Privacy-policy
Privacy Policy
Last Updated: 4 June 2025
Who is “aphr”?
We (“aphr,” “us,” or “our”) are a human resources consultancy and technology firm based in Lagos, Nigeria. We provide tailored HR solutions to startups and growing businesses, offering strategic and operational support designed to meet each organization’s specific needs. Our core services include:
● HR Consultation Services: project-based solutions for workforce-related challenges.
● HR Business Partner as a Service (HRBP-as-a-Service): a retainership model providing embedded strategic HR support.
● Seekr: a job connection platform linking employers with qualified candidates, enhanced by LinkedIn integration and candidate profiling.
● Human Resource Management System (HRMS): a digital, customizable HR solution to streamline people operations.
“aphr” respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal data (“Personal Data”) in accordance with the Nigeria Data Protection Act (NDPA) 2023 and, where applicable, international standards such as the General Data Protection Regulation (GDPR).
By accessing or using our website, platforms, or services, you agree to the practices described in this Policy. Please read this Policy carefully to understand how your information is handled.
Our Commitment to Privacy
We are committed to maintaining the privacy, security, and confidentiality of Personal Data entrusted to us via our website, platforms (including Seekr and HRMS), or through the course of delivering our services. This Privacy Policy, together with our Terms of Use, explains:
● When and why we collect Personal Data;
● How we use it;
● The conditions under which we may share it;
● Your rights in relation to your data; and
● How we safeguard your data from unauthorized access or misuse.
Our Role: Data Controller and Data Processor
Depending on the nature of the service being provided, aphr may operate as:
● A Data Controller: when we determine the purpose and means of processing your Personal Data (e.g., through Seekr, when administering HR advisory services, or operating our HRMS).
● A Data Processor: when we process data on behalf of a client (e.g., an employer using our HRMS or requesting talent matching via Seekr). In these cases, the client retains control of the data, and we act strictly on their instructions.
If you are interacting with aphr via an employer or client organization, please contact that organization directly for questions or requests related to your Personal Data.
Information We Collect
In the course of providing our Services, whether through our platforms (Seekr, HRMS), consulting engagements, or client interactions, we may collect, generate, or receive Personal Data from you or third parties. Below is an outline of the types of Personal Data we may process:
a. Information You Provide Directly – We collect the following categories of Personal Data when you use our website or engage our services:
● Basic personal data such as your name, date of birth, and gender.
● Contact details including home or postal address, delivery address, email address, and phone number.
● Identification information such as copies of your voter’s card, driver’s license, utility bill, or tenancy agreement.
● Banking details including account name, account number, bank name, and Bank Verification Number (BVN).
● Work and employment information such as CV/resume, job title, department, company name and address, work email, and office phone number.
● Account access data such as usernames and passwords used to access Seekr, HRMS, or other aphr platforms.
● LinkedIn profile or other professional social media handles for integration.
● Company name and registration details, business address and contact information of employer clients.
● HR documents, policies, and workforce data as relevant to our services.
● Names and contact information and other details of authorized representatives of employer clients as relevant to our services.
● Form Submissions including inquiries, sign-ups, or registration forms submitted via the website.
● Preferences and opinions including your feedback on our Services, newsletter subscriptions, or service preferences.
● Usage and browsing history such as website or platform usage metrics, technical diagnostics, content interactions, and error logs.
● Communications including email correspondence, which may be retained for quality monitoring and training purposes.
b. Information We Collect Automatically – When you use our website or digital platforms, (Seekr, HRMS), we collect technical information through cookies and similar technologies, which may include:
● Device and session data including IP address, browser type, device identifier, screen resolution, and operating system.
● Location data to tailor content and experience based on your geographic location.
● Log data, access times, and user behavior analytics including click patterns, page scrolls, form interactions, and engagement with communications or advertisements.
● Session Recording Technologies which help us analyze user interactions with our platforms for troubleshooting and design improvement (this excludes sensitive or payment information).
● Cookies and other tracking technologies. You can manage cookie preferences via your browser settings. For more details, see our Cookies and Analytics section. Insert link on the website and delete this highlight.
c. Information We Obtain from Third Parties – We may also receive your Personal Data from third-party sources, including:
● Our clients or employer partners who may provide your data to use aphr services on your behalf (e.g. onboarding for HRMS or job matching via Seekr).
● Professional Associations and Licensure Bodies where applicable to your role or qualifications.
● Third-Party Service Providers including recruiters, resellers, or integrated business partners assisting in service delivery.
