PRIVACY POLICY
INTRODUCTION

This Privacy Policy covers how we, EKEDC, and our affiliates handle personal data when you interact with us through our website, mobile app or in person (including by phone or when visiting any of our office).
At Eko Electricity Distribution Company [“EKEDC”], we believe strongly in fundamental privacy rights as embedded in all applicable laws and regulations, such as but not limited to the Nigerian Data Protection Act 2023 (NDPA), which binds us and all customers and representatives (data subjects) whose personal data we process.
Personal Data includes any information that directly identifies you (e.g., name) or can reasonably be linked to you (e.g., device serial number).
By accepting this Privacy Policy, you consent to EKEDC collecting and using your Personal Data as allowed by law including but not limited to conducting credit checks with a licensed Credit Bureau Entity, with the right to withdraw consent readily available subject to legal obligations.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and we may provide you with additional notice (such as by adding a statement to the homepages of our website or mobile app, or by sending you an email notification).
We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy. 
 

 1.       LAWFUL BASIS FOR PROCESSING YOUR INFORMATION

All Personal Data that we collect and process is justified by one or more of the following lawful reasons:

·   You have given consent to the processing;

·    Processing is necessary for the performance of a contract which you are a party or to take steps to enter into a contract;

·    Processing is necessary for compliance with legal and regulatory obligations to which we are subject;

·    Processing is necessary in order to protect your vital interests or another natural person; and

·    Processing is necessary for the performance of a task carried out in the public interest.

·    Processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and freedoms, are not incompatible with any of the above lawful bases, or beyond your reasonable processing expectations.

  1.       TYPES OF PERSONAL DATA WE PROCESS

We may collect and process the following information about you: 

  ·   Information you provide to us, for example, when you fill out a contract or web form, or if you register to receive alerts or updates.

  ·   When you provide your Personal Data while signing up for a service or purchasing a product.

  ·   Personal Data that we obtain or learn, such as information about the browser or device you use to access this site (“cookies”), how you use this site and the pages you visit, traffic and location data.

  ·  When you contact our customer support, whether by phone, email, or chat

We may request information to help resolve site issues or invite you to take part in research surveys, which are optional.

 2.     MEANS OF COLLECTING DATA

     We use different methods to collect Personal Data from and about you including through:

1. Direct interactions and provision: You may provide us with your Personal Data through visits to our premises, application forms, contracts, our website, or by communicating with us via post, phone, email, helpline, webchat, or similar platforms—particularly when applying for services, giving feedback, or contacting us.

2. Digital technologies or interactions: When you use our website, we automatically collect technical and profile information—such as device details, browsing behaviour, and usage patterns—through cookies, server logs, and similar tools.

3. Cookies: A cookie is a small text file that is stored on a user's computer for record-keeping purposes. Cookies are used to recognise you the next time you visit our website automatically. As a result, the information which you have earlier entered in certain fields on the website, may automatically appear the next time when you use our website. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. Please note that some parts of this website may become inaccessible or not function properly if you disable or refuse cookies.

4. From third parties under circumstances, some of which are recognised in this Policy.

  3.       USE OF YOUR PERSONAL DATA

      We may use your Personal Data as follows:

   ·   Provide, maintain, and improve our services.

   ·   Provide and deliver the products and services you request, process bill payment transactions, and send you related information, including confirmations.

   ·  Verify your identity and prevent fraud.

   ·  Send you technical notices, updates, security alerts and support, and administrative messages in line with our business with you.

   ·   Respond to your comments, questions, and requests and provide customer service.

   ·    Communicate with you about products, services, offers, promotions, rewards, and events offered by EKEDC and others, and provide news and information we think will be of interest to you.

   ·  Monitor and analyse trends, usage, and activities in connection with our services.

   ·  Personalize and provide advertisements, content or features to improve EKEDC’s services.

   ·  Process and deliver contest or promotion entries and rewards.

   ·    Link or combine with information we get from others to help understand your needs and provide you with better service.

-          Conduct credit checks and collect liability reports from licensed Credit Bureau Entities.

    ·  Carry out any other purpose for which the Personal Data was collected.

