This Privacy Policy explains how StreetOps Consulting collects, uses, stores, shares, and protects personal data in connection with Paige by StreetOps. It is drafted in compliance with the Nigeria Data Protection Act 2023 (NDPA), the NDPC General Application and Implementation Directive 2025 (GAID), and relevant international data protection standards including the EU General Data Protection Regulation (GDPR) where applicable. By registering for or using Paige by StreetOps, you confirm that you have read this Privacy Policy and agree to the practices described herein.
- Definitions and Interpretation
- Scope and Applicability
- Data Controller and DPO
- Data Protection Principles
- What Personal Data We Collect
- Special Categories of Personal Data
- How We Collect Personal Data
- Legal Basis for Processing
- Purposes of Processing
- Automated Decision-Making
- Data Retention and Deletion
- Data Sharing and Disclosure
- Cross-Border Data Transfers
- Data Security
- Data Breach Notification
- Your Rights as a Data Subject
- Employee and Team Member Protections
- Children's Data
- Cookies and Tracking Technologies
- Third-Party Links
- Nature of the Diagnostic — Disclaimer
- Sensitive Data and Vulnerable Persons
- NDPC Registration
- Privacy by Design and Default
- Records of Processing Activities
- Data Protection Impact Assessments
- Accountability and Governance
- Complaints Procedure
- Changes to This Policy
- Contact Us
1. Definitions and Interpretation
The following terms have the meanings set out below throughout this Privacy Policy:
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person, including name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. |
| Processing | Any operation performed on personal data, whether or not by automated means, including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, restriction, erasure, or destruction. |
| Data Controller | A person or organisation that determines the purposes and means of processing personal data. StreetOps Consulting is the Data Controller for HR Administrator data. HR Administrators act as Data Controllers for team member data within their own organisations. |
| Data Processor | A person or organisation that processes personal data on behalf of a Data Controller. StreetOps Consulting acts as Data Processor in respect of team member survey data collected for HR Administrators. |
| Data Subject | The identified or identifiable natural person to whom personal data relates. In Paige by StreetOps, data subjects include HR Administrators and team members. |
| HR Administrator | An individual who registers an organisation on Paige by StreetOps and distributes the survey link to team members. |
| Team Member | Any individual invited by an HR Administrator to complete the Paige by StreetOps survey. |
| Culture Health Report | The aggregated organisational assessment report generated from team member survey responses and delivered to the HR Administrator. |
| NDPA | The Nigeria Data Protection Act 2023. |
| GAID | The NDPC General Application and Implementation Directive 2025, effective 19 September 2025. |
| NDPC | The Nigeria Data Protection Commission, the statutory regulatory authority for data protection in Nigeria. |
| Sensitive Personal Data | A special category of personal data requiring heightened protection, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation, and financial information. |
| Consent | A freely given, specific, informed, and unambiguous indication of a data subject's agreement to the processing of their personal data. |
| Data Breach | A security incident that leads to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. |
| DPO | Data Protection Officer — an individual appointed to oversee data protection compliance within an organisation. |
2. Scope and Applicability
This Privacy Policy applies to: all personal data processed by StreetOps Consulting in connection with the Paige by StreetOps platform; all users of the platform, including HR Administrators and team members; all data processing activities carried out by StreetOps Consulting as Data Controller or Data Processor; and all third-party service providers and sub-processors engaged by StreetOps Consulting.
This Policy applies regardless of the device, location, or method used to access the platform, provided the processing relates to personal data of individuals in Nigeria or is carried out by StreetOps Consulting from Nigeria.
This Policy does not apply to third-party websites or services linked from the platform (governed by their own privacy policies), or to data processed by HR Administrators within their own organisations for purposes unrelated to Paige by StreetOps.
