Data Subject Request Procedure

1.   Making Data Subject Access Request

Data Subject Access Request can be made verbally, via email or in writing to Marvinade Limited’s Data Protection Officer (DPO), at the address below;

4, Probyn Road, Ikoyi, Lagos

Tel: 08082910014


If a Data Subject Access Request is made verbally, the requester should be asked to submit their request in writing so that Marvinde Limited can comprehend the scope of the request and authenticate the requester's identity.

If a request is received somewhere else in Marvinade Limited, the Data Protection Officer should be notified promptly so that the request may be handled as soon as possible. After receiving the request, the Data Protection Officer will authenticate the requester's identity and analyse the extent of the request.  

2.   Confirming the Identity of the Requester:

Additional information may be required to confirm the requester's identity. This may be satisfied by producing two or more of the following:

                 i.         valid passport;

                ii.         valid driver's license;

               iii.         a recent energy bill that includes your present address; or

               iv.         certificate of birth/marriage.


If Marvinade Limited is not satisfied with the requester's identity information, the request will be denied to avoid an unintentional breach of security.

If a person requesting the personal data of a data subject makes a request that appears to be made for that data subject, a response must not be supplied unless and until the data subject provides written authorisation. MNYCounsellors should not approach the data subject directly, but should advise the requester that it cannot reply without the data subject's written authority. If consent cannot be obtained or is refused, the DPO will examine the reasons as well as Marvinade Limited's duty of care to both parties in determining whether to share the information.

Where a child's parent makes a request, it must be determined if the minor is mature enough to comprehend their rights. If it is determined that the minor does not comprehend their rights, the answer should be directed to the parent.

3.   Fee for Responding to Requests:

Marvinade Limited will normally deal with a Data Subject Access Request free of charge, however, a fee can be charged for the following reasons:

  1. when a request is clearly unjustified or excessive, or when Marvinade Limited refuse to reply to it. (This will be disclosed in writing, together with the grounds for the refusal to answer); or


  1. where multiple requests for the same data are made.   

4.   Process for dealing with a Data Subject Access Request: 

Once the identification of the data subject (or the right/authority to request the data in the case when the data subject is not the requester) has been established, the DPO will begin the process of contacting the required departments to collect and consolidate the information.

All reasonable and proportional measures shall be taken by the DPO to identify and disclose all data pertaining to the request.

The DPO may ask the requester to identify exactly what information they are seeking, or where they suspect the information may be housed, in order to discover the proper information with Marvinade Limited.

Where there is a reference to a third party in the material, the DPO will redact (block out) the third party. If this is not feasible and agreement from a third party is not obtained, the information will not be released.

The information given in response to a request must be that which Marvinade Limited has at the time the request is received (subject to any exclusions). However, Nigerian Data Protection Regulation permits ordinary data updating and maintenance to proceed between the date the request is received and the date the response is issued. This implies that the information delivered to the individual may change from what was stored when your request was received as a consequence of routine processing.

The DPO will verify that the information provided is understandable and that technical terms are defined and explained.

The response should be delivered in writing, through email or letter, and should include an explanation of the categories of data provided as well as if, and if so, for what reasons, any data has been omitted. 

5.   Period For Responding To A Data Subject Access Request 

Marvinade Limited has 1 (one) calendar month to respond to a Data Subject Access Request. This will start from:

  1. the date of the request;
  2. the date when any additional identification, or other information requested, is received; or
  3. payment of any required fee.  

In the case of complicated requests, the response time may be extended by further 2 (two) calendar months. If it is determined that an extension of the response period is required owing to the complexity of the request, the DPO will tell the requester within 1 (one) calendar month of receiving the request, along with the reasons this is deemed necessary.

If a request is submitted during the holiday season or at the end of the year, a response may not be possible within the 1 (one) calendar month time frame since certain important personnel may be on vacation. If a receipt is received during this time, Marvinade Limited will issue an initial acknowledgement of the request, followed by a subsequent acknowledgement as soon as practicable after the start of a new year, outlining when a complete answer will be delivered (not later than 1 (one) calendar month into the new year). 

6.   Contacts & Complaints

Enquiries regarding this procedure or Marvinade Limited's Data Protection Policies should be directed to Marvinade Limited's DPO using the contact details provided.