Privacy Policy | DESSAA - Staging
Annual permit renewal window closes this month — permit holders with Q2 expiry dates should commence renewal at least 14 days before lapse. Removal exercise scheduled along DLA Road, Asaba — owners of unapproved structures are advised to regularise before 30th April. 2026 fee schedule for digital signage now in effect — revised charges apply to all applications received from 1st April 2026.

Privacy Policy

Last updated: July 3, 2026

Privacy Policy

Delta State Signage and Advertisement Agency (DESSAA) operates the Centralised Signage & Advertising Management Platform (CSAMP) as a government digital service for the regulation and administration of outdoor advertising in Delta State, Nigeria. This Privacy Policy explains how we collect, use, store, and protect your personal information when you access or use CSAMP, and the rights available to you under the Nigeria Data Protection Act 2023 (NDPA).

By creating an account or using this platform, you acknowledge that you have read and understood this Policy.


1. Who We Are

DESSAA is a government agency established under the laws of Delta State, Nigeria, with responsibility for the licensing, regulation, and enforcement of signage and outdoor advertising activities across the State. As the operator of CSAMP, DESSAA is the Data Controller for personal information processed through the platform.


2. Information We Collect

2.1 Information You Provide

When you register, apply for a permit, or otherwise use CSAMP, we collect information that you voluntarily provide, including:

  • Identity information — full name, job title, and government-issued identification details where required.
  • Contact information — email address, phone number, and correspondence address.
  • Business information — company name, RC number or business registration details, business address, and sector of operation.
  • Application materials — site surveys, photographs, structural drawings, and other documents you upload in support of a permit application.
  • Payment information — transaction references and payment confirmation details. We do not store full card numbers; payments are processed through certified payment gateways.
  • Communications — messages sent to us through contact forms, support channels, or in-platform correspondence.

2.2 Information Collected Automatically

When you use CSAMP, certain technical information is collected automatically:

  • Device and connection information — IP address, browser type and version, operating system, and device identifiers.
  • Usage data — pages visited, features used, session duration, and timestamps of activity.
  • Authentication data — login events, two-factor authentication records, and trusted device tokens used for security purposes.
  • Session identifiers — maintained by cookies and related technologies as described in our Cookie Policy.

2.3 Information from Third Parties

If you authenticate via a linked Google account, we receive your name and email address from Google solely to create or match your CSAMP account. We do not receive or store your Google password.


3. Purposes and Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so under the NDPA. Our primary processing purposes are as follows.

Account creation and management — to register your account, verify your identity, and provide access to the platform. Legal basis: performance of a service.

Permit application processing — to receive, review, assess, and determine your applications for outdoor advertising permits. Legal basis: exercise of official authority and public task.

Fee collection and reconciliation — to collect applicable regulatory fees, issue receipts, and maintain financial records. Legal basis: legal obligation and performance of contract.

Communications — to notify you about your application status, renewals, enforcement actions, and platform updates. Legal basis: performance of contract and legitimate interest.

Security and fraud prevention — to detect, investigate, and prevent unauthorised access, fraudulent submissions, and abuse of the platform. Legal basis: legitimate interest and legal obligation.

Regulatory audit trails — to maintain records of decisions, inspections, and enforcement activity as required by law. Legal basis: legal obligation and exercise of official authority.

Platform improvement — to analyse aggregated, anonymised usage patterns to improve the functionality and usability of CSAMP. Legal basis: legitimate interest.

Legal compliance — to respond to court orders, regulatory requests, or law enforcement obligations. Legal basis: legal obligation.


4. How We Share Your Information

DESSAA does not sell, rent, or trade your personal data. We may share your information in the following circumstances.

Within Government — As a government agency, permit decisions, enforcement actions, or regulatory compliance data may be shared with other Delta State Government departments or Federal Government agencies where required by law, inter-agency mandate, or court order.

Service Providers — We engage carefully selected technology and service partners to operate CSAMP. These include cloud infrastructure providers, payment processors, and email delivery services. All such partners are bound by data processing agreements that prohibit them from using your data for any purpose other than delivering services to DESSAA.

Legal and Regulatory Requirements — We may disclose your personal data where we are required to do so by law, regulation, or a valid order of a court or competent authority, or where disclosure is necessary to protect the legal rights, property, or safety of DESSAA, its personnel, or the public.

Business Continuity — In the event that the administration or operation of CSAMP is transferred to a successor agency or body, your personal data may be transferred as part of that transition, subject to the same protections afforded under this Policy.


5. Data Retention

We retain your personal information for as long as your account remains active and for a further period as required by applicable law and regulation. Permit application records, enforcement decisions, and related documents are retained in accordance with Delta State Government records management requirements, which may require retention for periods of several years after the matter is concluded.

When data is no longer required for its original purpose and no legal retention obligation applies, it is securely deleted or anonymised.


6. Security

We implement technical and organisational security measures appropriate to the nature of the personal data we hold, including:

  • Encryption of data in transit using TLS and at rest using AES-256 encryption.
  • Two-factor authentication for user accounts, with trusted device management.
  • Role-based access controls that limit access to personal data to authorised personnel only.
  • Regular security reviews and audit logging of access and changes to sensitive data.
  • Session management controls including automatic timeout of inactive sessions.

Despite these measures, no system is entirely immune from risk. You should keep your login credentials confidential and notify us immediately if you suspect unauthorised access to your account.


7. Cookies and Similar Technologies

We use cookies and related technologies to operate and secure the platform. Full details are provided in our Cookie Policy.


8. Your Rights

Under the Nigeria Data Protection Act 2023, you have the following rights in relation to your personal data:

  • Right of access — to obtain confirmation of whether we hold data about you and to receive a copy of that data.
  • Right to rectification — to request that inaccurate or incomplete data be corrected.
  • Right to erasure — to request deletion of your data where it is no longer necessary for the purposes for which it was collected, subject to overriding legal retention obligations.
  • Right to restriction — to request that we limit processing of your data while a dispute about accuracy or legitimate use is resolved.
  • Right to data portability — to receive your data in a structured, commonly used format where technically feasible.
  • Right to object — to object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please submit a request through our contact page. We will respond within the timeframes required by the NDPA. Note that some rights may be limited where processing is required by law or for the exercise of official authority.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data has been processed unlawfully.


9. Children

CSAMP is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data through our platform, please contact us and we will take prompt steps to delete that data.


10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of CSAMP. Where we make material changes, we will notify registered users through the platform. The version published on this page is always the current and binding version.

Have questions about this policy?

Our team is here to help. Reach out and we will respond within one business day.

We use cookies

This site uses cookies to improve your experience and analyse traffic. By continuing, you agree to our Cookie Policy.

Send Feedback
Spotted a bug or have a suggestion? Let us know.
Title
Type Details
Screenshots (optional)