Legal Information

Privacy Policy & Data Protection

Your privacy and data security are fundamental to our operations. This policy outlines how we collect, use, protect, and manage your information.

Last Updated: January 17, 2026
NDPR Compliant
Version 3.2
Quick Navigation:

Privacy Policy Overview

At Marshall Point Technologies Ltd., we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you interact with our services, visit our website, or engage with our technology solutions.

We comply with the Nigeria Data Protection Regulation (NDPR), General Data Protection Regulation (GDPR) where applicable, and other relevant data protection laws. By using our services, you consent to the practices described in this policy.

Security First

Enterprise-grade security measures protect your data 24/7

Transparency

Clear communication about how we handle your information

Compliance

Full adherence to NDPR, GDPR, and international standards

Our Core Privacy Principles

Lawful Processing

We process data only with legal basis and explicit consent

Purpose Limitation

Data collected for specific, legitimate purposes only

Data Minimization

We collect only what's necessary for our services

Storage Limitation

Data retained only as long as required by law or purpose

Information We Collect

We collect various types of information to provide and improve our services. Below is a comprehensive breakdown of the data we may collect when you interact with Marshall Point Technologies.

Personal Identification Information

Information that identifies you as an individual when you register for our services, request quotes, or engage with our platform.

  • Full Name
  • Email Address
  • Phone Number
  • Job Title
  • Company Name
  • Business Address
  • Industry Sector
  • Professional Credentials

Usage and Technical Data

Automatically collected information about how you interact with our website and services to improve user experience and system performance.

  • IP Address
  • Browser Type & Version
  • Device Information
  • Operating System
  • Pages Visited
  • Time Spent on Pages
  • Referral Source
  • Click Patterns

Business Transaction Data

Information related to your business relationship with us, including service requests, contracts, and payment details.

  • Service Inquiries
  • Quote Requests
  • Contract Details
  • Project Specifications
  • Billing Information
  • Payment History
  • Service Usage Logs
  • Support Tickets

Communication Records

Records of your communications with us through various channels to provide better service and maintain accurate records.

  • Email Correspondence
  • Phone Call Logs
  • Live Chat Transcripts
  • Meeting Notes
  • Feedback & Surveys
  • Social Media Interactions

How We Collect Information

Direct Collection

Information you provide directly through forms, registrations, and communications

Automated Collection

Data collected automatically through cookies, analytics, and tracking technologies

Third-Party Sources

Information from business partners, public databases, and marketing platforms

How We Use Your Information

We use the collected information for specific, legitimate business purposes that benefit both our organization and our clients. All data usage complies with applicable data protection regulations.

Service Delivery & Operations

  • Provide, maintain, and improve our technology solutions and services
  • Process and fulfill service requests, quotes, and contracts
  • Manage user accounts, authentication, and access controls
  • Deliver technical support and customer service
  • Monitor system performance and troubleshoot technical issues

Communication & Engagement

  • Respond to inquiries, feedback, and support requests
  • Send service updates, notifications, and important announcements
  • Provide training materials, documentation, and educational resources
  • Share industry insights, newsletters, and relevant content (with consent)

Security & Fraud Prevention

  • Detect, prevent, and investigate security incidents and cyber threats
  • Verify identity and authenticate users to prevent unauthorized access
  • Monitor for fraudulent activities and protect against malicious attacks
  • Maintain audit logs and security records for compliance purposes

Analytics & Improvement

  • Analyze usage patterns to improve website functionality and user experience
  • Conduct research and development for new features and services
  • Generate aggregated statistics and insights for business intelligence
  • Measure service performance and customer satisfaction

Legal & Compliance

  • Comply with legal obligations, regulations, and industry standards
  • Respond to legal requests, court orders, and government inquiries
  • Enforce our terms of service and protect our legal rights
  • Maintain records for auditing and regulatory compliance

Marketing & Business Development

  • Send promotional materials about our services (only with explicit consent)
  • Personalize marketing communications based on your interests
  • Organize events, webinars, and training programs
  • Develop strategic partnerships and business opportunities

Legal Basis for Processing

We process your personal data based on the following legal grounds as required by NDPR and GDPR:

Contractual Necessity

Processing required to fulfill our contractual obligations to you

Consent

You have given explicit consent for specific processing activities

Legal Obligation

Processing necessary to comply with legal and regulatory requirements

Legitimate Interest

Processing necessary for legitimate business interests that don't override your rights

Data Protection & Security Measures

We implement comprehensive technical, organizational, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Technical Safeguards

