1. Introduction/Scope
This Privacy Policy document is prepared in accordance with the provisions of the Nigeria Data Protection Act (NDPA), and by extension, the EU General Data Protection Regulation (GDPR). It sets out how Full Life Foundation (“Full Life”) applies and complies with the data privacy principles in processing the personal data of customers, staff, vendors, visitors, and even third parties that interact with Full Life. Please note that We endeavor to continuously update these policies to ensure they align with best practices and meet transparency objectives.
For personal data of individuals, this document also highlights their rights and covers the Data Subject(s) whose personal data is collected and processed, in compliance with the NDPA.
This privacy policy describes why and how We collect and use personal information about our members, customers, clients, vendors, and visitors (Data Subjects). It also highlights with whom We might share Personal Information and how long We keep such information. It also makes Data Subjects aware of their rights under the regulation.
2. Roles/Responsibilities
Full Life Data Protection Officer (DPO) is responsible for ensuring that this document is correct and up-to-date. The DPO also ensures that Data Subjects are duly notified prior to the collection and processing of their personal data by Full Life, including data collected via the Full Life’s website. All Full Life employees/staff who interact with personal data must also ensure to follow the provisions in this policy document.
3. Policy Statement
Full Life is committed to protecting the privacy and security of our personal data. We are responsible for determining how We hold and use personal information about our Data Subjects. According to the Nigeria Data Protection Act (NDPA), Full Life Foundation is required to notify Data Subjects of the information contained in this document.
3.1 About Full Life Foundation
Full Life Foundation (FLF) a.k.a Full Life Christian Centre (FLCC) is a multifaceted and multi-racial community of believers commissioned by God to stir men into the fullness of God. Founded in 2000, and fully registered with the Corporate Affairs Commission (CAC) of Nigeria, Full Life is a move of God spreading its impact across the nations of the earth, demonstrating the power of God with proofs of miracles, signs and wonders. Click here for more information about us.
As an organisation, Full Life is structured in a way to meet every need possible. The organisation excels in providing shelter, food and food items, scholarships and financial empowerments for educational pursuits, trainings, business visions and medical assistance. These are administered through the Love Kitchen and Love Showers, medical outreaches, business and educational scholarship schemes
Due to the nature of Full Life’s activities and the fact that Full Life provides religious and humanitarian services across the globe, Full Life is mandated to collect and process personal data of Nigerian individuals, as well as residents and citizens of other countries across the globe.
3.2 What Personal Data Do We Need?
The personal data We would collect and process, depending on the particular processing requirement, are under the following categories:
| Data Type | Description of Data |
|---|---|
| Identity Data | Full Name, maiden name, marital status, title, biometric information, national identification number (NIN), passport details, driver’s licence details, date of birth, gender, address, biometric, face ID, employment history and citizenship. |
| Contact Data | Address, Email Address and Telephone Numbers. Information received during contact with face-to-face meetings, phone calls, emails, letters and SMS. |
| Transaction Data | Information regarding the products and services a Data Subject may have benefited from by using Full Life Foundation and any of its subsidiaries, transactional information in respect of products purchased. Location data of transactions where a Data Subject may have used their debit card. |
| Technical Data | Internet protocol (IP) address, login data, details of browser and operating system, time zone setting and location, browser plug-in types and versions, platforms and other technology such as device id, geolocation, IP, model and user agent on the devices used to access Full Life’s Website. |
| Profile Data | Includes username and password. |
| Job Application Data | Data submitted throughout the recruitment process e.g. name, email address. Any personal information provided to Full Life Foundation as part of the recruitment process. |
| Usage Data | Includes information about how Data Subject use our Website, products and services. |
| Marketing and Communications Data | Information about Data Subject communications with Full Life. Preferences in receiving marketing e-mails and consents given by Data Subject to Full Life. |
| Others | CCTV/Video footage whenever you come into our premises or use our ATMs and telephone conversations via calls made through any of our contact centre lines. |
In respect of your data which may be collected by Full Life, certain terms may specifically apply to Face Data and your biometrics. You should therefore note the following:
• Collection: Face Data and biometrics may be collected through various secure channels, such as mobile applications, ATM machines or other digital interfaces, only when explicitly authorised by the user.
• Use: Strictly used for predefined purposes such as identity verification, fraud prevention or for providing personalized services.
• Disclosure: Your Face Data and biometrics where required to be disclosed to third -party to enable us provide services to you, will only be disclosed only to trusted entities like regulatory bodies, payment processing partners or third-party service providers with confidentiality agreements.
• Retention: Unless the terms and conditions specific to any one or more of our application otherwise provide in their terms and conditions that We shall not store your Face Data and biometric information, your Face Data will be stored securely and retained only for the duration necessary to meet regulatory, operational or legal requirements in respect of the service provided. When data is no longer required or mandated by law to be retained, it will be deleted, destroyed or securely archived.
