PRIVACY POLICY

  • Home
  • Privacy Policy

CONFIDENTIALITY

This document is the property of Interconnect Clearinghouse Nigeria Limited and shall under no circumstances be copied, sold, or reproduced for private or commercial use without the express permission of the Company.

Effective Date: 1 January 2025 Last Reviewed: 25 March 2026 Next Review Due: 25 March 2027 Version: 1.0 Legal Framework: NDP Act 2023 & GAID 2025
Table of Contents
  1. About This Policy
  2. Who We Are
  3. Personal Data We Collect
  4. How We Collect Personal Data
  5. Purposes and Legal Basis for Processing
  6. Third Parties We Share Data With
  7. International Data Transfers
  8. Data Retention
  9. Data Security
  10. Your Rights as a Data Subject
  11. Cookies
  12. Children's Privacy
  13. Changes to This Policy
  14. How to Lodge a Complaint
  15. Contact Us

1. About This Policy

This Privacy Policy explains how Interconnect Clearinghouse Nigeria Limited ("ICNL", "we", "us", or "our") collects, uses, stores, and protects personal data in connection with the services we provide and the operation of our website at www.interconnectnigeria.com (the "Website").

This policy is issued in compliance with the Nigeria Data Protection Act 2023 (NDP Act), the NDP Act General Application and Implementation Directive (GAID) 2025, and all other applicable Nigerian data protection laws and regulations.

We are committed to processing personal data lawfully, fairly, and transparently. Please read this policy carefully. By engaging with our services, applying for employment with us, or using our Website, you acknowledge that you have read and understood how we handle your personal data.

2. Who We Are

Interconnect Clearinghouse Nigeria Limited (ICNL) is a licensed telecommunications clearinghouse incorporated in Nigeria. We provide interconnectivity services, billing and reconciliation, mobile number portability, cloud and colocation services, and VAS aggregator services to telecommunications operators and related entities in Nigeria.

For the purposes of the NDP Act 2023, ICNL acts as a Data Controller in respect of personal data it collects and processes for its own purposes, and as a Data Processor where it processes personal data on behalf of its clients.

Registered Office: 15th Floor, NECOM House, 15 Marina, Lagos, Nigeria
Data Protection Officer: dpo@interconnectnigeria.com

3. Personal Data We Collect

We collect and process the following categories of personal data, depending on your relationship with us:

3.1 Identity and Contact Data
  • Full name, title, and job designation
  • Business and personal email addresses
  • Telephone and mobile phone numbers
  • Postal and business addresses
3.2 Identity Verification Data
  • Government-issued identification numbers including National Identification Number (NIN) and Bank Verification Number (BVN)
  • Passport or driver's licence details (for employees and contractors where required)
  • Tax Identification Number (TIN) for vendors and contractors
3.3 Financial and Payment Data
  • Bank account details for payment and settlement purposes
  • Invoice and billing records
  • Transaction histories related to services rendered or received
3.4 Technical and Usage Data
  • IP addresses (anonymised where collected via our website)
  • Browser type, operating system, and device information
  • Website usage data including pages visited, time on site, and referral sources
  • Log files and system access records
3.5 Employment and HR Data (Employees and Job Applicants)
  • Curriculum vitae, cover letters, and application forms
  • Academic qualifications and professional certifications
  • Employment history and referee details
  • Payroll information, tax data, and pension details
  • Performance records and disciplinary information
  • Emergency contact details
  • Medical information relevant to employment (where legally required)
3.6 Professional and Business Data
  • Company registration details and business profiles of clients and partners
  • Contract terms, service agreements, and correspondence
  • Details of authorised representatives and contact persons
Sensitive Personal Data: Where ICNL is required to process sensitive personal data (such as health data or biometric information), we will do so only where there is a clear legal basis, and we will take additional safeguards to protect it in accordance with Section 30 of the NDP Act 2023.

4. How We Collect Personal Data

We collect personal data through the following means:

  • Directly from you — when you contact us, submit an enquiry, enter into a contract, apply for a job, or register for our services.
  • Through our Website — via contact forms, newsletter subscriptions, cookies, and website analytics tools.
  • Through our business operations — in the course of providing clearinghouse, billing, mobile number portability, and related telecommunications services.
  • From third parties — such as background check agencies (for employees), regulatory databases, or referees where you have authorised such disclosure.
  • From publicly available sources — such as the Corporate Affairs Commission (CAC) register, regulatory filings, and professional directories.

