Who are we?

Pade HCM Technology Limited (“PaidHR”) “Our”, “Us”, or “We” is a retail technology  company based in Lagos, Nigeria, with Our registered address at 11 Providence Street, Lekki Phase 1, Lagos. Our business involves providing human resource and payroll services to businesses in Nigeria (Our “Services”). We are registered with the Nigeria Data Protection Commission (the “NDPC”) and regulated by them. If you have any questions about this Privacy Policy or how and why We process Personal Data, please contact Us at hello@paidhr.com.

Our Privacy Policy has been prepared to meet the requirements of the extant Nigeria Data Protection Act (the “NDPA”). We are committed to protecting the confidentiality and privacy of all personally identifiable information (“Personal Data”) entrusted to Us through this website and/or Our mobile application, or otherwise (“Website”). Our Privacy Policy, together with Our Terms of Use, explains the type of Personal Data we collect, when, how and why We collect Personal Data, lawful basis for processing the Personal Data, how We use the Personal Data, the conditions under which We may disclose Personal Data to others and the efforts We take to keep Personal Data secure, and your Rights as regards Personal Data collected and processed. By registering for or using Our services, you acknowledge that you have read and agree to Our Privacy Policy and Terms & Conditions, which are incorporated herein by reference.

The terms ‘you’ and ‘your’ means you as an individual accessing this Website, and applying for or using Our Services. Where We make decisions on how Personal Data is used in connection with Our Services, We are acting as a Data Controller and will be responsible for the obligations of a Data Controller under the NDPA in connection with the processing of Personal Data. For example, We use this Privacy Policy and other notices to provide you with information about Our use of Personal Data, as required by the NDPA. Where We only use Personal Data requested by other Data Controllers, We would be acting as Data Processors and those other Data Controllers are similarly responsible for the obligations of a Data Controller under the NDPA in connection with the processing of those categories of Personal Data. If you are using Our Services through those other Data Controllers, you should contact them if you have questions or concerns about the processing of your Personal Data or compliance with the NDPA and other applicable laws.

We may update and modify this Privacy Policy from time to time, so please do return to the Website and review this Privacy Policy regularly. Unless otherwise stated, any updates to this Privacy Policy become effective when We post the updates on the Website. Your continued use of the Website for Our Services following an update to the Privacy Policy means that you are aware of the updated Privacy Policy and have no objections to any such updated Privacy Policy. Please read the following carefully to understand Our views and practices regarding the processing of your Personal Data. 

1. What Personal Data Do We Collect?

We may hold and use various types of Personal Data collected at the start of, and during your relationship with Us. We will limit the collection and processing of these Personal Data to what is necessary to achieve the purposes identified in this notice. The information you provide to us must be correct, accurate, complete and not misleading.

The Personal Data We collect includes:

• Personal details, including your name, residential address, phone numbers, email address, date of birth, gender, nationality, national identity number, employment status;
• Financial and banking information, including bank account details, bank verification number and transactional information;
• Means of identification, including permanent voters card, drivers license, passport, utility bill;
• Employee details including tax identification number, pension fund administrator name and RSA number, HMO details, employment letter, payslips;
• Company details including job title, department, company name, company address, incorporation certificates, directors and shareholders ID, personal information of employees who may act as agents, work email address and office phone number;
• Applicant details, including university certificates, birth certificates, academic certificates and passport photograph;
• Log in details including user name and password;
• Identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address and other information about your visits to the Website;
• Usage information and browsing history including usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, content, and advertising interactions);
• Information collected from  fraud prevention and investigation agencies. 
• Details of any contacts that We have had with you;
• Details of any contact with Us including any telephone, email or other communication with you; and
• Information collected through customer feedback surveys.

In some circumstances we may also collect and process special categories of Personal Data. This is to help ensure that Our Services are accessible and so that we can offer appropriate levels of support where required.