3. Data Controller and Data Protection Officer
3.1 Data Controller
StreetOps Consulting is the Data Controller for personal data collected from HR Administrators.
| Field | Details |
|---|---|
| Organisation Name | StreetOps Consulting |
| Registered Address | Suites A34, Mayfair Gardens Complex, Mayfair Gardens, Awoyaya, Ibeju-Lekki, Lagos State, Nigeria. |
| info@streetops.ng | |
| Website | streetops.ng |
| Regulatory Jurisdiction | Federal Republic of Nigeria |
| Applicable Legislation | NDPA 2023; GAID 2025; NDPR 2019 (superseded by GAID from 19 September 2025) |
3.2 Dual Role — Controller and Processor
Where StreetOps Consulting processes team member survey data on behalf of an HR Administrator, StreetOps acts as a Data Processor and the HR Administrator acts as the employer-side Data Controller for that data. StreetOps processes team member data only on the documented instructions of the HR Administrator. HR Administrators are responsible for ensuring their use of the platform is lawful, including ensuring they have valid grounds to invite team members to participate. A Data Processing Agreement governs this relationship.
3.3 Data Protection Officer (DPO)
All data protection enquiries, requests, and complaints should be directed to:
Data Protection Contact
StreetOps Consulting — Privacy and Data Protection
Email: info@streetops.ng · Website: streetops.ng
Please use the subject line 'Data Protection Enquiry' for all privacy-related communications.
4. Data Protection Principles
| Principle | What It Means for Paige by StreetOps |
|---|---|
| Lawfulness, Fairness and Transparency | We process personal data only where we have a valid legal basis, treat data subjects fairly, and are transparent about our data practices through this Privacy Policy. |
| Purpose Limitation | We collect personal data only for specified, explicit, and legitimate purposes. We do not reuse data for purposes incompatible with those stated in this Policy. |
| Data Minimisation | We collect only the personal data that is adequate, relevant, and limited to what is necessary. Team members are asked for numerical responses only — no names, emails, or identifiers. |
| Accuracy | We take reasonable steps to ensure personal data is accurate and kept up to date. HR Administrators are responsible for ensuring their registration details are accurate. |
| Storage Limitation | We retain personal data only for as long as necessary for the stated purposes or as required by law. Specific retention periods are set out in Section 11. |
| Integrity and Confidentiality | We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction. |
| Accountability | StreetOps Consulting is responsible for, and must be able to demonstrate compliance with, all of the above principles. |
5. What Personal Data We Collect
5.1 HR Administrator Data (Identifiable Personal Data)
| Data Element | Purpose | Basis |
|---|---|---|
| Full name | Account creation and personalisation | Consent / Contract |
| Company or organisation name | Report generation and account identification | Consent / Contract |
| Work email address | Report delivery, notifications, and communications | Consent / Contract |
| Approximate team size (range) | Benchmarking; response rate tracking | Consent / Contract |
| Date and time of registration | Audit trail; account management | Legitimate Interests |
| IP address | Security, fraud prevention, and deduplication | Legitimate Interests |
| Device and browser information | Security and technical performance logging | Legitimate Interests |
| Survey link usage data | Tracking response completion rates | Contract Performance |
| Marketing consent record | Recording consent to receive marketing communications | Consent |
5.2 Team Member Survey Data (Anonymised by Design)
When a team member completes the Paige by StreetOps survey, we collect only: numerical responses to 24 survey statements (rated 1 to 5); timestamp of submission; and IP address and basic device/browser data for security and deduplication purposes only — not linked to response content.
We do not collect names, email addresses, employee IDs, job titles, photographs, biometric data, or any other information that would directly identify a team member. No persistent identifier is assigned to a team member's submission.
Architectural Anonymity: Team member data is anonymised at the point of submission. The Paige by StreetOps system has no mechanism to link a specific set of responses to a specific individual. Limitation in small teams: In teams of three to five members, mathematical inference of an individual's response position may be possible in certain scenarios. We recommend a minimum team size of five for meaningful anonymity protection.
5.3 Organisational Data (Not Personal Data)
The Culture Health Report contains aggregated scoring data at the organisational level — dimension-level RAG scores and general recommendations. This organisational data is not personal data and does not identify any individual. However, it is confidential business information belonging to the HR Administrator's organisation and is treated accordingly.
