Introduction

KIA Technology Services Limited ("KIA", "we", "our", or "us") is committed to protecting the privacy and security of the personal information entrusted to us by our clients, partners, website visitors, job applicants, and other individuals who interact with our services.

This Privacy Policy describes how we collect, use, disclose, store, and protect personal information obtained through our website at kiatechs.com (the "Site"), our digital platforms — KiaPays, KiaConnect, and KiaCoop — and our professional service engagements.

This Policy is governed by the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and where applicable, international frameworks including the EU General Data Protection Regulation (GDPR).

Who We Are

KIA Technology Services Limited is a globally oriented technology enterprise registered in Nigeria, focused on structured system architecture, intelligent data integration, and resilient digital infrastructure. For the purposes of data protection law, KIA Technology Services Limited is the Data Controller responsible for your personal information.

Registered Name

KIA Technology Services Limited

Principal Office — Lagos

23 Little Road, Off Montgomery Road, Sabo-Yaba, Lagos, Nigeria

Principal Office — Abuja

16 Dominion Street, FHA Phase 2, Lugbe, Abuja, FCT, Nigeria

General Enquiries

[email protected]  |  +234 904 599 4873

Privacy / Data Protection

[email protected]

Information We Collect

We collect personal information in several ways, depending on how you interact with us. The categories of personal information we may collect include:

Information You Provide Directly

• Identity Data: Full name, job title, and organisation name.
• Contact Data: Email address, phone number, and postal address.
• Enquiry & Communications Data: Messages, queries, and correspondence submitted through our contact form or by email.
• Application Data: CV/résumé, cover letter, LinkedIn URL, domain expertise, professional experience, and qualifications submitted via our careers form.
• Financial & Transaction Data: Payment and transaction information processed through our KiaPays platform.

Information Collected Automatically

• Technical Data: IP address, browser type and version, device type, operating system, and referring URLs.
• Usage Data: Pages visited, time spent on pages, links clicked, and navigation paths within our Site.
• Cookie Data: Session identifiers, preference data, and analytics data collected through cookies and similar technologies (see Section 11).

Information from Third Parties

• Business contact information obtained from publicly available sources or professional networking platforms for legitimate business development purposes.
• KYC (Know Your Customer) verification data obtained through regulated third-party verification providers in connection with our financial platforms.

How We Use Your Information

We use personal information only for legitimate, specified, and explicitly defined purposes. The primary purposes for which we process your personal data are:

• To respond to enquiries, quotation requests, and business communications submitted through our Site.
• To deliver, manage, and improve our technology services and digital platforms.
• To process and facilitate financial transactions on the KiaPays platform in compliance with applicable regulations.
• To review and process career applications and manage our recruitment process.
• To fulfil contractual obligations and manage client engagements and project delivery.
• To maintain the security, integrity, and governance of our digital systems and infrastructure.
• To comply with legal, regulatory, and compliance obligations applicable to our operations.
• To send relevant communications, service updates, or thought leadership content where you have provided consent or a legitimate interest applies.
• To analyse and improve the functionality, performance, and user experience of our Site and platforms.

Legal Basis for Processing

We process personal information only where we have a lawful basis to do so. Depending on the nature of the processing, the applicable legal bases are:

Contractual Necessity

Processing necessary to perform a contract with you or to take pre-contractual steps at your request, such as service delivery, client engagements, and platform transactions.

Legitimate Interests

Processing necessary for our legitimate business interests — including improving our services, conducting business development, and maintaining institutional security — where these interests are not overridden by your rights.

Legal Obligation

Processing required to comply with applicable laws, regulations, or governmental/regulatory directives, including financial compliance, anti-money laundering, and fraud prevention obligations.

Consent

Where we rely on your consent to send marketing communications or non-essential cookies. You may withdraw consent at any time without detriment to prior processing.

Data Sharing & Disclosure

We do not sell or share your personal data with third parties for their own marketing purposes. We may share your information in the following limited circumstances:

• Service Providers & Technology Partners: Trusted third-party vendors who provide infrastructure, hosting, payment processing, email delivery, and analytics services strictly under contractual data processing agreements.
• Professional Advisors: Legal counsel, auditors, and financial advisors bound by professional confidentiality obligations where necessary for corporate governance.
• Regulatory & Law Enforcement Authorities: Where required by law, court order, or regulatory requirement, including compliance with financial regulatory bodies such as the Central Bank of Nigeria (CBN).
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant successor entity subject to equivalent privacy protections.
• Group Entities: Where applicable, within the KIA Technology Services group of companies for internal operational and governance purposes only.

All third parties with whom we share personal data are required to implement appropriate technical and organisational security measures and are prohibited from using your data for any purpose beyond the specified scope.

