1. Introduction BabKem Consulting is committed to protecting the privacy and security of our clients’ data. This Data Privacy & Protection Policy outlines our principles, guidelines, and compliance measures for handling customer data in accordance with global data protection laws, including:
General Data Protection Regulation (GDPR)
Nigeria Data Protection Act (NDPA)
California Consumer Privacy Act (CCPA)
ISO 27001 Information Security Standards
By using our services, clients acknowledge and consent to the practices described in this policy.
2. Scope of the Policy
This policy applies to all data collected, processed, stored, and shared by BabKem Consulting from clients in the telecommunication and banking industries. It covers:
Customer Information (Name, Contact Details, Identification Numbers)
Financial Data (Bank Details, Transaction Records)
Telecommunication Data (Call Logs, Usage Patterns)
Sensitive Personal Information (Biometric Data, Credit Scores)
Business & Contractual Data
3. Data Collection & Processing
3.1 Data Collection Principles
We collect data lawfully, fairly, and transparently under the following conditions:
✅ Consent-Based Collection – Customers explicitly consent to data collection.
✅ Contractual Necessity – Data processing is required for service delivery.
✅ Legitimate Interest – Data is processed for security, fraud prevention, or compliance.
✅ Regulatory Compliance – Data is collected to meet legal and industry regulations.
3.2 Data Processing Guidelines
Data is processed only for legitimate business purposes.
Automated decision-making or profiling is not performed without transparency.
Customers can request access, correction, or deletion of their personal data.
4. Data Storage & Security Measures
We implement strict security measures to protect against data breaches, unauthorized access, and cyber threats.
4.1 Secure Storage & Encryption
All customer data is stored in a centralized, encrypted database.
End-to-end encryption (AES-256) is used for data at rest and in transit.
Multi-Factor Authentication (MFA) is required for database access.
4.2 Access Control & Authorization
Only authorized personnel can access customer data.
Role-based access control (RBAC) ensures minimal privilege access.
Real-time access logs and monitoring detect unauthorized activities.
4.3 Data Retention & Deletion Policy
Customer data is retained only for the duration necessary (as per legal and regulatory requirements).
Secure deletion methods (data wiping & shredding) are applied when data is no longer needed.
5. Data Sharing & Third-Party Access
We never sell or disclose customer data without proper consent, except under the following conditions:
Regulatory & Legal Compliance – If required by law enforcement or regulatory bodies.
Service Providers & Partners – Only vetted third-party vendors with strict NDAs and security policies.
Banking & Telecommunication Integrations – Data sharing is done through secure API connections.
All third parties handling customer data must comply with GDPR, NDPA, and ISO 27001 standards.
6. Customer Rights & Data Privacy Controls
Customers have the following rights regarding their personal data:
6.1 Right to Access & Portability
Customers can request a copy of their data in a machine-readable format.
6.2 Right to Correction & Deletion
Customers can request corrections or deletion of inaccurate or outdated data.
6.3 Right to Object & Restrict Processing
Customers can opt-out of data processing for marketing or profiling purposes.
6.4 Right to Withdraw Consent
Customers can withdraw consent at any time, affecting future data processing.
7. Data Breach Notification & Incident Response
We follow a strict incident response protocol in case of a data breach:
Immediate Investigation & Containment – Identifying and securing affected data.
Regulatory Notification – Reporting breaches to data protection authorities within 72 hours (as per GDPR).
Customer Notification – Affected customers will be informed of any risk.
We conduct regular penetration testing and security audits to prevent breaches.
8. Compliance with International Standards
Our data privacy framework adheres to:
GDPR (Europe) – Data protection, transparency, and user rights.
Nigeria Data Protection Act (NDPA) – Compliance with NITDA & NCC regulations.
ISO 27001 – Information security risk management.
CCPA (California, USA) – Consumer privacy and opt-out rights.
We conduct annual compliance reviews and third-party security audits.
9. Updates to this Policy
We may update this policy periodically to reflect changes in laws, regulations, or security measures. Customers will be notified via:
Website Announcement
Email Notification
Last Updated: February, 2025
10. Contact Information
For any inquiries, data access requests, or complaints, contact:
📧 Email: privacy@babkemconsulting.com
📞 Phone: +2347031534511, +2348087602376
📍 Office Address:
46711 Van Dyke Avenue, Shelby Township, Michigan, 48317. USA
23, Environmental Crescent, UNILAG Estate, Magodo Lagos , Nigeria
BabKem Consulting is dedicated to ensuring the highest level of data security and compliance to protect our customers' information.