Skip to content

Best Services Guaranteed

  • info@asplng.com
  • +234 802 832 6100

MENU

  • Services
  • Quality Assurance
  • Clients
  • Request a Quote
  • Photo Gallery
  • Memberships
  • Careers
  • Environmental Policy
  • Occupational Health & Safety Policy
  • Quality Policy
  • Login
  • Services
  • Quality Assurance
  • Clients
  • Request a Quote
  • Photo Gallery
  • Memberships
  • Careers
  • Environmental Policy
  • Occupational Health & Safety Policy
  • Quality Policy
  • Login
  • Home
  • About Us
    • Who We Are
    • Memberships
    • Quality Assurance
  • Services
  • Portfolio
    • Clients
    • Project Gallery
    • Partnership
  • Policies
    • Quality Policy
    • Occupational Health & Safety Policy
    • Environmental Policy
  • Request a Quote
  • Gallery
  • Contact
  • Home
  • About Us
    • Who We Are
    • Memberships
    • Quality Assurance
  • Services
  • Portfolio
    • Clients
    • Project Gallery
    • Partnership
  • Policies
    • Quality Policy
    • Occupational Health & Safety Policy
    • Environmental Policy
  • Request a Quote
  • Gallery
  • Contact

Data Protection & Privacy Policy

Data Protection & Privacy Policy

Version: 1.0

Policy Category: Legal and Compliance

Author: Legal Officer

Effective Date: 01 January 2026

Next Review Date: January 2028

Download PDF

1. Introduction

1.1 Ample System Projects Limited (hereinafter referred to as “the Company”, “we”, “us”, or “our”) is a duly incorporated mechanical, electrical, and industrial engineering company in Nigeria (with RC. 1262358) committed to protecting the privacy, dignity, and rights of all individuals whose personal data we process.

1.2 This Data Protection & Privacy Policy (“Policy”) sets out how we collect, use, store, disclose, transfer, and protect personal data in the course of our engineering operations and client engagements, in full compliance with the Nigeria Data Protection Act 2023 (NDPA), the General Application and Implementation Directive 2025 (GAID) and applicable data protection laws in other African countries where we operate.

1.3 This Policy applies to all personal data processed by the Company in relation to:

  1. Clients, prospective clients, and project stakeholders;
  2. Contractors, consultants, and third-party service providers;
  3. Visitors to our website(s), office premises, and project sites; and
  4. Any other individual whose personal data comes into our possession in connection with our business operations.

2. Definitions

In this Policy, the following terms shall have the meanings ascribed to them below, consistent with the NDPA 2023:

  1. “Personal Data” means any information relating to an identified or identifiable natural person (Data Subject), including name, contact details, identification numbers, financial data, technical identifiers (IP addresses, cookies), and professional information.
  2. “Sensitive Personal Data” means personal data that reveals racial or ethnic origin, political opinions, religious beliefs, health/medical data, biometric data, genetic data, criminal records, or financial account details.
  3. “Processing” means any operation performed on personal data, including collection, recording, storage, use, disclosure, transfer, deletion, or destruction.
  4. “Data Subject” means the individual to whom the personal data relates.
  5. “Data Controller” means the Company, which determines the purposes and means of processing personal data.
  6. “Data Processor” means a third party that processes personal data on behalf of the Company.
  7. “Consent” means a freely given, specific, informed, and unambiguous indication of agreement to data processing by a Data Subject.
  8. “NDPA” means the Nigeria Data Protection Act 2023.
  9. “Cross-Border Transfer” means the transfer of personal data to a recipient in a country outside the Federal Republic of Nigeria.

3. Personal Data We Collect

3.1 Categories of Personal Data

In the course of our business, we collect and process the following categories of personal data:

CategoryExamplesPurpose
Identity DataFull name, job title, NIN, passport number, signatureClient onboarding, contract execution, and regulatory compliance
Contact DataEmail address, phone number, office/site address, etc.Communication, project coordination, and invoicing
Professional/Business DataCompany name, RC number, professional qualifications, project roleDue diligence, contract management, and tender evaluation
Financial DataBank details, invoice records, Tax Identification Number (TIN)Payment processing, financial reporting, tax compliance
Technical DataIP addresses, browser type, cookies, usage logs from our website(s)Website functionality, analytics, cybersecurity
Project/Site DataSite visit records, health & safety declarations, etc.Project execution, HSE compliance, access control
Correspondence DataEmails, letters, meeting notes, tender submissionsContract performance, dispute management, and records retention

3.2 How We Collect Personal Data

We collect personal data through the following means:

  1. Directly from you: When you engage our services, respond to tenders/RFPs, sign contracts, visit our premises, or communicate with us;
  2. Indirectly: From your employer or organisation, public registers (e.g. CAC), regulatory bodies, referees, or third-party verification services;
  3. Automatically: Through cookies, server logs, and tracking technologies when you use our website(s) or digital platforms.

