Privacy Policy | Sigma Consulting Group
Legal & Compliance

Privacy Policy

We value your privacy. This policy explains how Sigma Consulting Group collects, uses, and safeguards your personal data in compliance with Nigerian and UK laws.

Last Updated: January 2025 NDPA 2023 Compliant

At Sigma Consulting Group ("Sigma", "we", "us", or "our"), we are committed to protecting your personal data. This Privacy Policy outlines our practices regarding data collection, use, and disclosure when you visit our website, apply for jobs, or engage our HR and payroll services.

This policy is drafted in strict compliance with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR) 2019.

1. Information We Collect

Depending on your interaction with us (as a candidate, client, or website visitor), we may collect the following types of data:

A. For Job Applicants & Candidates

  • Personal Identification: Name, date of birth, gender, marital status.
  • Contact Information: Email address, phone number, physical address.
  • Professional Information: CV/Resume, employment history, educational qualifications, professional certifications, and references.
  • Sensitive Data: Biometric data (if required for specific background checks) and health information (only where relevant to the role and permitted by law).

B. For HR & Payroll Clients

  • Corporate Data: Company details, tax identification numbers, and authorized signatory details.
  • Employee Data: Names, bank account details, salaries, tax (PAYE) information, and pension details for the purpose of processing payroll.

C. Automatically Collected Data

  • When you visit our website, we may collect technical data such as your IP address, browser type, and operating system via cookies to improve user experience.

2. How We Use Your Information

We process your data for legitimate business purposes, including:

  • Recruitment Services: To assess your suitability for job openings, contact you regarding applications, and submit your profile to potential employers.
  • Payroll & HR Outsourcing: To process salaries, remit taxes, manage statutory deductions (Pension, NHF), and ensure compliance with Nigerian labor laws.
  • Background Checks: To verify educational and criminal history (with your explicit consent) as part of our screening services.
  • Communication: To send you job alerts, newsletters, or respond to inquiries.

3. Lawful Basis for Processing

Under the NDPA 2023, we process your data based on:

  • Consent: You have given us clear permission to process your personal data for a specific purpose (e.g., submitting your CV).
  • Contract: Processing is necessary for a contract we have with you (e.g., an employment contract or service agreement).
  • Legal Obligation: Processing is necessary for compliance with the law (e.g., tax remittances).

4. Sharing Your Information

We respect your confidentiality. We do not sell your personal data. However, we may share your data with:

  • Potential Employers: If you are a candidate, your CV and profile are shared with clients looking to hire.
  • Service Providers: Third-party vendors who assist with background checks, IT hosting, or payment processing.
  • Government Authorities: FIRS, LIRS, Pension Fund Administrators, and other regulatory bodies as required by law for payroll and compliance purposes.

5. International Data Transfers

Sigma Consulting Group operates in Nigeria and the United Kingdom. Information collected in Nigeria may be transferred to our UK office (128 City Road, London) for administrative purposes or if you are applying for international roles. We ensure that any international transfer of personal data complies with the NDPA and is protected by appropriate safeguards, such as standard contractual clauses.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Candidates: We typically retain CVs in our talent pool for up to 2 years to consider you for future roles, unless you request deletion.
  • Client Data: Retained for the duration of the contract plus the statutory period required by tax laws (usually 6 years).

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes secure servers, firewalls, and strict access controls for our internal staff.

8. Your Rights

As a data subject in Nigeria, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request that we delete your data ("Right to be Forgotten"), subject to legal limitations.
  • Right to Withdraw Consent: Withdraw your consent for processing at any time.

9. Cookies

Our website uses cookies to analyze traffic and improve site performance. You can choose to accept or decline cookies through your browser settings.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer:

Privacy Support & Tools

DP

Contact

Data Protection Officer

Compliance Team

Our DPO ensures all data is handled in strict accordance with the NDPA 2023. Reach out for any data concerns.

privacy@mysigma.io
Data Rights

You Are in Control

  • Access your data anytime
  • Request corrections
  • Right to be forgotten

We respond to all data requests within 30 days.

Questions?

Need Assistance?

Have specific questions about how your application data is processed? Our team is here to help.

Contact Support

Disclaimer: This privacy policy is for informational purposes. Sigma Consulting Group reserves the right to update this policy at any time. Address: 14, Ikosi Road, Oregun, Ikeja, Lagos | 128 City Road, London EC1V 2NX.