Legal
Privacy Policy
Effective Date: 2nd June, 2026 | Last Updated: 12th June, 2026
Oriental Strategy and Analytics Ltd (“OSA,” “we,” “our,” or “us”) is committed to protecting the privacy and personal data of everyone who interacts with us. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your data.
1. Introduction
Oriental Strategy and Analytics Ltd is a strategy, market intelligence, and analytics advisory firm headquartered in Lagos, Nigeria. This Privacy Policy applies to all personal data processed through our website (www.theosagroup.org), email communications, and business operations — including data relating to visitors, prospective and current clients, newsletter subscribers, job applicants, and business contacts.
OSA processes personal data in accordance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR) where still applicable, and the EU General Data Protection Regulation (GDPR) where it applies to individuals in the European Economic Area (EEA) or United Kingdom.
2. Data Controller
The data controller for personal data processed through this website is:
Oriental Strategy and Analytics Ltd
No 3 Fez Street Off Kumasi Crescent, Wuse II, FCT Abuja
Email: privacy@theosagroup.org
3. Personal Data We Collect
We collect different types of personal data depending on how you interact with us.
3.1 Information you provide directly
| Data Category | Examples | When Collected |
|---|---|---|
| Contact information | Name, email address, phone number, company name, job title | When you submit a contact form, request a consultation, or subscribe to our newsletter |
| Enquiry details | The content of your message, the nature of your enquiry, specific intelligence or advisory needs | When you submit a contact form or email us directly |
| Job application data | CV/resume, cover letter, qualifications, work history, references | When you apply for an open role or send a speculative application |
| Newsletter preferences | Email address, communication preferences | When you subscribe to our newsletter or publications |
| Business contact data | Name, title, company, email, phone | When you exchange business information with us at events, meetings, or through referrals |
3.2 Information collected automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Device and browser data | IP address, browser type and version, operating system, screen resolution | Website functionality, security, and analytics |
| Usage data | Pages visited, time on page, referring URL, navigation path | Understanding how visitors use our website and improving content |
| Cookie data | Session identifiers, preference settings, analytics identifiers | See our Cookie Policy for full details |
| Location data (general) | Country and city derived from IP address | Content relevance and analytics |
3.3 Information from third parties
We may receive information about you from publicly available sources, business directories, professional networking platforms, or referrals from existing clients and business contacts. This is limited to professional and business-related information.
4. How We Use Your Personal Data
We process your personal data only for the purposes described below and only where we have a lawful basis to do so.
| Purpose | Data Used | Legal Basis (NDPA/GDPR) | Retention |
|---|---|---|---|
| Responding to enquiries | Contact information, enquiry details | Legitimate interest / consent | 2 years from last contact |
| Client onboarding and engagement | Contact information, business details, engagement records | Performance of a contract / legitimate interest | Duration of engagement + 7 years |
| Sending newsletters and publications | Email address, communication preferences | Consent | Until you unsubscribe |
| Processing job applications | Application data, CV, qualifications | Legitimate interest / consent | 12 months after application (unless hired) |
| Website analytics and improvement | Device data, usage data, cookie data | Legitimate interest / consent (for non-essential cookies) | See Cookie Policy |
| Legal compliance and dispute resolution | Any relevant personal data | Legal obligation / legitimate interest | As required by applicable law |
| Security and fraud prevention | IP address, access logs, device data | Legitimate interest | 12 months |
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share personal data only in the following limited circumstances.
Service providers. We use trusted third-party service providers who process data on our behalf to support our website and business operations. These include our email service provider (for newsletters and transactional emails), website hosting and content management platform, analytics services, and payment processors (where applicable). All service providers are bound by data processing agreements and are required to protect your data to the same standards we apply.
Professional advisors. We may share personal data with legal counsel, auditors, or accountants where necessary for legal compliance, dispute resolution, or professional advice.
Legal requirements. We may disclose personal data where required by law, regulation, court order, or governmental authority, including the Nigeria Data Protection Commission (NDPC) or equivalent regulatory bodies.
Business transfers. In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the successor entity. We will notify affected individuals of any such transfer.
6. International Data Transfers
OSA is headquartered in Lagos, Nigeria, and primarily processes data within Nigeria. Where we transfer personal data outside Nigeria (for example, to service providers based in the EU, UK, or US), we ensure appropriate safeguards are in place, including standard contractual clauses, adequacy decisions, or other mechanisms recognised under the NDPA and GDPR.
Where personal data of individuals in the EEA or UK is transferred to Nigeria, we rely on appropriate transfer mechanisms as required by the GDPR and UK GDPR.
7. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- •Encrypted data transmission (SSL/TLS) across our website
- •Access controls limiting data access to authorised personnel
- •Regular security reviews of our systems and service providers
- •Secure storage of physical and electronic records
While we take reasonable steps to protect your data, no transmission over the internet is completely secure. We will notify you and the relevant authorities of any data breach that poses a risk to your rights and freedoms, as required by applicable law.
8. Your Rights
Depending on your location and the applicable data protection law, you have some or all of the following rights regarding your personal data.
| Right | Description |
|---|---|
| Access | You can request a copy of the personal data we hold about you. |
| Correction | You can request that we correct inaccurate or incomplete data. |
| Deletion | You can request that we delete your personal data, subject to legal retention requirements. |
| Restriction | You can request that we restrict processing of your data in certain circumstances. |
| Data portability | You can request a copy of your data in a structured, machine-readable format (where applicable under GDPR). |
| Objection | You can object to processing based on legitimate interests, including direct marketing. |
| Withdraw consent | Where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal. |
| Lodge a complaint | You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or, for EEA/UK residents, your local supervisory authority. |
To exercise any of these rights, contact us at privacy@theosagroup.org. We will respond within 30 days (or sooner where required by applicable law).
9. Newsletter and Marketing Communications
If you subscribe to our newsletter or publications, we will send you the content you signed up for. We won't add you to marketing lists without your consent. Every email we send includes a clear unsubscribe link. When you unsubscribe, we remove your email from our active mailing list promptly. We may retain a record that you unsubscribed to ensure we don't contact you again.
10. Children's Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Third-Party Links
Our website may contain links to external websites, publications, or platforms that are not operated by OSA. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any external site you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your data, contact us at:
Oriental Strategy and Analytics Ltd
No 3 Fez Street Off Kumasi Crescent, Wuse II, FCT Abuja
Email: privacy@theosagroup.org