Effective Date: 03/03/2026
Version: 1.0
Data Controller: Dominican University, Ibadan
1. INTRODUCTION
Dominican University, Ibadan ("the University", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. As a premier tertiary institution and a "Data Controller of Major Importance," we fully comply with the provisions of the Nigeria Data Protection Act (NDPA) 2023 and the regulations set by the Nigeria Data Protection Commission (NDPC).
This Privacy Policy explains how we collect, use, share, and protect the personal data of our prospective students, current students, alumni, staff, contractors, and visitors to our website (www.dui.edu.ng) and campus.
2. THE DATA WE COLLECT
Depending on your relationship with the University, the ICT Unit, Registry, Clinic, or HR may collect and process the following categories of personal data:
✓ Identity & Contact Data: Name, date of birth, gender, marital status, nationality, passport photographs, home address, email address, phone number, and next-of-kin details.
✓ Academic Data: Previous educational records (WAEC/NECO/JAMB scores), university transcripts, matriculation numbers, attendance records, disciplinary records, and graduation details.
✓ Financial Data: Bank account details, payment card details (processed securely via third-party gateways like Remita/Paystack), tuition payment history, and staff payroll information.
✓ Health & Sensitive Data: Medical history, blood group, genotype, and consultation records collected strictly by the University Clinic for your vital care; biometric data (for ID cards and access control); and religious affiliation.
✓ Technical & Usage Data: IP addresses, browser types, operating systems, and website browsing patterns collected via cookies when you use our website or e-learning portals.
✓ Security Data: CCTV footage captured on campus for security purposes.
3. HOW WE COLLECT YOUR DATA
We collect personal data through the following methods:
➤ Direct Interactions: When you apply for admission, register for courses, apply for a job, visit the clinic, or fill out forms on our website.
➤ Automated Technologies: As you interact with our website and student portals, our ICT systems automatically collect Technical Data via cookies and server logs.
➤ Third Parties: We may receive data about you from external bodies such as the Joint Admissions and Matriculation Board (JAMB), previous schools, background check providers, or external scholarship boards.
4. LAWFUL BASIS AND PURPOSE FOR PROCESSING
Under Section 25 of the NDPA 2023, we only process your personal data where we have a lawful basis to do so. We use your data for the following purposes:
Purpose/Activity |
Category of Data |
Lawful Basis for Processing |
|---|---|---|
Admissions & Academic Management: To process applications, enroll students, and manage academic records. |
Identity, Academic, Contact |
Performance of a Contract (Educational agreement). |
Financial Administration: To collect tuition, pay staff, and manage university accounts. |
Identity, Financial, Contact |
Performance of a Contract & Legal Obligation (Tax/Audits). |
Statutory Reporting: Submitting required data to NUC, JAMB, NYSC, and government bodies. |
Identity, Academic |
Legal Obligation. |
Medical Care: Providing healthcare services at the University Clinic. |
Identity, Health (Sensitive) |
Vital Interests & Explicit Consent. |
Campus Security & IT Management: Monitoring CCTV, securing the university network, and issuing ID cards. |
Identity, Security, Technical |
Legitimate Interest (to ensure a safe campus and secure IT infrastructure). |
Marketing & Alumni Relations: Sending newsletters, event updates, and fundraising requests. |
Identity, Contact |
Consent (You can opt-out at any time). |
5. DATA SHARING AND DISCLOSURE
We do not sell your personal data. However, to function as a university, we may share your data with strictly vetted third parties, including:
🏛️ Government & Regulatory Bodies: National Universities Commission (NUC), JAMB, NYSC, and law enforcement (when legally mandated).
☁️ Service Providers: Cloud hosting providers (e.g., AWS/Microsoft Azure/Google Workspace), payment processors (e.g., Paystack/Interswitch), and e-learning platforms (e.g., Moodle/Canvas).
🤝 Partner Institutions: For exchange programs or external research (with your explicit consent).
Note: All third-party service providers are bound by strict Data Processing Agreements (DPAs) requiring them to secure your data in compliance with the NDPA.
6. INTERNATIONAL DATA TRANSFERS
To provide modern IT services, the University's ICT Unit may use cloud servers located outside Nigeria. Whenever we transfer personal data internationally, we ensure it is protected by ensuring the receiving country has adequate data protection laws recognized by the NDPC, or by executing Standard Contractual Clauses (SCCs) with the service provider.
7. DATA SECURITY
The University's ICT Unit has implemented robust Technical and Organisational Measures (TOMs) to protect your data from unauthorized access, alteration, or breach. These include:
🔒 End-to-end encryption for sensitive data and website traffic (HTTPS).
👤 Role-Based Access Control (RBAC) ensuring staff only access data necessary for their job.
🔐 Multi-Factor Authentication (MFA) on administrative portals.
📊 Regular cybersecurity training for staff and routine vulnerability assessments of our networks.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for.
📜 Academic Records: Core academic records (e.g., transcripts and degree certificates) are kept permanently.
💰 Financial/Staff Records: Retained for a minimum of [six (6)] years to comply with tax and employment laws.
📝 Applicant Data: Data of unsuccessful applicants is securely deleted after [one (1) academic session].