Privacy Policy
Your privacy matters to us. This Privacy Policy explains what personal data we collect about you, how we use it, and your rights. Please read it carefully. By using our website or engaging with Secuva, you confirm that you have read and understood this policy.

1. Who We Are
• Secuva Advisory Limited (“Secuva”, “we”, “us”, or “our”) is the data controller responsible for the personal data collected through our website (www.secuvain.com) and in the course of providing our advisory services.
• We are committed to protecting your personal data and complying with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR), and other applicable data protection laws.
• Our contact details are set out at the end of this Policy.

2. Personal Data We Collect
We may collect and process the following categories of personal data:

2.1 Data You Provide Directly
• Identity data: your name, role or job title
• Contact data: email address, phone number (including WhatsApp), country of residence
• Business data: name of your company or organisation, sector, and the nature of your insurance or risk management enquiry
• Communications data: the content of messages, emails, or other correspondence you send us
• Engagement data: information collected during advisory consultations, risk reviews, or other advisory work performed under a formal engagement

2.2 Data Collected Automatically
• Technical data: your IP address, browser type and version, operating system, device type, referring URL
• Usage data: pages visited, time spent on pages, links clicked, and navigation patterns
• Cookie data: preferences and identifiers stored by cookies (see Section 9 below)

2.3 Data from Third Parties
• If you connect with us via LinkedIn or other platforms, we may receive publicly available profile data consistent with your privacy settings on those platforms
• If a third party refers you to Secuva, we may receive your name and contact information

3. How We Use Your Personal Data
Purpose Data Used Legal Basis
Respond to your website enquiry Identity, contact, business, communications Legitimate interest / Consent
Schedule and conduct a discovery call Identity, contact, business Legitimate interest / Pre-contract
Deliver agreed advisory services Identity, contact, business, engagement Contract performance
Send invoices and manage payments Identity, contact, financial Contract / Legal obligation
Send our Insights newsletter (if subscribed) Identity, email address Consent
Improve our website and services Technical, usage, cookie data Legitimate interest
Comply with legal and regulatory obligations As required by applicable law Legal obligation
Protect against fraud or misuse Technical, identity, usage Legitimate interest

4. Legal Bases for Processing
We process your personal data only where we have a lawful basis to do so under the NDPA and NDPR. The legal bases we rely on are:

“Consent” You have given us specific, informed consent for a particular use (e.g., subscribing to our newsletter). You may withdraw consent at any time.
“Contract” Processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract.
“Legal Obligation” Processing is necessary to comply with a legal or regulatory obligation (e.g., tax, anti-money laundering, or professional disclosure requirements).
“Legitimate Interest” Processing is necessary for our legitimate business interests — such as improving our services, responding to enquiries, and securing our systems — where these interests are not overridden by your rights and interests.

5. Who We Share Your Data With
39. We do not sell, rent, or trade your personal data to any third party.
40. We may share your data with trusted third parties in the following circumstances:
(q) Service providers who support our operations (e.g., email platform providers, cloud storage providers, scheduling tools). These providers act as data processors and are bound by data processing agreements.
(r) Professional advisors such as lawyers, accountants, and auditors, where necessary and subject to confidentiality obligations.
(s) Insurance market participants (insurers, brokers, MFIs, or other counterparties) as necessary to provide advisory services you have engaged us for, and only with your knowledge.
(t) Regulatory authorities, law enforcement bodies, or courts where we are required to do so by law or by a court order.

41. Where data is shared with third-party processors, we take reasonable steps to ensure they maintain appropriate data protection standards consistent with the NDPA and NDPR.

6. International Data Transfers
42. Secuva serves clients across Africa, and some of our service providers may process data in countries outside Nigeria. Where personal data is transferred outside Nigeria, we take appropriate safeguards, including:
(u) Transferring only to countries or organisations that offer an adequate level of data protection
(v) Using standard contractual clauses or data processing agreements that impose appropriate protections on the recipient

43. By using our Website or engaging our services, you acknowledge that your data may be processed in countries outside Nigeria where data protection laws may differ.

7. How Long We Keep Your Data
44. We retain personal data only for as long as necessary for the purposes for which it was collected, and to comply with applicable legal, regulatory, and professional obligations.
45. As a general guide:
(w) Enquiry data (contact form submissions that do not result in an engagement): up to 12 months after last contact, unless you request earlier deletion
(x) Client engagement data: for the duration of the engagement and for a minimum of 6 years thereafter, in accordance with Nigerian commercial and professional retention requirements
(y) Newsletter subscriber data: until you unsubscribe or withdraw consent
(z) Website usage and technical data: up to 26 months, depending on the analytics tool in use

46. After the applicable retention period, data is securely deleted or anonymised.

8. Your Data Protection Rights
Under the NDPA and NDPR, you have the following rights in relation to your personal data:

“Right to Access” You may request a copy of the personal data we hold about you.
“Right to Rectification” You may request that we correct inaccurate or incomplete data.
“Right to Erasure” You may request that we delete your data where we no longer have a lawful basis to hold it.
“Right to Restriction” You may ask us to restrict how we process your data in certain circumstances.
“Right to Portability” You may request a copy of data you have provided to us in a structured, commonly used format.
“Right to Object” You may object to processing based on legitimate interests, including for direct marketing purposes.
“Right to Withdraw Consent” Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

47. To exercise any of these rights, please contact us at hello@secuvain.com. We will respond within 30 days. We may need to verify your identity before processing your request.
48. If you are dissatisfied with how we handle your data or your rights request, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

9. Cookies and Tracking Technologies
49. Our Website uses cookies — small text files stored on your device — to improve your experience and help us understand how the site is used.
50. We use the following types of cookies:

Cookie Type Purpose Consent Required?
Strictly Necessary Required for the website to function (e.g., form security tokens, session management). Cannot be disabled. No — essential to site operation
Functional Remember your preferences (e.g., language, form pre-fill). Improve your experience. Yes — you may disable these
Analytics Understand how visitors use the site (e.g., Google Analytics or equivalent). Data is aggregated and anonymised. Yes — you may opt out
Marketing / Retargeting Track visits to serve relevant advertising. Not currently used by Secuva. Yes — not currently in use

51. You can manage your cookie preferences through your browser settings. Note that disabling strictly necessary cookies may affect website functionality.
52. For analytics, you may opt out by using the opt-out tool provided by the analytics service (e.g., the Google Analytics opt-out browser add-on).

10. Data Security
53. We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
54. These measures include:
(aa) Encrypted communication over HTTPS for all website interactions
(bb) Access controls limiting who can access personal data within Secuva
(cc) Secure storage of engagement documents and client data
(dd) Regular review of our data protection practices

55. No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you and the NDPC as required by law.

11. Children’s Data
56. Our Website and services are intended for business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18.
57. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. Please contact us at hello@secuvain.com if you believe this has occurred.

12. Changes to This Privacy Policy
58. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer.
59. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where appropriate, notify you by email or through a notice on our Website.
60. We encourage you to review this Policy periodically. Your continued use of the Website or our services after any update constitutes your acceptance of the revised Policy.

13. Contact Us and How to Make a Complaint
If you have questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

Data Controller: Secuva Advisory Limited
Attention: Data Privacy — Secuva
Email: hello@secuvain.com
Phone / WhatsApp: +234 (0) 803 070 2409
Address: Abuja, Nigeria
Website: www.secuvain.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC):

Nigeria Data Protection Commission: ndpc.gov.ng
NDPC Complaints Portal: Available at ndpc.gov.ng