📄 Data Privacy Policy for SaamSoft Systems
Effective Date: August 26, 2025
Last Updated: August 26, 2025
🏢 1. Introduction and Scope
SaamSoft Systems (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data processed through our website saamsoftsystems.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Nigeria Data Protection Act 2023 (NDPA) and the General Application and Implementation Directive (GAID) 202547. This policy applies to all personal data processing activities where we act as a Data Controller or Data Processor, regardless of whether the data subject is in Nigeria or not.
By using our website, you consent to the practices described herein. This policy covers both online and offline processing activities, excluding only processing for purely personal or household activities that do not violate fundamental privacy rights. We encourage you to read this policy carefully to understand our practices regarding your personal data.
📊 2. Information We Collect
2.1 Personal Information Provided by Users
We collect information that you voluntarily provide when:
-
Creating an account on our website
-
Submitting forms (e.g., contact forms, subscription forms)
-
Making purchases or transactions
-
Communicating with us via email or chat
-
Participating in surveys or promotions
This may include: Name, email address, phone number, physical address, payment information, employment details, and any other information you choose to provide.
2.2 Automatically Collected Information
When you visit our website, we automatically collect certain technical information through cookies and similar technologies:
-
IP address and general location data
-
Browser type and device characteristics
-
Pages visited and time spent on each page
-
Referring URLs and navigation paths
-
Cookie identifiers and tracking data
2.3 Information from Third Parties
We may receive information about you from:
-
Business partners and service providers
-
Social media platforms (when you interact with our social media presence)
-
Publicly available sources (for business-to-business marketing)
-
Payment processors and financial institutions
Table: Data Collection Methods and Purposes
| Data Category | Collection Method | Primary Purpose |
|---|---|---|
| Contact information | Direct user input | Service provision, communication |
| Payment data | Transaction processing | Order fulfillment, financial processing |
| Technical information | Automatic collection | Website analytics, security |
| Marketing data | Cookies, third parties | Personalization, advertising |
⚖️ 3. Legal Basis and Purpose for Processing
3.1 Lawful Bases for Processing
We process personal data based on one or more of the following lawful bases under the NDPA:
-
Consent: When you have given clear affirmative consent for specific purposes
-
Contract performance: When processing is necessary to fulfill a contract with you
-
Legal obligation: When processing is required to comply with Nigerian laws
-
Legitimate interests: When processing is necessary for our legitimate business interests, provided they don’t override your rights
3.2 Specific Purposes of Processing
We use your personal data for the following purposes:
-
To provide, maintain, and improve our services and website functionality
-
To process transactions and send related information (confirmations, invoices)
-
To communicate with you about products, services, promotions, and events
-
To personalize your experience and deliver content and product offerings relevant to your interests
-
For security and fraud prevention purposes, including monitoring and protecting our infrastructure
-
To comply with legal obligations and respond to lawful requests from authorities
For Sensitive Personal Data (as defined by the NDPA), we will obtain explicit consent before processing, unless another lawful basis applies under Nigerian law.
🌐 4. Data Sharing and International Transfers
4.1 Third-Party Sharing
We may share your personal data with:
-
Service providers who process data on our behalf (e.g., cloud hosting, payment processing, analytics)
-
Business partners when necessary for providing services you’ve requested
-
Professional advisors (lawyers, bankers, auditors)
-
Law enforcement or government agencies when required by law or to protect our rights
All third parties are contractually obligated to implement appropriate security measures and process data only according to our instructions.
4.2 International Data Transfers
Your personal data may be transferred to and processed in countries other than Nigeria. We ensure such transfers comply with the NDPA’s requirements by implementing appropriate safeguards, such as:
-
Adequacy decisions where the recipient country has adequate data protection laws
-
Standard contractual clauses approved by the Nigeria Data Protection Commission
-
Binding corporate rules for intra-organizational transfers
-
Explicit consent for specific transfers
Table: International Transfer Mechanisms
| Transfer Mechanism | Applicability | Safeguards Implemented |
|---|---|---|
| Adequacy decision | Countries with recognized adequate protection | Legal recognition of adequacy |
| Standard contractual clauses | Most third countries | NDPC-approved clauses |
| Explicit consent | Specific, limited transfers | Clear consent request detailing risks |
🔒 5. Data Security and Retention
5.1 Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:
-
Encryption of data in transit and at rest using TLS/SSL technology
-
Access controls and strict authentication procedures
-
Regular security assessments and vulnerability testing
-
Staff training on data protection and security practices
-
Incident response plans to address potential breaches
5.2 Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our retention periods are based on:
-
The amount, nature, and sensitivity of the personal data
-
The potential risk of harm from unauthorized use or disclosure
-
The purposes for which we process it
-
Legal requirements under Nigerian law
Typically, we retain customer data for five years after the termination of the business relationship, unless a longer period is required by law.
📝 6. Your Rights as a Data Subject
6.1 Fundamental Rights
Under the NDPA, you have the following rights regarding your personal data:
-
Right of access: To request copies of your personal data we hold
-
Right to rectification: To request correction of inaccurate or incomplete data
-
Right to erasure: To request deletion of your personal data under certain conditions
-
Right to restriction: To request limiting processing of your data in specific circumstances
-
Right to data portability: To receive your data in a structured, machine-readable format
-
Right to object: To object to processing based on legitimate interests or direct marketing
-
Rights regarding automated decision-making: To not be subject to decisions based solely on automated processing
-
Right to withdraw consent: To withdraw previously given consent at any time
6.2 Exercising Your Rights
To exercise any of these rights, please contact us using the details in Section 9. We will respond to all legitimate requests within 30 calendar days as required by Nigerian law. We may need to verify your identity before processing your request, which is a security measure to ensure your personal data is not disclosed to someone who has no right to receive it.
6.3 Complaint Procedure
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) using their Data Subjects’ Notice to Address Grievance (SNAG) mechanism7. We encourage you to first contact us directly to resolve any issues before approaching the regulatory authority.
🍪 7. Cookies and Tracking Technologies
7.1 Use of Cookies
Our website uses cookies and similar tracking technologies to collect and store information about how users interact with our services. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period).
7.2 Cookie Categories
-
Essential cookies: Required for basic website functionality and security
-
Analytical/performance cookies: Help us understand how visitors interact with our website
-
Functionality cookies: Enable enhanced functionality and personalization
-
Targeting cookies: Used to deliver relevant advertising and track campaign performance
7.3 Cookie Management
You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies. However, if you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. We provide a cookie consent banner on our website that allows you to customize your cookie preferences.
🔔 8. Policy Updates and Contact Information
8.1 Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Updated” date at the top of this policy indicates when it was last revised. We encourage you to periodically review this page for the latest information on our privacy practices. Material changes will be notified to you through appropriate channels (e.g., email notification or prominent notice on our website)
8.2 Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:
SaamSoft Systems
Email: privacy@saamsoftsystems.com
Phone: +234 815 035 8823
Address: SeeoDee Building
63 Ogunlana Drive, Surulere, Lagos, Nigeria
We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If you are not satisfied with our response, you may contact the Nigeria Data Protection Commission at:
NDPC Headquarters
Email: info@ndpc.gov.ng
Website: https://ndpc.gov.ng
Acknowledgement: This policy has been drafted to comply with the Nigeria Data Protection Act 2023 and the General Application and Implementation Directive (GAID) 2025, which becomes fully effective on September 19, 2025.