Privacy Policy
Introduction
As part of our operations, Wave5wireless Nigeria (“Wave5wireless” or “the Company”) collects
and processes certain types of information (such as names, telephone numbers, addresses,
etc.) of individuals that make them easily identifiable. These individuals include current, past,
and prospective employees, merchants, suppliers/vendors, customers of merchants, and other
individuals whom Wave5wireless communicates or deals with, jointly and/or severally (“Data
Subjects”).
Maintaining the Data Subject’s trust and confidence requires that Data Subjects do not suffer
negative consequences/effects as a result of providing Wave5wireless with their Personal Data.
To this end, Wave5wireless is firmly committed to complying with applicable data protection
laws, regulations, rules, and principles to ensure the security of Personal Data handled by the
Company. This Data Privacy & Protection Policy (“Policy”) describes the minimum standards
that must be strictly adhered to regarding the collection, use, and disclosure of Personal Data
and indicates that Wave5wireless is dedicated to processing the Personal Data it receives or
processes with absolute confidentiality and security.
This Policy applies to all forms of systems, operations, and processes within the Wave5wireless
environment that involve the collection, storage, use, transmission, and disposal of Personal
Data.
Failure to comply with the data protection rules and guiding principles set out in the Nigeria
Data Protection Regulation, 2019 (NDPR) as well as those set out in this Policy is a material
violation of Wave5wireless’s policies and may result in disciplinary action as required, including
suspension or termination of employment or business relationship.
Scope
This Policy applies to all employees of Wave5wireless, as well as to any external business
partners (such as merchants, suppliers, contractors, vendors, and other service providers) who
receive, send, collect, access, or process Personal Data in any way on behalf of Wave5wireless,
including processing wholly or partly by automated means. This Policy also applies to third-
party Data Processors who process Personal Data received from Wave5wireless.
General Principles for Processing of Personal Data
Wave5wireless is committed to maintaining the principles in the NDPR regarding the processing
of Personal Data.
To demonstrate this commitment as well as our aim of creating a positive privacy culture within
Wave5wireless, Wave5wireless adheres to the following basic principles relating to the
processing of Personal Data:
Lawfulness, Fairness, and Transparency
Personal Data must be processed lawfully, fairly, and in a transparent manner at all times. This
implies that Personal Data collected and processed by or on behalf of Wave5wireless must be in
accordance with the specific, legitimate, and lawful purpose consented to by the Data Subject,
save where the processing is otherwise allowed by law or within other legal grounds recognized
in the NDPR.
Data Accuracy
Personal Data must be accurate and kept up to date. In this regard, Wave5wireless:
a. shall ensure that any data it collects and/or processes is accurate and not misleading in
a way that could be harmful to the Data Subject;
b. make efforts to keep Personal Data updated where reasonable and applicable; and
c. make timely efforts to correct or erase Personal Data when inaccuracies are discovered.
Purpose Limitation
Wave5wireless collects Personal Data only for the purposes identified in the appropriate
Wave5wireless Privacy Notice provided to the Data Subject and for which consent has been
obtained. Such Personal Data cannot be reused for another purpose that is incompatible with
the original purpose, except a new Consent is obtained.
The purposes for which Wave5wireless will use your personal data include:
2. For the provision of services to you. For example, when you purchase any of our
products or services, we will use your personal data to process your order.
3. For customer care and billing. When you use our products or services, we will use your
personal information to bill you and to respond to inquiries and concerns that you may have
about our products and services.
4. Customer service messages. We will use your personal data to keep you updated with
the latest information or changes about our products and services.
5. For marketing purposes. In order to serve you better, we will use your personal data to
market our products and services to you.
6. Fraud prevention and security. We will process your personal and traffic data in order
to detect and protect you against fraud, to detect and prevent misuse or damage to our
platform.
7. Managing our platform and understanding platform usage. We do this to manage the
volume of advertising and to understand how you use our platform, products, and services.