6. Special Categories of Personal Data
The NDPA 2023 and GAID 2025 identify categories of personal data that require heightened protection, including: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data (including mental health), data concerning sex life or sexual orientation, and financial information.
Important Notice Regarding Special Categories: Paige by StreetOps does not intentionally collect special category personal data. The survey consists exclusively of numerical ratings on workplace engagement statements. However, survey responses touching on dimensions such as Psychological Safety or Management Effectiveness could, in limited contexts, indirectly reveal information relevant to health or wellbeing. StreetOps Consulting does not use survey data to infer health, mental health, or any other special category data about any individual. HR Administrators are prohibited from using Paige by StreetOps survey data to make inferences about or take decisions based on any special category characteristic of any team member.
7. How We Collect Personal Data
7.1 Direct Collection
HR Administrators provide their name, company, email, and team size at registration. Team members submit numerical ratings when completing the survey. When HR Administrators contact us by email or through the platform.
7.2 Automated Collection
Technical logs — IP addresses, device type, browser, and timestamp — are automatically collected when users interact with the platform for security and operational purposes. Essential session cookies may be used to maintain survey sessions.
7.3 What We Do Not Collect
We do not collect, and have no mechanism to collect, the following from team members: names, email addresses, phone numbers, or any other directly identifying contact information; employee identification numbers or payroll data; location data beyond coarse IP geolocation for security; any data from social media profiles or third-party platforms; or any data about individuals under the age of 18.
8. Legal Basis for Processing
| Processing Activity | Data Category | Legal Basis |
|---|---|---|
| Account registration and service delivery | HR Admin data | Contract Performance |
| Culture Health Report generation | Survey responses (aggregated) | Contract Performance |
| Email notification on report availability | HR Admin email | Contract Performance |
| Security and fraud prevention logging | IP address, device data | Legitimate Interests |
| Response rate tracking | Team size + submission count | Contract Performance |
| Aggregated product improvement analysis | Anonymised usage patterns | Legitimate Interests |
| Marketing communications | HR Admin email | Consent |
| Legal compliance and regulatory disclosure | Any data | Legal Obligation |
| Dispute resolution and enforcement | Any relevant data | Legitimate Interests / Legal Obligation |
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. Withdrawal of consent does not affect your ability to use the core Paige by StreetOps service.
9. Purposes of Processing
9.1 Service Delivery
To create and manage HR Administrator accounts; to generate unique survey links and distribute access to team members; to aggregate team member survey responses and produce the Culture Health Report; to deliver reports via the online platform and as downloadable PDFs; to send report availability notifications by email to registered HR Administrators; and to track response completion rates and flag incomplete surveys.
9.2 Platform Security and Integrity
To detect, investigate, and prevent fraudulent submissions, duplicate entries, and unauthorised access; to maintain audit logs for security and compliance purposes; and to monitor for system vulnerabilities and apply appropriate remediations.
9.3 Product Improvement
To analyse fully anonymised and aggregated usage patterns and diagnostic outcomes for improving the accuracy and usefulness of Paige by StreetOps. This analysis never involves identifiable individual data and is always conducted at an aggregate level that makes attribution impossible.
9.4 Marketing and Commercial Communications (Consent-Based Only)
Where an HR Administrator has explicitly opted in, to send information about StreetOps Consulting's other products and services. Marketing communications always include a simple unsubscribe mechanism. Withdrawal of marketing consent does not affect access to Paige by StreetOps.
9.5 Legal, Regulatory and Compliance Purposes
To comply with obligations imposed by Nigerian law, the NDPA, GAID, and regulatory authority directives; to defend or pursue legal claims where necessary; and to respond to data subject rights requests.
Purpose Limitation Commitment: StreetOps Consulting will not use personal data collected through Paige by StreetOps for any purpose not set out in this section without first obtaining your explicit consent, or unless required by law.
10. Automated Decision-Making and Profiling
10.1 How Paige by StreetOps Uses Automation
The Culture Health Report is generated through an automated scoring algorithm that aggregates numerical survey responses across six engagement dimensions, calculates average scores and applies RAG thresholds to each dimension, and selects pre-written improvement recommendation blocks based on the scores.
