Privacy Policy

1. Scope

This policy describes how Crosier handles personal data belonging to employees and HR teams of subscribing organisations ("tenants"). Each tenant is the data controller of its own employee data; Crosier acts as the data processor.

2. Data we process

On behalf of each tenant we process: employee identity (name, contact details, government IDs where required by Nigerian statute — NIN, BVN, PFA RSA PIN), employment records, payroll figures, performance documents, and workplace-incident reports. Sensitive PII is encrypted at rest with per-tenant keys.

3. Your rights under NDPR

Subjects of stored data have the rights of access, rectification, erasure, portability, and objection under the Nigeria Data Protection Regulation (NDPR). Submit requests through your tenant's HR contact, who will route them via the Crosier Helpdesk.

4. Retention

Default retention follows Nigerian statutory schedules: payroll records — 7 years (FIRS); employment records — 10 years (Labour Act); general personal data — 6 years (NDPR). Tenants may extend or shorten retention via their compliance settings.

5. Contact

Reach the Crosier privacy team at privacy@crosier.ng.