Data Minimization
8. Wave5wireless limits Personal Data collection and usage to data that is relevant,
adequate, and absolutely necessary for carrying out the purpose for which the data is
processed.
9. Wave5wireless will evaluate whether and to what extent the processing of personal
data is necessary and where the purpose allows, anonymized data must be used.
Integrity and Confidentiality
10. Wave5wireless shall establish adequate controls in order to protect the integrity and
confidentiality of Personal Data, both in digital and physical format, and to prevent personal
data from being accidentally or deliberately compromised.
11. Personal data of Data Subjects must be protected from unauthorized viewing or access
and from unauthorized changes to ensure that it is reliable and correct.
12. Any personal data processing undertaken by an employee who has not been authorized
to carry out as part of their legitimate duties is unauthorized.
13. Employees may have access to Personal Data only as is appropriate for the type and
scope of the task in question and are forbidden to use Personal Data for their own private
or commercial purposes or to disclose them to unauthorized persons, or make them
available in any other way.
14. The Human Resources Department must inform employees at the start of the
employment relationship about the obligation to maintain personal data privacy. This
obligation shall remain in force even after employment has ended.
Personal Data Retention
15. All personal information shall be retained, stored, and destroyed by Wave5wireless in
line with legislative and regulatory guidelines. For all Personal Data and records obtained,
used, and stored within the Company, Wave5wireless shall perform periodical reviews of
the data retained to confirm the accuracy, purpose, validity, and requirement to retain.
16. To the extent permitted by applicable laws and without prejudice to Wave5wireless’s
Document Retention Policy, the length of storage of Personal Data shall, amongst other
things, be determined by:
1. the contract terms agreed between Wave5wireless and the Data Subject or as
long as it is needed for the purpose for which it was obtained; or
2. whether the transaction or relationship has statutory implication or a required
retention period; or
3. whether there is an express request for deletion of Personal Data by the Data
Subject, provided that such request will only be treated where the Data Subject is
not under any investigation which may require Wave5wireless to retain such
Personal Data or there is no subsisting contractual arrangement with the Data
Subject that would require the processing of the Personal Data; or
4. whether Wave5wireless has another lawful basis for retaining that information
beyond the period for which it is necessary to serve the original purpose.
Notwithstanding the foregoing and pursuant to the NDPR, Wave5wireless shall be entitled to
retain and process Personal Data for archiving, scientific research, historical research, or
statistical purposes for the public interest.
17. Wave5wireless would forthwith delete Personal Data in Wave5wireless’s possession
where such Personal Data is no longer required by Wave5wireless or in line with
Wave5wireless’s Retention Policy, provided no law or regulation is in force that requires
Wave5wireless to retain such Personal Data.
Accountability
18. Wave5wireless demonstrates accountability in line with the NDPR obligations by
monitoring and continuously improving data privacy practices within Wave5wireless.
19. Any individual or employee who breaches this policy may be subject to internal
disciplinary action (up to and including termination of their employment), and may also face
civil or criminal liability if their action violates the law.
Data Privacy Notice
20. Wave5wireless considers Personal Data confidential, and as such acknowledges that
same must be adequately protected from unauthorized use and/or disclosure.
Wave5wireless will ensure that the Data Subjects are provided with adequate information
regarding the use of their Personal Data as well as acquire their respective Consent, where
necessary.
21. Wave5wireless shall display a simple and conspicuous notice (Privacy Notice) on any
medium through which Personal Data is being collected or processed. The following
information must be considered for inclusion in the Privacy Notice, as appropriate in distinct
circumstances in order to ensure fair and transparent processing:
a. Description of collectible Personal Data;
b. Purposes for which Personal Data is collected, used, and disclosed;
c. What constitutes Data Subject’s Consent;
d. Purpose for the collection of Personal Data;
e. The technical methods used to collect and store the information;
f. Available remedies in the event of a violation of the Policy and the timeframe for
remedy; and
g. Adequate information in order to initiate the process of exercising their privacy
rights, such as access to, rectification, and deletion of Personal Data.
