This Data Policy explains how Vectar Energy (“Vectar”, “we”, “our”, “us”) collects, processes, stores, secures, shares, and retains data — including personal data, operational data, and environmental performance data — when delivering our services and operating the ecoWise platform.
We are committed to protecting the confidentiality, integrity, and availability of data in compliance with the Nigeria Data Protection Act 2023 (NDPA), the General Data Protection Regulation (GDPR), and other applicable international data protection and cybersecurity regulations.
1. Scope and Applicability
This Policy applies to all data collected, created, received, processed, or stored by Vectar in the course of business. This includes:
- Personal data: information that identifies or can identify an individual (e.g. names, emails, login credentials, IP addresses)
- Operational data: information related to the usage, performance, and outputs of our platforms and services (e.g. device metrics, system logs, service usage patterns)
- Environmental data: sensor and energy performance data collected through ecoWise (e.g. carbon metrics, solar production data, energy consumption data)
It applies to:
- All employees, contractors, and interns
- All third-party vendors and service providers acting on our behalf
- All physical and digital systems and platforms operated by Vectar
2. Legal Bases for Processing
We process data lawfully on the following bases:
- Consent: when users opt in to marketing, communications, or optional analytics
- Contractual necessity: to deliver and support our services under an agreement with you
- Legal obligation: to comply with applicable financial, tax, or regulatory requirements
- Legitimate interests: to maintain security, improve services, prevent fraud, and enhance the user experience
Where required by law, we will obtain explicit written consent for the collection of sensitive or special categories of personal data.
3. Data Classification and Handling
All data is classified and handled according to its sensitivity:
| Classification | Description | Examples | Handling Requirements |
|---|---|---|---|
| Confidential | Personally identifiable or sensitive information | Names, contact info, login credentials | Strict access controls, encryption, NDA required |
| Restricted | Internal operational or commercial data | Usage logs, energy metrics, performance data | Limited access, stored on secure servers |
| Public | Non-sensitive data approved for public release | Published reports, press releases | May be disclosed publicly |
Employees must only access data needed for their roles and must follow secure handling procedures at all times.
4. Data Access, Sharing, and Processing
- Access to personal and operational data is strictly role-based and requires authentication
- We share data only with authorized third-party processors (cloud hosting, IT, analytics, CRM, email services) under legally binding Data Processing Agreements (DPAs)
- All processors must:
- implement industry-standard security measures
- comply with data protection laws
- process data only under our documented instructions
- We do not sell or monetize personal data.
5. Data Security and Integrity
We maintain a layered security framework including:
- Encryption at rest and in transit
- Multi-factor authentication and access logs
- Network firewalls and intrusion detection
- Regular vulnerability testing and security audits
- Staff training on data security and confidentiality obligations
6. Data Quality and Accuracy
- We take reasonable steps to ensure data is accurate, complete, and up to date
- Users may request correction or updates to their data at any time
- Inaccurate or outdated data will be corrected or deleted promptly.
7. Data Retention and Disposal
- Personal and operational data will be retained only for as long as necessary to fulfill the purpose collected, or as required by law, regulation, or contract
- Retention periods are defined in Vectar's internal Records Retention Schedule
- When data is no longer required, it will be securely deleted, anonymized, or archived in compliance with legal and technical requirements.
8. International Data Transfers
- Data may be transferred to and processed in countries outside your country of residence
- When transferring data internationally, we use safeguards such as Standard Contractual Clauses, adequacy decisions, or Binding Corporate Rules
- We will not transfer data to any jurisdiction that does not ensure adequate protection unless you give explicit consent
9. Data Breach Response
- All suspected or actual data breaches must be reported immediately to the Data Protection Officer (DPO)
- We will investigate, mitigate, and document all incidents
- In line with the NDPA, we will notify the Nigeria Data Protection Commission and affected individuals within 72 hours if a breach is likely to cause harm.
10. Data Subject Rights
Individuals whose personal data we process have the right to:
- Access their personal data
- Request correction, updates, or deletion
- Object to or restrict processing
- Request data portability
- Withdraw consent at any time
- File a complaint with a data protection authority
Requests should be submitted to support@vectar.io and will be responded to within 30 days.
11. Roles and Responsibilities
- Board of Directors: overall accountability for data governance
- Data Protection Officer (DPO): oversees data protection compliance and risk management
- Managers: ensure staff in their teams comply with this Policy
- Employees and contractors: must follow this Policy, complete training, and report data incidents immediately
12. Compliance and Review
- This Policy forms part of our Information Governance Framework
- Compliance will be monitored through periodic internal audits
- This Policy will be reviewed annually or when there are major legal or operational changes
13. Contact
If you have any questions or concerns about our use of cookies, please contact: support@vectar.io