EEDC Connect Privacy Policy

Data Protection Policy

1.0 Introduction

Enugu Electricity Distribution Company (EEDC) is an electricity distribution company licensed by the Nigerian Electricity Regulatory Commission to distribute electricity in the South Eastern States of Nigeria.

EEDC collects a lot of information about our customers, vendors and employees (data subjects). Some of this information is processed, stored electronically and/or transmitted across networks to other computers. We understand that the personal data used for business activities should be secured and it is our responsibility to keep it confidential for the company to be trusted. Employees/third parties may have access, handle or process personal data concerning colleagues, customers, and vendors. It is essential that EEDC protects personal data and ensure that the requirements stipulated by the Nigeria Data Protection Regulation 2019 (NDPR) are complied with. Breach of data security could lead to business losses, lawsuits and financial loss.

2.0 Definitions

 

  • EEDC - Enugu Electricity distribution Company
  • NDPR – Nigeria Data Protection Regulation 2019
  • Personal Data – Any data relating to an identified or identifiable natural person (data subject); it can be anything from name, address, a photo, an email address, bank details, etc.
  • Data Subject – Any person who can be identified, directly or indirectly.
  • Data Subject Access Request – The process for an individual to request a copy of their data under a formal process.
  • DPO – Data Protection Officer
  • Processing – Any operation or set of operations which is performed on data or sets of personal data.
  • Personal Data Breach – Breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
  • Responsible Person – The person responsible for handling data within the department or company.

 

3.0 General Provisions

 

  • This policy applies to all personal data collected, stored, transmitted and processed by EEDC.
  • Our partners and vendors who process personal data on our behalf are mandated to observe the principles in this policy
  • Where applicable, EEDC shall register with relevant agencies as an organization that processes personal data.
  • Personal data shall not be shared without proper authorization.
  • Personal data shall always be captured with consent from the data subject; Data shall be encrypted when stored or transmitted electronically.
  • Personal data captured shall be processed in a secured environment and by authorized persons.

 

4.0 Policy Principles

EEDC is committed to processing data in accordance with its responsibilities under the Nigerian Data Protection Regulation (NDPR) and Global Data Regulations. This policy therefore highlights EEDC’s resolve to always ensure that data storage and handling is carried out in a fair and transparent manner and also takes cognizance of the rights of data subjects.

In consonance with the Nigerian Data Protection Regulations, EEDC takes the following considerations and principles in the collection and processing of personal data:

 

  • EEDC processes the personal data of data subjects upon such subjects’ consent and upon contract, legal obligation, vital interests, public task or lawful and legitimate interest. Such consent of the Data subject is obtained in a manner devoid of fraud, coercion or undue influence.
  • Personal Data of Data Subjects collected by EEDC are for specified, explicit and legitimate purposes with such purposes duly communicated to the data subjects.
  • EEDC only processes adequate data for relevant or desired purposes and in quantum limited to absolutely necessary purposes.
  • EEDC maintains data that is accurate and up to date without prejudice to the dignity of the data subjects. EEDC further ensures that personal data that are inaccurate with regards to the purposes for which they are processed are erased or rectified without delay.
  • EEDC keeps the Personal Data of its data subjects in a form and manner that permits identification of data subjects for only necessary periods and for the particular purposes for which the personal data are being processed. Where necessary, personal data may be stored for longer periods insofar as the personal data will be processed for archiving purposes in the public interest, scientific or historical or statistical purposes subject however to requisite technical and organizational measures.
  • When data is stored on paper, it shall be kept in a secured storage where it cannot be illegally accessed and discarded printouts shall be shredded and disposed-off securely.
  • When data is stored electronically, it shall be protected from unauthorized access, accidental deletion and malicious hacking attempts.

 

4.1 Individual Rights

 

 

5.0 Lawful, Fair and Transparent Processing

 

  • All data processed by EEDC must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
  • To ensure its processing of data is lawful, fair and transparent, EEDC shall maintain a Register of Systems.
  • The Register of Systems shall be reviewed at least annually.
  • Individuals have the right to access their personal data and any such requests made to EEDC shall be dealt with in a timely manner.
  • Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
  • Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in EEDC’s systems.
  • 6.0 Monitoring

    EEDC shall monitor how personal data is collected, stored, processed and transmitted and this shall be done in compliance with applicable regulations. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, EEDC shall promptly assess the risk to people’s rights and freedoms and if appropriate report to relevant supervisory authority within 72 hours of becoming aware of the breach.

    7.0 Confidentiality

    EEDC hereby undertakes to treat as strictly confidential any information received in whatever form whether or not it is expressly designated as being confidential, and which comes to our knowledge;, and hereby undertakes to make use of such information only for the purpose for which it is given. EEDC shall take all necessary actions to ensure that this obligation of confidentiality is respected by its employees and subcontractors. Provided however that such information may be provided by EEDC if required under any order of a competent court or the relevant government authority. EEDC shall ensure compliance with this confidentiality clause from all the employees/workers/third-party agents associated with EEDC’s operation.