Privacy Policy
How uLesson Group Careers collects, uses, and protects your personal data under the EU GDPR and the Nigeria Data Protection Act (NDPA/NDPR).
The uLesson Group Careers ("we", "us") processes personal data to assess candidates for roles at Miva Open University and uLesson. This notice explains what we collect, why, the legal basis, and your rights.
Data we collect
We collect only what is necessary to assess your candidacy and comply with our legal obligations. This falls into three categories:
- Account information — your name, email address, and a securely hashed password so you can sign in safely.
- Application materials — your CV, work history, qualifications, assessment answers, project submissions, and any scenario recordings you provide.
- Technical data — IP address, browser user agent, and audit or proctoring events generated automatically during assessments.
Why we use it (lawful basis)
We process your data under the legal grounds set out in the EU GDPR and the Nigeria Data Protection Act (NDPA/NDPR):
- Performance of a contract — evaluating your application and progressing you through the hiring process at your request.
- Legitimate interest — preventing fraud and ensuring the integrity of our assessments.
- Legal obligation — meeting record-keeping duties required by employment and data-protection law.
Retention
We keep your data only for as long as we have a valid reason to do so. After that, it is securely deleted or anonymised.
Rejected candidates
6 months
Then permanently deleted
Hired candidates
3 years
Then transferred to our HR system
Assessment recordings
12 months
Reviewed and purged annually
Audit logs
7 years
Required for legal compliance
Your rights
You have the following rights under data-protection law. We will respond to any request within 30 days.
To exercise any of these rights, email our Data Protection Officer at dpo@miva.edu.ng. You may also lodge a complaint with the Nigeria Data Protection Commission or your local EU supervisory authority.
Security
We protect your data with encryption in transit (TLS 1.3), encryption at rest, row-level access controls in our database, mandatory multi-factor authentication for staff, and comprehensive audit logging. Our infrastructure is hosted on certified cloud providers with regular penetration testing.
Contact
Data Protection Officer
dpo@miva.edu.ng