Privacy Policy

Veritas Global Technologies Ltd ("Veritas Global," "we," "us," or "our") is committed to safeguarding your privacy. This Privacy Policy describes how we collect, process, store, and share information when you visit our website, engage with our enterprise software platforms (including NexHRM), or procure our professional services.

By accessing our website or using any of our services, you acknowledge that you have read and understood this policy. If you disagree with any part of it, we ask that you discontinue use of our services and contact us with any concerns.

A. Information You Provide Directly

• Contact & Account Details: name, job title, business email address, phone number, and company name when you register, subscribe, or request a consultation.
• Business Information: organisational details, project scope, operational requirements, and any documentation you share with us in connection with a service engagement.
• Communications: messages, support tickets, feedback submissions, and survey responses you send to us.
• Payment & Billing Data: billing address and transaction records required to process invoices. Card and payment credentials are processed exclusively by our licensed third-party payment processors and are never stored on our servers.

B. Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device identifiers, and time-zone settings.
• Usage Data: pages viewed, features accessed, referrer URLs, session duration, and other interaction telemetry collected while you use our platforms.
• Cookies & Similar Technologies: session and persistent cookies, analytics pixels, and related tracking mechanisms (see Section 7 for full details).

C. Information from Third Parties

We may receive information about you from:

• Business partners or resellers who introduce or refer client accounts to us.
• Publicly available professional directories and networks where relevant to a business relationship.
• Analytics and marketing platforms, where you have given appropriate consent to those third parties.

We use the information we collect to:

• Deliver our services: provision, maintain, and improve our software platforms and professional service engagements.
• Provide support: respond to enquiries, manage accounts, and resolve technical or billing issues.
• Personalise your experience: tailor product features, dashboards, and recommendations to your organisation's operational context.
• Send communications: service notices, security alerts, product updates, and — where you have opted in — marketing content.
• Ensure security: detect and prevent fraudulent activity, unauthorised access, and abuse of our systems.
• Improve our products: analyse aggregate usage trends and performance metrics to refine features and architecture.
• Meet legal obligations: comply with applicable laws, regulations, and enforceable governmental requests.

Where data protection legislation requires us to identify a legal basis (for example under the Nigeria Data Protection Act, GDPR, or equivalent frameworks), we rely on one or more of the following:

• Consent: where you have actively opted in, such as subscribing to marketing communications.
• Contractual performance: where processing is necessary to deliver a service you have engaged us to provide.
• Legal obligation: where we are required to process data to comply with applicable laws or regulatory requirements.
• Legitimate interests: for business purposes such as improving our platforms, preventing abuse, and managing our operations, provided those interests are not overridden by your rights.

We may share your data with the following categories of parties:

• Service providers: cloud infrastructure providers, analytics platforms, email delivery services, payment processors, and other vendors who process data strictly on our behalf and under appropriate data processing agreements.
• Delivery partners: subcontractors and technical collaborators engaged to fulfil a specific client project, bound by confidentiality obligations.
• Legal and regulatory authorities: when required by applicable law, court order, or valid legal process.
• Corporate transactions: in connection with a merger, acquisition, or sale of assets, where personal data may be transferred as part of that transaction (with notice to affected individuals where required by law).

We do not sell personal data. We do not trade, rent, or otherwise exchange personal information with third parties for their independent marketing purposes.

Veritas Global is headquartered in Nigeria and serves clients across Africa and internationally. Data we collect may be processed in countries outside your country of residence. Where such transfers occur, we apply appropriate safeguards including:

• Standard Contractual Clauses or equivalent contractual protections approved by relevant regulators;
• Adequacy determinations where recognised by the applicable supervisory authority;
• Technical and organisational security controls governing data in transit and at rest.

For details on the safeguards governing a specific transfer, please contact us using the details in Section 14.

We use cookies and similar technologies to authenticate sessions, retain preferences, analyse usage, and support marketing measurement. Our cookies fall into the following categories:

• Essential cookies: required for the website and platform to function and cannot be disabled.
• Preference cookies: remember your settings and display choices across sessions.
• Analytics cookies: collect anonymised data on how visitors navigate our website so we can improve performance and content.
• Marketing cookies: used to measure campaign effectiveness and serve relevant content where you have consented.

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our platforms.

We retain personal data only for as long as is necessary to fulfil the purposes described in this policy, to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Once data is no longer required, we securely delete or anonymise it so that it can no longer be linked to any individual or organisation.

We implement technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, or loss. These include AES-256 encryption in transit and at rest, strict access controls, network security monitoring, and regular security assessments.

While we maintain robust safeguards, no system is entirely immune to risk. If you suspect any unauthorised access or misuse of your information, please notify us immediately using the contact details in Section 14.

Depending on your jurisdiction, you may hold certain rights with respect to your personal data:

• Access: request confirmation of whether we hold data about you and obtain a copy.
• Correction: request that inaccurate or incomplete data be corrected.
• Erasure: request deletion of your personal data where no overriding legal basis exists for continued processing.
• Restriction or objection: request that we limit certain processing activities or cease processing for specific purposes.
• Portability: receive your data in a structured, machine-readable format where technically feasible.
• Withdraw consent: revoke any consent you have previously given at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us as set out in Section 14. We may ask you to verify your identity before we act on your request. If you are located in the EU or UK, you may also lodge a complaint with your local supervisory authority. Nigerian residents may engage the Nigeria Data Protection Commission (NDPC).

Where you have consented or where otherwise permitted by law, we may send you product updates, newsletters, and promotional communications. You may opt out at any time by:

• Clicking the unsubscribe link included in every marketing email;
• Updating your communication preferences in your account; or
• Contacting us directly (see Section 14).

Opting out of marketing does not affect transactional messages such as billing notices, security alerts, or service-critical communications.

Our services are designed for business and enterprise use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal data, please contact us immediately and we will take prompt steps to remove it.

Our website and platforms may include links to, or integrations with, third-party services — including payment processors, analytics providers, and partner platforms. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before submitting any personal data to them.

If you have questions, requests, or concerns about this Privacy Policy or how we handle your data, please reach out to us:

We may revise this Privacy Policy periodically to reflect changes in our practices, platform features, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify affected users via email or a prominent notice on our website. We recommend reviewing this page periodically to stay informed.