Privacy Policy

Last updated: 6 June 2026

Privacy Policy

This Privacy Policy (“Policy”) sets out how ROARIK collects, uses, stores, discloses, and otherwise processes personal data in the course of providing its engineering, procurement, construction, technical support, maintenance, project management, consultancy, and related business services (collectively, the “Services”).

1. Introduction

ROARIK Engineering Limited (“ROARIK”, “we”, “us” or “our”) is committed to protecting the privacy and personal data of individuals and to ensuring transparency in how personal data is collected, used, stored, disclosed, and otherwise processed. We process personal data in a manner that safeguards the constitutional and fundamental rights and freedoms of data subjects, in accordance with the Nigeria Data Protection Act, 2023 (“NDPA”) and other applicable data protection laws and regulations.

This Policy applies to personal data processed through our websites, digital platforms, email communications, project sites, business operations, vendor and client engagements, and any other systems or channels through which ROARIK conducts its business operations. It applies to individuals who interact with ROARIK or the Services in any capacity, including clients, prospective clients, business partners, contractors, subcontractors, vendors, consultants, employees, job applicants, and visitors to our digital platforms (collectively referred to as “data subjects”, “users”, “you”, or “your”).

2. Our Guiding Principles on Data Processing

In processing your personal data, ROARIK adheres to the data protection principles recognized under the NDPA. Our obligation under these principles is to ensure that personal data is:

  • processed in a lawful, fair, and transparent manner, and only on a valid legal basis communicated to you at the point of collection or otherwise permitted by law;
  • collected for specified, explicit, and legitimate purposes, and not further processed in any manner incompatible with those purposes;
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which the personal data is collected or further processed;
  • retained only for as long as necessary to achieve the lawful purposes for which the personal data was collected or further processed, except where a longer retention period is required or permitted by applicable law;
  • accurate, complete, and kept up to date, where necessary, having regard to the purposes for which the personal data is processed; and
  • processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, access, loss, destruction, damage, or any form of data breach, through appropriate technical and organizational safeguards.

Furthermore, ROARIK is committed to accountability and demonstrable compliance with applicable data protection obligations. We exercise a continuing duty of care in handling personal data and maintain governance, security, and operational measures designed to uphold the confidentiality, integrity, and availability of personal data throughout its lifecycle.

3. Categories of Personal Data We Process

Depending on the nature of your interaction with ROARIK and the Services accessed, we may process various categories of personal data.

Such personal data may include identification and contact information such as names, telephone numbers, email addresses, residential or business addresses, job titles, company affiliations, and other similar identifiers required for communication, project administration, site access, vendor management, and business relationship management.

We may collect information provided through client onboarding documentation, vendor registration forms, employment applications, contractual engagements, requests for quotations, project documentation, and other service-related communications. This may include payment or banking information necessary for invoicing, payment processing, procurement administration, and other legitimate business operations through authorized payment channels or financial institutions.

ROARIK may also process personal data relating to employees, job applicants, contractors, subcontractors, consultants, technical personnel, vendors, and other service providers in connection with recruitment, onboarding, due diligence, regulatory compliance, project execution, health and safety administration, contractual performance, and general business operations.

Technical and usage information may also be processed when individuals interact with our websites, digital platforms, or communication systems. Such information may include IP addresses, device identifiers, browser information, access logs, session activity, and other diagnostic or analytical data necessary to maintain system functionality, security, operational efficiency, and fraud prevention.

Where strictly necessary, lawful, and proportionate, ROARIK may process sensitive personal data, including health or biometric information, particularly in connection with workplace safety requirements, site access control, medical fitness assessments, emergency response procedures, or compliance with applicable legal and regulatory obligations. Any such processing shall be subject to appropriate safeguards and carried out in compliance with applicable data protection laws and regulations.

4. Purposes of Processing and Lawful Bases

ROARIK processes personal data solely for specific, explicit, and legitimate purposes, and strictly on one or more lawful bases recognized under applicable data protection laws and regulations.

Personal data is processed to establish, administer, and manage client, vendor, contractor, and business relationships, including project execution, procurement processes, engineering consultancy, technical support, customer communications, invoicing, and general business operations. Such processing is primarily necessary for the performance of a contract to which the data subject is a party or in order to take steps prior to entering into a contract. Associated lawful bases may also include compliance with legal obligations and ROARIK’s legitimate interests in operating, maintaining, and improving its Services and business activities, provided such interests do not override the rights and freedoms of data subjects.

Personal data may also be processed for project planning, engineering design, construction management, workforce coordination, site administration, logistics, and operational oversight necessary for the delivery of ROARIK’s Services. This processing is primarily based on contractual necessity and ROARIK’s legitimate interests in ensuring efficient project delivery, operational effectiveness, quality assurance, and client satisfaction.

Where individuals interact with ROARIK through its websites, digital platforms, email systems, or other communication channels, personal data may be processed to respond to inquiries, provide support services, administer accounts, improve user experience, maintain system functionality, and ensure the security and integrity of our systems and infrastructure. Such processing may rely on contractual necessity, legitimate interests, and compliance with applicable legal or regulatory obligations.

