Legal

Data Protection & NDPR Compliance

CICANDA Limited is committed to responsible data stewardship. This page sets out our compliance position under the Nigeria Data Protection Regulation (NDPR) and related law.

Last updated: June 2026 · CICANDA Limited, Aco Housing Estate Complex, Abuja, Nigeria · hello@cicanda.com

1. Regulatory Framework

The Nigeria Data Protection Regulation (NDPR), issued by the National Information Technology Development Agency (NITDA) in January 2019 and supplemented by the NDPR Implementation Framework of 2020, is the primary data protection law applicable to CICANDA Limited and to any organisation that processes the personal data of persons in Nigeria.

CICANDA Limited operates in full compliance with the NDPR and remains current with guidance issued by NITDA. Where clients or data subjects are located in jurisdictions with additional data protection requirements (such as the European Union’s GDPR), we apply the higher standard where relevant.

2. Data Controller Identification

CICANDA Limited acts as a data controller in respect of personal data collected through this website and in connection with our direct client relationships. Where we process personal data on behalf of a client organisation, we act as a data processor under instructions agreed in the engagement contract, and the client organisation is the data controller.

Controller details:

Name: CICANDA Limited
Address: Aco Housing Estate Complex, Abuja, FCT, Nigeria
Email: hello@cicanda.com
Telephone: +234 706 562 2760

3. Data Protection Principles

We process personal data in accordance with the following NDPR principles:

Lawfulness, fairness and transparency: personal data is processed only where there is a lawful basis and in a manner that is fair and transparent to data subjects.
Purpose limitation: data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.
Data minimisation: we collect only the personal data that is necessary for the stated purpose.
Accuracy: we take reasonable steps to ensure that data we hold is accurate and, where necessary, kept up to date.
Storage limitation: data is retained no longer than necessary for the purposes for which it was collected.
Integrity and confidentiality: we implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction.

4. Lawful Basis for Processing

CICANDA Limited processes personal data on one or more of the following lawful bases as defined under the NDPR:

Consent: where the data subject has given clear, informed consent.
Contract performance: where processing is necessary to perform a contract with the data subject or at their request prior to entering a contract.
Legitimate interests: where we have a legitimate business interest that is not overridden by the data subject’s rights and interests.
Legal obligation: where processing is required to comply with a statutory obligation.

5. Data Subject Rights

Under the NDPR, individuals whose personal data we process have the right to:

Be informed about how their data is used.
Access their personal data (subject access request).
Correct inaccurate or incomplete data.
Request deletion of their data where there is no overriding lawful reason to retain it.
Object to processing based on legitimate interests.
Restrict processing in certain circumstances.
Data portability where processing is carried out by automated means.
Withdraw consent at any time where consent is the basis of processing.

Requests to exercise these rights should be submitted to hello@cicanda.com. We will acknowledge your request within 72 hours and respond in full within 30 days.

6. International Data Transfers

Where we transfer personal data to processors or sub-processors outside Nigeria, we comply with the NDPR requirements for cross-border data transfers, including by ensuring that recipients are bound by contractual obligations at least equivalent to the protections required under the NDPR, or that the destination country has been recognised as providing adequate data protection.

7. Data Breach Notification

In the event of a personal data breach, CICANDA Limited will comply with the NDPR obligation to notify NITDA and, where required, affected data subjects within the timeframes prescribed by the regulation. We maintain an internal breach register and incident response procedure to support this obligation.

8. Data Processing Records

CICANDA Limited maintains a Record of Processing Activities (ROPA) as required under the NDPR Implementation Framework. This document is available to NITDA upon request as part of our regulatory compliance obligations.

9. Complaints and Regulatory Contact

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with NITDA, the Nigerian data protection supervisory authority:

National Information Technology Development Agency (NITDA)
Website: nitda.gov.ng
Email: info@nitda.gov.ng

We encourage you to contact us directly first so we have the opportunity to resolve any concern.

10. Contact

For data protection enquiries, please contact us at hello@cicanda.com or write to CICANDA Limited, Aco Housing Estate Complex, Abuja, Federal Capital Territory, Nigeria.