Last Updated: 26 February 2026
Black Oak Legal Practitioners (“Black Oak,” “we,” “us”) is a full-service, hybrid law firm registered under the laws of the Federal Republic of Nigeria, providing world-class legal services globally. This Privacy Policy explains how we collect, use, process, store, and protect personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation 2023 (NDPR 2023). Please also refer to our Cookie Policy for information on the use of cookies via our website.
1. Definitions
For the purposes of this policy:
Personal Data refers to any information that identifies, or could reasonably be used to identify, a living individual, either alone or in combination with other information.
Processing refers to any operation performed on personal data, including collection, recording, storage, use, disclosure, transfer, or destruction.
2. How We Collect Personal Data
We collect personal data in the course of our professional activities, including:
Recruitment and employment processes;
Provision of legal services to clients;
Engagement with vendors and suppliers;
Access to our website and digital platforms;
Communications via email, social media, or subscription to our services;
Attendance at events or webinars organised by Black Oak.
3. Types of Personal Data We Collect
Depending on the context, we may collect:
Identification Data: Name, age, title, employer, relationship with individuals or organisations;
Contact Data: Physical address, email, telephone, fax;
Technical Data: IP address, browser type, device information, usage patterns;
Background Data: Employment history, education, references, professional qualifications;
Confidential and Sensitive Data: Information provided by clients during legal engagements or generated through legal advice;
Visit Data: Information on visits to our offices or digital platforms;
Any other information you voluntarily provide to us.
4. How We Use Personal Data
We use personal data only for lawful, relevant, and necessary purposes in connection with our professional activities, which may include:
Providing legal advice and services;
Managing our business relationships, including billing, payments, and administration;
Complying with statutory and regulatory obligations;
Securing access to offices, systems, and online platforms;
Fulfilling court orders or other legal requirements;
Pursuing legitimate interests, provided they do not override your fundamental rights;
Other purposes for which personal data was provided, or for which consent has been obtained.
Where you have provided express consent, we may process your personal data for additional purposes, such as:
Marketing communications, newsletters, and updates on our services;
Event invitations and professional publications;
Analytics to improve our client engagement and service delivery.
You may withdraw your consent at any time by contacting us as outlined below.
5. Sharing and Transfer of Personal Data
Personal data may be shared internally across our offices to facilitate seamless service delivery. We ensure that all offices maintain at least a standard level of data protection.
We may share personal data with third parties, including vendors, regulatory authorities, or professional advisors, strictly in compliance with GDPR, NDPR 2023, and other applicable laws. For international transfers, we implement appropriate safeguards, including contractual clauses or approved frameworks, to ensure your data remains protected.
6. Security of Personal Data
We implement reasonable technical and organisational measures to protect personal data against unauthorised access, unlawful processing, accidental loss, destruction, or damage. Personal data may be stored on our secure servers, those of authorised vendors, or in protected paper files.
7. Retention of Personal Data
We retain personal data only for as long as necessary for the purposes outlined above or as required by law. Personal data may be retained beyond these periods where necessary for:
Disaster recovery and backup systems;
Assertion or defence of legal claims;
Regulatory compliance.
Once retention is no longer necessary, we securely delete or anonymise the data.
8. Your Rights
You have rights under GDPR and NDPR 2023, including:
Right of access: Obtain a copy of personal data we hold about you;
Right to rectification: Correct inaccuracies in your data;
Right to erasure: Request deletion of your personal data where applicable;
Right to restriction: Limit processing of your personal data;
Right to object: Object to processing for marketing or other purposes;
Right to data portability: Receive your personal data in a structured, commonly used format;
Right to withdraw consent at any time.
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.
9. Changes to This Policy
This Privacy Policy is effective as of 26 February 2026. We may update this policy periodically to reflect legal, regulatory, or operational changes. Any updates will be posted on our website with the revised effective date.
10. Contact Information
If you have questions, concerns, or wish to exercise your data subject rights, please contact:
email: theblackoaklegal@gmail.com
phone no: 09154328989