Data Privacy Policy
1.0 Introduction
1.1 Pursuant to its statutory mandate of administering the pension of contributors and retirees under the Contributory Pension Scheme (CPS) in Nigeria, CrusaderSterling Pensions Limited (the PFA) collects and keeps in custody, the personal data of pension contributors, retirees and their related persons, such as beneficiaries and next-of-kins and their employers. The data include, but are not limited to, the biometrics and biodata of contributors, retirees and related persons.
1.2 This Data Privacy Policy (the Policy) is, therefore, instituted by the PFA to inform pension contributors, retirees and other related persons of the protection of their personal data collected and stored by the PFA pursuant to the performance of its statutory responsibilities. The Policy also explains how the data are collected, stored, used, as well as the few exceptional instances where such data may be disclosed.
2.0 Nature and Reason for Collection of Personal Data
2.1 Pursuant to the provisions of the Pension Reform Act (PRA) 2014 and extant regulations, the PFA collects data of pension contributors, retirees and their related persons. These may include name, gender, marital status, date of birth, nationality, National Identification Number, employment information, and Next-of-Kin Information, amongst others.
2.2 In particular, the PFA collects the personal data of a pension contributor in order to open a Retirement Savings Account (RSA) for him/her and to administer to him/her the retirement benefits under the CPS. In this regard, it is necessary to collect some basic personal data of contributors to ensure that uniquely identifiable persons are registered under the CPS and that their data are tied to their various employments. It also facilitates the accurate computation of and remittance of pension contributions and other entitlements to the RSAs of contributors and the payment of benefits to them. Collection of data of the next-of-kins and beneficiaries of contributors, retirees and their related persons further ensures that the PFA has continuous access to them.
3.0 Consent of Data Subject
Collection of data of the contributors, retirees and/or their related persons by the PFA shall be subject to the consent and authorization of the data subjects. Consequently, RSA registration and data recapture forms, including the electronic formats, contain data authorization clauses which are activated when the data subject completes the form.
4.0 Processing and Protection of Personal Data
4.1 The PFA shall process personal data of contributors, retirees and other related persons only for the purpose for which the data is collected. The PFA shall process such data on both electronic and manual platforms, as may be required.
4.2 Only authorized officers of the PFA shall have access to the personal data of pension contributors, retirees and related persons collected. Pursuant to Section 113 of the PRA 2014, such authorized persons shall include every member of the Board, officer, employee, agent or any other person engaged or authorized by the PFA to examine any document or make an inquiry thereto. Such authorized persons have confidentiality obligation not to disclose or use any information or data of such person obtained directly or indirectly, except under the express authority of the PFA or as otherwise provided for under this Policy.
5.0 Storage and Retention of Personal Data
5.1 The PFA shall securely store the personal data of pension contributors, retirees and related persons so collected in hard paper copies, computers, servers, and other electronic devices.
5.2 The PFA shall hold personal data of contributor, retirees and related persons for as long as may be deemed necessary to keep track of contribution remittances and payments of benefits. The retention period shall however not be less than the 10 years, in line with the provisions of the National Archives Act, CAP.N6 Laws of the Federation of Nigeria, 2004.
6.0 Disclosure of Personal Data
6.1 Without prejudice to the foregoing provisions, however, the PFA may be obliged to disclose personal data in its custody on the following circumstances:
- a) Where disclosure is made in compliance with statutory obligation or pursuant to an order of a court of competent jurisdiction.
- b) Where the data owner has expressly consented to the disclosure or instructed that his/her data be fully or partially disclosed to a named person; Provided that such consent or instruction may be withdrawn and communicated to the PFA in writing at any time before disclosure.
- c) Where the disclosure is made to the owner of the data for his/her personal use or record.
7.0 Violation of Data Privacy and Remedies
Contributors, retirees or their related persons whose data privacy rights are violated under this Policy shall report in writing, such violation to the Commission and the PFA for immediate redress. Pursuant to the provisions of the PRA 2014 and extant Regulations of the Commission, the Commission shall direct the PFA to redress the right of the affected contributor, retiree or related person immediately. Failure of the PFA to restore such rights as appropriate shall entitle the contributor, retiree or related person to legal remedies, subject to the provisions of the PRA 2014.
8.0 Governing Laws
This Data Privacy Policy is issued by the PFA, pursuant to the provisions of the PRA 2014, and is consistent with Sections 13 of the Constitution of the Federal Republic of Nigeria 1999 (as amended). It is also consistent with Clause 2.5 (a-i) of the Nigeria Data Protection Regulation 2019 issued by the National Information and Technology Development Agency (NITDA) and Article 8 of the International Convention on Data Protections.
9.0 Review and Enquiries
This Privacy Policy is subject to review by the PFA from time to time as the need arises. All enquiries regarding the Policy should be directed to:
The Data Protection officer,
CrusaderSterling Pensions Ltd,
14b, Keffi Street, Off Awolowo Road,
Ikoyi, Lagos.
Tel: +234 806 598 3900