Release Date: 1st May 2022
a. What information we might collect about you. b. How we might use that information. c. When we might use your details to contact you. d. What information of yours we might share with others. e. Your choices about the personal information you give us.
Josplay is a company incorporated under the laws of the Federal Republic of Nigeria. Our place of business is at 8, Zeph Chinedu Street, Sunshine Homes Lokogoma District Abuja Federal Capital Territory, Nigeria.
Types of personal data we process
We may collect and process the following categories of personal data:
Name and Contact details
When you register to use the Service, or link accounts to the Service, we may record your name, contact details, gender and date of birth. Your contact details may include your address, telephone number and e-mail address. When you create an account on our Services, we may also record your sign-in details and the information you fill out on the account. We may also record your business information like your brand name, address, and business locations. While you are using our mobile applications, we may also collect location data through your device to facilitate your use of the Services.
Our communication with you
We may collect your personal data through our communications with you by email or through our social media pages now known or in future created. When you send us an e-mail or chat with us online or through social media, we register your communication with us as well as your contact information such as email address when you email us or social media handle when you mention us in a post (for example, we collect your Twitter handle when you mention or tag us on Twitter). We also register your communication preferences, for example when you subscribe to one of our newsletters. When you call us, our customer support will register your questions or complaints in our database. We may also record telephone calls for training purposes or to prevent or combat fraud.
Information we collect when you use our Services
We receive an automatic notification when you open our e-mails or click on a link in such e-mails. We may combine this information with other data we process about you. With your permission, we may also receive your location data. You can also agree to provide us with access to certain data stored on your mobile phone (such as photos and contacts).
Information in relation to social media
Information you choose to share with us
You may choose to share information with us, for example when you share your interests and preferences with us, leave a comment on our social media pages or fill out a customer survey.
Children younger than 16
We may ask for your age
Our Service is not directed to children who are under the age of 13. Josplay does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to us through any of our Services please contact us and we will endeavor to delete that information from our databases.To make sure you are suitable to use our Services, we may ask for your age and where applicable, we will ask you to obtain your parent or guardian’s consent to use our Services. Where we require you to obtain your parent or guardian’s consent, you will receive a notification.
Why we collect your information
We keep your information so that we get the right services for you, plan and improve our Services and keep in touch with you. We will always tell you why we are collecting your information and if we need your parent or guardian’s permission, we will give you clear details about what is needed at the time.
Specific services, mobile apps, events or campaigns
How we collect your data
We collect the categories of personal data referred to above in the following ways:
Personal data provided by you
For example, when you register to use our Services or contact our customer support, subscribe to receive our e-mails, or fill out a customer survey.
Personal data received from partners
See ‘Meet Us’ above. Some elements of our Services such as musical content is offered in collaboration with partners, licensors, contributors, and other third parties including, providers of hosting services, cloud services, and other information technology services providers, email communication software service providers, and email newsletter service providers, advertising and marketing service providers, payment processors, customer relationship managers, customer support services providers, and web analytics services providers (“our Partners”). Where for any reason, you provided or shared data with our Partners, our Partners will share such data with us and we will receive such data to enable us to provide the Services to you. You can find more information on how our Partners handle your personal data in their respective privacy policies. However, we do not share your data with Partners except as provided below. Our Partners for Josplay include:
Personal data received from social media networks
If you use social networks, we may also receive information from your social network provider in the manner explained above.
Purposes for which we use your personal data
The main purposes for which we use your personal data are:
To contact you and to provide you with a seamless digital experience on our Services
To offer you the best possible digital experience on our Services, we may:
a. Analyse your use of our website or apps, so that we can tailor our communication towards the digital channel or device that you use most.
b. Some of our digital services may use your location, for example, to show you playlists that may appeal to the local audience.
For statistical research
a. General: We research general trends in our Services, and trends in the behavior and preferences of our users. We use our research results to improve our Services and projects, develop better services and offers for you and our Partners, provide better customer service, and improve the design and content of our Services.
b. Categories of data: To perform our research, we may use the categories of data described under Name and Contact details above. However, we only use ‘aggregated data’ or ‘pseudonymized data’ for our research. This is data that cannot be traced back directly to you because all directly identifiable elements (e.g. names and e-mail addresses) are removed or encoded and given a number. We take appropriate measures to ensure that only a limited group of employees have access to the analysis.
c. Legal basis and right to object: We process your personal data for our legitimate interests described in For statistical research (a) above. You have the right to object, on grounds relating to your situation, at any time to the processing of your personal data for statistical research in the manner explained in ‘Your rights’ below.
For marketing purposes
General: If you sign up for any of our Services, we will send you updates about our offers and services.
b. Types of communication
E-mails: If you subscribe to Services updates or offers and marketing, we will send you e-mail updates about our Services as well as your use of our Services and offers tailored to your interests and preferences.
