Privacy Policy
Last Updated: June 7, 2026
Micro Investment Support Services Limited ("we," "our," or "us") is committed to protecting your personal data in compliance with the Nigeria Data Protection Regulation (NDPR) 2019.
1. Data Controller Information
Micro Investment Support Services Limited
Address: .4 Alhaja Kofowurola Crescent, off Obafemi Awolowo way, Ikeja, Lagos.
Email: info@missleasing.com
Phone: +234 806 081 0035
2. Personal Data We Collect
When you use our HR Management System, we collect:
- Staff ID - Your unique identifier for authentication
- Name - For system personalization and identification
- Email Address - For security notifications and password recovery
- IP Address - For security auditing and fraud prevention
- Device Information - Browser type, operating system, user agent string
- Login Timestamps - When you access the system
- Department and Position - For access control and authorization
3. Purpose of Processing
We process your personal data for the following purposes:
- ✓ Authenticate your access to the HR management system
- ✓ Send security alerts about new logins to your account
- ✓ Detect and prevent unauthorized access attempts
- ✓ Comply with audit and legal retention requirements
- ✓ Improve system security and performance
- ✓ Facilitate HR operations and employee management
4. Legal Basis for Processing (NDPR Article 2.2)
- Contractual Necessity: You need system access to perform your job duties as outlined in your employment contract.
- Legitimate Interest: Security monitoring, fraud prevention, and system integrity protection.
- Legal Obligation: Maintaining audit trails as required by Nigerian labor laws and corporate governance standards.
- Consent: For optional features like "Remember Me" functionality.
5. Data Retention Period
- Active Staff Records: Retained for the duration of your employment plus 7 years (legal requirement).
- Login Attempt Logs: Automatically deleted after 1 hour for failed attempts.
- Successful Login History: Retained for 12 months for security auditing.
- "Remember Me" Tokens: 30 days or until you manually logout.
- Terminated Staff Data: Archived for 7 years as required by labor laws, then permanently deleted.
6. Data Subject Rights (NDPR Articles 3.1 - 3.8)
You have the following rights regarding your personal data:
- Right to Access (Article 3.1): Request a copy of all personal data we hold about you.
- Right to Rectification (Article 3.3): Correct inaccurate or incomplete data.
- Right to Erasure (Article 3.5): Request deletion of your data (subject to legal retention requirements).
- Right to Restriction (Article 3.4): Limit how we process your data.
- Right to Data Portability (Article 3.7): Receive your data in a structured, machine-readable format.
- Right to Object (Article 3.6): Object to processing based on legitimate interests.
- Right to Lodge a Complaint (Article 3.8): Complain to the Nigeria Data Protection Commission (NDPC).
To exercise these rights, contact our Data Protection Officer at dpo@miss.com.
7. Data Security Measures
We implement industry-standard security measures including:
- 🔒 HTTPS/TLS 1.3 encryption for all data transmission
- 🔐 bcrypt password hashing (passwords never stored in plain text)
- 📋 Complete audit logging of all access attempts
- 🚫 Automatic account lockout after failed attempts
- 🔄 Regular security updates and vulnerability scanning
- 🛡️ CSRF tokens and XSS protection
- 📊 Rate limiting to prevent brute force attacks
8. Data Sharing and Disclosure
We do NOT sell your personal data. We may share your data with:
- HR Department: For employment management and personnel decisions.
- IT Department: For system maintenance, troubleshooting, and security monitoring.
- Legal Authorities: When required by law, court order, or government regulation.
- External Auditors: For compliance verification and security audits.
All third-party recipients are bound by confidentiality agreements and data protection obligations.
9. International Data Transfers
Your data is stored on servers located in Nigeria. We do not transfer personal data outside Nigeria unless required by law or with your explicit consent, in compliance with NDPR Article 2.11.
10. Data Breach Notification (NDPR Article 2.9)
In the event of a data breach affecting your personal data:
- We will notify you within 72 hours of discovery
- We will notify the Nigeria Data Protection Commission (NDPC) within 72 hours
- We will provide details of the breach, affected data, and remediation steps
- We will take immediate action to contain and remediate the breach
11. Automated Decision Making
We do not use automated decision-making or profiling that produces legal effects concerning you.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or system announcement. The "Last Updated" date at the top of this policy indicates when changes were made.
13. Contact Information
Data Protection Officer (DPO):
Name: Edosonwan Osazee
Email: support@missleasing.com
Nigeria Data Protection Commission (NDPC):
Website: https://ndpc.gov.ng
Email: info@ndpc.gov.ng
Address: [NDPC Office Address]
14. Consent Acknowledgment
By logging into the HR Management System and checking the consent box, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. You consent to the collection, processing, and storage of your personal data as described herein.
You may withdraw your consent at any time by contacting the DPO. However, withdrawal of consent may affect your ability to access the HR system.
← Back to Login