ExaminationsJAMB Mop-up Examination scheduled for June 13 — check your registration status.
Coat of Arms of NigeriaFederal Republic of NigeriaMinistry of Education

Privacy Policy

Federal Ministry of Education · Effective May 2026

Privacy Policy

Federal Ministry of Education · Effective May 2026

Introduction

The Federal Ministry of Education ("the Ministry", "we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, and protect personal data when you:

  • Visit the official Federal Ministry of Education website at education.gov.ng.
  • Use any digital services, registration portals, or online forms operated by the Ministry.
  • Enquire about or purchase our services.
  • Subscribe to marketing communications.
  • Engage with us as a client, supplier, or partner.

This policy applies to health and social care providers, business clients, website visitors, and individuals whose personal data is processed through our services.

Data Controller

NestaDev Ltd
311 Ancoats Garden
Manchester M4 5GH
United Kingdom
Data Protection Contact: support@nestadev.com

What data we collect

1. Information you provide directly

Data category Examples
Account information Organisation name, contact name, job title, email address, phone number, billing address.
User credentials Email address, encrypted password, multi-factor authentication details.
Organisation profile Services offered, registration details, geographic areas served, staff size.
Tender & bid data Tender titles, commissioning authorities, service specifications, bid responses.
Policy & compliance content Policy documents, procedures, implementation plans, care plans, Easy Reads.
Enquiries & contact forms Name, email, phone number, message content.
Support communications Support tickets, email correspondence, feedback.

2. Information automatically collected

When you use our website or platforms, we may collect:

  • Usage data — features accessed, time spent, AI feature interactions.
  • Technical data — IP address, browser type, device type, operating system.
  • Log data — access logs, security logs, performance data.
  • Cookies & tracking — session cookies and analytics cookies (with consent).

3. Information from third parties

  • Public registers (e.g. Companies House, public tender portals such as Contracts Finder).
  • Payment processors (payment confirmations, billing data).
  • Analytics providers (aggregated performance data).
  • CRM and marketing systems used to manage enquiries.

Legal basis for processing (UK GDPR)

Lawful basis Purpose
Contract performance Delivering services, account management, billing, support.
Legitimate interests Service improvement, security monitoring, analytics, product development.
Legal obligation Tax compliance, financial record keeping, regulatory compliance.
Consent Marketing communications, optional cookies, testimonials.

How we use your data

1. Service delivery

  • Providing access to Elsa and NestaDev platforms.
  • Generating AI-assisted recommendations, policies, tender responses, Easy Reads, and care plans.
  • Creating documentation and compliance tools.
  • Processing subscriptions and payments.
  • Providing customer support.

2. Product & service improvement

  • Improving AI accuracy and performance.
  • Developing new features.
  • Conducting usability testing.
  • Analysing usage patterns.

3. Security & fraud prevention

  • Monitoring for unauthorised access.
  • Investigating misuse or fraud.
  • Maintaining audit logs.
  • Responding to security incidents.

4. Marketing & communications

  • Sending service updates.
  • Providing educational materials.
  • Sending promotional communications (with consent).
  • Requesting feedback.

You may opt out of marketing at any time.

Sharing and third parties

We do not sell personal data.

We may share data with trusted service providers under Data Processing Agreements:

Category Purpose Location
Cloud hosting providers Infrastructure & data storage UK / EEA
Payment processors Billing services UK / EEA
Email & CRM systems Communications UK / EEA
Analytics providers Usage analysis UK / EEA
AI/ML providers Natural language processing UK / EEA or approved jurisdictions

We may also disclose data where legally required.

International data transfers

Data is stored primarily in the UK and EEA.

If transferred outside the UK/EEA, we use:

  • UK International Data Transfer Agreement (IDTA).
  • Standard Contractual Clauses.
  • Adequacy decisions.
  • Supplementary safeguards where required.

Cookies and tracking

Essential cookies

Used for login session management, security protection, and platform functionality. These cannot be disabled.

Analytics cookies (with consent)

Used to improve website performance, analyse user behaviour, and optimise user experience. You can manage cookie preferences via your browser settings.

Your rights under UK GDPR

You have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request erasure.
  • Restrict processing.
  • Data portability.
  • Object to processing.
  • Withdraw consent at any time.
  • Not be subject to solely automated decision-making.

Elsa and other NestaDev tools are decision-support systems. AI outputs require human review and are not automated legal decisions.

To exercise your rights:
Email: support@nestadev.com
Phone: 07442 279106

We respond within one month.

Right to complain

You may lodge a complaint with:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113

Data retention

Data type Retention period
Account information Duration of contract + 6 years
Tender & policy content Duration of contract + 2 years
Website enquiries 24 months
Usage & log data 12 months (security logs up to 24 months)
Financial records 6 years
Marketing consent Until withdrawn + 30 days

Security

Technical safeguards

  • AES-256 encryption at rest.
  • TLS 1.3 encryption in transit.
  • Multi-factor authentication.
  • Role-based access controls.
  • Firewalls & intrusion detection.
  • Encrypted backups.

Organisational safeguards

  • Staff data protection training.
  • Confidentiality agreements.
  • Access reviews.
  • Incident response procedures.

Our practices align with recognised information security frameworks and best-practice standards.

Children's data

Elsa is not intended for individuals under 18. We do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy to reflect changes in law, operations, or services. Significant updates will be communicated via a website notice or by email where applicable.

Contact details

NestaDev Ltd
311 Ancoats Garden
Manchester M4 5GH
United Kingdom

Data Protection Lead
Email: support@nestadev.com
Phone: 07442 279106
Website: www.nestadev.com