4. Lawful Basis for Processing

The Company processes personal data only on lawful bases as provided under the NDPA 2023. For Sensitive Personal Data, we will only process it where an additional condition is met, including explicit consent, legal obligation, vital interests, or as otherwise permitted under the NDPA 2023.

5. How We Use Your Personal Data

We use personal data for the following purposes:

  1. Delivery of Engineering services: project planning, design, procurement, construction, commissioning, and related professional services;
  2. Contract management: preparing, negotiating, executing, and administering engineering contracts and subcontracts;
  3. Business development: responding to tenders, expressions of interest, and requests for proposals;
  4. Financial management: invoicing, payment processing, financial reporting, and tax compliance;
  5. Regulatory compliance: meeting obligations applicable in the Nigerian engineering ecosystem, company, tax, anti-money laundering, and data protection laws;
  6. Health, Safety & Environment (HSE): managing access to project sites, recording incidents, and complying with HSE regulations;
  7. Communications: responding to enquiries, sending project updates, and managing client relationships;
  8. IT & security: protecting our systems, networks, and digital assets;
  9. Legal proceedings: establishing, exercising, or defending legal claims;
  10. Marketing (with consent): sending newsletters, company updates, or invitations to events where you have opted in.

6. Disclosure of Personal Data

6.1 Third Parties We Share Data With

We may share your personal data with third parties strictly on a need-to-know basis and subject to appropriate data protection safeguards. Such recipients may include regulatory and government bodies, including the NDPC, COREN, NRS, CAC, relevant ministries, and law enforcement agencies where disclosure is required by law; professional advisers such as lawyers, auditors, insurance brokers, and consultants who are bound by confidentiality obligations; project partners, specialist subcontractors, and joint venture partners involved in the delivery of engineering projects; clients where disclosure is necessary to fulfil our contractual obligations, including the submission of key personnel credentials or curricula vitae for project tenders; IT, cloud hosting, software, and cybersecurity service providers acting as Data Processors under appropriate data processing agreements; financial institutions and payment processors for the purpose of processing transactions; and arbitrators, mediators, courts, or other dispute resolution bodies where disclosure is necessary in connection with legal proceedings or the resolution of disputes.

6.2 Data Processing Agreements

We require all third-party Data Processors to enter into a written Data Processing Agreement (DPA) that imposes data protection obligations at least equivalent to those under this Policy and the NDPA 2023, ensuring they process personal data only on our documented instructions.

7. Cross-Border Data Transfers

In the course of our operations across other African countries, we may transfer personal data outside Nigeria where necessary. Any such transfer shall be undertaken only in accordance with applicable data protection laws and where the destination country has been designated by the Nigeria Data Protection Commission (NDPC) as providing an adequate level of data protection, or where appropriate safeguards have been implemented. We may also transfer personal data where the transfer is necessary for the performance of a contract with the Data Subject, for the establishment, exercise or defence of legal claims or legal proceedings, or where the Data Subject has provided explicit consent after being informed of the associated risks. The Company shall maintain records of all cross-border data transfers and shall not transfer personal data to jurisdictions that do not provide an adequate level of protection unless the requisite safeguards have been implemented in accordance with the Nigeria Data Protection Act, 2023, and applicable guidance issued by the NDPC.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for legal, regulatory, accounting, or reporting requirements. At the expiry of the applicable retention period, personal data shall be securely deleted, anonymised, or destroyed in a manner that prevents reconstruction or unauthorised access.

