9th October 2019
To Whom It May Concern
Dear Sir/Ma,

COURE’s SECURITY MEASURES FOR DATA PROTECTION

In our attempt to provide value added solutions geared towards, amongst other things, the prevention of fraudulent activities in key sectors of the Nigerian economy, we are mindful of the personal data protection and security issues which the Nigerian constitution and regulations such as the EU General Data Protection Regulation (GDPR) and the Nigerian Data Protection Regulation (NDPR) (collectively “Regulations”) have sought to address.
We build our reputation and success on the trust which our partners, clients and stakeholders’ repose in us to provide accurate, secure and timely access to data, and to provide high levels of protection for the data entrusted to us. Whether as a data controller or processor, we hereby confirm that we have policies and processes in place to comply with the Regulations.
We have worked consistently to ensure that every part of our organization which comes in contact with personal data, from both internal and external sources, has implemented processes and practices that comply with the Regulations. To this end, we:

• Implement appropriate security safeguards, including technical and organizational measures, to protect the data entrusted to us against unauthorized access, use, modification or loss by inter alia.
1.   Putting adequate measures in place to ensure the confidentiality, integrity and availability of our systems and services/solutions and the personal data processed within them.
2.   Putting in place an information security policy and taking steps to ensure that the policy is implemented;
3.   Requiring our clients to apply appropriate security and privacy safeguards.
4.   Ensuring that access to COURE’s platform is through secure means such as VPN and SSL encryption.


• Use a privacy by design and by default approach in the design, creation and provision of our solution/service.


• Are accountable for ensuring the lawful processing of the data and only process the data in accordance with the instructions and purpose stipulated by our stakeholders and clients and in accordance with the law.


• Implement lawful data management practices and take measures to prevent the transfer of personal data to unsecured or unmanaged environment.


• Enter into confidentiality agreements with clients and employees to ensure the security of the data entrusted to us.


• Appointed a Data Protection Officer who has the responsibility of reviewing our current processes and ensuring that we comply and continue to comply with all the applicable aspects of the Regulations.


• Ensure that only authorized employees have access to the data. These employees are trained in data protection techniques and measures in compliance with the law.

We use the Regulations as tools to strengthen and demonstrate our commitment to data protection and privacy within our company for the benefit of our stakeholders. Furthermore, our systems have been built in a manner that can allow our partners to have real time access to our platform for the monitoring of data usage and compliance. Also, our system can automatically generate daily, weekly and monthly reports and send the same to partners for review.

Best Regards,