5. Purposes and Legal Basis for Processing

We only process personal data where we have a lawful basis to do so under Section 25 of the NDP Act 2023. The table below sets out our processing activities, the purpose, and the applicable legal basis.

Processing Activity Data Categories Purpose Legal Basis
Client and partner onboarding Identity, contact, financial, verification data KYC/KYB compliance; entering into and performing service contracts Contract Legal Obligation
Service delivery — clearinghouse, billing, MNP Identity, contact, financial, technical data Delivery of contracted telecommunications services Contract
Invoicing, payments, and financial reconciliation Identity, financial, business data Billing clients; paying vendors; maintaining financial records Contract Legal Obligation
Regulatory compliance and reporting Identity, financial, technical data Complying with NCC, NDPC, CBN, and other regulatory obligations Legal Obligation
Recruitment and employment HR, identity, verification, financial data Assessing job applications; managing employment relationships; payroll Contract Legal Obligation
Vendor and contractor management Identity, contact, financial, business data Procuring goods and services; managing supplier relationships Contract
Website analytics and improvement Technical, usage data (anonymised) Understanding how visitors use our Website; improving performance Consent
Security monitoring and fraud prevention Technical, identity data Protecting our systems, networks, and data from unauthorised access Legitimate Interest
Business communications and correspondence Identity, contact data Responding to enquiries; sending service-related communications Contract Legitimate Interest
Legal claims and dispute resolution Identity, financial, contract data Establishing, exercising, or defending legal claims Legal Obligation Legitimate Interest
Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal. To withdraw consent, please contact our DPO using the details in Section 15.

6. Third Parties We Share Personal Data With

ICNL does not sell, rent, or trade personal data. We share personal data only where necessary for legitimate business or legal purposes, and only with the following categories of recipients:

6.1 Government Regulators and Law Enforcement

We are required by law to share certain personal data with Nigerian regulatory and government authorities, including:

  • Nigerian Communications Commission (NCC) — as our primary industry regulator
  • Nigeria Data Protection Commission (NDPC) — in connection with data protection compliance and investigations
  • Federal Inland Revenue Service (FIRS) — for tax compliance purposes
  • Central Bank of Nigeria (CBN) — where applicable to financial transactions
  • Law enforcement agencies — where required by a valid court order or statutory obligation

All such disclosures are made only to the extent required by law, and we will notify you where legally permitted to do so.

6.2 Professional Advisers

We may share personal data with lawyers, auditors, accountants, and insurers where necessary for the provision of professional services, subject to strict confidentiality obligations.

6.3 Service Providers and Data Processors

We engage carefully selected third-party service providers who process personal data on our behalf as data processors. These include IT infrastructure, system maintenance, and support providers. All processors are bound by data processing agreements that require them to protect personal data in line with the NDP Act 2023.

No Sale of Data: ICNL does not, and will not, sell personal data to any third party for commercial or marketing purposes.

7. International Data Transfers

ICNL does not transfer personal data outside the Federal Republic of Nigeria. All personal data collected and processed by ICNL is stored and handled within Nigeria, on servers and systems located in Nigeria.

In the event that a future operational requirement necessitates any cross-border transfer of personal data, ICNL will comply fully with the requirements of Section 43 of the NDP Act 2023, including obtaining the necessary approvals from the NDPC and ensuring adequate safeguards are in place. This policy will be updated accordingly, and affected data subjects will be notified.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law and regulation. Our general retention periods are as follows:

Category of Data Retention Period Basis
Client and partner contracts and records 7 years after contract end Statutory limitation period; regulatory requirement
Financial and accounting records 7 years Companies and Allied Matters Act (CAMA) 2020; FIRS requirements
Employee records (active employees) Duration of employment + 7 years Labour Act; pension and tax obligations
Job applicant records (unsuccessful) 12 months from application date Legitimate interest (future vacancies); legal claims
Vendor and contractor records 7 years after contract end Contractual; statutory
Cookie consent records 3 years NDP Act GAID 2025 Article 19; audit obligation
Website analytics data (anonymised) 24 months Consent; legitimate interest
Security and system logs 12 months Legitimate interest (security monitoring)
Legal claims correspondence Duration of proceedings + 7 years Legal obligation; legitimate interest

When personal data is no longer required, it is securely deleted or anonymised in accordance with our Data Disposal Procedure. Where anonymisation is not possible, data is held in a restricted and secure archive.

