UNPKG

@tantainnovative/ndpr-toolkit

Version:

Nigeria Data Protection Toolkit — enterprise-grade compliance components for the Nigeria Data Protection Act (NDPA) 2023

github.com/mr-tanta/ndpr-toolkit

mr-tanta/ndpr-toolkit

62 lines (46 loc) 9.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
'use strict';var chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js');function s(e){return e.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function q(e){let n=new Set,o=new RegExp(`${s(chunk6LJHLE6G_js.a)}([^${s("\xBB")}]+)${s("\xBB")}`,"g"),i;for(;(i=o.exec(e))!==null;)n.add(i[1].trim());let r=/\{\{\s*([^}\s]+)\s*\}\}/g;for(;(i=r.exec(e))!==null;)n.add(i[1].trim());return Array.from(n)}function P(e,n){if(typeof e=="string"){let o=e,i=n,r=o,c=/\{\{([^}]+)\}\}/g,d;for(;(d=c.exec(o))!==null;){let t=d[1].trim(),a=i[t]||"";r=r.replace(new RegExp(`\\{\\{\\s*${s(t)}\\s*\\}\\}`,"g"),a);}return r}else {let o=e,i=n,r={},c=[];return o.filter(t=>t.included).sort((t,a)=>(t.order||0)-(a.order||0)).forEach(t=>{let a=t.template||t.customContent||t.defaultContent||"",y=/\{\{([^}]+)\}\}/g,m,h=[];for(;(m=y.exec(a))!==null;)h.push(m[1].trim());h.forEach(l=>{let u="";l in i&&(u=i[l]||""),u||c.push(l),a=a.replace(new RegExp(`\\{\\{\\s*${s(l)}\\s*\\}\\}`,"g"),u);}),r[t.id]=a;}),{fullText:Object.values(r).join(` `),sectionTexts:r,missingVariables:Array.from(new Set(c))}}}var w=[{id:"data-collection",title:"Data Collection",description:"Describes what personal data is collected and how it is obtained.",order:1,required:true,included:true,template:'{{orgName}} ("we", "us", or "our") collects personal data from users of our services at {{website}}. We collect information you provide directly, such as your name, email address, phone number, and any other details you submit through forms or communications. We may also collect data automatically, including IP addresses, browser type, device information, and usage patterns through cookies and similar technologies. All data collection is conducted in accordance with the Nigeria Data Protection Act (NDPA) 2023.',variables:["orgName","website"]},{id:"legal-basis",title:"Legal Basis for Processing",description:"Specifies the lawful basis for processing personal data under the NDPA.",order:2,required:true,included:true,template:`{{orgName}} processes personal data under one or more of the following lawful bases as prescribed by the NDPA 2023: - Consent: where you have given clear, informed, and voluntary consent for a specific purpose. - Contract: where processing is necessary to fulfil a contract with you or to take steps at your request before entering a contract. - Legal obligation: where processing is required to comply with applicable Nigerian law. - Vital interest: where processing is necessary to protect your life or that of another person. - Public interest: where processing is necessary for the performance of a task carried out in the public interest. - Legitimate interest: where processing is necessary for our legitimate interests, provided these are not overridden by your rights and freedoms.`,variables:["orgName"]},{id:"data-usage",title:"Data Usage",description:"Explains the purposes for which personal data is processed.",order:3,required:true,included:true,template:`We use the personal data we collect for the following purposes: - Providing and improving our services at {{website}}. - Communicating with you regarding your account, enquiries, or support requests. - Sending relevant updates, where you have opted in to receive them. - Ensuring the security and integrity of our platform. - Complying with legal and regulatory obligations under Nigerian law. - Conducting analytics to improve user experience and service quality. We will not process your data for purposes incompatible with those stated above without providing you with notice and, where required, obtaining your consent.`,variables:["website"]},{id:"data-sharing",title:"Data Sharing and Disclosure",description:"Details when and with whom personal data may be shared.",order:4,required:true,included:true,template:`{{orgName}} does not sell personal data. We may share your data with the following categories of recipients: - Service providers and processors who assist us in operating our services, under strict data processing agreements. - Regulatory and law enforcement authorities when required by Nigerian law or valid legal process. - Professional advisers, including lawyers, auditors, and insurers, where necessary. - Business partners, only with your explicit consent and for clearly stated purposes. Any cross-border transfer of personal data will comply with the requirements of the NDPA 2023, including ensuring adequate safeguards are in place in the receiving jurisdiction.