This Privacy Policy describes how the National Energy Investment & Intelligence Administration ("NEIIA", "we", "our") collects, uses, stores, and protects your personal and organizational data when you use the Risk & ESG Intelligence Platform.
1. Information We Collect
1.1 Information You Provide
When you create an account or use the Platform, you may provide:
- Personal identification information (name, email address, phone number)
- Professional information (job title, organization, department)
- Account credentials (email and password)
- Payment and billing information
- Data you upload for analysis (portfolio data, ESG reports, compliance documents)
- Communications with our support team
1.2 Information Collected Automatically
We automatically collect certain information when you access the Platform:
- Device information (browser type, operating system, device identifiers)
- Usage data (pages visited, features used, time spent, search queries)
- Log data (IP address, access times, referring URLs)
- Cookies and similar tracking technologies
2. How We Use Your Information
We use collected information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Platform | Contract performance |
| Process transactions and billing | Contract performance |
| Send service notifications and updates | Legitimate interest |
| Improve Platform features and performance | Legitimate interest |
| Ensure security and prevent fraud | Legitimate interest / Legal obligation |
| Comply with legal and regulatory requirements | Legal obligation |
| Conduct research and analytics | Consent / Legitimate interest |
3. Data Sharing
We do not sell your personal data. We may share information with:
- Service Providers: Third-party vendors who assist in Platform operations (hosting, analytics, payment processing) under strict data processing agreements
- Legal Requirements: Government authorities when required by law, regulation, or court order
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users
- With Your Consent: Any other sharing requires your explicit consent
4. Data Security
We implement industry-standard security measures to protect your data, including:
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Multi-factor authentication support
- Regular security audits and penetration testing
- Role-based access controls
- Automated threat detection and monitoring
While we strive to protect your data using commercially acceptable means, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. After account termination:
- Account data is retained for 30 days, then permanently deleted
- Transaction records are retained for 7 years for legal compliance
- Analytics data is anonymized and may be retained indefinitely
- Backup data is purged within 90 days of deletion
6. Your Rights
Subject to applicable law, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
- Withdraw Consent: Withdraw previously given consent at any time
To exercise these rights, contact us at privacy@neiia.gov.ng. We will respond within 30 days.
7. Cookies
The Platform uses cookies and similar technologies to:
- Essential Cookies: Required for Platform functionality (authentication, security)
- Analytics Cookies: Help us understand how you use the Platform
- Preference Cookies: Remember your settings and preferences
You can manage cookie preferences through your browser settings. Disabling essential cookies may impact Platform functionality.
8. International Data Transfers
Your data may be processed in countries outside Nigeria. When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy assessments, in compliance with the Nigeria Data Protection Regulation (NDPR).
9. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or Platform notification at least 14 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact Us
For questions, concerns, or data requests related to this Privacy Policy, please contact:
NEIIA Data Protection Officer
Email: privacy@neiia.gov.ng
Address: NEIIA Headquarters, Abuja, Nigeria
Phone: +234 (0) 9-XXX-XXXX
This document was last updated on March 21, 2026. Previous versions are available upon request.