Personal data may further be processed for billing administration, payment processing, fraud prevention, identity verification, security monitoring, access control, and the protection of ROARIK’s personnel, systems, facilities, and operations. This processing is typically grounded in contractual necessity, compliance with legal and regulatory obligations, and ROARIK’s legitimate interests in maintaining secure and lawful business operations.

ROARIK may process personal data for regulatory compliance, corporate governance, internal audits, investigations, dispute resolution, risk management, insurance administration, health and safety compliance, and business continuity purposes. Such processing is primarily required to comply with applicable laws, regulations, contractual obligations, and industry standards, and may also rely on legitimate interests or public interest considerations where applicable.

Personal data relating to employees, applicants, contractors, consultants, subcontractors, and service providers may be processed for recruitment, onboarding, workforce administration, performance management, payroll administration, compliance with labour and commercial obligations, training, occupational health and safety administration, and operational oversight. This processing is predominantly based on contractual necessity, legal obligations, and ROARIK’s legitimate interests in effective organizational management.

Where strictly necessary and lawful, ROARIK may process sensitive personal data, including health-related or biometric data, particularly for workplace safety compliance, emergency response procedures, medical fitness verification, site access management, or other legally required purposes. Such processing shall be carried out subject to enhanced safeguards and in accordance with applicable legal and regulatory requirements.

Consent shall be relied upon only where it represents the most appropriate lawful basis for processing and shall not be used as a substitute for other lawful grounds. Where processing is based on consent, ROARIK shall ensure that such consent is freely given, specific, informed, and unambiguous. Data subjects retain the right to withdraw consent at any time in accordance with applicable law, without affecting the lawfulness of processing carried out prior to such withdrawal.

5. Sources and Modes of Data Collection

Personal data processed by ROARIK is obtained through lawful and transparent means, depending on the nature of your interaction with the Company and its Services.

We may collect personal data directly from you through client engagements, project on- boarding processes, contractual documentation, vendor registration, procurement activities, employment applications, site access procedures, communications, and other direct interactions with us through our offices, project sites, websites, digital platforms, email systems, and other business channels.

Personal data may also be collected indirectly from third parties where necessary for legitimate business, operational, contractual, or compliance purposes. Such third parties may include clients, contractors, subcontractors, consultants, service providers, recruitment agencies, regulatory authorities, professional advisers, business partners, and other entities involved in the delivery or administration of our Services.

Certain personal data may be collected automatically through the use of our websites, digital platforms, communication systems, and other technological infrastructure. This may include information collected through access logs, cookies, analytics tools, device identifiers, security monitoring systems, and similar technologies, in accordance with applicable legal requirements and any notices provided at the point of collection.

6. Disclosure and Sharing of Personal Data

Personal data is disclosed or shared only where necessary, lawful, and in a manner consistent with the purposes and lawful bases set out in this Policy.

We may share personal data internally with our employees, management personnel, contractors, consultants, and affiliated entities only where such access is necessary for project execution, service delivery, operational management, regulatory compliance, health and safety administration, corporate governance, or other legitimate business purposes, subject to appropriate confidentiality and security safeguards.

Personal data may also be disclosed to third-party service providers, vendors, subcontractors, professional advisers, consultants, insurers, financial institutions, IT service providers, and other entities engaged to support ROARIK’s operations and Services. Such disclosures may be necessary for engineering and project support services, procurement activities, payment processing, technical maintenance, data hosting, security management, professional advisory services, auditing, or other legitimate operational functions. All such disclosures are subject to contractual obligations requiring confidentiality, data protection, and appropriate security measures in accordance with applicable laws and regulations.

Where required by law, regulation, court order, or other lawful process, ROARIK may disclose personal data to regulatory authorities, government agencies, law enforcement bodies, courts, or other competent public authorities in connection with compliance obligations, investigations, legal proceedings, enforcement actions, or the protection of legal rights and interests.

In the event of a merger, acquisition, restructuring, reorganisation, joint venture, divestment, financing transaction, or sale of assets, personal data may be disclosed to relevant counterparties, advisers, financiers, or successors, subject to appropriate confidentiality obligations and safeguards.

We shall take reasonable measures to ensure that all recipients of personal data process such data only for authorized purposes and in compliance with applicable data protection, confidentiality, and security requirements.

7. Cross-Border Data Transfers

In the course of our operations, personal data may be transferred to, accessed from, or processed in jurisdictions outside Nigeria, including where we engage third-party service providers such as cloud hosting, information technology, data analytics, or support services located abroad.

Where such cross-border transfers occur, ROARIK ensures that appropriate safeguards are implemented in accordance with the NDPA, including Part VIII thereof and the General Application and Implementation Directive (GAID) issued by the Nigeria Data Protection Commission (NDPC). These safeguards may include adequacy decisions, standard contractual protections, or other legally recognized transfer mechanisms.

We take reasonable steps to ensure that personal data transferred outside Nigeria is afforded an adequate level of protection that is substantially similar to that provided under the NDPA.

8. Data Retention and Storage

Personal data is retained only for as long as is necessary to fulfil the purposes for which it was collected and processed, having regard to the applicable lawful basis and relevant legal, regulatory, contractual, and operational requirements.

