Privacy Policy

1. Scope and Data Controller

1.1 Applicability. This Policy applies to all modules of THE SYSTEM (Surveyor Dashboard, Property Monitoring Module, Administrative Interface and related services) and to all data collected, stored, or processed by these modules. It covers data about land parcels and property, geospatial mappings, and all personally identifiable information of system users and other individuals.

1.2 Data Controller. The Enugu State Government, through the Office of the Surveyor General, is the Data Controller. The Government retains sole control and exclusive rights over all data in THE SYSTEM. All system operators, including surveyors and administrators, act on behalf of the Government. No data collected may be sold or transferred to any third party without express government authorization.

2. Definitions

• 2.1 Personal Data. Any information relating to an identifiable individual, including name, address, contact information, identification numbers, and any other personal identifiers.
• 2.2 Geospatial Data. Data that includes geographic coordinates, maps, boundary delineations, satellite imagery or other locational information.
• 2.3 Surveyor Dashboard. THE SYSTEM module used by licensed surveyors to record, view, and manage survey data.
• 2.4 Property Monitoring Module. THE SYSTEM module used for tracking property status, ownership history, and inspection data.
• 2.5 Administrative Interface. THE SYSTEM module used by authorized officials for system administration, user management, and oversight.
• 2.6 User. A registered individual who uses THE SYSTEM, including surveyors, inspectors, and landowners.
• 2.7 Data Privacy Officer (DPO). The official designated to oversee compliance with this Policy.

3. Data Collection and Use

3.1 Types of Data Collected

• Geospatial Information: Survey maps, coordinates, boundary lines, plot measurements, satellite imagery and other location data needed for land demarcation and planning.
• Personal Identification: Names, national ID or business registration numbers, addresses, email/phone contacts of surveyors, inspectors, landowners and other system users.
• Authentication and Access Logs: Login records, timestamps, IP addresses, audit trails, one-time password (OTP) usage logs, and other security-relevant metadata.
• Inspection Multimedia: Photographs, videos, and audio recordings captured during site inspections or field surveys, linked to specific property or survey records.

3.2 Purpose of Collection

All collected data serves specific purposes of land governance: verifying property ownership, supporting secure land transactions, facilitating urban planning, and preventing fraud. Data is collected for explicit governmental purposes and not repurposed for unrelated uses. We adhere to the principle of data minimization: only data strictly necessary for these stated purposes is gathered. When data is collected (during user registration or site survey), the intended use will be clearly communicated to the user, ensuring transparency in processing.

3.3 Lawful Basis and Consent

Processing of personal data is justified by the public interest in secure land administration and by applicable Nigerian law. Where consent is obtained (e.g. for optional data), users have the right to withhold or withdraw consent at any time. Mandatory data (e.g. identity of a landowner when registering a title) must be provided to fulfill statutory land records functions.

4. Data Ownership and Control

4.1 Government Ownership. The Enugu State Government exclusively owns all data in THE SYSTEM. The Office of the Surveyor General administers the system on behalf of the Government, with full administrative rights over data access, modification, and disclosure. All system activities are logged and monitored to ensure Government authority and accountability over data use.

4.2 Access by Government Agencies. Authorized government agencies (e.g. ENGIS land registry, planning authorities, courts) may access relevant data as needed for official duties. Such access is strictly controlled and limited to the minimum necessary information. Any sharing with other agencies is done under legal mandate and oversight. No data is released externally for private or commercial use without explicit government direction and safeguards.

4.3 No Unauthorized Disclosure. Personal and geospatial data will not be shared with third parties (including foreign entities or private companies) unless required by law (e.g. court order) or to provide essential services (e.g. technical maintenance by vetted service providers). All third-party service providers that handle THE SYSTEM data are contractually bound to abide by this Policy and may only process data under the Government’s instructions.

5. Rights of Data Subjects

• Right to Be Informed: Users shall be informed about the categories of data collected about them and the purposes for processing it. THE SYSTEM interfaces will provide clear notices explaining data usage.
• Right of Access: Users may request to view their own personal data and property-related records held in THE SYSTEM. The Office shall provide access to such data or reports in a secure manner upon verified request.
• Right to Rectification: If any personal or property data is found to be inaccurate or incomplete, the affected user may request correction. The Office will promptly update records to restore accuracy.
• Right to Object/Consent Withdrawal: Users may object to certain processing activities that are not mandatory. Upon objection or withdrawal, the Office shall cease the contested processing unless otherwise required by law.
• Right to Erasure: To the extent permitted by law and system requirements, a user may request deletion of their personal data when it is no longer necessary. Note: some land records must be retained for legal and historical reasons; in such cases personal data may be anonymized or archived securely instead.
• Right to Data Portability: Upon request the Office will provide a copy of a user’s personal data in a usable electronic format.
• Right to Lodge Complaints: Users may report privacy concerns or file complaints with the Office’s Data Protection Officer or the Nigeria Data Protection Commission.

6. Security Measures

6.1 Access Controls: Access to THE SYSTEM is secured by authenticated login. All system users must use strong passwords with complexity requirements and regular changes. Multi-factor Authentication (MFA) is required for all administrative users and for sensitive transactions.

6.2 Encryption: All data transmitted between user devices and THE SYSTEM servers is encrypted in transit (SSL/TLS). Sensitive personal data at rest is encrypted in the database. Encryption keys are managed securely with restricted access.

6.3 Audit Logging: THE SYSTEM maintains detailed audit logs of all access and actions, recording who did what and when. Logs are regularly reviewed to detect unauthorized activity and are protected against tampering.

6.4 Continuous Monitoring and Testing: Network and intrusion detection systems monitor for suspicious activity. Regular security assessments identify and remediate potential weaknesses. Suspected security incidents are investigated promptly.

6.5 Physical Security: Servers and storage systems are located in secure government data centers with controlled physical access. Backup media are encrypted and stored offsite.

6.6 Organizational Measures: A strict need-to-know policy grants users only the minimum access privileges necessary. Personnel sign confidentiality agreements and receive regular training.

7. Data Sharing and Third-Party Transfers

7.1 Internal Sharing: Within government, data may be shared with other state agencies only for official purposes under formal agreements and audit oversight.

7.2 Third-Party Service Providers: External vendors processing data on our behalf are contractually bound to Government instructions and equivalent security measures.

7.3 No International Transfer without Safeguards: Data is kept within Nigerian jurisdiction except approved cloud hosting, under strict safeguards.

7.4 Legal Disclosures: Data is disclosed without consent only when required by law (e.g. subpoena). Minimum necessary data is released, and affected users are notified unless prohibited.

8. Data Retention and Disposal

8.1 Retention Periods: Data is retained only as long as needed for its purpose, per statutory schedules (e.g. 10+ years for land titles), then securely deleted or archived.

8.2 Secure Disposal: Data no longer needed is destroyed or anonymized to prevent reconstruction. Audit logs older than retention periods are purged securely.

9. Compliance with Best Practices and Standards

This Policy aligns with Nigeria’s Data Protection Act, OECD Privacy Guidelines, and VGGT principles for responsible land governance. We conduct privacy impact assessments and update policies with evolving threats and technology.

10. Policy Updates and Review

10.1 Amendments: We may amend this Policy to reflect new legal requirements or operational needs. Significant changes will be approved by the Surveyor General and communicated to users.

10.2 Enforcement: Compliance is mandatory; violations may result in disciplinary measures and are subject to audit and oversight.

10.3 Contact: Questions or requests should be directed to our DPO at OSGTHESYSTEM-DPO@enugustate.gov.ng or the Nigeria Data Protection Commission.