Data Protection & Privacy Policy

Protecting your privacy and personal data in compliance with Nigerian law

1. Introduction & Scope

At next big thing, we respect your privacy and are committed to protecting the personal data of Nigerian individuals we interact with via our website, WhatsApp channel, social media, and event registration platforms. This Policy aligns with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR).

2. Data Controller / Data Protection Officer (DPO)

Next Big Thing is the Data Controller.

Contact us at:
📧 engage@nextbigthing.ng

3. Personal Data We Collect & Legal Basis

  • Contact info: name, email, phone, institution (for event registration, community updates)
  • Social & web info: WhatsApp, social media IDs, cookies, browsing logs

Lawful basis: explicit consent, legitimate interest (event promotion); and contractual necessity (event attendance)

4. Purpose of Processing

We use data to:

  1. Send updates about next big thing get-together, and activities
  2. Drive community engagement across platforms
  3. Share relevant insights (what we're reading, watching, listening to)
  4. Improve our services and content

5. Data Minimization & Retention

We only collect what's essential. Storage is only as long as needed — typically 2 years — or to meet legal obligations under NDPA & NDPR.

6. Privacy Principles

We adhere to NDPC principles:

  • Fair & transparent processing
  • Purpose limitation: only for declared uses
  • Minimized data collection
  • Accuracy, security, retention limits, and accountability

7. Data Subject Rights

In line with Sections 34–38 of the Act, you can:

  • Request access, updates, deletion
  • Restrict or object to processing
  • Obtain portability of your data
  • Withdraw consent or lodge complaints with us or the NDPC

8. Children's Data (Under 18)

Processing is allowed only where:

  • Parental consent is obtained (for school pupils)
  • It's necessary for education or vital interests — in line with NDPA safeguards

9. Security Measures

We protect data through:

  • Secure servers, encryption, SSL
  • Regular backups & access controls
  • Periodic audits and DPO oversight as required under NDPR & NDPA

10. Third Party Sharing

We may share limited data with:

  • Event hosts or platform partners
  • Service providers (e.g., email, web analytics)

– Only under contracts ensuring NDPA/NDPR compliance.
Cross-border transfers are only to recipients with adequate protection or consent

11. Cookies & Web Tracking

We use essential, analytics, and optional 'marketing' cookies.
You can manage preferences at any time. Consent is required for non-essential cookies.

12. Data Breach Procedure

If data is breached and likely to harm individuals, we will:

  • Notify NDPC within 72 hours
  • Inform affected individuals swiftly
  • Take action to reduce impact

13. Policy Updates

We review and update this policy periodically. The latest version is always available on our website.

14. Contact & Complaints

Questions, requests, or complaints?

📧 Email: engage@nextbigthing.ng
📩 Or file with the NDPC: https://ndpc.gov.ng