  • 256-bit SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA)
  • Regular security patches and updates
  • Intrusion detection and prevention systems
  • Advanced firewall protection

Organizational Controls

  • Strict access control policies (least privilege principle)
  • Comprehensive employee training on data protection
  • Confidentiality agreements for all staff
  • Regular security awareness programs
  • Incident response and breach notification procedures
  • Data protection officer oversight

Physical Security

  • 24/7 surveillance of data center facilities
  • Biometric access controls
  • Secure server rooms with restricted access
  • Environmental controls (temperature, humidity)
  • Fire suppression systems
  • Redundant power and backup systems

Monitoring & Auditing

  • Continuous security monitoring and threat detection
  • Regular penetration testing by third parties
  • Vulnerability assessments and remediation
  • Annual ISO 27001 compliance audits
  • Comprehensive audit logs and activity tracking
  • Security incident review and analysis

Data Storage & Retention

Storage Locations

Your data is stored on secure servers located in Nigeria and other jurisdictions with adequate data protection laws. All international transfers comply with NDPR requirements and are protected by standard contractual clauses.

Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

  • Active Client Data: Duration of business relationship plus 7 years
  • Prospective Client Data: 2 years from last interaction
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Technical Logs: 90 days to 1 year depending on type

Secure Deletion

When data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent recovery or reconstruction.

Data Breach Response

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Nigeria Data Protection Bureau (NDPB) within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the nature of the breach and recommended actions
  • Take immediate steps to contain and remediate the breach

Your Privacy Rights

Under NDPR and GDPR, you have specific rights regarding your personal data. We are committed to facilitating the exercise of these rights in a transparent and efficient manner.

Right to Access

You can request a copy of the personal data we hold about you, including information about how we use it.

Response time: Within 30 days of request

Right to Rectification

You can request correction of inaccurate or incomplete personal information we hold about you.

Response time: Immediately upon verification

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances.

Response time: Within 30 days, subject to legal obligations

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Response time: Immediate implementation upon request

Right to Data Portability

You can request your data in a structured, commonly used format and transfer it to another service provider.

Response time: Within 30 days of request

Right to Object

You can object to processing of your personal data for direct marketing or when based on legitimate interests.

Response time: Immediate cessation of objected processing

Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

Response time: Human review available upon request

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.

Response time: Effective immediately upon notification

How to Exercise Your Rights

Email Request

Send your request to our Data Protection Officer

privacy@marshallpoint.com

Written Request

Mail your request to our office

Plot 1234, Victoria Island, Lagos

Phone Request

Call our privacy hotline

+234 (0) 1 234 5679

Important Information

  • We may need to verify your identity before processing your request
  • Requests are typically processed free of charge within 30 days
  • We may refuse requests that are manifestly unfounded or excessive
  • You have the right to lodge a complaint with the Nigeria Data Protection Bureau

Cookie Policy & Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user behavior. This section explains what cookies we use and how you can control them.

Data Sharing & Third Parties

We do not sell your personal information. We may share your data with trusted third parties only for legitimate business purposes and under strict contractual obligations.

Service Providers & Business Partners

We work with trusted third-party service providers who assist us in operating our business and delivering services to you:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Analytics platforms
  • Customer support tools
  • Security service providers

Legal & Regulatory Authorities

We may disclose your information to government authorities, regulators, or law enforcement when required by law or to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect our legal rights, property, or safety, or that of others
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our terms of service or investigate potential violations

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

Data Sharing Safeguards

Contractual Obligations

All third parties are bound by data processing agreements

Security Standards

Partners must maintain equivalent security measures

Regular Audits

We conduct periodic reviews of third-party compliance

International Data Transfers

Your personal data may be transferred to and processed in countries outside Nigeria. We ensure that all international transfers comply with applicable data protection laws and are subject to appropriate safeguards.

Transfer Mechanisms

  • Standard Contractual Clauses (SCCs): EU-approved model contracts
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Binding Corporate Rules: Internal data protection policies
  • Explicit Consent: Where applicable and appropriate

Primary Locations

  • Nigeria: Primary data processing and storage
  • European Union: Cloud backup and redundancy
  • United States: Technology service providers
  • South Africa: Regional data center

Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Data Protection Officer

Marshall Point Technologies Ltd.

Plot 1234, Victoria Island, Lagos, Nigeria
privacy@marshallpoint.com
+234 (0) 1 234 5679

Regulatory Authority

You also have the right to lodge a complaint with the Nigeria Data Protection Bureau (NDPB) if you believe your data protection rights have been violated:

Nigeria Data Protection Bureau

https://ndpb.gov.ng