Privacy Policy
Triple Helix Nigeria is committed to protecting your privacy and handling your personal data responsibly, lawfully and transparently in line with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR).
Last updated: 26 May 2026
1. Introduction
This Privacy Policy explains how Triple Helix Nigeria (“THN”, “we”, “us” or “our”) collects, uses, stores, shares and protects the personal data of individuals (“you”, “data subjects”) who interact with us, including visitors to our website, members, partners, event attendees, job applicants and members of the public.
By using our website or providing your personal data to us, you acknowledge that you have read and understood this policy. Where required by law, we will obtain your consent before processing your personal data.
2. Who we are
Triple Helix Nigeria is the data controller responsible for your personal data. This means we determine the purposes and means by which your personal data is processed. Our data protection practices are overseen by our Data Protection Officer (DPO), whose contact details are provided in the “Contact us” section below.
3. Personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
- Identity data — full name, title, date of birth and gender.
- Contact data — email address, phone number, postal address.
- Professional data — employer, job title, qualifications, CV and other details you provide when applying for roles or membership.
- Transaction data — records of membership, donations, payments and event registrations.
- Technical data — IP address, browser type, device information and cookies (see “Cookies and tracking”).
- Communications data — your correspondence with us and your contact preferences.
We do not generally seek to collect sensitive personal data (such as data revealing health, religious or political beliefs). Where we do, we will rely on your explicit consent or another lawful basis permitted under the NDPA.
4. How we collect your data
We collect personal data:
- Directly from you, when you fill out a form, register for an event, apply for a role, subscribe to updates or contact us;
- Automatically, through cookies and similar technologies when you use our website;
- From third parties, such as partner organisations, referees or publicly available sources, where lawful.
5. Lawful basis for processing
Under the NDPA, we only process your personal data where we have a lawful basis to do so. These include:
- Consent — where you have given clear consent for a specific purpose;
- Contract — where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract;
- Legal obligation — where we must process your data to comply with the law;
- Legitimate interest — where processing is necessary for our legitimate interests and is not overridden by your rights;
- Public interest — where processing is necessary to carry out a task in the public interest.
6. How we use your data
We use your personal data to:
- Provide, administer and improve our services, programmes and events;
- Manage your membership, partnership or job application;
- Respond to your enquiries and communicate with you;
- Send you updates, newsletters and information where you have requested them;
- Comply with our legal and regulatory obligations;
- Maintain the security and integrity of our website and systems.
8. International transfers
Where we transfer your personal data outside Nigeria, we will ensure that an adequate level of protection is in place as required by the NDPA — for example, where the recipient country provides adequate protection, where appropriate safeguards (such as contractual clauses) are in place, or where you have given your consent.
9. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting or reporting requirements. When data is no longer required, we securely delete or anonymise it.
10. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include access controls, encryption where appropriate, and staff confidentiality obligations. In the event of a personal data breach that poses a risk to your rights, we will notify the National Data Protection Commission (NDPC) and, where required, affected individuals.
11. Your rights
Under the NDPA, you have the right to:
- Be informed about how your personal data is processed;
- Access the personal data we hold about you;
- Request correction of inaccurate or incomplete data;
- Request deletion of your data in certain circumstances;
- Object to or restrict processing of your data;
- Withdraw consent at any time, where processing is based on consent;
- Data portability, where applicable;
- Lodge a complaint with the National Data Protection Commission.
To exercise any of these rights, please contact our Data Protection Officer using the details below. We will respond within the timeframes required by law.
13. Complaints
If you have concerns about how we handle your personal data, we encourage you to contact us first so we can address them. You also have the right to lodge a complaint with the National Data Protection Commission (NDPC), the regulatory authority for data protection in Nigeria.
14. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised “Last updated” date.
15. Contact us
For any questions about this Privacy Policy or to exercise your data protection rights, please contact our Data Protection Officer:
Triple Helix Nigeria — Data Protection Officer