9. Data Security

ICNL takes the security of personal data seriously. We have implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Role-based access controls and the principle of least privilege
  • Encryption of sensitive data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and information security
  • Physical access controls at our premises
  • Incident response and data breach management procedures
  • Secure disposal of data and physical media

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, ICNL will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, in accordance with Section 41 of the NDP Act 2023. Affected data subjects will also be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

10. Your Rights as a Data Subject

Under the Nigeria Data Protection Act 2023, you have the following rights in respect of your personal data. You may exercise any of these rights by contacting our Data Protection Officer using the details in Section 15. We will respond to all valid requests within 30 days.

Right to be Informed You have the right to be informed about how and why we process your personal data — which is the purpose of this policy.
Right of Access You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification You have the right to request that inaccurate or incomplete personal data be corrected or updated.
Right to Erasure You may request deletion of your personal data where it is no longer necessary, or where you have withdrawn consent and there is no other legal basis for processing.
Right to Restriction You have the right to request that we restrict processing of your data in certain circumstances, for example while a dispute is being resolved.
Right to Data Portability Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
Right to Object You have the right to object to processing based on legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint You have the right to lodge a complaint with the NDPC if you believe your data protection rights have been violated. See Section 14.

To exercise any of the above rights, please submit a written request to our DPO at dpo@interconnectnigeria.com. We may need to verify your identity before processing your request. There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive.

11. Cookies

Our Website uses cookies to improve your browsing experience and to collect anonymised analytics data. We only activate non-essential cookies with your prior consent, which you may give, refuse, or withdraw at any time using our cookie consent banner.

For full details of the cookies we use, including cookie names, purposes, data collected, and retention periods, please refer to our Cookie Policy.

12. Children's Privacy

Our Website and services are directed at businesses and professionals and are not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate parental or guardian consent, we will take immediate steps to delete that data. If you believe we may have collected data from a child, please contact our DPO immediately.

13. Changes to This Privacy Policy

We review this Privacy Policy at least annually, or whenever there is a material change in our processing activities, applicable law, or regulatory guidance. The "Last Reviewed" date in the version bar at the top of this page will be updated accordingly.

Where changes are significant, we will notify relevant data subjects by email or by posting a prominent notice on our Website. We encourage you to review this policy periodically to stay informed about how we protect your personal data. Continued use of our Website or services after notification of changes constitutes acknowledgement of the revised policy.

14. How to Lodge a Complaint

If you have a concern or complaint about how ICNL has handled your personal data, we encourage you to contact our Data Protection Officer in the first instance using the details in Section 15. We will investigate all complaints promptly and respond within 30 days.

If you are not satisfied with our response, or if you believe your data protection rights have been violated, you have the right to escalate your complaint to the Nigeria Data Protection Commission (NDPC):

Nigeria Data Protection Commission (NDPC)
Website: ndpc.gov.ng
Email: info@ndpc.gov.ng

You may lodge a formal complaint with the NDPC if you believe that the processing of your personal data by ICNL infringes the Nigeria Data Protection Act 2023.

15. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our Data Protection Officer:

Data Protection Officer (DPO) — Interconnect Clearinghouse Nigeria Limited
Organisation:Interconnect Clearinghouse Nigeria Limited (ICNL)
Registered Address:15th Floor, NECOM House, 15 Marina, Lagos, Nigeria
DPO Email:dpo@interconnectnigeria.com
Data Protection Email:dataprotection@interconnectnigeria.com
Telephone: +234 909 599 8868  |  +234 909 599 8869  |  +234 909 599 7810

We aim to respond to all data subject requests and privacy enquiries within 30 days of receipt. For complex or high-volume requests, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.