• How We Use your Personal Data

We may use your Personal Data:

• To process employee and cross border payroll;
• To search the records of  fraud prevention and investigation agencies;
• To process statutory remittances, including taxes, health and pension remittances;
• To set up and process payments and to prevent fraudulent transactions;
• To provide an all inclusive full suite human resource solutions that streamlines time consuming task for your employer;
• To streamline the hiring process for your employer and effectively manage applications through automated workflows and tools;
• To update Our records and maintain your account with Us;
• To offer you services that may be of interest to you, where you have consented to be contacted for such purposes;
• To process your application for loans or other third-party services, to which you have consented;
• To monitor, review and improve the content and appearance of Our Website, to ensure it is presented in the most effective manner for you;
• To maintain and develop Our business systems, including without limitation, testing and upgrading them;
• To trace your whereabouts, if We cannot contact you, in relation to the Services or other third party services you access through the Website;
• To comply with Our legal and regulatory obligations;
• For any other specific purpose which We notify you of at the time your Personal Data is collected;
• To pre-populate fields on Our site to make it easier for you to navigate when you return to Our Website and login as an existing customer; and
• To help Us analyse Our business and develop marketing strategies, develop products and improve Our advertising materials.

We may monitor and record calls, emails, SMS and other communications to ensure transactions are executed correctly, detecting any vulnerabilities you may have, and for security, quality control, training and fraud prevention purposes.

• How We Collect your Personal Data

We collect Personal Data about you in the following ways:

• Directly from you when you fill in forms on Our Website,  or correspond with Us by email, phone or otherwise;
• By observing how you access and use Our Services. For example, how you use Our Website or how you manage your accounts with PaidHR;
• From organisations that have your consent to share your Personal Data with Us or for a separate legal basis for a specific or defined purpose. This could include for direct marketing or assessing your eligibility for a partner’s Services which may be suitable for you;
• From public sources, for instance the Corporate Affairs Commission’s register or other public registers; and
• From third party organisations such as affiliates who resell or integrate with Our Services, fraud prevention and investigation agencies. These entities provide information on your financial behaviour. 

• Lawful Basis for Processing your Personal Data

We collect and use your Personal Data where it is necessary for Us to carry out Our lawful business activities. Our grounds for processing your Personal Data are as follows:

• Contractual necessity

We may process your Personal Data where it is necessary to enter into a contract with you or to perform Our obligations under that contract. This may include processing to:

• Assess your eligibility for the Services We provide;
• Sharing information to fraud prevention and investigation agencies;
• Assess your eligibility for similar Services.This may include making periodic searches at fraud prevention and investigation agencies;
• Provide and administer the Services We offer, including;
  • setting up your account;
  • verifying your contact information;
  • collecting and providing to you required information and documents including statements and formal notices;
  • processing payments;
  • to manage employee and cross border payroll;
  • to provide workflows and tools for business/companies;
  • to manage statutory remittance, employee benefits and to create employee wallets; 
  • to send you service communications and notices required by law; and
  • to address any enquiries or complaints We receive from you, a  representative you have appointed or a regulator.

• Legal obligation

We may process your Personal Data where it is a legal or statutory obligation on Us. This may include processing to:

• Confirm your identity;
• Detect, investigate and report transactions in order to comply with laws relating to money laundering, financial crime and international sanctions;
• Detect, investigate and report financial crime, and to take measures to prevent this;
• Maintain records of Our business as required by law;
• Complying with laws which require Us to provide information, directly or indirectly to any state or federal agencies, for the purpose of the calculation and collection of tax;
• Responding to enquiries and requests for information by any of Our regulators;
• Creating and submitting reports required by any of Our regulators;
• To otherwise meet Our obligations under all laws and regulations and codes of practice which apply to Our business activities; and
• Where We have a duty to protect vulnerable customers and provide them with support.

• Legitimate interest

We may process your information when We have a business or commercial reason to do so. If We do, it must not unfairly go against what is right and best for you. If We rely on Our legitimate interest, We will tell you what that is. This may include processing to:

• Develop new Services and identifying which may be of interest to you;
• Contact you to make you aware of such Services, where We have the relevant permission to do so. This may include a reasonable period after your relationship has ceased with Us;
• Collect information in order to perform statistical analysis, analytics and profiling, for example, to create scorecards, models and variables in connection with the assessment of credit, fraud, vulnerabilities, risk or to verify identities, to monitor and predict market trends, and for analysis such as loss forecasting (and share this information with other members of Our corporate group of companies);
• Monitor, review and improve the content and appearance of Our Website, to ensure that content from Our Website is presented in the most effective manner for you assess how Our customers use Our Website, and Services;
• Maintain and develop Our business systems, including without limitation, testing and upgrading them;
• Sharing information with organisations who introduce you to Us under a commercial agreement;
• To share your information with third parties for the purpose of preventing fraud and financial crime; and
• To obtain finance for the Services We provide.