9. Your Rights as a Data Subject

Under the NDPA 2023 and applicable African data protection laws, you have the following rights in respect of your personal data:

Your RightWhat this means
Right of AccessYou may request a copy of the personal data we hold about you and information about how it is processed.
Right to RectificationYou may request correction of inaccurate or incomplete personal data without undue delay.
Right to ErasureYou may request deletion of your personal data where it is no longer necessary, consent is withdrawn, or processing is unlawful, subject to our legal retention obligations.
Right to Restrict ProcessingYou may request that we limit how we use your personal data in certain circumstances.
Right to Data PortabilityYou may request your personal data in a structured, machine-readable format for transfer to another controller, where technically feasible.
Right to ObjectYou may object to processing based on legitimate interests or for direct marketing purposes. We shall cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw ConsentWhere processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a ComplaintYou have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or the relevant data protection authority in your country.

To exercise any of your rights, please contact us by sending an email to info@asplng.com. We will respond to your request within 30 days of receipt (or within the period prescribed by applicable law). We may request proof of your identity before processing your request.

10. Data Security

The Company implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

  1. Access controls: role-based access to systems and physical records, with access granted strictly on a need-to-know basis;
  2. Encryption: encryption of personal data in transit and at rest where technically practicable;
  3. Secure storage: physical and digital security for records containing personal data;
  4. Staff training: regular data protection training and awareness for all employees and contractors;
  5. Vendor management: due diligence and contractual safeguards for all third-party Data Processors;
  6. Incident response: a documented data breach response procedure consistent with NDPA 2023 requirements.

In the event of a personal data breach that is likely to result in risk to the rights and freedoms of Data Subjects, we shall notify the NDPC within 72 hours of becoming aware of the breach, and shall notify affected Data Subjects without undue delay where the breach is likely to result in a high risk to their rights.

11. Cookies & Website Data

Our website(s) use cookies and similar tracking technologies to enhance user experience, improve website functionality, and collect analytics regarding the use of our services. Cookies are small text files stored on your device when you visit our website. We use strictly necessary cookies, which are essential for the operation of the website and cannot be disabled; analytics or performance cookies, including services such as Google Analytics, which help us understand how visitors interact with our website and are deployed only with your consent; and functional cookies, which remember your preferences, such as language or other website settings, to provide a more personalised browsing experience.

You may manage or withdraw your consent to the use of non-essential cookies at any time through our cookie preference settings or your browser settings. However, please note that disabling certain cookies may affect the performance and functionality of our website.

12. Children’s Data

Our engineering services are not directed at children under the age of 18. We do not knowingly collect or process personal data of minors. If we become aware that personal data of a minor has been collected without appropriate parental or guardian consent, we shall delete such data promptly. If you believe we may have inadvertently collected data from a minor, please contact us immediately.

13. Governing Law

This Policy shall be governed by and construed in accordance with the Laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023, the General Application and Implementation Directive 2025, and all subsidiary legislation, directives, and guidelines issued by the NDPC from time to time.

Where we operate in other African jurisdictions, we shall additionally comply with the applicable data protection laws of those countries to the extent they impose stricter or additional obligations on the processing of personal data of residents in those jurisdictions.

14. Updates to This Policy

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. The most current version will always be available on our website at www.asplng.com.

Where changes are material, we will notify affected Data Subjects by email or by a prominent notice on our website prior to the change becoming effective. Your continued engagement with our services after the effective date of any update constitutes your acknowledgment of the updated Policy.

15. Contact Us

If you have any questions, suggestions, or complaints about our Data Protection and Privacy Policy, do not hesitate to contact us by sending an email to info@asplng.com.

ASPL-logo-st22

Best Services Guaranteed

  • info@asplng.com
  • +234 8028702546

Services Summary

  • Engineering Services And Consultancy
  • Project Management
  • Refrigeration & HVAC System Solutions
  • Machine Maintenance and Repair
  • Industrial Machine Installation
  • Piping & Metal Fabrication
  • Warehouse Racking System (Supply and Installation)
  • Facility Management Services
  • Power Solutions
  • Training
  • Transportation and Logistics

Quick Links

  • Services
  • Quality Assurance
  • Clients
  • Request a Quote
  • Photo Gallery
  • Memberships
  • Careers
  • Environmental Policy
  • Occupational Health & Safety Policy
  • Quality Policy
  • Login
  • Services
  • Quality Assurance
  • Clients
  • Request a Quote
  • Photo Gallery
  • Memberships
  • Careers
  • Environmental Policy
  • Occupational Health & Safety Policy
  • Quality Policy
  • Login

Call-back Request

© 2026 Ample System Projects Limited. All rights reserved.

Privacy Policy

Website developed by EXPLOITS MEDIATECH.

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.