HKG & Co

Privacy Policy

Effective Date: 12 August 2024

1. Introduction

Hassan Kehinde Garuba & Co. ('HKG & Co', 'we', 'us', or 'our') is committed to protecting the privacy and confidentiality of information we collect from our clients, prospective clients, website visitors, and other individuals. This Privacy Policy describes how we collect, use, disclose, and protect personal data in compliance with the Nigeria Data Protection Act (NDPA) 2023 and other applicable data protection laws.

This policy outlines the principles that govern our processing of personal data. As a law firm, we are bound by professional duties of confidentiality which apply in addition to the provisions of this policy.

2. Data Controller

HKG & Co is the data controller for the personal data we process. Our contact details are:

Email: info@hkgandco.com

Phone: +2348111659488

Any inquiries regarding our use of your personal data should be addressed to the contact details above.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity and Contact Data: Includes your full name, title, email address, telephone number, postal address, and other contact information.

Client Service Data: Personal data provided to us by or on behalf of our clients, and data we create in the course of providing legal services. This may include special categories of personal data where necessary for a specific legal matter.

Financial and Payment Data: Includes bank account details, payment card information, and billing address for the purpose of processing payments and managing financial transactions.

Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

Recruitment Data: Includes your curriculum vitae (CV), cover letter, educational background, employment history, and other information provided when you apply for a position at our firm.

Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.

4. How We Use Your Personal Data and Legal Basis

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

To Perform a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., to provide legal services). Our legal basis is the necessity of processing for the performance of a contract.

Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests. This includes providing legal services, managing our business, and marketing our services. Our legal basis is our legitimate interest.

Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., anti-money laundering checks). Our legal basis is compliance with a legal obligation.

Consent: Where you have given us explicit consent to do so. You have the right to withdraw consent at any time by contacting us.

5. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your data with:

Third-party service providers: such as IT and administrative service providers, who are contractually bound to protect the data.

Professional advisers: including other lawyers, auditors, and insurers.

Courts, tribunals, and regulatory authorities: as required to carry out our legal services or as required by law.

Law enforcement agencies: where required by law.

6. International Data Transfers

In the course of providing our services, we may need to transfer your personal data outside of Nigeria. We will ensure that any such transfer is compliant with the NDPA 2023, typically by ensuring the recipient country has an adequate level of data protection or by implementing appropriate safeguards, such as standard contractual clauses.

7. Data Security

We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to those employees, agents, and other third parties who have a business need to know.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law, we are required to keep basic information about our clients for a minimum of six years after they cease being clients.

9. Your Legal Rights

Under the NDPA 2023, you have the right to:

Request access to your personal data.

Request correction of the personal data that we hold about you.

Request erasure of your personal data.

Object to processing of your personal data.

Request restriction of processing your personal data.

Request the transfer of your personal data to you or to a third party.

Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us. You will not have to pay a fee to access your personal data, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated 'Effective Date' and the updated version will be effective as soon as it is accessible. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.