Direct messages through other communication channels: We may use other communication channels to send you direct messages with personalized advertisements and special offers, with your consent, mobile push notifications, or social channels (e.g. Messenger, WhatsApp, WeChat, etc).
c. Personalised advertisements and offers: We aim to make advertisements and offers as relevant as possible for you. To that end, we may use and combine the categories of personal data described in “Types of personal data we process” and “For statistical research”. For example, in our e-mails, we may include information on new services similar to those in which you have indicated interest. We may also show you targeted advertising through other companies’ sites like Google, Facebook, and Twitter for example. This could be showing you a Josplay sponsored message. If you do not wish to see our targeted advertising, you can set your preferences in your social media companies’ settings.
d. Legal basis and right to object: We send you information or updates based on your consent. We personalize your advertisements and offers on the basis of our legitimate interests and the interests of third parties so as to send you relevant updates and offers. You have the right to object to the use of your personal data for direct marketing purposes at any time as described in ‘Your rights’ below.
f. Unsubscribe: You may unsubscribe from communication emails at any time by clicking on the unsubscribe link in the e-mail. You will then be unsubscribed from that email update. If you would like to unsubscribe from all types of Service updates, you can change your communication preferences in the account(s) you have created on our Services. In that case, you will only receive e-mails necessary to use the Services (e.g. request to update your password). You may also unsubscribe by contacting us. To unsubscribe from emails from our Partners (where applicable), please see privacy policies of our Partners.
To communicate with you
We use your contact details to communicate with you:
a. about your use of our Services, to answer your questions, or to address your complaints.
c. to check with you about any other services you have signed up for. This will include telling you about inactivity on any account you have created on any of our Services.
d. to answer you when you have contacted us or to respond to a comment or complaint and to invite you to take part in surveys about Josplay’s projects or services, which are always voluntary.
We will only contact you when we need to, or when you have given us permission. We will never contact you to ask for your passwords including that of any account you have created on our service(s).
To conduct our business operations or to comply with statutory obligations
We collect, use, and retain your personal data to manage your use of our Services, for record-keeping purposes, to prevent misrepresentation, to prevent or combat fraud or criminal activities, or misuses of our services, and to ensure the security of our IT systems, architecture, and networks or to settle disputes. In the case of misrepresentation, fraud, or misuse of our services, we may enter your personal data into our internal fraud control and warning systems. As a result, your use of our Services may be subject to close scrutiny and, in particular cases, may be refused or canceled or you may no longer be welcome to use our Services or only be allowed to use our Services on certain conditions. We also process your personal data to comply with our legal and tax obligations.
When you use another company’s service to connect to us
Specific services, apps, or campaigns
We may process your personal data only if we have a legal basis for doing so. In many cases, we need your personal data to manage your use of our services or to contact you and provide you with a seamless digital experience on our services. In those cases, the legal basis for processing your data is ‘necessary for the performance of a contract. If you have consented to a processing activity (which consent you may withdraw at any time), we will process your data based on that consent. In certain cases, we may use your personal data if we or third parties have a legitimate interest in doing so. We will always consider all interests carefully. Based on that legal basis, we will process your data, for instance, for combatting fraud, statistical research, or personalizing offers and advertising. We may also have a legal obligation to process your data, for example for tax reasons. If you refuse to provide the personal data we need to perform the contract we have concluded with you or to comply with a legal obligation, we may not be able to allow you to use our services or provide all the services you have requested from us.
Granting access to or sharing data with third parties
In certain circumstances, we may share your Personal Data with third parties without further notice to you, unless required by the law, in the following cases but we will never sell your data:
Our Partners Obligations: To enable our Partners fulfill their obligations in relation to the provision of our Services or ensure that our provision of Services to you are not disrupted or ensure quality assurance in respect of the Services.
For support or additional services: To provide the Services, we use the support or additional services from third parties, to assist us in meeting business operations needs and performing certain services and functions. As such, we may share your personal data with our Partners All such third parties are required to adequately safeguard your personal data and only process them in accordance with our instructions. We also take commercially reasonable steps to ensure our service Partners adhere to the security standards we apply to your Personal Data.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your personal data and other information may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.
Data Retention and Security
We do not keep your personal data any longer than is necessary. How long your personal data is retained depends on the purposes for which the data is processed and the applicable statutory retention periods.
Our commitment: Ensuring the security and confidentiality of your personal data is our priority. Taking into account the nature of your personal data and the risk of processing, we have put in place all appropriate technical and organizational measures as required by applicable legal provisions in particular (s2.6 of the Nigerian Data Protection Regulation (NDPR) and Article 32 of the General Data Protection Regulation (GDPR)) so as to ensure an appropriate level of security and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion of or unauthorized access to these data.
