Privacy Policy

This Privacy Policy explains what personal data we collect, how we use it, the legal bases we rely on, how we share and protect it, and the rights you have under Nigerian law.

When we refer to “Rosden AI”, “we”, “us” or “our”, we mean Rosden AI, a Nigeria-based AI transformation consultancy operating through our website (https://rosden.ng), our related online products, and our professional services in Nigeria and abroad.

Rosden AI is a trading style of Bludel Contracting Limited, a company incorporated in Nigeria with registration number RC 1421820.

By using our website, contacting us, or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

1. Data protection framework

Rosden AI is established in Nigeria and processes personal data in line with the Nigeria Data Protection Act 2023 (NDPA) and the regulatory guidance issued by the Nigeria Data Protection Commission (NDPC).

Where applicable, we also take into account other relevant data protection laws and international best practices, particularly when we serve clients or data subjects outside Nigeria.

2. Our core privacy principles

We are guided by the following principles when handling personal data, reflecting the NDPA’s core obligations:

  • We process personal data lawfully, fairly, and transparently.
  • We collect data only for specific, explicit, and legitimate purposes and do not use it for incompatible purposes (purpose limitation).
  • We limit data to what is adequate, relevant, and necessary for those purposes (data minimisation).
  • We strive to keep data accurate and up to date, and we correct or erase inaccurate data without undue delay (accuracy).
  • We retain data only for as long as necessary for the purposes for which it was collected (storage limitation).
  • We secure personal data using appropriate technical and organisational measures to protect confidentiality, integrity, and availability (security).
  • We are accountable and can demonstrate our compliance with NDPA and NDPC guidance (accountability and duty of care).

3. Who we are and how to contact us

Rosden AI is a Nigeria-based AI transformation consultancy that helps enterprises design, build, and deploy AI solutions, and provides strategic, engineering, and training services.

If you have questions about this Privacy Policy or wish to exercise your data subject rights, you can contact us at:

If required by NDPA and NDPC rules, we may appoint a Data Protection Officer or an external Data Protection Compliance Organisation (DPCO); any such details will be made available on our website or upon request.

4. What personal data we collect

The personal data we collect depends on how you interact with us.

4.1 Data you provide directly

When you use our “Get in Touch” form, contact us by email or phone, or engage our consultancy services, we may collect:

  • Identification and contact details (e.g. name, business email, business phone number, job title, organisation).
  • Professional information (e.g. role, area of responsibility, AI project interests).
  • Content of your communications (e.g. enquiries, feedback, support requests, call notes).
  • Contract and billing information where we enter into a services agreement with you or your organisation.

We generally intend to collect business‑context data (e.g. work email and phone) rather than purely private contact details where feasible.

4.2 Data collected automatically (website and analytics)

When you visit https://rosden.ng, we may automatically collect certain information about your device and usage of the website, using cookies and similar technologies, for example:

  • IP address, general location (city/region), browser type and version, device type, operating system.
  • Pages visited, time spent on pages, referring/exit pages, clickstream data.
  • Cookie identifiers and similar tracking IDs where allowed.

We may use third-party analytics and marketing tools (such as Google Analytics or other providers) for this purpose; such providers act as our data processors and process data on our instructions.

4.3 Data from clients and partners

In the course of delivering AI and software solutions or undertaking discovery, pilots, and deployments, our clients may provide us with personal data relating to their customers, employees, or other individuals.

In these situations, Rosden AI generally acts as a data processor, and we process such data strictly in line with our contracts and the documented instructions of the client, who is the data controller.

4.4 Sensitive personal data

The NDPA defines “sensitive personal data” to include information such as biometric and genetic data, health information, race or ethnic origin, religious or philosophical beliefs, political opinions, sex life, and trade union membership.

Rosden AI does not intentionally collect or process sensitive personal data through our public website, and we ask you not to submit such information via our contact forms or general enquiries.

If sensitive personal data is required in a client project (for example, in a specialised AI solution), this will be governed by a separate contract and a data protection impact assessment (DPIA) in accordance with NDPA requirements.

