PRIVACY POLICY

Nnamdi Azikiwe University Student Portal

Welcome to the Nnamdi Azikiwe University Student Portal ("Portal", "we", "our", or "us"). This Privacy Policy explains how Nnamdi Azikiwe University in collaboration with Applead collects, uses, stores, and protects your personal information when you use our services. By accessing or using the Portal, you consent to the practices described in this Privacy Policy.

Effective Date: December 16, 2024

1. Information We Collect

We collect the following types of information:

1.1 Account Information

- Registration Number: Used for account identification and authentication.

- Email Address: Used for communication, notifications, and account recovery.

- Password: Encrypted and stored securely for account access.

1.2 Biometric Data

- Fingerprint/Face Recognition Data: If you enable biometric login, we collect and store biometric identifiers locally on your device for authentication purposes. This data is encrypted and never transmitted to our servers or shared with third parties.

1.3 Academic Information

- Course registrations, grades, attendance records, examination schedules, and other academic-related data necessary for providing educational services.

1.4 Payment Information

- Transaction Data: When you make payments through the Portal, payment information is processed by third-party payment gateways. We do not store your complete card details on our servers. - Payment History: We maintain records of transactions, amounts paid, and payment dates for administrative and financial reporting purposes.

1.5 Usage Data

- Device information, IP address, browser type, access times, and pages viewed to improve service functionality and user experience.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Authentication & Access

- Authentication & Access: To verify your identity and provide secure access to the Portal. - Academic Services: To manage course registrations, display grades, track attendance, and provide academic-related information. - Communication: To send important notifications, announcements, academic updates, and respond to your inquiries. - Payment Processing: To facilitate tuition payments, fees, and other financial transactions. - Security & Fraud Prevention: To detect and prevent unauthorized access, fraudulent activities, and security threats. - Service Improvement: To analyze usage patterns and improve the functionality and user experience of the Portal. - Legal Compliance: To comply with applicable laws, regulations, and university policies. - Institutional Research: For anonymized academic analysis and statistical reporting to improve educational outcomes.

3. Information Sharing & Disclosure

We may share your information with the following parties:

3.1 Within the University

- Administrators: University staff with legitimate educational interests may access your information to provide academic and administrative services. - Faculty & Teachers: Your instructors may access relevant academic information including course registrations, grades, and attendance. - ICT Department (MICTU): Technical staff may access data for system maintenance, troubleshooting, and security purposes.

3.2 Parents/Guardians & Sponsors

- Based on your consent and university policies, parents, guardians, or sponsors may be granted access to view your academic records and performance.

3.3 Third-Party Service Providers

- Cloud Storage (AWS): We use Amazon Web Services (AWS) to securely host and store Portal data. AWS complies with industry-standard security and privacy practices. - Payment Processors: Third-party payment gateways process your payment transactions. These providers have their own privacy policies and security measures. We recommend reviewing their policies before making payments. - These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.4 Legal Requirements

- We may disclose your information if required by law, court order, legal process, or to protect the rights, property, or safety of the university, students, or others.

3.5 Research Purposes

- Anonymized and aggregated data may be shared with authorized researchers for academic studies and institutional research. Individual identities are never disclosed in such cases.

4. Data Security

We implement comprehensive security measures to protect your information:

4.1 Encryption

- All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols. - Secure Storage: Your password is encrypted using advanced hashing algorithms. Biometric data is stored locally on your device and encrypted. - Access Controls: Strict access controls ensure that only authorized personnel can access your information based on their role and legitimate need. - Regular Security Audits: We conduct regular security assessments and updates to protect against vulnerabilities and threats. - Secure Infrastructure: Our cloud infrastructure (AWS) employs advanced security measures including firewalls, intrusion detection, and data redundancy. Important: While we implement robust security measures, no system is completely immune to security breaches. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of any data breach.

5. Your Rights & Choices

You have the following rights regarding your personal information:

5.1 Access & Correction

- You can access and update your personal information through the Portal settings. For corrections to academic records, contact the appropriate university department. - Account Security: You are responsible for maintaining the confidentiality of your login credentials. Change your password regularly and never share it with others. - Biometric Data Control: You can enable or disable biometric login at any time through your device settings. Disabling this feature will delete biometric data from your device. - Communication Preferences: You can manage email notification preferences in your account settings. However, critical academic and administrative communications cannot be opted out. - Data Deletion Request: Upon graduation, withdrawal, or cessation of studentship, you may request deletion of certain personal data, subject to university record retention policies and legal requirements. - Report Security Issues: If you suspect unauthorized access to your account or discover any security vulnerability, immediately notify MICTU at support@unizik.edu.ng.

6. Data Retention

- We retain your personal and academic information for as long as necessary to provide services and fulfill the purposes outlined in this Privacy Policy. - Academic records are maintained according to university policies and Nigerian educational regulations, typically for several years after graduation or departure. - Payment records are retained as required by financial regulations and auditing requirements. - After the retention period expires, we will securely delete or anonymize your information, unless longer retention is required by law.

7. Children's Privacy

The Portal is intended for university students who are typically 16 years of age or older. If you are under 18 years old, we encourage you to use the Portal with the knowledge and consent of your parent or guardian. For students under 18, parents or guardians may be granted access to their academic information as permitted by law and university policy.

8. Third-Party Links

The Portal may contain links to third-party websites or services (including payment gateways). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9. International Data Transfers

Your information may be stored and processed on servers located outside Nigeria through our cloud service provider (AWS). We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

10. Changes to This Privacy Policy

- We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. - The "Effective Date" at the top of this policy indicates when it was last revised. - Material changes will be communicated through the Portal or via email. Continued use of the Portal after such changes constitutes your acceptance of the updated Privacy Policy. - We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Governing Law

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Regulation (NDPR) and any other applicable data protection legislation.

Acknowledgment

By clicking "I Accept" or by using the Portal, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Last Updated: December 16, 2024

Nnamdi Azikiwe University
Awka, Anambra State, Nigeria