Effective Date: 2025
Last Updated: 2025

1. Introduction

Welcome to University of Agriculture, Science and Technology Ihuh's Document Management System ("DMS", "we", "us", "our"). This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you use our services.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with:

• The Nigeria Data Protection Act (NDPA) 2023
• The European Union General Data Protection Regulation (GDPR)

By accessing or using our DMS, you acknowledge and agree to the practices described in this policy.

2. Data Controller Information

University of Agriculture, Science and Technology Ihuh is the Data Controller responsible for your personal data.

Contact Details:
Email: info@uast.edu.ng
Phone: +234 08169192646
Address: Takeoff Campus, Ihugh-Korinya Road, Ihugh Vandeikya LGA, Benue State

We may also act as a Data Processor on behalf of your organization where applicable.

3. What Data We Collect

We may collect the following categories of personal data:

a. User Information

• Name
• Email address
• Contact number
• Address
• National Identity Number
• Organization affiliation
• Job role

b. User Authentication and Login

• Username and encrypted passwords
• Job role and organizational affiliation

b. Document and Content Data

• Uploaded files and document contents
• Document metadata (e.g., titles, tags, authorship, timestamps)

c. Technical and Usage Data

• IP address
• Browser type and device information
• Access logs and session history
• Activity logs and audit trails

We do not intentionally collect sensitive personal data (such as health data or biometric data) unless explicitly required and with your informed consent.

4. Legal Basis for Processing

Under the NDPA and GDPR, we process your personal data based on one or more of the following legal bases:

• Consent: Where you have explicitly given permission
• Contractual necessity: To fulfill our obligations to you or your organization
• Legal obligation: To comply with applicable laws
• Legitimate interest: To improve our services, ensure security, and prevent fraud

5. How We Use Your Data

Your personal data is used for the following purposes:

• User authentication and account management
• Secure storage and sharing of documents
• Logging actions for compliance and audit purposes
• System monitoring, performance optimization, and support
• Regulatory and legal compliance

6. Data Sharing and Disclosure

We do not sell or rent your personal data.

We may disclose your data to:

• Authorized personnel within your organization
• Third-party service providers (e.g., secure cloud hosting, analytics) who operate under data processing agreements
• Regulators or law enforcement if required by law or court order

7. International Data Transfers

Where data is transferred across borders (e.g., outside Nigeria or the EU), we ensure such transfers are done in compliance with:

• NDPA 2023 cross-border transfer requirements
• GDPR Standard Contractual Clauses (SCCs) or adequacy decisions for EU-based users

We ensure appropriate safeguards are in place to protect your data during international transfers.

8. Your Rights

As a data subject under NDPA and GDPR, you have the following rights:

• Right of access – to know what personal data we hold about you
• Right to rectification – to correct inaccurate or incomplete data
• Right to erasure – to request deletion of your data ("right to be forgotten")
• Right to restrict processing – to limit how your data is used
• Right to object – to object to certain uses (e.g., direct marketing)
• Right to data portability – to obtain and reuse your data elsewhere
• Right to withdraw consent – at any time, where processing is based on consent
• Right to lodge a complaint – with your data protection authority

To exercise any of these rights, contact us at [Insert Contact Email].

9. Data Retention

We retain your personal data only for as long as necessary to:

• Fulfill the purposes outlined in this policy
• Comply with legal, regulatory, or contractual obligations
• Resolve disputes and enforce agreements

After the retention period, we will securely delete or anonymize your data.

10. Data Security

We implement appropriate technical and organizational measures, including:

• End-to-end encryption
• Role-based access controls
• Multi-factor authentication
• Secure server infrastructure
• Regular security audits and penetration testing

While we take reasonable precautions, no system is completely immune to risk. Users should practice safe data handling and access practices.

11. Cookies and Tracking Technologies

Our DMS uses cookies and similar technologies to:

• Maintain user sessions
• Track usage for performance and analytics
• Store user preferences

You may manage or disable cookies via your browser settings. Disabling cookies may affect platform functionality.

12. Third-Party Links

Our services may include links to external websites or services. We are not responsible for their content or privacy practices. Please review their privacy policies independently.

13. Children's Privacy

Our platform is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us to delete it.

14. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the "Last Updated" date and notify users of material changes via the platform or email.

15. Contact Us

If you have any questions, requests, or complaints about this policy or our handling of your personal data, contact us:

University of Agriculture, Science and Technology Ihuh
Takeoff Campus, Ihugh-Korinya Road, Ihugh Vandeikya LGA, Benue State, Nigeria
Email: info@uast.edu.ng
Phone: +234 08169192646