Privacy Policy

1. Introduction

This Privacy Policy explains how Defendara Ltd (“Defendara”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal information when you:

  • visit or use our website and online platforms;
  • enroll in our cybersecurity training & paid deployment programmes;
  • request or receive cybersecurity advisory & consulting services; or
  • engage us for vulnerability assessments or related security services.

By using our website or services, you agree to the practices described in this Policy. If you do not agree, please do not use our website or services.

2. Who We Are and How to Contact Us

Data Controller:
Defendara Ltd
Registered in: Nigeria
Registered office: 19 Fagbile Street, Surulere, Lagos

Contact for privacy matters:

  • Email: help@defendaraltd.com
  • Phone: +234 716514202
  • Website: https://defendaraltd.com

If you have questions about this Policy or how your data is handled, contact us using the details above.

3. Scope of This Policy

This Policy applies to:

  • visitors to our website and landing pages;
  • individuals who fill out our Google/online forms (partners, consultation requests, student enrolment);
  • trainees/learners in our cybersecurity programmes;
  • employees, representatives, or contacts of companies that work with us; and
  • any person whose personal data we process in connection with our services.

It does not cover the practices of third‑party websites, tools, or platforms we link to. Review their privacy policies separately.

4. What Personal Data We Collect

The data we collect depends on how you interact with us.

a. Website visitors

  • Basic technical data: IP address, browser type, device information, operating system, pages visited, time and date of visit, referring URLs.
  • Cookie and tracking data (where used): analytics cookies, preference cookies, and similar technologies.

b. Partnership / consultation forms (companies)

  • Company name, industry, size, and location.
  • Contact person’s name, job title, work email, and work phone number.
  • Information about your cybersecurity challenges, systems, or projects you describe in the form.

c. Student enrolment & training

  • Full name.
  • Contact details (email, phone/WhatsApp, address, country).
  • Age, gender (optional), education level, and employment status where provided.
  • Background in IT/cybersecurity, career goals and interests.
  • Payment and billing information (handled via secure third‑party providers; we do not store full card details).
  • Training participation records: course enrolment, attendance, assessment results, feedback, certificates, and training session recordings where applicable.

d. Advisory, consulting & vulnerability assessments

  • Company contact details and key stakeholders’ information.
  • Information about your IT environment, infrastructure, and security posture (to the extent necessary for the engagement).
  • Security incident details, risk reports, and related documentation you choose to share.

e. Communications and marketing

  • Records of emails, messages, or calls with us.
  • Preferences about receiving marketing or updates.

We only request information that is necessary for the purposes described below and will indicate where providing information is mandatory or optional.

5. How We Use Your Personal Data

We process personal data for the following purposes:

a. To provide and manage our services

  • Register you for training programmes and manage your learning journey.
  • Deliver consulting, advisory, and vulnerability assessment services to your organisation.
  • Schedule and conduct consultation calls and meetings.
  • Manage our paid deployment/placement of trainees into partner companies.

b. To communicate with you

  • Respond to enquiries, support requests, and feedback.
  • Send service‑related notifications (course updates, scheduling, security notices, invoices, contractual information).

c. To improve our offerings

  • Analyse usage of our website and services to improve content, usability, and security.
  • Develop new training modules, tools, or services based on anonymised or aggregated data.

d. For marketing (with your consent or where permitted)

  • Send newsletters, updates, event invitations, or promotional content about Defendara services.
  • Customise content you see on our website or emails.

You can opt out of marketing at any time using the “unsubscribe” link or by contacting us.

e. Legal, security and compliance

  • Comply with legal obligations under applicable data protection and cybersecurity laws.
  • Protect our rights, property, trainees, clients, and systems (fraud prevention, abuse detection, incident response).
  • Maintain appropriate records for audits, taxation, and regulatory purposes.