10.2 What This Means for Data Subjects
The automated process produces outputs at the organisational level, not at the level of any individual. The Culture Health Report does not profile, score, rank, or make any decisions about any individual team member.
No Individual Profiling: Paige by StreetOps does not profile individual employees, produce individual scores, or make automated decisions that could affect any individual's employment, compensation, or treatment at work. The automated scoring algorithm operates exclusively on aggregated group-level data.
10.3 Human Review
All Culture Health Reports are the output of an automated algorithm and are not individually reviewed by StreetOps Consulting personnel before delivery. HR Administrators are responsible for applying their own judgement to the report findings before taking any organisational action.
11. Data Retention and Deletion
| Data Category | Retention Period |
|---|---|
| HR Administrator registration data | Duration of active account + 24 months after last activity or account closure |
| Culture Health Reports | 24 months from report generation date |
| Anonymised aggregated survey data | May be retained indefinitely |
| IP address and technical security logs | 90 days from collection |
| Marketing consent records | Duration of consent + 12 months after withdrawal |
| Correspondence and legal communications | 6 years from last communication |
HR Administrators may request immediate deletion of their account and all associated identifiable data by contacting legal@streetops.ng with the subject 'Account Deletion Request'. Deletion requests will be processed within 30 days, subject to any applicable legal hold.
12. Data Sharing and Disclosure
StreetOps Consulting does not sell, rent, trade, or monetise personal data. Data is shared only in strictly limited circumstances.
12.1 Service Providers and Sub-Processors
We may engage third-party technology providers who process data on our behalf as sub-processors. All such providers are required to process data only on StreetOps Consulting's documented instructions; implement equivalent security measures; enter into a binding Data Processing Agreement; comply with the NDPA 2023 and GAID 2025; and notify StreetOps Consulting of any personal data breach without undue delay.
12.2 Legal and Regulatory Disclosure
We may disclose personal data where required by Nigerian law or regulation; a valid court order; a lawful directive from the NDPC; or to protect the vital interests of a data subject where consent cannot be obtained. We will notify affected data subjects of any such disclosure where legally permitted.
12.3 Business Transfers
In the event of a merger, acquisition, or insolvency, personal data may be transferred to a successor entity subject to equivalent privacy protections. Registered HR Administrators will be notified in advance where feasible.
12.4 With Your Consent
We may share personal data with third parties if you have given your explicit, specific, informed, and unambiguous prior consent to such sharing.
What We Will Never Do: We will never sell or monetise personal data; share HR Administrator or team member data with employers or third parties for recruitment, marketing, or research purposes; provide raw survey responses or individual-level data to any party including the HR Administrator; or use personal data in ways not disclosed in this Policy.
13. Cross-Border Data Transfers
Paige by StreetOps may utilise third-party cloud infrastructure whose servers are located outside Nigeria. Any such transfer is conducted in full compliance with the NDPA 2023 and GAID 2025. Before transferring personal data outside Nigeria, StreetOps Consulting ensures that at least one of the following safeguards is in place: an adequacy determination by the NDPC; Standard Contractual Clauses (SCCs) approved under Nigerian law; Binding Corporate Rules approved by the NDPC; or a specific exemption under the NDPA 2023.
14. Data Security
14.1 Technical Measures
Encryption of all personal data in transit using industry-standard TLS protocols; encryption of sensitive personal data at rest using AES-256 or equivalent; access control mechanisms ensuring data is accessible only to authorised personnel; multi-factor authentication for platform administrator access; automated IP-based deduplication and anomaly detection; and secure deletion procedures at the end of the retention period.
14.2 Organisational Measures
Data protection training for all personnel with access to personal data; internal data protection policies; regular review of security practices; due diligence on all third-party sub-processors; and a documented incident response procedure.
14.3 Limitations
No digital system is perfectly secure. StreetOps Consulting cannot guarantee absolute security against all possible threats. We are committed to implementing security measures proportionate to the risk, reviewing them regularly, and responding promptly to any identified vulnerability or incident.