Legal Grounds For Processing Of Personal Data
The personal data we collect from our customers and how we collect it depends on the services
that our customers subscribe to, how they use our services and how they interact or interface
with us. This also applies to persons who are not customers of Wave5wireless but have
interacted with Wave5wireless. We may also obtain your personal data from a third party with
permission to share it with us.
Please note that we only process your personal data based on the grounds set out in the NDPR.
Accordingly, in line with the provisions of the NDPR, the processing of Personal Data by
Wave5wireless shall be lawful if at least one of the following applies:
d. where you give us consent to the processing of your Personal Data for one or more
specific purposes. You are at liberty to withdraw the consent and Wave5wireless will cease
to process your Personal Data where there is no other basis to do so.
e. processing is necessary for compliance with a legal obligation to which Wave5wireless is
subject;
f. processing is necessary in order to protect the vital interests of the Data Subject or of
another natural person; and
g. processing is necessary for the performance of a task carried out in the public interest or
in the exercise of official public mandate vested in Wave5wireless.
We collect your personal data when you do any of the following:
h. Buy or use any of our products and services;
i. Use our network or other Wave5wireless products and services;
j. Register for a specific product or service;
k. Fill in your information on our KYC registration form, self-service applications, social
media platforms;
l. Visit or browse our website;
m. Have given permission to other companies to share information about you;
n. Where your information is publically available;
o. Are the customers of a business we acquire or;
p. Take part in a competition, prize draw, waitlist or survey.
Personal data we have about our customers, where applicable include name, phone number,
address, sex, photograph, ID card number, etc.
Consent
Where the processing of Personal Data is based on consent, Wave5wireless shall obtain the
requisite consent of Data Subjects at the time of collection of Personal Data. In this regard,
Wave5wireless will ensure:
q. that the specific purpose of collection is made known to the Data Subject and the
Consent is requested in clear and plain language;
r. that the Consent is freely given by the Data Subject and obtained without fraud,
coercion, or undue influence;
s. that the Consent is sufficiently distinct from other matters to which the Data Subject has
agreed;
t. that the Consent is explicitly provided in an affirmative manner;
u. that Consent is obtained for each purpose of Personal Data collection and processing;
and
v. that it is clearly communicated to and understood by Data Subjects that they can
update, manage or withdraw their consent at any time.
Valid Consent
22. For Consent to be valid, it must be given voluntarily by an appropriately informed Data
Subject. In line with regulatory requirements, Consent cannot be implied. Silence, pre-
ticked boxes, or inactivity does not constitute Consent under the NDPR.
23. Consent in respect of Sensitive Personal Data must be explicit. A tick of the box would
not suffice.
Consent of Minors
In the unlikely event that we deal with minors, the consent of minors will always be protected
and obtained from minors’ representatives in accordance with applicable regulatory
requirements.
Data Subject Rights
24. All individuals who are the subject of Personal Data held by Wave5wireless are entitled
to the following rights:
a. Right to request for and access their Personal Data collected and stored. Where
data is held electronically in a structured form, such as in a database, the Data
Subject has a right to receive that data in a common electronic format;
b. Right to information on their personal data collected and stored;
c. Right to objection or request for restriction;
d. Right to object to automated decision making;
e. Right to request rectification and modification of their data which
Wave5wireless keeps;
f. Right to request for deletion of their data, except as restricted by law or
Wave5wireless’s statutory obligations;
g. Right to request the movement of data from Wave5wireless to a Third Party; this
is the right to the portability of data; and
h. Right to object to, and to request that Wave5wireless restricts the processing of
their information except as required by law or Wave5wireless’s statutory
obligations.
i. To opt out of marketing and unsolicited messages:
If you no longer want to receive marketing messages from Wave5wireless, you can choose to
opt out at any time. If you’ve previously opted in to receive personalized content based on how
and where you use our platform, you can also opt out at any time.