`,variables:["orgName"]},{id:"data-subject-rights",title:"Data Subject Rights",description:"Outlines the rights of data subjects under the NDPA.",order:5,required:true,included:true,template:`Under the NDPA 2023, you have the following rights regarding your personal data: - Right of access: request a copy of the personal data we hold about you. - Right to rectification: request correction of inaccurate or incomplete data. - Right to erasure: request deletion of your personal data where there is no compelling reason for continued processing. - Right to restrict processing: request limitation of how we process your data. - Right to data portability: receive your data in a structured, commonly used format. - Right to object: object to processing based on legitimate interest or for direct marketing purposes. - Right to withdraw consent: withdraw previously given consent at any time without affecting prior processing. To exercise any of these rights, contact us at {{privacyEmail}}. We will respond to your request within 30 days.`,variables:["privacyEmail"]},{id:"data-retention",title:"Data Retention",description:"Describes how long personal data is retained and the criteria for retention periods.",order:6,required:true,included:true,template:`{{orgName}} retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Nigerian law. Retention periods are determined based on: - The nature of the data and the purposes for processing. - Legal, regulatory, and contractual obligations. - Legitimate business needs such as maintaining records for audits or dispute resolution. When personal data is no longer needed, it will be securely deleted or anonymised in accordance with our data retention policy.`,variables:["orgName"]},{id:"data-security",title:"Data Security",description:"Describes the security measures in place to protect personal data.",order:7,required:true,included:true,template:`We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include: - Encryption of data in transit and at rest. - Access controls and authentication mechanisms. - Regular security assessments and vulnerability testing. - Staff training on data protection and information security. - Incident response procedures in line with NDPA breach notification requirements. While we strive to protect your data, no method of transmission or storage is completely secure. If you become aware of any security incident, please contact us immediately at {{privacyEmail}}.`,variables:["privacyEmail"]},{id:"contact-info",title:"Contact Information",description:"Provides contact details for privacy-related enquiries and the Data Protection Officer.",order:8,required:true,included:true,template:`If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us: Organisation: {{orgName}} Address: {{address}} Email: {{privacyEmail}} Website: {{website}} Data Protection Officer: {{dpoName}} DPO Email: {{dpoEmail}} You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated. This policy is effective as of {{effectiveDate}} and applies to all {{industry}} services provided by {{orgName}}.`,variables:["orgName","address","privacyEmail","website","dpoName","dpoEmail","effectiveDate","industry"]}],v=[{id:"orgName",name:"orgName",description:"The official name of your organisation.",value:"",inputType:"text",required:true},{id:"website",name:"website",description:"Your organisation's website URL.",value:"",inputType:"url",required:true},{id:"privacyEmail",name:"privacyEmail",description:"Email address for privacy-related enquiries.",value:"",inputType:"email",required:true},{id:"dpoName",name:"dpoName",description:"Full name of your Data Protection Officer.",value:"",inputType:"text",required:false},{id:"dpoEmail",name:"dpoEmail",description:"Email address of your Data Protection Officer.",value:"",inputType:"email",required:false},{id:"address",name:"address",description:"Physical address of your organisation.",value:"",inputType:"textarea",required:false},{id:"industry",name:"industry",description:"The industry or sector your organisation operates in.",value:"",inputType:"text",required:false},{id:"effectiveDate",name:"effectiveDate",description:"The date this privacy policy becomes effective.",value:"",inputType:"date",required:false}];function N(){return {sections:w.map(e=>chunkRFPLZDIO_js.a({},e)),variables:v.map(e=>chunkRFPLZDIO_js.a({},e))}}exports.a=q;exports.b=P;exports.c=w;exports.d=v;exports.e=N;