● Public Sources including open government databases (e.g. CAC), online directories, publicly accessible websites, and social media platforms.
● Regulatory Authorities such as when we receive information relating to a complaint or regulatory compliance matter.
d. Information Generated During Your Relationship With Us – We may generate and collect additional data as part of your ongoing use of our services, including:
● User Journey Analytics to identify usability issues or track performance on platforms like HRMS and Seekr.
● Engagement History including response to surveys, marketing communications, support requests, and service usage trends.
● Platform Interactions captured during your use of our HRMS (e.g., attendance logs, document uploads) or Seekr (e.g., application history, job matching activity).
e. Sensitive Personal Data – We may process sensitive categories of data (e.g. disciplinary records, health information, or performance data) only when:
● It is necessary for the performance of our service.
● It Required by applicable law or regulation.
● Explicit consent has been provided.
For more information on how third parties process your data, please refer to their own Privacy Policy.
Lawful Basis for Processing
We collect and process your Personal Data in accordance with the lawful bases defined under the Nigeria Data Protection Act (NDPA) 2023 and other relevant laws, such as the General Data Protection Regulation (GDPR) where applicable. We rely on the following lawful bases:
● Consent: When you voluntarily provide data via forms or platforms (e.g. Seekr job registration), and when you opt-in to receive communications or marketing.
● Performance of a Contract: When processing is necessary to fulfil our obligations under a service agreement with you or your organization.
● Legal Obligation: When required to comply with legal or regulatory obligations (e.g. NDPA reporting, employment or tax compliance).
● Legitimate Interests: When we process data for legitimate business purposes, such as improving our services, fraud prevention, or business development, provided your rights and freedoms are not infringed.
● Public Interest: When it is necessary to perform a task carried out in the public interest or in exercise of an official public mandate.
Using Your Personal Data
We may store and use your Personal Data to provide, maintain, and improve our Services, including HR consulting, HR Business Partner-as-a-Service, the HRMS platform, and Seekr (our job connection platform). Your data may be used for any of the purposes below, based on the lawful grounds of consent, contract performance, legal obligation, or our legitimate interests:
a. Service Access and Account Management – we use your data to:
● Enable you to search for and subscribe to aphr’s Services.
● Create and manage accounts or profiles on our platforms (HRMS and Seekr).
● Help you purchase, use, or interact with any third-party content or services connected to aphr.
● Facilitate your ability to create, post, or submit content through our services (e.g., job applications via Seekr or HRMS feedback tools).
● Process any sign-ups or requests for information, including newsletters or event participation.
● Register you for and manage your attendance at aphr events (virtual or in-person).
b. Service Delivery and Communication – we use your data to:
● Provide and tailor our HR consultancy and HRMS services to meet you or your organization’s specific needs.
● Communicate with you via phone, email, chat, or in-person meetings in relation to our services or platform support.
● Respond to surveys, feedback forms, or information requests, including support tickets.
● Match candidates with a job or working opportunity through Seekr or within aphr.
c. Platform and Service Improvement – we use your data to:
● Monitor usage of our Website and digital platforms (e.g., HRMS and Seekr) to ensure technical functionality, enhance performance, and troubleshoot errors.
● Improve the design, content, and features of our platforms based on aggregated user behavior.
● Undertake statistical analysis and product development to refine or create new offerings.
● Enhance user experience and platform functionality through customized features and relevant content.
d. Security, Identity and Risk Management – we use your data to:
● Verify your identity when necessary for security or onboarding purposes.
● Detect, prevent, and manage fraud, illegal activities, or unauthorized access using internal controls and third-party screening tools.
● Perform anti-fraud, anti-money laundering (AML), and compliance checks as required by law.
● Assess financial and operational risks, including creditworthiness (where applicable).
● Investigate and address any inappropriate or suspicious use of our platforms or services.
e. Legal and Regulatory Compliance – we may also use your data to:
● Fulfil regulatory, tax, or audit obligations in accordance with applicable Nigerian laws and international best practices.
● Respond to formal requests from government agencies, courts, or regulatory bodies.
● Defend aphr’s legal rights or assist in investigations involving potential violations of the law.
f. Legitimate Interests – where applicable, we rely on our legitimate interests to:
● Operate and grow our business in a sustainable, secure, and user-focused manner.
● Develop relationships with employers, job seekers, clients, and partners.
● Deliver and market our services in ways that align with user needs and feedback.
Please note: aphr does not make decisions based solely on automated processing or profiling that would significantly affect you.