There are various ways to opt out:
Contact our customer services team – see the contact us page;
Click the unsubscribe icon or link from our email;
Disable push notification messages, including marketing
messages, at any time in our apps/platform by changing the
notification/alert settings on your device or by uninstalling the app;
25. Wave5wireless’s well-defined procedure regarding how to handle and answer Data
Subject’s requests are contained in Wave5wireless’s Data Subject Access Request Policy.
26. Data Subjects can exercise any of their rights by completing the Wave5wireless’s Subject
Access Request (SAR) Form and submitting it to the Company via
productsteam@Wave5wireless.com or info@Wave5wireless.com
Transfer of Personal data
Third-Party Processor within Nigeria
Wave5wireless may engage the services of third parties in order to process your Personal Data
collected by us. The processing by such third parties shall be governed by a written contract
with Wave5wireless to ensure adequate protection and security measures are put in place by
the third party for the protection of Personal Data in accordance with the terms of this Policy
and the NDPR. We may also share your personal data with law enforcement agencies where
required by law to do so.
Where applicable, Wave5wireless will share your information with:
27. Partners, suppliers, or agents involved in delivering the products and services you’ve
ordered or used.
28. Law enforcement agencies, government bodies, regulatory organizations, courts, or
other public authorities if we have to, or are authorized to by law. For example, under the
Cybercrimes Act, a law enforcement agency may request a service provider to keep or
release any traffic data, subscriber information, content, or non-content information. This is
however for law enforcement purposes only.
29. A third party or body where such disclosure is required to satisfy any applicable law or
other legal or regulatory requirements e.g to detect or prevent fraud or the commission of
any other crime.
30. A merging or acquiring entity where we undergo business reorganization e.g merger,
acquisition, or takeover.
Transfer of Personal Data to Foreign Country
31. Where Personal Data is to be transferred to a country outside Nigeria, Wave5wireless
shall put adequate measures in place to ensure the security of such Personal Data. In
particular, Wave5wireless shall, among other things, conduct a detailed assessment of
whether the said country is on the National Information Technology Development Agency
(NITDA) White List of Countries with adequate data protection laws.
32. Transfer of Personal Data out of Nigeria would be in accordance with the provisions of
the NDPR. Wave5wireless will therefore only transfer Personal Data out of Nigeria on any of
the following conditions:
j. The consent of the Data Subject has been obtained;
k. The transfer is necessary for the performance of a contract between
Wave5wireless and the Data Subject or implementation of pre-contractual measures
taken at the Data Subject’s request;
l. The transfer is necessary to conclude a contract between Wave5wireless and a
third party in the interest of the Data Subject;
m. The transfer is necessary for reasons of public interest;
n. The transfer is for the establishment, exercise, or defense of legal claims;
o. The transfer is necessary in order to protect the vital interests of the Data
Subjects or other persons, where the Data Subject is physically or legally incapable
of giving consent.
Provided, in all circumstances, that the Data Subject has been manifestly made to
understand through clear warnings of the specific principle(s) of data protection that
are likely to be violated in the event of transfer to a third country, this provision shall
not apply to any instance where the Data Subject is answerable in duly established
legal action for any civil or criminal claim in a third country.
Wave5wireless will take all necessary steps to ensure that the Personal Data is
transmitted in a safe and secure manner. Details of the protection given to your
information when it is transferred outside Nigeria shall be provided to you upon
request.
33. Where the recipient country is not on the Whitelist and none of the conditions
stipulated in Section 2 of this Policy is met, Wave5wireless will engage with NITDA and the
Office of the Honorable Attorney General of the Federation (HAGF) for approval with
respect to such transfer.
Related Policies and Procedures
COOKIES POLICY
At Wave5wireless We believe in being clear and open about how we collect and use data
related to you. This Cookie Policy applies to any Wave5wireless product or service that links to
this policy or incorporates it by reference.
This Cookies Policy explains how we use cookies and the choices you have.