• Who Do We Share your Personal Data with

We may share your Personal Data with third party companies who provide Services on Our behalf, and/or third party companies who provide Services to Us. This may require these organisations to access and process your Personal Data. These may include:

• Government agencies: for compliance with statutory, tax, anti-money laundering, or law enforcement obligations;
• Identity verification service providers: to confirm your identity and prevent impersonation or fraudulent activity;
• Auditors: for the purpose of financial and compliance audits;
• Fraud investigation and prevention agencies: to detect, prevent, and investigate fraud or misuse of Our Services;
• Communications service providers offering mail, email and SMS text services;
• Customer survey providers in order to receive feedback and improve Our Services;
• IT service providers: to ensure a smooth and seamless user experience on Our Website;
• Data security providers for debugging and product improvement purposes;
• Legal service providers: to obtain legal advice, enforce Our rights, or defend against legal claims;
• Digital and direct marketing service providers: to communicate relevant updates or promotional information where permitted by law and subject to your consent;
• Third party quality assurance providers, to ensure that the Website is secure, compliant and reliable;
• If We or Our assets are potentially to be acquired by a third party, or if We consider restructuring, Personal Data held by Us about Our customers (including borrowers and investors) will be one of the transferred assets and may be shared during the potential transaction or restructuring process or as part of a mergers & acquisition transaction;
• Other service providers, like loan providers, with respect to applications you make in regard to a loan or other third party services through the Website;
• Payment processors; to process payments necessary for your enjoyment of the Services; and
• Prospective assignees of your account.

We may also process your Personal Data using data analytics and artificial intelligence tools provided by external third parties to manage risks, improve Our Service and produce statistical analysis to be shared internally and with other companies within Our corporate group.

• International Transfer of Personal Data

To provide the Services, We or Our service providers may transfer your Personal Data to countries outside Nigeria, including jurisdictions that have been recognized by the NDPA as providing adequate data protection, as well as countries whose data protection laws may offer a lower level of protection than is available in Nigeria. Any such transfers will only be done where necessary for the performance of a contract between you and PaidHR, or to take steps at your request prior to entering into such a contract. Additionally, in such cases, We will ensure that appropriate safeguards are in place to protect your Personal Data in accordance with the NDPA.The specific safeguards We implement will depend on the nature of the transfer and the recipient, and may include the use of standard contractual clauses. If you would like further information about these safeguards, please contact Us via hello@paidhr.com.

• Your Data Subject Rights

As a Data Subject, you have a number of rights:

• The right to access the Personal Data We hold about you;
• The right to rectify inaccurate Personal Data or complete it if it is incomplete;
• The right to have your Personal Data deleted;
• The right to request restriction of your Personal Data;
• The right to obtain and make use of your Personal Data for your own purposes across different Services (“portability”);
• The right to object to the processing of your Personal Data in certain circumstances;
• The right to object to decisions that are based solely on automated decision-making including profiling;
• The right to withdraw consent at any time; and
• Right to lodge complaints with the NDPC.

Please note that your data protection rights are subject to certain restrictions and conditions and We may be required to retain a range of your Personal Data for legal and regulatory reasons. If you think that any of the Personal Data We hold about you is wrong or incomplete you have the right to challenge it.

• Sensitive Personal Data

We will not typically ask you for any ‘special categories’ of Personal Data. This is also referred to as ‘Sensitive Personal Data’ and includes information revealing an individual’s political opinions, racial or ethnic origin, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning an individual’s sex life or sexual orientation. If We process such Sensitive Personal Data, We will do so (a) with your explicit consent, (b) to comply with Our legal obligations to support you if you are, or become a vulnerable customer, and (c) to establish, take or defend any legal action.

• How Long We Keep your Personal Data

We will retain your Personal Data for as long as We are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for the  lawful purposes for which it was originally collected or for related compatible purposes. This will usually be no more than six (6) years from the end of Our relationship with you, at which point, your Personal Data will no longer be retrievable through a Data Subject Access Request (“DSAR”). The retention period of your Personal Data may need to be extended where We require this to bring or defend legal claims. We may also retain Personal Data for longer periods for statistical purposes, and if so We will anonymise such Personal Data.