Sharing and Disclosing Your Data
We may share your Personal Data in the following ways:
a. Service Providers, Partners and Other Third-Parties
We may disclose your Personal Data to third-party service providers and professional partners who:
● Assist in delivering our Services to you (e.g., training providers, HR tech partners, payroll processors, or background check firms).
● Support our internal operations and communications, including email distribution, data storage, security services, CRM platforms, and customer support tools.
● Help develop or maintain our technology platforms (e.g., the HRMS or Seekr).
● Assist with job matching or job listing facilitation, where you consent to job placement via our Seekr platform.
b. Legal, Regulatory, and Risk Management Bodies
We may share your Personal Data with:
● Law enforcement agencies, government authorities, or regulators where required to comply with applicable laws, regulations, or legal processes.
● Fraud prevention agencies, risk and compliance service providers, or third parties who help us detect or prevent fraud, abuse, or other illegal activities.
● Relevant professional advisers, including auditors, legal counsel, tax consultants, and compliance advisers, who assist in managing our legal and regulatory obligations.
c. Business Transitions
In the event that aphr undergoes a business restructuring, merger, acquisition, asset sale, or any similar corporate transaction, we may transfer Personal Data as part of the transaction. Where required, we will ensure appropriate safeguards are in place to protect your information and notify you of any material changes.
d. Contract Enforcement and Dispute Resolution
Where necessary, we may:
● Share information with third-party tracing or debt recovery agencies in instances where communication with you is lost, and a legitimate interest exists to re-establish contact.
● Engage legal professionals or enforcement partners to assert or defend our rights under applicable agreements or terms of service.
e. Affiliates and Subsidiaries
We may share your Personal Data with aphr’s subsidiaries, affiliates, or strategic partners, where such sharing supports the provision or improvement of our Services.
f. Transfers of Rights and Obligations
If we transfer or assign any of our rights or obligations under any agreement with you, Personal Data relevant to that relationship may also be transferred to the transferee, subject to confidentiality and data protection standards.
Important Note: All third parties that process your data on our behalf are bound by data processing agreements and are required to handle your data with strict confidentiality and in accordance with the NDPA and our own privacy and security standards. We do not sell user data!
Protecting Your Personal Data
Given the nature of our services such as digital HR solutions, job connection services (Seekr), and HRMS tools, we understand the sensitivity of the information you share with us. As such, we employ robust and layered security practices to protect that data, whether stored in our systems, in transit, or shared with verified partners.
Our data protection measures include organizational and technical approaches to guard against accidental loss, destruction or damage, misuse, unauthorized access, disclosure and alteration. In addition, we implement secure servers and encryption, role-based access control, regular audits and compliance checks, and other necessary security safeguards.
By using our services, you trust us with your information. We take that trust seriously and strive to ensure your data remains safe and secure throughout your engagement with us.
Your Data Rights
Your Personal Data is protected under the Nigeria Data Protection Act (NDPA), and you are entitled to exercise a number of rights in relation to how your data is collected, processed, and stored by aphr.
If you would like to exercise any of the rights outlined below or have questions about how your Personal Data is being used, please contact us at: aphr@gmail.com
Please note that not all rights apply in every situation, and we will assess each request and provide a clear explanation where a right does not apply. Also where a request is manifestly unfounded, excessive, or repetitive, we reserve the right to refuse the request or charge a reasonable administrative fee as permitted under the NDPA.
a. Right to Access Your Personal Data: You have the right to request confirmation of whether we hold your Personal Data and, if so, access the information along with details about how and why it is being processed. This is commonly referred to as a Data Subject Access Request (DSAR). We may request a valid proof of identity before disclosing such information.
b. Right to Rectification: If the Personal Data we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct or update it.
c. Right to Erasure (“Right to Be Forgotten”): You may request that we delete your Personal Data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent (where applicable). Please note that we may retain certain information as required by law or for legitimate business purposes.
d. Right to Restrict Processing: In specific circumstances, you may have the right to request that we limit the processing of your Personal Data. For example, if you contest the accuracy of the data or if you have objected to the processing and are awaiting a verification of our legitimate grounds.
e. Right to Object: You have the right to object to our processing of your Personal Data in certain situations, such as where processing is based on our legitimate interests, or where we are using the data for direct marketing purposes.
f. Right to Data Portability: You may request that we provide your Personal Data to you or to a third party in a structured, commonly used, and machine-readable format, where the processing is carried out by automated means and based on your consent or a contract.
g. Right to Withdraw Consent: Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawing your consent does not affect the lawfulness of any processing carried out prior to the withdrawal.
h. Right to Lodge a Complaint: If you believe that we have violated your data protection rights, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or any other relevant authority.