4.5 Children’s data

Our website and services are directed at organisations and professionals, not at children.

We do not knowingly collect personal data from children under the age specified by NDPA or any applicable law; if you believe a child has provided us with personal data without appropriate consent, please contact us so we can delete it.

5. Why we process your personal data (purposes)

We use the personal data we collect for the following purposes:

  • To respond to your enquiries and “Get in Touch” requests submitted via our website, email, or phone.
  • To provide, manage, and improve our AI consultancy and engineering services to clients.
  • To manage our business relationship with you or your organisation, including proposals, contracts, billing, and project communications.
  • To send you service‑related communications and, where permitted, relevant information about our services, events, or thought leadership.
  • To operate, secure, and improve our website, digital platforms, and internal systems, including troubleshooting, analytics, testing, and research.
  • To comply with legal and regulatory obligations, respond to lawful requests from public authorities, and protect our rights, property, or safety.
  • To conduct legitimate business development and prospecting activities in a B2B context, in accordance with NDPA and NDPC guidance.

We do not sell or rent your personal data.

6. Legal bases for processing (NDPA)

Under the NDPA, we must identify a lawful basis before processing personal data.

Depending on the context, we may rely on one or more of the following legal bases:

  • Consent: where you have clearly agreed to the processing (e.g. opting‑in to receive marketing communications or accepting certain cookies).
  • Contractual necessity: where processing is necessary to enter into or perform a contract with you or your organisation (e.g. providing consultancy deliverables or support).
  • Legal obligation: where processing is required by Nigerian law or other applicable legal requirements (e.g. tax, regulatory records).
  • Legitimate interests: where processing is necessary for our legitimate business interests, and these are not overridden by your rights and freedoms (e.g. securing our systems, business analytics, B2B marketing to existing or prospective clients).
  • Vital interests, public interest, or official authority: in limited circumstances where applicable under NDPA (for example, serious safety or security issues), though these bases are rarely relevant to our typical consultancy activities.

When we rely on consent, you may withdraw it at any time by contacting us or using the unsubscribe or preference mechanisms provided, without affecting the lawfulness of processing based on consent before its withdrawal.

7. Data subject rights under NDPA

Under the Nigeria Data Protection Act 2023, you have several rights in relation to your personal data, subject to applicable conditions and exemptions.

  • Right to be informed about how your data is used (through notices like this).
  • Right of access to a copy of the personal data we hold about you, in a commonly used format where appropriate.
  • Right to rectification of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”) in certain circumstances, for example where data is no longer necessary for the purposes collected or where you withdraw consent and no other lawful basis applies.
  • Right to restrict processing in certain cases, such as where you contest the accuracy of the data or object to processing pending verification.
  • Right to object to certain types of processing, including direct marketing and processing based on legitimate interests, where your rights outweigh our interests.
  • Right to data portability, where technically feasible and applicable, allowing you to obtain and reuse your data in a structured, commonly used, machine‑readable format.
  • Rights related to automated decision‑making and profiling, including the right not to be subject to decisions based solely on automated processing which produce significant effects, except in limited circumstances allowed by law.

To exercise any of these rights, please contact us using the details in section 3, and we may need to verify your identity before responding.

If you are not satisfied with how we handle your request, you also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC). Details are available at: https://www.ndpc.gov.ng.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements.

By way of illustration (subject to internal policies and legal requirements):

  • Website enquiry data and correspondence may be kept for a period appropriate to the enquiry and our business relationship (for example, up to 3 years after last meaningful activity, unless needed longer for legal reasons).
  • Client and contract data may be retained for the duration of the contract and for a subsequent statutory limitation period required under Nigerian law.
  • Technical logs and analytics data may be kept for shorter periods as necessary for security, troubleshooting, and trend analysis in line with our data minimisation and storage limitation obligations.

Where retention is no longer justified, we will securely delete or anonymise the data.

