turnstile/ swipe card access logs, and details of visits made to our online services such as the volume of traffic, statistics concerning which articles or content you have viewed, online registration details and login credentials.
• Diversity, health, religious beliefs or other special category personal information.
• Images, e.g. CCTV footage taken at our premises and photos taken at our seminars or events.
• Any other information relating to you which you may provide to us.

3.2.2 COLLECTION

• Directly from you, e.g. when you register for our online or in-person events, seminars, or webinars, or to receive communications from us, or when you subscribe to our online services or provide information through electronic platforms made available to you in connection with services that we provide to you. We use third party software to help us manage our email communications. When we send you such communications, we gather information through unique links contained within them which enable us to track who opens particular articles or emails so that we can assess their relevance and improve how we interact with you. In doing so, we do not use any technology (e.g., cookies) to store or access data on your device.
• Via our website, e.g. connection data sent to our webserver by your browser when you connect to our website.
• Via web based services such as our tech-based client solutions and sector-specific blogs, e.g. some analytical information may be collected through electronic platforms made available to you in connection with services that we provide to you.
• Other publicly available sources, subject always to our obligations under applicable law.

3.2.3 USE

• To complete any request you may make in relation to your marketing preferences, or other preferences relating to our communications with you.
• To provide and improve our services and products, e.g. by monitoring and recording information relating to web based services such as how and when systems are accessed and how data is uploaded, to analyse performance, subject always to our obligations under applicable law.
• To promote our services and to contact you with communications about legal updates, breaking news, newsletters and events.
• For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
• Subject always to our obligations under applicable law, to improve your experience of our website, newsletters and other services, e.g. by monitoring and recording information relating to your browsing behaviour to make personalised content available to you more efficient and relevant.
• To facilitate our internal business operations, e.g. internal record keeping and accounting.
• Subject always to our obligations under applicable law to monitor and analyse our interactions with you to improve our relationship with you and help us to grow and develop our business.
• For information and physical security and the prevention and detection of criminal and dishonest activity, including to ensure the security of our website and premises, and protect our information systems against data breaches, viruses and similar threats, e.g. by monitoring patterns of activity, and scanning communications for appropriate content, attachments and viruses.

3.2.4 DISCLOSURE

Your personal information may be transferred:

• to service providers who support the operation of our business;
• to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where and to the extent that we are compelled to do so by law, regulation or professional obligations; and
• to other third parties in limited circumstances, e.g. where we run a joint seminar/ webinar with a third party that you wish to attend (and where the event is a webinar, your registration name may be visible to other attendees during the event).  

Some of these recipients may be acting as data controllers. In all cases, the personal information of yours that we share will be limited to the minimum required for the relevant purpose and subject to the appropriate provisions and safeguards regarding data subjects’ rights, information security, disclosure, confidentiality and data protection.

4. RETENTION

Your personal information is retained by us in accordance with applicable law and regulation.   Our data retention periods vary depending on the location, nature and context of the personal information that we have in our care, and are calculated taking into account the following factors:

• potential claims or litigation;
• guidance from official bodies such as relevant data protection supervisory authorities and professional regulatory bodies;
• how long we need to keep the data to fulfil the original purpose for which it was collected;
• the nature and sensitivity of personal data; and
• legal obligations to which we are subject.

This means that, in general, we delete personal information when: the purpose for its processing has been fulfilled or the contractual relationship with our client, you or your company has ended; all mutual claims have been fulfilled; and there are no other legal obligations to retain the personal information nor legal bases for further processing.  Typically, we retain personal information in client files for 10 years after the completion of the matter, unless there are specific circumstances compelling us to retain the client files for a longer period.

More information about your rights in respect of the personal information of yours in our care, including how to contact us to exercise these or with questions around our retention practices in respect of your personal information is set out in section 5 of this Policy.

5. YOUR RIGHTS

The following rights are provided for under the Nigerian data protection regimes:

• to be informed about the collection and use of your personal information;
• to ask whether we process your personal information and request a copy of it if so;
• to object to decisions that we may make based solely on the automated processing of your personal information;
• in certain circumstances, to object to processing of your personal information where we do so for the purposes of our legitimate interests; 
• to request that any inaccurate or incomplete personal information of yours in our care is rectified or competed;
• in certain circumstances, to restrict our processing of your personal information;
• in certain circumstances, to receive your personal information or have your personal information transmitted to another organisation in a structured, commonly used and machine readable format;
• in certain circumstances, to request that we delete your personal information; and
• to object to our processing of your personal information for direct marketing purposes.

Not all of these rights are absolute, which means that they may only apply in certain situations and may  

be subject to legal exceptions and exemptions.  To exercise your rights, please email us at DataSubjectRequest@aeolawpractice.com. 

You may change your marketing preferences or let us know that you no longer wish to receive any marketing communications from us by:

• logging into your AEO Law Practice account and updating your preferences (via our website or via the link at the foot of each email that you have received from us) – please note it may take up to 72 hours for changes to take effect; or
• sending an email to PrivacyTeam@aeolawpractice.com; or call 08091336859 to notify and register your intention.

6. LINKS TO OTHER WEBSITES

We sometimes provide you with links to other websites, but these websites are not under our control. We are not liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by those websites.

We recommend that you check the privacy policy and terms and conditions on each website to see how each third party will process your information.

By clicking on the I agree button, you consent to allow the provisions of this privacy notice legally bind you with the firm.