Bergen Horn Ltd. (“Bergen Horn,” “we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, store, disclose, and protect your personal information when you engage with our services as a Value-Added Services (“VAS”) Aggregator in the telecommunications ecosystem.
This Privacy Policy is in alignment with applicable laws and regulations in Nigeria, including the Nigeria Data Protection Act 2023 (“NDPA”), Nigerian Communications Commission (“NCC”) regulatory requirements, and other relevant industry standards.
By accessing or using our services, you consent to the terms of this Privacy Policy.
1. Definitions
For the purposes of this Policy:
- “Personal Data” means any information relating to an identified or identifiable natural person, including identifiers such as name, phone number, email, location, and network usage data.
- "Processing” means any operation performed on personal data including collection, storage, retention, retrieval, sharing, or destruction.
- "Data Subject" An individual whose personal data is processed.
- “Service Users” means individuals or entities receiving, subscribing, or registering for VAS through Bergen Horn.
- “Third Parties” means external entities such as Telcos, content providers, regulators, cloud service providers, and analytics partners.
2. Scope of This Policy
This Privacy Policy applies to:
- All individuals and entities whose personal data is processed by Bergen Horn in the course of its operations as a Value-Added Services (VAS) Aggregator within the Nigerian telecommunications ecosystem.
- It covers visitors to our websites, mobile platforms, USSD channels, APIs, and digital portals, including individuals who interact with our platforms for information, support, or service engagement. It also applies to Service Users who subscribe to, access, or utilize VAS products and services delivered through Bergen Horn in partnership with licensed telecommunications operators.
- Additionally, this Policy extends to business partners, content providers, vendors, contractors, affiliates, and corporate clients whose personal data may be processed in connection with commercial relationships, onboarding procedures, compliance checks, or contractual obligations.
- This Policy governs all categories and formats of personal data,whether collected electronically (including automated systems and network integrations), physically (paper records), verbally (customer support interactions), or through third-party integrations. It applies regardless of the medium of storage, processing method, or geographical location where the data is accessed or maintained, subject always to applicable Nigerian laws and regulatory requirements.
3. What Personal Data We Collect
We collect personal data necessary to deliver services and comply with regulatory obligations. Categories of personal data may include:
3.1 Identity & Contact Information
- Full name
- Email address
- Phone number (MSISDN)
- Billing address
3.2 Telecommunications & Usage Data
- Network operator
- Service subscription details
- Usage history
- Call/Message/Content access logs (where required for service delivery)
3.3 Technical Data
- IP addresses
- Device identifiers
- Browser and operating system data
- Cookies and similar tracking technologies
3.4 Regulatory & Compliance Data
- Identity verification information
- Consent records
- Customer support interactions
- Payment/transaction records
4. How We Collect Personal Data
We collect personal data through the following channels:
- Directly from you: When you register, subscribe, or communicate with us;
- Through Telco Partners: When linked via integrated systems;
- Automated Collection: Via cookies, analytics, and network instrumentation;
- Third-Party Sources: Where permitted / required, for fraud prevention and compliance (e.g., identity verification services).
5. Legal Bases for Processing Personal Data
We process personal data based on one or more lawful grounds including:
- Consent: Where you have expressly agreed to our processing;
- Contract Performance: To provide and manage services you have requested;
- Legal Obligation: To comply with Nigerian law, NCC regulations, or lawful requests by authorities;
- Legitimate Interest: For fraud detection, network security, analytics, and service improvement — provided your rights are respected.
6. Purposes for Which We Use Personal Data
We use personal data to:
- Provide, operate, and optimize VAS offerings;
- Authenticate and verify users;
- Facilitate billing, payments, and subscription management;
- Support customer care and technical support;
- Comply with NCC, regulatory, and legal mandates;
- Conduct research and analytics to improve products;
- Detect, prevent, and mitigate fraud or security incidents;
- Communicate updates, offers, and notices where permitted.
7. Sharing and Disclosure of Personal Data
We may share personal data with:
7.1 Service Providers and Partners
- Telcos and network operators
- Payment processors
- Cloud, hosting, and analytics providers
- Content partners where relevant to delivery
7.2 Regulatory, Legal, and Enforcement Bodies
We may disclose data to:
- The Nigerian Communications Commission (NCC)
- Law enforcement or government agencies where required by law
- Courts, legal counsel, or during dispute resolution
7.3 Business Transfers
If Bergen Horn undergoes a merger, acquisition, reorganization, or sale of assets, personal data may be transferred as part of the transaction, consistent with the NDPA and applicable law.
8. Data Retention and Storage
8.1 Retention
We retain personal data for as long as necessary to:
- Fulfil the purpose for which it was collected;
- Comply with legal and regulatory obligations;
- Resolve disputes and enforce agreements.
Retention periods vary by data type but will always adhere to statutory minimums.
8.2 Storage Security
Personal data is stored using appropriate technical and organizational controls, including:
- Encryption during transmission and at rest;
- Secure internal systems with access controls;
- Periodic audits and security assessments.
9. Data Security and Protection
We implement safeguards to protect personal data against unauthorized access, loss, theft, misuse, and alteration, including:
- Industry-standard security protocols;
- Access restrictions based on job necessity;
- Incident detection and response procedures;
- Employee training and compliance monitoring.
10. Rights of Data Subjects
Under the NDPA and applicable law, you have the following rights:
10.1 Right of Access: You may request confirmation of whether we hold your personal data and receive access to it.
10.2 Right to Rectification: You may request corrections to inaccurate or incomplete information.
10.3 Right to Erasure (Right to be Forgotten): In certain circumstances, you may request deletion of your data.
10.4 Right to Restrict Processing: You may limit how we use your data.
10.5 Right to Data Portability: Where technically feasible, you may request your data in a structured, machine-readable format.
10.6 Right to Object: You may object to processing on certain lawful bases, including direct marketing.
To exercise your rights, contact our Data Protection Officer (DPO) at contactus@bergenhorn.ng. We will respond in accordance with applicable law.
11. Consent and Opt-Out
Where processing is based on consent, you may withdraw consent at any time. Withdrawal of consent will not affect processing that occurred prior to withdrawal.
You may also opt out of direct marketing communications at any time through the unsubscribe mechanism provided.
12. Cross-Border Data Transfers
Where data is transferred outside Nigeria (such as cloud service providers), we ensure that:
- The receiving country has adequate data protection standards;
- We use appropriate safeguards (contracts, certifications, data transfer mechanisms);
- Transfers comply with NDPA and regulatory standards.
13. Children’s Privacy
Our services are not directed to children under the age of 18.We do not knowingly collect personal data from minors without parental consent. If we become aware that a minor’s data has been collected without proper authorization, we will take steps to delete it.
14. Changes to This Policy
We reserve the right to update this Privacy Policy to reflect changes in law, industry standards, or business practices. We will publish updates via our website and, where appropriate, notify affected users.
15. Contact Information
If you have questions, complaints, or requests regarding this Privacy Policy, please contact:
Legal Notice
This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. In the event of any dispute arising out of or in connection with this Policy, parties agree to submit to the jurisdiction of competent courts in Nigeria.