6. Legal Bases for Processing

Where laws such as the Nigeria Data Protection Act (NDPA 2023) or GDPR apply, we rely on one or more of the following legal bases:

  • Contract: To perform a contract with you (e.g., providing training, consulting, or assessments) or to take steps at your request before entering a contract.
  • Consent: Where you have given clear consent (e.g., for marketing communications or certain optional data fields).
  • Legitimate Interests: To operate, secure, and improve our business in a way that does not override your rights (e.g., analytics, quality assurance, basic direct marketing to existing clients).
  • Legal Obligation: To meet legal and regulatory requirements (e.g., financial record‑keeping, responding to lawful requests).

7. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

  • remember your preferences;
  • understand how visitors use our site;
  • improve performance and security.

You can control cookies through your browser settings. Disabling some cookies may affect how the website functions.

8. How We Share Personal Data

We never sell your personal data. We may share it with:

  • Service Providers and contractors: e.g., cloud hosting, learning platforms, email service providers, analytics tools, payment processors—only as needed to deliver our services and under confidentiality obligations.
  • Partner companies (for trainees): When you participate in our paid deployment model, certain personal and professional information (such as your name, skills, CV, and training outcomes) may be shared with partner organisations for placement and work‑related purposes, with your knowledge and where appropriate your consent.
  • Professional advisors: lawyers, auditors, or consultants where necessary to protect our legal interests.
  • Authorities or law enforcement: if required by law or to protect rights, safety, or security.

Service providers are not permitted to use your data for their own marketing and must process it only according to our instructions and applicable law.

9. International Data Transfers

Because Defendara may work with partners, service providers, or clients in multiple countries, your personal data may be transferred and stored outside your country of residence.

Where such transfers occur, we take steps to ensure an appropriate level of protection, such as:

  • using service providers in jurisdictions recognised as having adequate data protection; or
  • putting in place contractual safeguards (e.g., standard contractual clauses) as required by law.

10. Data Security

We use appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include, where appropriate:

  • secure servers and restricted access;
  • encryption and secure communication protocols;
  • role‑based access control and staff training;
  • incident detection, response, and regular security reviews.

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes described in this Policy or as required by law. In general:

  • Training records and deployment history: kept for the duration of your relationship with us and a reasonable period afterwards for support, record‑keeping, and legal purposes.
  • Consultation and assessment reports: retained as long as needed for the client relationship, contractual obligations, and legal/regulatory requirements.
  • Marketing data: kept until you unsubscribe or request deletion, subject to minimal records kept to respect your preferences.

When data is no longer needed, we will delete, anonymise, or securely store it in line with our retention schedule.

12. Your Rights

Depending on applicable law (such as NDPA 2023 or GDPR), you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data in certain circumstances (“right to be forgotten”).
  • Restriction: Ask us to limit the processing of your data in certain cases.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Data Portability: Request your data in a structured, commonly used, machine‑readable format where technically feasible.
  • Withdraw Consent: Where processing is based on consent, you can withdraw it at any time (this will not affect processing already carried out).

To exercise your rights, contact us at [privacy@defendaraltd.com]. We may need to verify your identity before responding.

If you believe your rights have been violated, you may have the right to complain to the Nigeria Data Protection Commission or your local data protection authority.

13. Children’s Privacy

Our services are primarily intended for adults and older students. Where we intentionally collect personal data from individuals under the age required by applicable law, we will:

  • obtain consent from a parent or legal guardian where required; and
  • apply additional safeguards for the protection of minors’ data.

If you believe we have collected a child’s data without proper consent, please contact us so we can take appropriate action.

14. Third‑Party Sites and Services

Our website and materials may contain links to third‑party websites, platforms, or services. We are not responsible for their privacy practices or content. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:

  • post the updated Policy on our website with a new “Last updated” date; and
  • where appropriate, notify you through the website or by email.

Your continued use of our website or services after such changes constitutes acceptance of the updated Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Defendara Ltd
Email: help@defendaraltd.com
Phone: +234716514202
Address: 19 Fagbile Street, Surulere Lagos, Nigeria