1. Introduction
Veridian Arc International Limited (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data entrusted to us by our clients, their stakeholders, our employees, website visitors, and any other individuals whose data we process in the course of our business.
This Privacy Policy explains how we collect, use, store, protect, and share personal data in compliance with the Nigeria Data Protection Act 2023 and applicable regulations issued by the Nigeria Data Protection Commission (NDPC).
Veridian Arc International Limited is a creative media and digital solutions company registered in Nigeria (RC 8609583), headquartered in Abuja, FCT. We are registered with the Nigeria Data Protection Commission as a Data Processor and Data Controller.
2. Data Protection Officer
We have designated a Data Protection Officer (DPO) who is responsible for overseeing our compliance with applicable data protection laws and serving as the point of contact for data subjects and the Nigeria Data Protection Commission.
Data Protection Officer: Samson Faboyo Email: info@veridianarc.com
If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact our Data Protection Officer using the details above.
3. What Personal Data We Collect
We may collect and process the following categories of personal data depending on the nature of our interaction with you:
From Clients and Stakeholders: Names, job titles, and organisational affiliations; phone numbers, email addresses, and postal addresses; project-related information and correspondence; brand assets, content, and materials provided for design, printing, or digital development; and feedback and communication records.
From Programme Participants (on behalf of institutional clients): Names, identification details, and contact information; programme-related data including deployment records, status updates, and compliance documentation; and health-related data where we are engaged to develop or manage digital health platforms on behalf of health sector clients.
From Website Visitors: Information collected through contact forms (name, email, message); technical data such as IP address, browser type, and device information collected automatically when you visit our website; and cookie data (where applicable — see Section 10 below).
From Employees and Consultants: Names, contact details, and identification information; bank account details for payment processing; employment or engagement records; and professional qualifications and CVs.
4. How We Use Personal Data
We process personal data only for legitimate and defined purposes. These include communicating with clients and stakeholders in the course of project delivery; managing project coordination, scheduling, procurement, and documentation; producing design, print, and digital deliverables that may contain personal data provided by the client; developing and maintaining software applications and digital platforms on behalf of clients; managing programme participant data on behalf of institutional clients in line with their instructions and governance frameworks; administering employee and consultant payroll, engagements, and human resource functions; responding to enquiries submitted through our website; and complying with legal and regulatory obligations.
We do not use personal data for purposes other than those for which it was collected, unless we have obtained consent or are required to do so by law.
5. Legal Basis for Processing
We process personal data on one or more of the following legal bases:
Contractual necessity: Processing is necessary to fulfil our obligations under a contract with you or your organisation — for example, delivering a design project, building a website, or managing event logistics.
Legitimate interest: Processing is necessary for the legitimate interests of our business — for example, maintaining client relationships, improving our services, or ensuring the security of our systems — provided these interests do not override your rights and freedoms.
Consent: Where you have given us your consent to process your data for a specific purpose — for example, subscribing to communications or submitting an enquiry through our website. You may withdraw consent at any time by contacting our Data Protection Officer.
Legal obligation: Processing is necessary to comply with a legal or regulatory requirement — for example, tax reporting or responding to a lawful request from a regulatory authority.
6. How We Share Personal Data
We do not sell, rent, or trade personal data to third parties.
We may share personal data in the following limited circumstances:
With our clients: Where we process data on behalf of a client (as a data processor), deliverables and data are shared with the client in accordance with their instructions and the terms of our engagement.
With our vendors and service providers: We may share data with trusted vendors who assist in delivering our services — for example, printing companies, hosting providers, or cloud service providers. These vendors are selected for their reliability and are required to handle data in accordance with our instructions and applicable data protection standards.
With government and regulatory authorities: We may disclose personal data where required by law, regulation, or lawful request from a competent authority — including the Nigeria Data Protection Commission, the Nigeria Revenue Service, or law enforcement agencies.
We do not transfer personal data to organisations outside Nigeria.
7. Data Security
We take the security of personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit and at rest through our cloud service providers; access controls and authentication to restrict data access to authorised personnel; data minimisation — collecting and retaining only the data necessary for each engagement; secure cloud storage with access logging and activity monitoring; and vendor management — ensuring that third parties who handle data on our behalf maintain appropriate security standards.
While we take all reasonable steps to protect personal data, no system is completely secure. In the event of a data security incident, we will notify affected individuals and the Nigeria Data Protection Commission as required by law, investigate the incident promptly and thoroughly, take immediate steps to contain and remediate the issue, and cooperate fully with affected parties and relevant authorities.
8. Data Retention
We retain personal data only for as long as it is necessary to fulfil the purpose for which it was collected.
Client and project data: Retained for the duration of the engagement and for a reasonable period thereafter (typically 12 months) to support post-delivery queries, warranty obligations, and institutional record-keeping. After this period, data is securely deleted or returned to the client.
Employee and consultant data: Retained for the duration of the employment or engagement and for the period required by applicable labour and tax laws.
Website visitor data: Contact form submissions are retained for as long as necessary to respond to the enquiry. Technical and analytics data is retained in accordance with the retention policies of our analytics providers.
Programme participant data: Retained in accordance with the data governance framework and instructions of the institutional client on whose behalf the data is processed. Upon completion of the programme or termination of our engagement, data is returned to the client or securely deleted as instructed.
Where a client or data subject requests early deletion of their data, we comply promptly, subject to any legal or contractual obligations that require continued retention.
9. Your Rights
Under the Nigeria Data Protection Act 2023, you have the following rights in relation to your personal data:
Right of access: You have the right to request a copy of the personal data we hold about you and information about how it is being processed.
Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to erasure: You have the right to request that we delete your personal data, subject to any legal or contractual obligations that require continued retention.
Right to restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of the data.
Right to data portability: You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format.
Right to object: You have the right to object to the processing of your personal data where we are relying on legitimate interest as the legal basis.
Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact our Data Protection Officer at info@veridianarc.com. We will respond to your request within 30 days.
10. Cookies
Our website may use cookies — small text files stored on your device — to improve your browsing experience and help us understand how our website is used.
Types of cookies we may use:
Essential cookies — necessary for the website to function properly (e.g., session management). These do not require consent.
Analytics cookies — used to collect anonymous information about how visitors use our website (e.g., pages visited, time spent). These help us improve our website and are only used with your consent.
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of certain parts of our website.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable laws. When we make significant changes, we will update the “Last updated” date at the end of this policy and, where appropriate, notify affected individuals directly.
We encourage you to review this policy periodically to stay informed about how we protect your data.
12. Complaints
If you are not satisfied with how we handle your personal data, or if you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).
Nigeria Data Protection Commission Website: ndpc.gov.ng
You may also contact our Data Protection Officer at info@veridianarc.com to raise any concerns, and we will endeavour to resolve the matter promptly and to your satisfaction.
Veridian Arc International Limited
RC 8609583 | Flat D12-3, Apo, Abuja, FCT, Nigeria
info@veridianarc.com | +234 9167 651 513 | veridianarc.com
Last updated: April 2026