International Data Transfers

As a globally oriented technology enterprise, some of our data processing operations or service providers may be located outside Nigeria. Where personal data is transferred to jurisdictions that do not offer equivalent data protection standards, we ensure appropriate safeguards are in place, including:

• Binding contractual clauses or data processing agreements compliant with applicable transfer mechanisms.
• Transfers only to jurisdictions recognised as providing adequate protection under applicable Nigerian and international data protection standards.
• Implementation of technical and organisational security measures commensurate with the sensitivity of data transferred.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal, regulatory, and contractual obligations. Our retention principles are:

Client & Project Data

Retained for the duration of the engagement and for a minimum of seven (7) years thereafter, in accordance with Nigerian financial and corporate record-keeping requirements.

Website Enquiry & Contact Data

Retained for up to two (2) years from the date of last contact or enquiry, unless a contractual relationship is established.

Career Application Data

Retained for up to twelve (12) months from the date of application for unsuccessful candidates. Successful candidates' data is transferred to their employment record.

Financial Transaction Data

Retained in accordance with Central Bank of Nigeria (CBN) and applicable financial regulatory requirements — typically five (5) to seven (7) years.

Analytics & Cookie Data

Retained in accordance with the specific retention periods disclosed in our Cookie settings, typically between thirty (30) days and twenty-four (24) months.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents reconstruction.

Security Measures

KIA Technology Services Limited implements a comprehensive set of technical, organisational, and governance security controls to protect personal information against unauthorised access, loss, destruction, or disclosure. Our security framework includes:

• End-to-end encryption and tokenisation of sensitive data at rest and in transit using industry-standard protocols (TLS 1.2+, AES-256).
• Role-based access controls (RBAC) and identity & access management (IAM) frameworks limiting data access to authorised personnel only.
• Multi-factor authentication (MFA) on all systems containing personal or sensitive data.
• Regular vulnerability assessments, penetration testing, and security audits of our infrastructure and applications.
• Comprehensive audit logging and anomaly detection frameworks for monitoring unauthorised access attempts.
• Incident response and data breach notification procedures compliant with NDPA 2023 requirements (72-hour regulatory notification where applicable).
• Employee training and governance-integrated information security awareness programmes.

Your Data Subject Rights

Subject to applicable law and verification of your identity, you have the following rights in relation to your personal data:

Right of Access

You may request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.

Right to Rectification

You may request correction of inaccurate or incomplete personal data held about you without undue delay.

Right to Erasure

You may request deletion of your personal data where processing is no longer necessary, consent is withdrawn, or processing is unlawful — subject to applicable legal retention obligations.

Right to Restriction

You may request that we restrict processing of your personal data in certain circumstances, such as while a rectification request is being resolved.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request receipt of your personal data in a structured, machine-readable format.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days of receiving a verifiable request. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your rights have been infringed.

Cookies & Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance functionality, analyse performance, and support user experience. The categories of cookies we use include:

• Essential Cookies: Strictly necessary for the operation of our Site. These cannot be disabled as they enable core functionality such as session management and security.
• Analytics Cookies: Used to understand how visitors interact with our Site, which pages are visited most frequently, and how users navigate through the content. Data is aggregated and anonymised.
• Functional Cookies: Enable enhanced personalisation features, such as remembering your language or regional preferences.
• Marketing Cookies: Used to deliver relevant content and, where applicable, track the effectiveness of marketing initiatives. These are only set with your explicit consent.

You can manage your cookie preferences at any time via the cookie settings panel available on our Site. Note that disabling certain cookies may affect the functionality of some features.

Third-Party Links

Our Site and platforms may contain links to external websites, third-party services, or partner platforms. This Privacy Policy applies solely to information collected and processed by KIA Technology Services Limited. We are not responsible for the privacy practices, content, or data handling of any third-party sites. We encourage you to review the privacy policies of any third-party websites you visit.

Children's Privacy

Our services are not directed at, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that personal data has been collected from a minor without appropriate parental or guardian consent, we will take prompt steps to delete such data. If you believe a minor's data has been submitted to us, please contact us immediately at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable legal requirements. When material changes are made, we will update the effective date at the top of this Policy. We encourage you to review this Policy periodically. Your continued use of our services following publication of updates constitutes acceptance of the revised Policy.

For significant changes that may materially affect your rights, we will endeavour to provide prominent notice, such as a notification on our Site or direct communication where we hold your contact details.

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us using the details below. We are committed to resolving all privacy-related enquiries in a timely and transparent manner.

Data Protection Enquiries

partnerships@kia-techs.com

General Contact

info@kia-techs.com  |  +234 904 599 4873

Office Address

16 Dominion Street, FHA, Phase 2, Lugbe Abuja, FCT