By using our website (by clicking, navigating, or scrolling), you are consenting to our use of
cookies in accordance with this Policy. If you do not agree to our use of cookies, you can
prevent the installation of cookies through the settings of your browser or not use our website
at all. However, if you disable the use of cookies, this might cause some parts of this website
not to function properly for you and it may impact your user experience on this site.
What are Cookies?
Cookies are messages or small files that are placed on your web browser when you visit an
internet site. Cookies are useful and do a lot of different things, including allowing a website to
recognize a user’s device, improving the online experience, etc.
How and Why do we Use Cookies?
We use cookies when you access our websites and our online products and services to make
the site work better and to help us understand how you use our site.
Cookies enable us to offer tailored products and to understand the information we receive
about you, including information about your use of other websites and apps, whether or not
you have an account with us.
Cookies help us provide, protect and improve our products and services, by personalizing,
tailoring, and measuring the services and products we provide for a satisfactory and safe
experience. We also use them to help authentication of users, assess the performance and
functionality of our online products and services, and do analytical research.
We use two types of cookies: persistent cookies and session cookies. A persistent cookie lasts
beyond the current session and is used for many purposes, such as recognizing you as an
existing user, so it’s easier to return to Wave5wireless and interact with our Services without
signing in again. Since a persistent cookie stays in your browser, it will be read by
Wave5wireless when you return to one of our sites or visit a third-party site that uses our
Services. Session cookies last only as long as the session (usually the current visit to a website or
a browser session).
Website Privacy Notice
What is this Privacy Notice for?
Wave5wireless Nigeria (“Wave5wireless”, “the Company”, or “We”) values your Personal Data
and we are committed to protecting your privacy whenever you interact with us. Please read
this Privacy Notice (Notice) to understand our policies, processes, and procedures regarding the
processing of your personal data.
By this Notice, we explain to you how your Personal Data is collected, used, managed, and
transferred by Wave5wireless and also explain how you can update your Personal Data with us
and exercise your rights in respect of the Personal Data provided to us.
The Personal Data that we collect
We collect Personal Data that you give to us, for example, where you create an account with us,
request further information about our product, fill out a survey, or subscribe to newsletters on
our website.
We may also automatically collect some technical information when you visit our website such
as your IP address, and information about your visit, such as the pages that you viewed. This
information helps us understand customer interests and helps us improve our website. When
you visit our site, the pages that you look at, and a short text file called a cookie, are
downloaded to your computer. By visiting and using our website, you agree to our use of
cookies in line with Wave5wireless’s policies. For more details about cookies, please read our
Cookies Policy available through this
What Purpose do we use your Personal Data?
We may process your Personal Data to communicate with you (including sending marketing or
promotional materials to you), provide you with further information about our products and
how we can serve you better, respond to your purchase orders or requests; process your
application for employment with Wave5wireless or to fulfill our contractual obligations with
you. We may also process your Personal Data to comply with provisions of applicable laws.
What Constitutes your Consent?
Where the processing of Personal Data is based on consent, we shall obtain the requisite
consent at the time of collection of the Personal Data. In this regard, you consent to the
processing of your Personal Data when you access our platforms or use our services, content,
features, technologies, or functions offered on our website or other digital platforms. You can
withdraw your consent at any time but such withdrawal will not affect the lawfulness of
processing based on consent given before its withdrawal.
Who do we share your Personal Data with?
We respect your privacy and we limit the disclosure of your Personal Data to third parties. We
do not sell, give or trade any Personal Data that we obtain from you to any third party for data-
mining or marketing purposes. However, we may share your Personal Data with companies
within Wave5wireless, service providers engaged by us to provide services to Wave5wireless
subject to appropriate data security and protection. In addition, we may transfer your Personal
Data out of Nigeria in line with the requirements of the Nigeria Data Protection Regulation,
2019. We may also share your information where there is a regulatory or statutory obligation to
disclose such Personal Data in accordance with provisions of applicable laws.