• How Do We Protect your Personal Data

We are committed to managing your Personal Data in line with the NDPA and best practices. We employ all reasonable efforts to keep your Personal Data secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing of Personal Data and against its accidental loss, destruction or damage. We protect your Personal Data using physical, technical, and organisational measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We also use industry-recommended security protocols to safeguard your Personal Data. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to Our buildings and files. Our privacy assessment indicates that your use of Our Services is unlikely to compromise data protection.

• Do We Use Automated Processing? 

We may use your Personal Data in automated processes to make decisions about you. You have the right not to be subject to a decision based solely on automated processing, if this will have a legal or other significant effect on you (certain exceptions apply).

We may use automated decision making in:

• Credit scoring and affordability assessment: We may use Personal Data collected from yourself through online forms, your use of Our Website, credit bureaus and other third parties to assess your creditworthiness and affordability, on behalf of employers or third-party service providers, whose services you are interested in.  
• Hiring processes: We may use Personal Data collected from yourself through job posting, forms, job boards, your use of Our Website or mobile application to make automated hiring decisions like ranking candidates, filtering applicants, and managing approvals, on behalf of employers;
• Fraud and money laundering risk identification: If Our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with information that you have provided previously, or you appear to have deliberately hidden your true identity We may decide that you pose a fraud and money laundering risk;
• Sanctions screening: We may use Personal Data collected from you to do a comprehensive sanction check and real time screening for companies and jurisdictions who may use Our cross border payroll Services; and
• Profiling: We may use Personal Data collected from you to identify whether you are suitable for the Services We offer and to inform you of these. We will use profiling in conjunction with Our partners when developing new prospect marketing campaigns.

If you do not agree with any decisions made as a result of the foregoing, you have the right to appeal the outcome of these automated decisions and ask for them to be reconsidered manually. We may require additional relevant information to be provided by you before human oversight of a specific decision will take place;

• Access to Your Personal Data via a Data Subject Access Request (DSAR)

You have the right to request access to the Personal Data We hold about you. To make a DSAR, please email hello@paidhr.com  with the subject line “DSAR” or write to:

Data Protection Officer.

Pade HCM Technology Limited (PaidHR).

11 Providence Street, Lekki Phase 1, Lagos.

We may need to verify your identity before processing your request. We will respond within one (1) month of receipt of your request and verification of your identity. Requests are free of charge unless they are manifestly unfounded or excessive, in which case We may charge a reasonable fee or refuse to comply. If you are not satisfied with Our response, you can contact the NDPC.

• Cookies

We may use cookie technology on Our Website to collect some of the Personal Data detailed in this policy. Cookies are small text files stored on your device or internet browser when you visit Us. We use cookies mainly to improve the performance of Our Website and Our Services. The Cookie Policy made available on this Website explains in more detail what types of cookies We use, why We use them and how to identify and disable them. 

• Third-Party Advertising Links or Content

Our Website may contain links to other sites that are not operated by Us. We allow third parties, including advertising networks, and other advertising service providers, to collect information about your online activities through cookies, pixels, local storage, and other technologies. These third parties may use this information to display advertisements on Our Website and elsewhere online tailored to your interests, preferences, and characteristics. We have no control over, and assume no responsibility for the content, Privacy Policies or practices of any third-party sites or services. Some third parties collect information about users of Our Website to provide interest-based advertising on Our Website and elsewhere, including across browsers and devices.  These third parties may use the information they collect on Our Website to make predictions about your interests in order to provide you with ads (from Us and other companies) across the internet. We strongly advise you to review the Privacy Policy of every site you visit.

• Children’s Privacy

We do not knowingly collect Personal Data from children under the age of 18. Our Website and Services are not addressed to minors.  If you are a parent or guardian and you learn that your children have provided us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from a child under the age of 18 without verifiable parental consent, We will take steps to remove that information from Our servers.

• Complaints‍

If you have any complaints about Our use of your Personal Data, please send an email with the details of your complaint to hello@paidhr.com or use the contact details above. We will investigate and respond to any complaints We receive. You also have the right to lodge a complaint with the NDPC. For further information on your rights and how to complain to the NDPC, please refer to the NDPC Website at https://ndpc.gov.ng/.