15. Data Breach Notification
StreetOps Consulting maintains a documented data breach response procedure in accordance with the NDPA 2023 and GAID 2025.
15.1 Internal Response
The breach will be identified, contained, and assessed as quickly as possible; a formal breach record will be created; and senior management will be notified immediately upon discovery.
15.2 Notification to the NDPC
Where a data breach is likely to result in risk to the rights and freedoms of data subjects, StreetOps Consulting will notify the NDPC within 72 hours of becoming aware of the breach, as required by the NDPA 2023, including a description of the breach, affected data categories, estimated number of affected data subjects, likely consequences, and measures taken or proposed.
15.3 Notification to Data Subjects
Where a data breach is likely to result in a high risk to affected data subjects, StreetOps Consulting will notify those individuals without undue delay by email and through prominent notice on the platform, including a clear description of what happened, steps being taken, and recommended protective steps.
16. Your Rights as a Data Subject
Under the NDPA 2023 and GAID 2025, all data subjects have the following rights:
| Right | What It Means |
|---|---|
| Right to Be Informed | You have the right to be clearly informed about how your personal data is collected, used, retained, and shared. |
| Right of Access | You may request a copy of the personal data we hold about you. |
| Right to Rectification | You may request correction of inaccurate or incomplete personal data. |
| Right to Erasure | You may request deletion of your personal data where there is no legitimate ongoing legal basis for continued processing. |
| Right to Restrict Processing | You may request that we limit the use of your personal data in certain prescribed circumstances. |
| Right to Data Portability | You may request your personal data in a structured, machine-readable format where technically feasible. |
| Right to Object | You may object to processing based on our legitimate interests, or to processing for direct marketing purposes. |
| Right to Withdraw Consent | Where processing is based on your consent, you may withdraw it at any time without affecting prior lawful processing. |
| Right Not to Be Subject to Automated Decisions | You have the right not to be subject to a decision based solely on automated processing that produces significant effects on you. |
| Right to Lodge a Complaint | You may lodge a complaint with the NDPC if you believe your rights have been violated. |
All data subject rights requests will be processed within 30 days of receipt. We may request proof of identity before fulfilling a request.
Note on Anonymous Survey Data: Because team member survey responses are submitted without any identifying information, StreetOps Consulting is technically unable to link a response set to a specific individual and therefore cannot fulfil data access, rectification, or erasure requests for anonymous survey data.
17. Employee and Team Member Protections
| Protection | How It Is Implemented |
|---|---|
| No individual-level data provided to HR Administrators | Culture Health Reports contain aggregated organisational scores only. No individual response data, raw submissions, or individual-level information is ever disclosed to the HR Administrator. |
| Prohibition on adverse employment action | HR Administrators are contractually prohibited under the Terms of Use from using Culture Health Report data to take adverse employment action against any individual team member. |
| No coercive use of survey data | HR Administrators may not use the platform or its outputs to identify, surveil, or penalise employees for their survey participation or abstention. |
| Voluntary participation for team members | Team members are not required by StreetOps Consulting to complete the survey. Participation should be voluntary. |
| Transparency to team members | The survey landing page contains a clear anonymity notice and a link to this Privacy Policy. |
| Data minimisation | The survey collects numerical ratings only — no open-text responses that could identify individuals. |
18. Children's Data
Paige by StreetOps is designed exclusively for use by adults in a professional workplace context and is not directed at individuals under the age of 18. StreetOps Consulting does not knowingly collect, process, or retain personal data from minors. In compliance with the NDPA 2023, GAID 2025, and the Child Rights Act 2003, registration requires users to confirm they are aged 18 or over; HR Administrators are responsible for ensuring team members completing the survey are adults; and if we become aware a minor has submitted data, we will promptly delete that data.
19. Cookies and Tracking Technologies
| Cookie Type | Purpose |
|---|---|
| Session Cookies | To maintain the state of an active survey session and prevent duplicate submissions. |
| Security Cookies | To detect and prevent fraudulent activity, bot submissions, and malicious requests. |
| Preference Cookies | To remember the data subject's language preference or other non-identifying display settings. |
We do not currently use advertising cookies, third-party analytics cookies that identify individual users, behavioural profiling or retargeting technologies, or cross-site tracking technologies of any kind. Strictly necessary cookies are placed automatically as required for the platform to function.
