Data Protection & Privacy Policy

Document No.: DBS-DPP-001 | Version: 1.0 | Effective Date: January 2024

1. Policy Statement

At DBS LTD, we are committed to protecting the privacy and confidentiality of personal data entrusted to us. As a leading transport management and logistics company offering driver screening, record management, and supply chain solutions, we handle sensitive personal, professional, and biometric data of individuals and organizations. This Data Protection Policy outlines our principles and procedures for ensuring that all personal data collected, processed, stored, and transferred is handled in compliance with the Nigeria Data Protection Act 2023 (NDPA) and other relevant local and international data privacy regulations.

2. Scope of the Policy

  • All employees and contractors of DBS LTD
  • Clients, job applicants, drivers, vendors, and third-party service providers
  • All personal data processed in physical or electronic form
  • Operations in Nigeria and any cross-border activities within West Africa

3. Legal Framework

  • Nigeria Data Protection Act 2023 (NDPA)
  • The Nigeria Data Protection Regulation 2019 (NDPR)
  • General Data Protection Regulation (GDPR), where applicable
  • Sector-specific regulations (e.g., FRSC, NESREA)

4. Data Protection Principles

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation – Data is collected for specified, legitimate purposes.
  • Data Minimization – Only necessary data is collected.
  • Accuracy – Efforts are made to keep data accurate and up-to-date.
  • Storage Limitation – Data is retained only for as long as necessary.
  • Integrity and Confidentiality – Data is secured against unauthorized access or breaches.
  • Accountability – DBS LTD is responsible for demonstrating compliance.

5. Categories of Personal Data Collected

  • Personal Identifiers: Full name, date of birth, address, phone number, email
  • Professional Data: Employment history, licenses, qualifications
  • Health Information: Medical screenings, fitness-to-work reports
  • Criminal Records: Background check reports (with consent)
  • Biometric Data: Facial images, fingerprints (if required for screening)
  • Device/Usage Data: IP addresses, GPS data from fleet systems

6. Purpose of Data Processing

  • Driver verification and recruitment
  • Background and identity screening
  • Vehicle leasing and logistics management
  • Compliance with legal and regulatory requirements
  • Employee and vendor administration
  • Enhancing customer experience and communication

7. Data Subject Rights

Under the NDPA and NDPR, data subjects are entitled to the following rights:

  • Right to Access their data
  • Right to Rectification of inaccurate information
  • Right to Erasure (“Right to be Forgotten”)
  • Right to Restriction of processing
  • Right to Object to processing activities
  • Right to Data Portability
  • Right to Withdraw Consent
  • Right to Lodge Complaints with the Nigeria Data Protection Commission (NDPC)

Requests related to these rights should be submitted in writing to our Data Protection Officer (DPO) using the contact below.

8. Lawful Basis for Processing

  • Consent: Where explicit permission is given
  • Contractual Obligation: Where processing is required for contract fulfilment
  • Legal Obligation: To meet regulatory and statutory requirements
  • Legitimate Interest: For fraud prevention, system monitoring, and business operations

9. Data Security Measures

  • End-to-end encryption (in transit and at rest)
  • Access controls and multi-factor authentication
  • Secure physical storage and shredding of paper records
  • Regular staff training and data protection audits
  • Firewalls, antivirus, and intrusion detection systems

10. Cross-Border Data Transfers

Any transfer of personal data outside Nigeria or ECOWAS is subject to:

  • Adequate safeguards (Data Transfer Agreements or model clauses)
  • NDPC approval where necessary
  • Prior consent from the data subject (where applicable)

11. Third-Party Processors

We ensure that third parties and service providers:

  • Enter into binding Data Processing Agreements (DPA)
  • Follow strict confidentiality and data security protocols
  • Are audited regularly to ensure compliance

12. Data Retention

DBS LTD retains personal data only for the duration required:

  • To fulfil contractual or legal obligations
  • For operational or record-keeping purposes
  • As mandated by industry regulators or statutory law

After this period, data is securely deleted or anonymized.

13. Data Breach Management

  • The incident will be investigated immediately
  • Affected parties will be notified within 72 hours (where necessary)
  • A formal report will be submitted to the NDPC
  • Mitigation and corrective actions will be implemented

14. Training and Awareness

  • Mandatory data protection training at onboarding
  • Signed data confidentiality agreements
  • Regular refresher courses and compliance monitoring

15. Policy Review

This Data Protection Policy will be reviewed annually or whenever there is a major change in business operations or legislation.

16. Contact Information

Data Protection Officer (DPO)
DBS LTD
20 Godwin Way, Ire-Akari Estate, Isolo, Lagos
+234 803 314 4214, +234 803 507 7983
dbslimited2023@gmail.com, info@driversbureau.org

If you have any questions about this policy or our privacy practices, please contact our DPO using the details above.