International Transfers of Your Personal Data
In the course of providing our Services, aphr may transfer your Personal Data to parties located outside Nigeria. This may include third-party service providers, technology partners, or affiliated entities who support our operations and service delivery.
Where such transfers occur, we will ensure that your Personal Data continues to receive an adequate level of protection in line with the Nigeria Data Protection Act (NDPA).
We will only transfer your Personal Data to countries that are listed on the Adequacy Whitelist published by the Nigeria Data Protection Commission (NDPC), indicating that the destination country provides an adequate level of data protection.
In cases where the receiving country is not on the Adequacy Whitelist, we will ensure that the receiving country has adequate data protection laws, and implement appropriate safeguards, including standard contractual clauses or data sharing agreements, to ensure your Personal Data is handled in a secure and lawful manner that affords similar protection as under the NDPA.
All data transfers will be undertaken with your privacy and data security in mind, and we will take reasonable technical and organizational steps to protect your data during such transfers.
By interacting with our Services, you consent to the transfer of your Personal Data in accordance with the terms outlined in this Privacy Policy.
Your Data Retention
We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including to provide you with our services, to comply with legal, regulatory, tax, accounting, or reporting obligations, and to resolve any potential disputes.
In line with our internal data retention policy and applicable legal requirements (including the NDPA), we may retain your Personal Data for a minimum of six (6) years after the termination of your relationship with aphr. For example:
● For HR consultancy and HRBP-as-a-Service clients, your data will be retained for at least six years from the date our engagement ends;
● For users of the HRMS, your account and any employee or business-related data entered into the HRMS will be retained for a minimum of six years after deactivation or account closure;
● For job candidates and employers on Seekr, Personal Data related to applications, CVs, employment preferences, and employer interactions may be stored for at least six years after your account becomes inactive or is closed, unless you request earlier deletion (subject to lawful exceptions).
We may retain certain anonymised or aggregated data for analytical purposes without further notice to you.
If you would like us to delete your Personal Data before the end of our retention period, you may contact us via aphr@gmail.com. Please note that legal or regulatory requirements may limit our ability to fully comply with such requests in certain cases.
Security of Information
At aphr, we recognize the importance of protecting the Personal Data you entrust to us through our services, including our HR consultancy platform, HRMS system, and Seekr job connection portal.
We implement robust technical and organizational measures to ensure the confidentiality, integrity, and availability of your Personal Data. These include data encryption, secure access control, firewalls and intrusion detection systems, employee training, and third-party safeguards.
Despite our best efforts, it is important to note that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security.
In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will promptly investigate the breach, notify the Nigeria Data Protection Commission (NDPC) within 72 hours, where required, notify affected individuals without undue delay, especially where the breach is likely to result in serious harm or financial loss, and take immediate steps to mitigate the effects of the breach and prevent future occurrences. We will also maintain documentation to support post-incident reviews and reporting.
Examples related to our platforms can include:
● HRMS Platform: If payroll data, employee records, or performance reports are compromised, affected client organizations will be contacted immediately with a summary of the breach, recommended mitigation actions, and details of any ongoing containment measures.
● Seekr (Job Matching Platform): If CVs, LinkedIn-integrated profiles, or contact details of candidates are unlawfully accessed or exposed, both job seekers and relevant verified employers will be notified with appropriate guidance.
If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect that the security of your account has been compromised), please contact us immediately at aphr@gmail.com.
Data Controller and Laying Complaints
The Data Controller responsible for your Personal Data is aphr, a human resources consultancy registered in Nigeria.
If you have any questions, concerns, or complaints regarding this Privacy Policy and how your Personal Data is collected, used, shared, or otherwise processed, or wish to exercise any of your rights under the Nigeria Data Protection Act (NDPA), you may contact us at: aphr@gmail.com.
Kindly include as much detail as possible in your email so that we can investigate your complaint thoroughly and respond appropriately. We will acknowledge receipt of your complaint and aim to provide a response within a reasonable timeframe.
If you are not satisfied with our response, or believe that your rights under the Nigeria Data Protection Act (NDPA) have been infringed, you also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC). For further information on your data protection rights and how to escalate a complaint, please visit the NDPC website.
Changes to Policy
We may update this policy. Notice may be given via the website or email, and continued use indicates acceptance.