1. Who we are
Cynerion Technology Consultants Limited ("Cynerion", "we", "us", "our") is a technology consulting firm incorporated in Nigeria with headquarters in Lagos. We are a data controller and, where we process personal data on behalf of our clients, a data processor under the Nigeria Data Protection Act, 2023 ("NDPA"). You can contact our Data Protection Officer at dpo@cynerion.com.
2. What personal data we collect
We collect personal data only where we have a lawful basis to do so. The categories we may collect include:
- Identity and contact data — name, job title, work email, phone, organisation.
- Engagement data — details you share when enquiring about our services, submitting forms, attending events, or entering into a contract with us.
- Technical data — IP address, browser type, device identifiers, and pages visited when you use our website.
- Recruitment data — CVs, cover letters and interview records when you apply for roles.
- Marketing preferences — where you opt in to the Cynerion Briefing or other communications.
3. How we use your personal data
We use your personal data to:
- Respond to your enquiries and provide the services you have requested.
- Contract with you and deliver on our obligations.
- Send you information you have opted in to receive.
- Improve and secure our website and services.
- Comply with legal, regulatory and contractual obligations.
4. Lawful bases
We rely on one or more of the following lawful bases when processing your personal data, as defined by the NDPA: consent, performance of a contract, legitimate interests, legal obligation, and vital interests.
5. How we share your personal data
We do not sell your personal data. We may share limited personal data with service providers we engage to support our operations (for example, cloud hosting, email, CRM and analytics platforms), all of whom are contractually bound to NDPA-aligned protections. Where we are legally required to disclose personal data, we will do so only to the extent necessary.
6. International transfers
Some of our suppliers are located outside Nigeria. Where we transfer personal data internationally, we do so only to jurisdictions deemed adequate by the NDPC or under appropriate safeguards (for example, standard contractual clauses).
7. How long we keep your personal data
We retain personal data only for as long as is necessary for the purposes described above, or as required by law. Typical retention periods are: enquiry records (24 months), contract records (7 years after contract ends), recruitment records (12 months unless you consent to longer).
8. Your rights
Under the NDPA, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. You may exercise these rights by emailing dpo@cynerion.com. You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC).
9. Security
Cynerion operates an ISO 27001-aligned information security management system. We implement technical and organisational controls appropriate to the risk — including encryption, access control, logging, employee training and vendor due diligence — to protect your personal data.
10. Cookies
Our website uses a minimal set of essential cookies required for the site to function, and — where you consent — analytics cookies to help us improve the site. You can control cookies via your browser settings.
11. Children
Our services are not directed at children, and we do not knowingly collect personal data from children under the age of 18.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated on our website and, where appropriate, directly to you.
13. Contact us
For any questions about this policy or how we handle your personal data, email dpo@cynerion.com or write to us at Cynerion Technology Consultants Limited, Lagos, Nigeria.