Retention periods may vary depending on whether personal data is processed for operational activities, contractual performance, regulatory compliance, employment administration, or archival purposes permitted by law. Where retention is required by statute or regulation, personal data shall be retained for the period prescribed under applicable law.

We implement appropriate technical and organizational measures to ensure the secure storage of personal data throughout its lifecycle. Upon expiry of the applicable retention period, personal data is securely deleted, anonymized, or otherwise disposed of in accordance with internal policies and applicable legal requirements.

9. Data Security and Risk Management

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, alteration, or disclosure. Such measures include access controls, role-based permissions, confidentiality obligations, secure systems and infrastructure, monitoring mechanisms, and procedures for incident prevention and response. Access to personal data is restricted to authorized personnel who require such access for legitimate purposes.

ROARIK conducts periodic reviews, assessments, and audits of its data protection and security practices to ensure ongoing effectiveness and compliance. Where processing activities are likely to result in a high risk to the rights and freedoms of data subjects, we carry out data privacy impact assessments in accordance with the NDPA.

10. Rights of Data Subjects

Subject to applicable law, data subjects are entitled to exercise certain rights in relation to their personal data processed by us. These rights include the right to be informed about the processing of personal data, the right to access personal data held by ROARIK, and the right to request rectification of inaccurate or incomplete data. Data subjects may also request the erasure of personal data, the restriction of processing, or object to certain forms of processing, where applicable.

Where processing is based on consent or contract and carried out by automated means, you may have the right to receive personal data in a structured, commonly used, and machine- readable format, or to request its transfer to another data controller, where technically feasible. Data subjects also have rights in relation to decisions based solely on automated processing, including profiling, where such processing produces legal or similarly significant effects.

Without prejudice to any other rights or remedies, data subjects have the right to lodge complaints with the NDPC where they believe that their personal data has been processed in violation of applicable data protection laws.

11. Rights of Data Subjects

Requests to exercise any of the rights set out in this Policy may be made by data subjects through the contact details provided in Section 17 below. Requests may be submitted in writing or through any other channel expressly made available for this purpose. In order to protect personal data and prevent unauthorized access, we may require reasonable verification of identity before acting on any request. Where a request is made on behalf of another individual, appropriate evidence of authority may be required. Requests are addressed within reasonable time, and in any event, without undue delay. Where a request cannot be fulfilled, or must be limited or refused, the Data Subject will be informed of the reasons for such decision, to the extent permitted by law.

12. Cookies

Our website, platforms and digital systems use cookies. Cookies are small data files that are placed on your device (computer, mobile phone, or tablet) when you visit a website. Cookies allow us to recognize your device and store some information about your preferences or past actions.

We use cookies and other tracking technologies to enhance your user experience, improve our Services, and personalize your interactions with us. You may manage or disable cookies through your browser settings or device controls. Please note that restricting certain cookies may affect the availability or functionality of some features. More details are adequately provided in our Cookie Policy.

13. Third-Party Links

Our Services may contain links to third-party websites, platforms, or services that are not operated or controlled by us. This Policy does not apply to such third-party environments. We are not responsible for the privacy practices, content, or data processing activities of third parties. Data subjects are encouraged to review the privacy policies and notices applicable to any external websites or platforms they choose to access.

14. Data Privacy Governance

We maintain appropriate internal governance structures to ensure compliance with applicable data protection obligations and to embed privacy considerations into our operations.

A Data Protection Officer or designated privacy function has been appointed with responsibility for overseeing data protection compliance, advising on obligations under the NDPA, and serving as a point of contact for data subjects and regulators. We implement internal policies, procedures, and controls to support lawful data processing, including training and awareness programs for employees and relevant personnel. Compliance is monitored through periodic reviews, assessments, and reporting mechanisms to ensure ongoing alignment with applicable legal and regulatory requirements.

15. Data Breach Management and Remediation

ROARIK maintains internal procedures for the prompt identification, assessment, and management of incidents involving the unauthorized access, loss, disclosure, or misuse of personal data. Data subjects are encouraged to report any concern, complaint, or suspected incident relating to their personal data through the contact channels provided under this Policy. All reports are treated seriously and handled in a timely and confidential manner.

Where a personal data breach occurs, appropriate steps are taken to contain the incident, assess its impact, and implement remedial measures to protect the rights and interests of affected data subjects. Where required under the NDPA, notifications shall be made to the NDPC and affected individuals within the applicable timelines. Where remediation actions extend beyond initial response timelines, affected data subjects will be informed accordingly, and reasonable measures will be taken to mitigate risks and prevent recurrence.

16. Changes to Our Privacy Policy

We reserve the right to amend or update this Policy from time to time to reflect changes in legal requirements, regulatory guidance, business operations, or data processing practices. Where changes are made, appropriate notice will be provided through our website. Your continued interaction with our Services following such updates constitutes acknowledgment of the revised Policy.

17. Contact Details

For any questions, requests, complaints, or further information relating to this Policy or the processing of personal data, data subjects may contact us via roarikeng@gmail.com . All communications will be attended to by our designated data protection function in accordance with applicable data protection laws and regulations.