  4.       DISCLOSURE OF YOUR PERSONAL DATA

EKEDC will disclose your Personal Data to third parties in the following circumstances:

      ·   With your consent or based on our contract with you, we may provide such Personal Data to affiliated companies or other trusted businesses or persons for the purpose of processing Personal Data on our behalf. We require that these parties agree to process such Personal Data based on our instructions and in compliance with the Applicable Laws and any other appropriate confidentiality and security measures. Where they no longer need your Personal Data to fulfil this service, they will dispose of the details in line with Applicable Laws.

      ·   In response to a request for Personal Data, if we are required by, or we believe disclosure is in accordance with, any Applicable Law.

      ·   With relevant regulatory authorities, law enforcement officials, a court order, and investigators, in line with our legal obligation.

      ·    In connection with, or during negotiations of, any merger, sale of EKEDC assets, financing or acquisition of all or a portion of our business to another company on the basis of your existing contract with us or consent; and

      ·   With your consent or at your direction, including if we notify you that the Personal Data you provide will be shared in a particular manner and you provide such Personal Data.

5.     STORAGE AND TRANSFER OF YOUR PERSONAL DATA

We process Personal Data in digital and physical formats. Physical records Physical records are secured in a locked fireproof safe while digital data is stored on cloud platforms with data centres located both within and outside Nigeria.

By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of your information within Nigeria and to other countries where we or our cloud service providers operate. Where data is transferred outside Nigeria, we ensure that the recipient country has data protection laws that are adequate and comparable to those in Nigeria.

Note that where your data is transferred to other countries there might be an increased risk with your personal information, particularly where such jurisdiction is not subject to the same level of protection as in Nigeria.

We take reasonable steps to mitigate these risks, including through the use of contractual safeguards (such as Standard Data Protection Contractual Clauses), security measures, and by ensuring that third parties processing data on our behalf adhere to high data protection standards.

  6.       SECURITY

EKEDC takes reasonable measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.

We protect your Personal Data through strict policies, digital and physical safeguards such as firewalls, encryption, restricted access, and staff training to prevent data breaches, including using measures such as encryption, access controls, multi-factor authentication, security testing, audit logs, staff training, and data retention policies.

7.   PERSONAL DATA RETENTION PERIOD

We keep Personal Data only as long as needed or as required by law, and securely delete it once no longer necessary or upon request, in line with applicable regulations.

8.   YOUR RIGHTS AS A DATA SUBJECT

At any point while we are in possession of or processing your Personal Data, you, the data subject, have the following rights, including the right to:

     ·   withdraw your consent at any time of our processing of your data

     ·   request access to a copy of the information that we hold about you in a commonly structured format.

     ·   Lodge a complaint with the Nigeria Data Protection Commission if you have a reason to believe that your rights have been violated at (https://ndpc.gov.ng/)

·                  correct data that we hold about you that is inaccurate or incomplete subject to verification of the accuracy of the new data provided.

     ·   request for the data we hold about you to be erased from our records.

     ·   restrict our processing activities on your data

     ·   request that the data we hold about you be transferred to another organisation

     ·   object to certain types of processing such as direct marketing

object to automated processing, including profiling.

9.   BREACH/PRIVACY VIOLATION

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, EKEDC shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to the Commission. Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we as soon as reasonably practicable upon knowing the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting therefrom and any course of action to remedy said breach.

10. FILING A COMPLAINT

In the event you are dissatisfied with how we process your data, we advise that you submit your complaint through our Data Protection Officer (DPO), whose details are provided below:

Name: The Data Protection Officer, Eko Electricity Distribution Plc

Email: [email protected] 

Phone Number: 09070400364/0812992907

Office Address: 24/25 Marina Rd, Lagos Island, Lagos State.

If you have reasons to believe that your Personal Data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your Personal Data, you have the right to lodge a complaint with the Commission. The contact details are:

Nigeria Data Protection Commission

Tel: +234 (0) 916 061 5551

Email: [email protected]

Website: https://ndpc.gov.ng/

Where you remain dissatisfied, you reserve the right to explore other appropriate legal remedies as guaranteed under Nigerian law.

 1.      QUESTIONS OR CONCERNS

  If you have any questions or concerns about this Privacy Policy or would like to contact us for any reason, you can contact us at   [email protected]