The security measures we have taken
a. Organisational measures: We have implemented and maintained various organizational measures intended to strengthen the awareness and accountability of our employees. We have programs in place designed both to ensure awareness and to promote the sharing of good practices and safety standards. In this context, a rich collection of documents on information security challenges and privacy protection have been made available to employees.
b. Technical measures: We strictly control physical and logical access to internal servers hosting or processing your personal data. We protect our network with state-of-the-art hardware devices (Firewall, IDS, DLP etc.) as well as architectures (including secure protocols like TLS 1.2) in order to prevent and limit the risk of cybercrime.
c. The evolution of our security systems: To maintain an appropriate level of security, we have internal processes in place based on the best standards (in particular, the ISO 27000 family of standards). We rely on dedicated experts to guarantee the best possible level of protection.
How to protect yourself
The personal data security and confidentiality data depends on everyone's best practices. We advise you not to disclose the passwords you use to access our Services to third parties, to log out of your profile and social account systematically (especially in the case of linked accounts), and to close the browser window at the end of your session, especially if you are accessing the Internet from a public computer. This will prevent other users from accessing your personal data. To avoid the risk of hacking, we recommend using different passwords for every online service you use. You should also take special care in deciding what information you send to us via the Service or email. We cannot be held responsible for theft of your data on a platform which is not managed by us. In addition, we strongly recommend that you do not distribute to third parties, any document issued by Josplay containing your personal data or other information related to your use of our Services or to publish these on social networks. If you decide to publish these documents on social media, you are responsible for consulting and understanding the general conditions of use, information security practices and privacy policies applicable to these third-party social networks. We cannot be held responsible for how data is processed, stored or disclosed on these platforms. To find out more about our measures with regard IT security, please consult Josplay’s IT security portal. Human beings and not robots will make the big decisions that affect you.
Management of security incidents
There is no such thing as ‘zero risk’ and even if we implement all the security measures recognised as appropriate, unforeseen things can happen. Therefore, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites. We have specific procedures and resources in place to manage security incidents under the best possible conditions. We have also set up a specific procedure for assessing possible breaches of security that could lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to your personal data, for notifying the competent supervisory authority within the period provided for by applicable law, and for warning you when a breach is likely to result in a high risk to your rights and freedoms. Tests are carried out periodically to verify the functioning of the security installations and adequacy of the procedures and devices deployed.
International transfer of data
Ordinarily we do not transfer your data outside Nigeria. However, please note that some companies who provide data storage services to us run their services from outside the Federal Republic of Nigeria. We nonetheless only let that happen if we are satisfied with their levels of security. Keep in mind that when you give us personal information, it may be transferred or stored in a location outside the Federal Republic of Nigeria.
Contact us to exercise your rights: You may contact Josplay (please contact below) to exercise any of the rights you are granted under applicable data protection laws. These rights include: a. The right to access your data: You may ask us whether we process any of your personal data and, if so, to receive access to that data in the form of a copy.
b. The right to rectify your data: You have the right to have your data rectified if it is inaccurate or incomplete. Upon request, we will correct inaccurate personal data about you and, considering the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
c. The right to erase your data: You have the right to have your personal data erased. This means that we will delete your data. Erasure of your personal data only takes place in certain cases, as prescribed by law and listed in s12.13.8 of the NDPR and Article 17 of the GDPR. This includes situations where your personal data is no longer necessary in relation to the purposes for which it was originally processed, and situations where the data was processed unlawfully. Due to the way in which we maintain certain services, it may take some time before backup copies are erased.
d. The right to restrict the processing of your data: You have the right to obtain a restriction on the processing of your personal data. This means that we will suspend the processing of your data for a certain period. Circumstances which may give rise to this right include situations where the accuracy of your personal data is contested, and we need some time to verify its (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
e. The right to data portability: Your right to data portability entails that you may ask us to provide you with your personal data in a structured, commonly used and machine-readable format, and have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible, we will transmit your personal data directly to the other controller.
e. The right to object to processing: You have the right to object to the processing of your personal data. This means that you may ask us to no longer process your personal data. This only applies if the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing. You can object to direct marketing at any time and at no cost to you if your personal data is processed for this purpose, which includes profiling to the extent that it is related to direct marketing. If you exercise this right, we will no longer process your personal data for such purposes.
Withdrawal of consent
Denial or restriction of rights
There may be situations where we are entitled to deny or restrict your rights as described in above. In all cases, we will carefully assess whether such an exemption applies and inform you accordingly. We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals, or refuse to delete your personal data if the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply if the personal data was not provided by you or if we process the data on grounds other than your consent or for the performance of a contract.
Josplay’s Privacy Office
If you wish to exercise your rights, all you have to do is send a request to:
- Data Protection Officer, Josplay Limited
- 8, Zeph Chinedu Street, Sunshine Homes Lokogoma District Abuja Federal Capital Territory, Nigeria.
- E-mail: firstname.lastname@example.org
Update your information, ask Questions, comments or complaints
If you have any questions, comments, or complaints, please feel free to contact us. If your concerns have not been addressed to your satisfaction, you have the right to file a complaint with the competent supervisory authority. Please log in to your account or contact us at our Privacy Office address if you need to change or correct your Personal Data.
©Josplay Limited, 2022