Privacy Policy

Privacy Policy

Effective Date: 24th April, 2025   |   Last Updated: 24th April, 2025

This Privacy Policy describes how Islandic Systems Ltd (“we”, “our”, “us”) collects, uses, discloses and protects personal data when you visit our website, use our services, or otherwise interact with us. It explains the rights available to individuals under applicable data protection laws, including the Nigeria Data Protection Regulation (NDPR), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA), as well as other relevant laws.

1. Scope & Applicability

This policy applies to personal data processed by Islandic Systems Ltd in the course of our commercial activities, including visitors to our websites, clients, prospects, job applicants, contractors and other individuals we interact with. It covers processing activities in Nigeria, the European Economic Area (EEA), the United States (including California), and other jurisdictions where we operate.

2. Types of Personal Data We Collect

We collect and process personal data that you provide to us and data generated by your use of our services. Typical categories include:

  • Identity & Contact Data: name, title, email, phone number, address, company name and business contact details.
  • Account Data: usernames, passwords (securely stored/hashed), profile details and account preferences.
  • Transactional Data: invoices, payment information, order history and billing address (where required to provide services).
  • Technical & Usage Data: IP addresses, device identifiers, browser and OS information, cookies and analytics data, log files and usage metrics.
  • Communications Data: correspondence with our support or sales teams, including email, chat transcripts and recorded calls (where lawfully permitted).
  • Sensitive Data: we do not generally collect special categories of personal data. If we do so (e.g., identity documents for verification), it will only be with explicit consent or where required by law and with heightened safeguards.

3. How We Collect Personal Data

  • Directly from you when you submit forms, register accounts, make purchases, contact support, or apply for jobs.
  • Automatically when you use our websites or services (cookies, analytics, server logs).
  • From third-party sources such as payment processors, identity verification providers, partners, or publicly available sources where permitted by law.

4. Purposes & Legal Bases for Processing

We process personal data for the following purposes and lawful bases:

  • To provide services and perform contracts: necessary to deliver our products/services and to manage accounts (legal basis: contract).
  • To communicate with you: account messages, support, updates (legal basis: contract or legitimate interest).
  • Payment & billing: to process transactions and comply with tax and regulatory obligations (legal basis: contract or legal obligation).
  • Marketing & advertising: with consent where required, or otherwise where we have a legitimate interest to promote services (you may opt out at any time).
  • Security & fraud prevention: to protect our systems, detect misuse and prevent fraud (legal basis: legitimate interest & legal obligations).
  • Compliance & legal obligations: for regulatory, audit, or legal defense purposes (legal basis: legal obligation).

5. Cookies & Tracking

We use cookies and similar technologies to provide core site functionality, analyze site usage and deliver tailored content. You can manage cookie preferences via our cookie banner or your browser settings. For more details, please review our Cookie Policy.

6. Sharing & Disclosure

We may share personal data with:

  • Service providers: hosting, payment processors, email, analytics and other vendors under contract and confidentiality obligations.
  • Affiliates or group companies: where necessary to perform services.
  • Professional advisers: legal, audit, tax and compliance advisors when needed.
  • Third parties in connection with corporate transactions: such as mergers, acquisitions or asset sales (subject to safeguards).
  • Law enforcement or regulators: when required by law or to protect rights and safety.

We do not sell personal data. Where “sale” or “sharing” is defined by local law (e.g., CCPA/CPRA), we will provide opt-out mechanisms where applicable.

7. International Data Transfers

We may transfer personal data across borders (for hosting, data processing, or group operations). For transfers from the EEA or UK, we rely on lawful mechanisms such as adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs) or other approved safeguards. In all cases, we take reasonable measures to protect data in transit and at rest.

8. Data Retention

We retain personal data only as long as necessary for the purposes described, or as required by law. Typical retention periods:

  • Account and transactional data: retained for the duration of the contract and thereafter for statutory or tax purposes (e.g., 3–7 years depending on jurisdiction).
  • Support and communications: retained for as long as reasonably necessary to resolve issues and maintain records.
  • Marketing preferences: until you unsubscribe or withdraw consent.

9. Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse or alteration. Measures include encryption, access controls, logging, network security and periodic security assessments. However, no system is wholly risk-free; in the event of a data breach, we will take appropriate measures and notify regulators and affected individuals where required by law.

10. Data Subject Rights

Depending on jurisdiction, you may have rights including:

  • Right to access personal data
  • Right to rectification (correct inaccurate data)
  • Right to erasure (delete data) where permitted
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing (including direct marketing)
  • Right to withdraw consent (where processing is based on consent)

California residents: you also have the right to request categories, sources, and disclosures of personal data, and to opt-out of the sale or sharing of personal information. We will not discriminate against you for exercising these rights.

11. Exercising Your Rights

To exercise rights, contact our Privacy Team at:

Email: info@islandicsystems.com

We may require verification of identity before fulfilling certain requests and will respond within the timescales required by applicable law (e.g., GDPR: one month; CCPA/CPRA: 45 days with possible extension).

12. Children’s Privacy

Our services are not directed at children. We do not knowingly collect personal data from children under the age required by local law (e.g., under 16 in the EU). If you believe we have collected personal data of a child, contact us to request deletion.

13. Third-Party Links & Services

Our sites may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy notices before providing personal data.

14. Changes to This Policy

We may update this policy to reflect changes in law, business practices or services. The revised policy will be posted with an updated Effective Date. For material changes, we will take reasonable steps to notify users (e.g., via email or website banner).

15. Specific Legal Notices

Nigeria (NDPR)

Islandic Systems Ltd complies with the Nigeria Data Protection Regulation (NDPR). Where we process personal data of Nigerian residents, we will ensure data processing has a lawful basis and adequate safeguards are in place.

European Union (GDPR)

When we process data of EEA residents, we comply with GDPR principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. For cross-border transfers from the EEA, we use approved transfer mechanisms (SCCs, adequacy or similar safeguards).

California (CCPA / CPRA)

California residents have specific rights under CCPA/CPRA, including the right to know, delete and opt-out. We provide mechanisms to exercise these rights and disclose categories of data we collect and the purposes for collection. To submit a verified request, contact us at info@islandicsystems.com or use our designated contact us.

16. Data Breach & Incident Response

We maintain an incident response program. In the event of a security breach that affects personal data, we will investigate promptly, mitigate impact, notify regulators and affected individuals where required by law, and take steps to prevent recurrence.

17. Data Protection Officer & Contact

If you have questions or concerns about this policy or our privacy practices, contact:

Data Protection Contact
ISLANDIC SYSTEMS LLC
Email: info@islandicsystems.com

Let’s Create Something Exceptional

At Islandic Systems, every solution we create is tailored to your business. Customize, adapt, and transform your digital presence effortlessly with technology that evolves with you.

Let’s Build
Cookies

We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. By continuing to use this site, you consent to our use of cookies in accordance with our Privacy Policy.

Accept