9. How we share personal data

We may share your personal data with the following categories of recipients, only as necessary and with appropriate safeguards:

  • Our employees and authorised contractors who need access to perform their roles.
  • Service providers and third‑party processors who support our operations (for example, website hosting, analytics, CRM, email services, security monitoring), under written agreements that require them to protect your data and use it only on our instructions.
  • Professional advisers (such as lawyers, auditors, or consultants) where necessary for legitimate business or legal purposes.
  • Public authorities, regulators (including the NDPC), law enforcement, or courts where required by law or to protect our legal rights.

We do not authorise our processors to sell or use your personal data for their own independent marketing purposes.

10. International transfers

Rosden AI primarily stores and processes personal data on systems located in Nigeria, but some of our service providers or clients may be located in other countries.

Where personal data is transferred outside Nigeria, we will ensure that such transfers comply with the NDPA, including by:

  • Transferring to countries that NDPC considers to provide adequate data protection, or
  • Putting in place appropriate safeguards such as contractual clauses or other mechanisms approved under Nigerian law.

Further details on the specific safeguards used for international transfers can be provided upon request, where permitted by law and confidentiality obligations.

11. Security of your personal data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or destruction.

These measures may include:

  • Use of firewalls, access controls, and encryption where appropriate.
  • Role‑based access, least‑privilege principles, and background or confidentiality obligations for our personnel.
  • Secure development and deployment practices across our AI and software solutions.
  • Periodic risk assessments, monitoring, and testing of our security controls.

No system is completely secure; however, we take reasonable steps to reduce the risk of data breaches in line with NDPA’s confidentiality, integrity, and availability requirements.

12. Data breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will assess the incident and notify the Nigeria Data Protection Commission within the timeline prescribed by NDPA (typically within 72 hours of becoming aware, where feasible).

Where the breach is likely to result in a high risk to you, we will also inform you without undue delay and provide information and guidance as appropriate.

We maintain internal procedures and logs to record data breaches, their causes, and the remedial steps taken.

13. Cookies and similar technologies

Our website may use cookies and similar technologies to operate effectively, provide certain features, and understand how visitors use our site.

Cookies are small text files stored on your device by your browser.

We may use:

  • Strictly necessary cookies to enable basic website functionality and security.
  • Performance and analytics cookies (e.g. via third‑party tools) to understand visitor interactions and improve our site.
  • Functional cookies to remember your preferences.

Where required by NDPA and applicable guidance (for example, for non‑essential cookies), we will obtain your consent before placing cookies on your device and give you the option to manage or withdraw that consent.

You can choose to manage or disable cookies through your browser settings, but some features of the website may not function properly if you do so.

If we use any third‑party cookies (for example, for analytics or embedded content), those third parties may process data as described in their own privacy notices.

14. Links to other websites and third-party content

Our website may contain links to websites or services that are not operated by Rosden AI.

If you click a third‑party link, you will be directed to that third party’s site, and their own privacy policy will apply.

We are not responsible for the privacy practices or content of such third‑party sites and encourage you to review their policies before providing any personal data.

15. Social media and communications

Rosden AI may maintain pages or accounts on social media platforms (such as LinkedIn or others) to share updates about our work.

Your use of those platforms is subject to their own terms and privacy policies, and we recommend that you review those before interacting with us there.

We will not request sensitive personal information via social media and encourage you to contact us by email or other primary channels for confidential matters.

16. Automated decision‑making and AI systems

As an AI consultancy, our projects may involve designing and deploying AI models or automated decision‑making systems for clients.

For Rosden AI’s own operations (for example, website and marketing), we currently do not make decisions that produce legal or similarly significant effects on individuals based solely on automated processing.

Where our client solutions involve automated decision‑making or profiling about individuals, Rosden AI typically acts as a processor, and responsibilities for transparency, lawful basis, and data subject rights are primarily held by the client as controller, in accordance with NDPA.

In such projects, we work with clients to support compliance, including impact assessments and appropriate safeguards.

17. How to raise concerns or complaints

If you have questions or concerns about how we handle your personal data, or if you wish to make a complaint, please contact us first using the details in section 3 so we can try to resolve the issue.

If you remain dissatisfied, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC), which is Nigeria’s data protection authority.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide more prominent notice (for example, via the website).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.