NDPR Compliance Statement

Last Updated: April 27, 2026

Nigeria Data Protection Act 2023 (NDPA 2023) & Nigeria Data Protection Regulation (NDPR) Compliant

Fully Compliant

NEM Insurance Salvage Auction Platform is fully compliant with NDPA 2023 and NDPR requirements

1. Our Commitment to Data Protection

NEM Insurance Plc ("we", "us", or "our") is committed to protecting the privacy and personal data of all users of our Salvage Auction Platform. We comply with:

  • Nigeria Data Protection Act 2023 (NDPA 2023) - The primary data protection law in Nigeria
  • Nigeria Data Protection Regulation (NDPR) - Issued by the Nigeria Data Protection Commission (NDPC)
  • NITDA Guidelines - National Information Technology Development Agency guidelines
  • Insurance Industry Regulations - NAICOM data protection requirements

2. Data Protection Principles

We adhere to the following data protection principles as required by NDPA 2023:

2.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate how we collect, use, and protect your data.

2.2 Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes only. We do not process data in a manner incompatible with those purposes.

2.3 Data Minimization

We collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

2.4 Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay.

2.5 Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law (7 years for financial records, 5 years for KYC data).

2.6 Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure data security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

2.7 Accountability

We are responsible for and can demonstrate compliance with all data protection principles through documentation, policies, and regular audits.

3. Legal Basis for Processing

We process personal data based on the following lawful grounds under NDPA 2023:

  • Consent: You provide explicit consent when creating an account and accepting our Terms of Service
  • Contract Performance: Processing is necessary to perform our contract with you (auction participation, payments)
  • Legal Obligation: Processing is required to comply with Nigerian laws (KYC/AML, tax reporting, insurance regulations)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (fraud prevention, platform improvement)

4. Data Subject Rights

Under NDPA 2023, you have the following rights regarding your personal data:

Your Rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
  • Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC)

How to Exercise Your Rights: Contact our Data Protection Officer atdpo@neminsurance.com. We will respond within 30 days as required by NDPA 2023.

5. Data Security Measures

We implement comprehensive technical and organizational security measures:

Technical Measures

  • • TLS/SSL encryption in transit
  • • AES-256 encryption at rest
  • • Multi-factor authentication
  • • Regular security audits
  • • Intrusion detection systems
  • • Automated backup systems

Organizational Measures

  • • Access control policies
  • • Employee training programs
  • • Data protection impact assessments
  • • Incident response procedures
  • • Vendor security assessments
  • • Regular compliance audits

6. Data Breach Notification

In compliance with NDPA 2023 Section 41, we have established procedures for data breach management:

72-Hour Notification Requirement

In the event of a personal data breach, we will:

  • 1. Notify the Nigeria Data Protection Commission (NDPC) within 72 hours
  • 2. Notify affected data subjects without undue delay
  • 3. Provide details of the breach, its likely consequences, and remedial measures
  • 4. Document all breaches in our breach register

7. International Data Transfers

Some of our service providers process data outside Nigeria. We ensure adequate protection through:

  • Standard Contractual Clauses: Approved by NDPC for international transfers
  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Binding Corporate Rules: For transfers within multinational organizations
  • Explicit Consent: Where required for specific transfers

Our International Partners: Google Cloud (USA - adequacy decision), Paystack (Nigeria), Dojah (Nigeria), Vercel (USA - standard contractual clauses)

8. Data Protection Officer (DPO)

As required by NDPA 2023, we have appointed a Data Protection Officer responsible for:

  • Monitoring compliance with NDPA 2023 and NDPR
  • Advising on data protection impact assessments
  • Serving as the point of contact for data subjects and NDPC
  • Conducting regular data protection audits
  • Providing data protection training to staff

Contact Our DPO:

Email: dpo@neminsurance.com

Phone: +234 (0) 1 234 5678

Address: 199 Ikorodu Road, Obanikoro, Lagos, Nigeria

9. Third-Party Data Processors

We engage the following third-party processors, all of whom are contractually bound to NDPA 2023 requirements:

ProcessorPurposeLocation
PaystackPayment processingNigeria
DojahKYC verificationNigeria
Google CloudAI services, hostingUSA (adequacy)
VercelPlatform hostingUSA (SCC)

10. Compliance Monitoring & Audits

We conduct regular compliance monitoring activities:

  • Quarterly Internal Audits: Review of data processing activities
  • Annual External Audits: Independent assessment by certified auditors
  • Data Protection Impact Assessments (DPIAs): For high-risk processing activities
  • Staff Training: Mandatory annual data protection training for all employees
  • Vendor Assessments: Regular review of third-party processor compliance

11. Filing a Complaint with NDPC

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Nigeria Data Protection Commission:

Nigeria Data Protection Commission (NDPC)

Website: www.ndpc.gov.ng

Email: info@ndpc.gov.ng

Phone: +234 (0) 9 461 4000

Address: National Information Technology Development Agency (NITDA) Complex, Abuja, Nigeria

12. Updates to This Statement

We review and update this NDPR Compliance Statement annually or when there are material changes to our data processing activities or applicable laws. The "Last Updated" date at the top of this page indicates when this statement was last revised.

Compliance Certification

This NDPR Compliance Statement was prepared in accordance with the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation. NEM Insurance Plc certifies that:

  • ✓ We have implemented all required technical and organizational measures
  • ✓ We have appointed a qualified Data Protection Officer
  • ✓ We conduct regular data protection impact assessments
  • ✓ We maintain comprehensive records of processing activities
  • ✓ We have established procedures for data breach notification
  • ✓ We respect and facilitate the exercise of data subject rights

Signed: Data Protection Officer, NEM Insurance Plc | Date: April 27, 2026

Related Documents

Privacy Policy

How we collect and use your data

Terms of Service

Platform usage terms and conditions

Cookie Policy

How we use cookies and tracking

Back to Home