Security of your Personal Data
We take the security of your Personal Data seriously and We make every effort to keep your
Personal Data secure. We have put in place technological and organizational procedures,
including requiring our staff and any third parties who carry out any work on our behalf to
comply with appropriate security standards in order to protect your Personal Data.
Retention of your Personal Data
We take appropriate measures to ensure that your Personal Data is only processed for the
minimum period necessary in line with the purposes set out in this Notice or as required by
applicable laws until a time it is no longer required or has no use. Once your Personal Data is no
longer required, we destroy it in a safe and secure manner.
Your Rights
Wave5wireless collects Personal Data only for the purposes identified in this Policy and such
information cannot be reused for another purpose that is incompatible with the original
purpose.
You can exercise the following rights with respect to your Personal Data with Wave5wireless:
w. request for and access your Personal Data collected and stored by Wave5wireless;
x. withdraw consent at any time. For example, you can withdraw your consent to the
receipt of our marketing or promotional materials or unsubscribe to our newsletters;
y. object to automated decision making;
z. request rectification and modification of Personal Data kept by Wave5wireless;
aa. request for deletion of your Personal Data;
bb. be informed of and entitled to provide consent prior to the processing of Personal Data
for purposes other than that for which the Personal Data was collected;
cc. request that Wave5wireless restricts processing of your Personal Data; and
dd. request for information regarding any specific processing of your personal data.
If you wish to exercise any of these rights, you may contact our Data Protection Officer (DPO)
using the contact details provided below. You also have the right to complain to the National
Information Technology Development Agency (NITDA) if you believe that we have violated your
privacy rights.
Changes to our Privacy Notice
Due to constant changes in technology and regulatory requirements, we may need to change
our privacy policies or update this Notice from time to time. You will always be able to find the
most recent version of our updated privacy policy on this site. You will be updated with these
changes and you retaiin the right to opt out of the service if these changes are not agreeable to
you or your business.
Contact & Communication
If you would like further information on this Notice, you may contact us at Wave5wireless
Nigeria, 17/19 Badejo Kalesanwo Street, Matori, Lagos, Nigeria. Or at hello@atmosphere.ng
Changes to the Policy
Wave5wireless reserves the right to change, amend or alter this Policy at any point in time. If
we amend this Policy, we will provide you with the updated version.
Glossary
‘‘Consent’’ means any freely given, specific, informed, and unambiguous indication of
the Data Subject's wishes by which he or she, through a statement or a clear affirmative
action, signifies agreement to the processing of Personal Data relating to him or her.
“Database” means a collection of data organized in a manner that allows access,
retrieval, deletion, and processing of that data; it includes but is not limited to structured,
unstructured, cached, and file system type Databases.
“Data Processor” means a person or organization that processes Personal Data on
behalf and on instructions of Wave5wireless Nigeria.
“DPC” means an organization registered by NITDA to provide data protection audit,
compliance, and training services to public and private organizations that process Personal
Data in Nigeria.
“Data Subject” means any person, who can be identified, directly or indirectly, by
reference to an identification number or to one or more factors specific to his physical,
physiological, mental, economic, cultural, or social identity.
“NDPR” means the Nigeria Data Protection Regulation, 2019.
“Personal Data” means any information relating to an identified or identifiable natural
person (‘Data Subject’); an identifiable natural person is one who can be identified, directly
or indirectly, in particular by reference to an identifier such as a name, an identification
number, location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person; It
can be anything from a name, address, a photo, an email address, bank details, posts on
social networking websites, medical information, and another unique identifier such as but
not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal
Identifiable Information (PII) and others.
“Sensitive Personal Data” means data relating to religious or other beliefs, sexual
orientation, health, race, ethnicity, political views, trades union membership, criminal
records, or any other sensitive personal information.
Contact Information
If you have questions or complaints regarding this Policy, you can also reach us by sending mail
to the following email addresses:
Nigeria: hello@atmosphere.ng