20. Third-Party Links and External Services
The Paige by StreetOps platform or the Culture Health Report PDF may contain links or references to third-party websites, tools, or resources. StreetOps Consulting has no control over the content, privacy practices, or data handling of third-party websites and does not accept responsibility for them.
21. Nature of the Diagnostic — Important Disclaimer
The Culture Health Report produced by Paige by StreetOps is an organisational diagnostic tool intended to help HR professionals and people managers understand broad patterns of team engagement. It is not, and should not be construed as: professional HR advice or a substitute for qualified HR consultancy; legal advice of any kind; a clinical or psychological assessment of any individual or group; a performance management instrument; evidence of individual conduct, competence, or fitness for any employment purpose; or a scientific measurement or psychometric instrument validated for high-stakes employment decisions.
22. Sensitive Data and Vulnerable Persons
The GAID 2025 introduces a Data Subject Vulnerability Index, recognising that certain categories of data subjects require additional protections. While Paige by StreetOps is designed for a professional adult audience, we recognise that workplace culture surveys can intersect with sensitive personal circumstances.
23. NDPC Registration
Under the NDPA 2023 and GAID 2025, organisations that qualify as Data Controllers or Data Processors of Major Importance (DCPMI) are required to register with the NDPC. StreetOps Consulting will assess its NDPC registration obligations as Paige by StreetOps scales, and will complete registration within the prescribed timeframes if and when applicable thresholds are met.
24. Privacy by Design and Default
StreetOps Consulting is committed to the principle of Privacy by Design — integrating data protection considerations into the design and architecture of Paige by StreetOps from the outset. Key privacy-by-design features include: data minimisation; anonymisation at source; default anonymity; access segregation; encryption by default; minimum retention; and secure deletion.
25. Records of Processing Activities (RoPA)
StreetOps Consulting maintains a RoPA covering all personal data processing carried out in connection with Paige by StreetOps, including the name and contact details of the Data Controller and DPO; categories of data subjects and personal data processed; purposes of processing; legal basis for each processing activity; categories of recipients of personal data; details of cross-border transfers; retention periods; and a general description of technical and organisational security measures.
26. Data Protection Impact Assessments (DPIA)
A DPIA is a structured process for identifying and mitigating privacy risks in new or changed data processing activities. Given the employment-context nature of Paige by StreetOps and the power dynamics inherent in the HR Administrator relationship, StreetOps Consulting has conducted a preliminary DPIA for the platform.
27. Accountability and Governance
27.1 Policies and Procedures
This Privacy Policy is reviewed and updated at minimum annually and following any material change to data processing activities. StreetOps Consulting also maintains internal data handling procedures, a data breach response procedure, and a data retention and deletion schedule.
27.2 Contracts and Agreements
Data Processing Agreements with all sub-processors and third-party service providers; Terms of Use containing binding obligations on HR Administrators governing permitted and prohibited uses of survey data.
28. Complaints Procedure
| Step | Action |
|---|---|
| Step 1 — Contact Us Directly | Email info@streetops.ng with subject 'Privacy Complaint'. |
| Step 2 — Escalation Within StreetOps | If you are not satisfied with our initial response, you may request that your complaint be escalated to a senior member of the StreetOps Consulting team. |
| Step 3 — NDPC Complaint | If you remain unsatisfied, you may lodge a formal complaint with the NDPC. |
29. Changes to This Policy
StreetOps Consulting will review and update this Privacy Policy: at minimum once per year; following any material change to Paige by StreetOps's data processing activities; following any material change to Nigerian data protection law or regulatory guidance; and following any merger, acquisition, or structural change affecting how personal data is controlled or processed.
30. Contact Us
Primary Contact
StreetOps Consulting — Privacy and Data Protection
Email: info@streetops.ng
Website: streetops.ng
This Privacy Policy shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the Courts of the Federal Republic of Nigeria.