• User Consent: Collected only after users are informed and provide explicit consent.
Where the personal data We need to collect may fall under special category of sensitive personal data, the Our lawful basis of processing will be explicit consent of the individual or where applicable, compliance with a legal obligation, or for legal proceedings/advice.
4. Why We Need the Data
Full Life ensures that the personal data collected and processed is necessary for the purpose of collection, and shall not collect or process more data than is reasonably required for a particular processing activity.
5. Legal Grounds for Processing
Full Life identifies, establishes, defines, and documents the specific purpose of processing and the legal basis for processing personal data before any processing operation takes place under:
• Consent obtained from the Data Subject
• Performance of a contract where the Data Subject is a party
• Legal obligation that the Bank is required to meet
• Protection of vital interests of the Data Subject, including the protection of rights and freedom of the Data Subject
• Official authority of the Bank or to carry out the processing that is in the public interest
• National law such as biometric data.
In addition, every processing purpose has at least one lawful basis for processing to safeguard the rights of the Data Subjects, as listed below;
Purpose of Processing & Lawful Basis:
| Purpose of Processing | Lawful Basis |
|---|---|
| Account creation, identity verification and maintenance of records | Contract |
| Vendor validation/information processing | Contract |
| Employment | Contract |
6. Processing of Personal Data Based on Consent
Where applicable, Full Life will require explicit consent of customers, visitors and other relevant stakeholders to process collected personal data.
Visitors to the Our Website are expected to read, understand and agree to the privacy policy and Website’s terms of use.
If the Data Subject does not agree, services may not be accessible. For sensitive data, explicit notification and explanation will be given.
For children:
• NDPA age: under 18
• GDPR age: under 16
Consent must be from person with parental responsibility. Full Life will verify age and authenticity.
It should be noted that while processing, there may be need to share personal data with service providers for services in line with customer’s service subscription from time to time and accredited third parties or agencies in accordance with the Nigeria Data Protection Act 2023.
6.1 Withdrawal of Consent
Irrespective of initial consent given, an individual can withdraw their consent at any time via written request or Withdrawal of Consent form sent to: dataprotectionoffice@fulllifefoundation.org
In the case of children, the holder of parental responsibility must make the request.
7. Use of Cookies
Full Life’s Website uses cookies (e.g., Google Analytics) to:
• Recognize users
• Track Website navigation
• Improve usability
• Analyze usage
• Manage the Website
Users may disable cookies via browser settings, but it may affect certain functionality and features of the site.
8. Disclosure to Third-Parties
Full Life will not disclose personal data to third parties without consent unless legally required by government authorities, law courts or law enforcement requirements. Where processing involves fraud prevention, legal obligations or protection of rights, lawful grounds will be established.
Full Life has put in place, to the best of its ability and in line with standard global practices, appropriate physical, technical, and organizational measures (including encryption and anonymization) to ensure the optimum protection of personal data, which also extends to data transferred or shared with third parties.
8.1 Cross-Border Transfers
Full Life may also engage third parties abroad ( such as banks, contractors, government authorized agencies etc) that will receive personal data for certain purposes(s) as part of the Our processing activities and process them on the Our behalf.
Where this is the case, Full Life will:
• Sign a Data Processing Agreement
• Obtain consent if purpose was not stated initially
• Ensure adequate protection standards are met
Data may be transferred if:
• The country of recipient has adequate data protection controls established by legal or self-regulatory regime. However, in a case not covered by an adequacy decision from the NDPC;
• It has a contract in place that uses existing data protection clauses with approval of NDPC to ensure adequate protection.
• Binding corporate rules apply
• Provisions inserted into administrative arrangements between public authorities or bodies authorized by the supervisory authority NDPC.
9. Retention of Records
Full Life will retain personal data as long as necessary for service delivery and regulatory compliance.
• Retention considerations include purpose, type, lawful basis, Data Subject category
• Personal data is retained for up to ten (10) years after exit of relationship by the Data Subject or as may be required by regulation
• Transaction data: retained for a minimum of five (5) years
Data is securely archived, deleted or destroyed when no longer needed.
10. Data Subject Rights
Data Subjects have the right to:
• Request access to personal data
• Request correction or deletion
• Restrict processing
• Transfer data
• Object to direct marketing
• Object to automated profiling
• File a complaint or seek judicial review
Data Subjects can exercise their rights in writing or filing the Data Subject access request (DSAR) form and submit via:
dataprotectionoffice@fulllifefoundation.org
11. Complaints
To file a complaint about how your data is handled, contact:
Supervisory Authority
dpo@ndpc.gov.ng
Data Protection Officer (DPO)
dataprotectionoffice@fulllifefoundation.org
