NDPA 2023 Compliant

Privacy Policy

This policy explains what personal data The Digital Agency Limited collects, why we collect it, how we use it, and your rights under Nigerian law.

Effective date: 8 June 2026 Last updated: 8 June 2026 Contact: info@thedigitalagencylimited.com

The Digital Agency Limited (referred to as 'TDA', 'we', 'us', or 'our') is committed to protecting the personal data of everyone who interacts with us — including our clients, website visitors, research participants, and partners. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what your rights are under the Nigeria Data Protection Act 2023 (NDPA).

We are a Data Controller registered in Nigeria. If you have any questions about this policy, please contact us at info@thedigitalagencylimited.com.

1. Who We Are

The Digital Agency Limited (TDA) is an ICT and Data Systems consulting firm based in Abuja, Nigeria. We provide digital transformation consulting, AI adoption advisory, data systems implementation, and technology training to government institutions, development organisations, educational bodies, and private sector clients.

2. What Personal Data We Collect

We collect personal data in the following categories, depending on how you interact with us:

2.1 Client and Contact Data

  • Full name and job title
  • Organisation name and sector
  • Email address and phone number
  • Postal address (for formal engagements)
  • Communications history (emails, meeting notes)

2.2 Website and Digital Interaction Data

  • IP address and browser type (collected automatically)
  • Pages visited and time spent on site
  • Contact form submissions
  • Email open and click data (for newsletters and campaigns)

2.3 Research and Survey Data

  • Survey responses and questionnaire answers
  • Organisation details provided for assessments (e.g. NDPA Compliance Assessment, AI Readiness Index)
  • Interview recordings or transcripts (with explicit consent)

2.4 Service Delivery Data

  • Project briefs and technical documentation shared by clients
  • Login credentials for platforms managed on a client's behalf
  • Performance data related to digital systems we implement

We do not collect sensitive personal data (health, biometric, religious, or financial data) unless it is strictly necessary for a specific engagement and you have given explicit consent.

3. Why We Collect Your Data (Lawful Basis)

Under the NDPA 2023, we must have a lawful basis for processing your personal data. We rely on the following:

PurposeExamplesLawful Basis
Deliver consulting servicesProject management, deliverables, reportingContract
Respond to enquiriesContact form, email, WhatsApp messagesLegitimate interest
Conduct research & assessmentsNDPA compliance checks, AI readiness surveysConsent / Contract
Send updates and newslettersTDA research reports, industry newsConsent
Improve our website and toolsAnalytics, usage dataLegitimate interest
Comply with legal obligationsRecord-keeping, regulatory reportingLegal obligation

4. How We Store and Protect Your Data

We take the security of your personal data seriously. The measures we have in place include:

  • Data is stored on secure cloud platforms with access controls and encryption in transit and at rest
  • Access to personal data is restricted to TDA staff and authorised contractors who need it to do their work
  • We use password managers and two-factor authentication for all systems that hold personal data
  • Client project files are stored in access-controlled environments and not shared publicly
  • We review our security measures regularly and update them as needed

Despite these measures, no system is completely secure. If you believe your data has been compromised, please contact us immediately at info@thedigitalagencylimited.com.

5. How Long We Keep Your Data

Data TypeRetention Period
Client project records7 years after project completion (legal requirement)
Contact and enquiry data3 years from last interaction
Research and survey data5 years or as agreed with the research sponsor
Newsletter subscribersUntil you unsubscribe
Website analytics12 months
Job applications6 months if unsuccessful; 2 years if hired

After the retention period expires, personal data is securely deleted or anonymised.

6. Who We Share Your Data With

We do not sell your personal data to anyone. We may share it only in the following situations:

6.1 Service Providers and Tools

We use third-party tools to run our business. These include cloud storage, email platforms, project management software, and analytics tools. Each provider is required to handle your data securely and in line with applicable data protection laws.

6.2 Government and Development Partners

For projects funded by government bodies, development organisations (such as the World Bank, FCDO, UNICEF, or AfDB), or public institutions, we may share relevant data as required by the terms of those engagements. We will inform you when this applies.

6.3 Legal Requirements

We may disclose your data if required by law, a court order, or a regulatory authority such as the Nigeria Data Protection Commission (NDPC).

6.4 Business Transfers

If TDA is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance if this occurs.

7. Your Rights Under the NDPA 2023

As a data subject under Nigerian law, you have the following rights:

  • Right to access — you can ask us what personal data we hold about you
  • Right to correction — you can ask us to fix inaccurate or incomplete data
  • Right to deletion — you can ask us to delete your data where there is no longer a lawful reason to keep it
  • Right to object — you can object to us processing your data for marketing or research purposes
  • Right to data portability — you can ask for your data in a structured, machine-readable format
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time without penalty
  • Right to lodge a complaint — you can file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng

To exercise any of these rights, email us at info@thedigitalagencylimited.com with the subject line "Data Rights Request". We will respond within 30 days.

8. Cookies and Website Tracking

Our website uses cookies — small text files stored on your device — to help it work properly and to understand how visitors use it.

Types of cookies we use:

  • Essential cookies — needed for the website to function (e.g. remembering your preferences)
  • Analytics cookies — help us understand traffic and page performance (e.g. Google Analytics)
  • Marketing cookies — used to track the performance of our campaigns (only with your consent)

You can control cookies through your browser settings. Turning off non-essential cookies will not affect your ability to use our website.

9. International Data Transfers

Some of the tools and platforms we use store data on servers outside Nigeria. When this happens, we ensure that appropriate safeguards are in place — including data processing agreements with those providers — to protect your data in line with NDPA 2023 requirements.

10. Data Breach Response

If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach
  • Notify affected individuals promptly where the breach poses a high risk to them
  • Document the breach, its cause, and the steps we took to address it

If you suspect a breach involving your data, contact us immediately at info@thedigitalagencylimited.com.

11. Children's Data

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data about a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. When we do, we will update the "Last Updated" date at the top of this document. For significant changes, we will notify you by email or via a notice on our website.

13. Contact Us

OrganisationThe Digital Agency Limited (TDA)
Emailinfo@thedigitalagencylimited.com
Address1 Kumasi Crescent, Wuse 2, Abuja, FCT, Nigeria
Regulatory BodyNigeria Data Protection Commission (NDPC) — ndpc.gov.ng

This Privacy Policy was prepared in accordance with the Nigeria Data Protection Act 2023 (NDPA).