Information Security and Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 1, 2026

At American Open University (A-Global), we are committed to protecting the privacy, security, and confidentiality of all personal information entrusted to us by our students, faculty, staff, alumni, and visitors. This policy outlines our practices for collecting, using, storing, and protecting information in compliance with Nigerian data protection laws, including the Nigeria Data Protection Act (NDPA) 2023, and international best practices.

1. Information We Collect

1.1 Student and Applicant Information

We collect and maintain information necessary for admissions, enrollment, and academic purposes, including:

• Personal identification data (name, date of birth, nationality, identification numbers)
• Contact information (email, phone numbers, physical address)
• Academic records and transcripts
• Financial information for tuition and aid processing
• Employment and professional background
• Medical information (when voluntarily provided for accommodation purposes)
• Demographic information for reporting and compliance

1.2 Faculty and Staff Information

We collect employment-related information including personal details, qualifications, performance records, and payroll information.

1.3 Technical and Usage Information

Our digital platforms collect technical data such as IP addresses, browser types, device information, login times, and learning management system activity to improve services and ensure security. 

2. How We Use Your Information

American Open University uses collected information for legitimate educational purposes:

• Processing applications and managing student enrollment
• Delivering educational programs and services
• Communicating important university information
• Processing payments and financial aid
• Maintaining academic records and issuing credentials
• Ensuring campus and digital security
• Conducting institutional research and improvement
• Complying with legal and regulatory requirements
• Providing student support services
• Alumni relations and engagement

3. Information Security Measures

3.1 Technical Safeguards

• Encryption: All sensitive data is encrypted both in transit (using TLS/SSL) and at rest
• Access Controls: Role-based access ensures only authorized personnel can access specific information
• Multi-Factor Authentication: Required for access to university systems containing sensitive data
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring
• Regular Backups: Automated backup systems with secure off-site storage
• Security Audits: Regular vulnerability assessments and penetration testing

3.2 Administrative Safeguards

• Mandatory security awareness training for all staff
• Clear data handling policies and procedures
• Incident response and breach notification protocols
• Regular policy reviews and updates
• Vendor security assessments for third-party services

3.3 Physical Safeguards

• Secure facilities with controlled access
• Surveillance systems in sensitive areas
• Secure disposal of physical records containing personal information

4. Data Sharing and Disclosure

American Open University does not sell personal information. We may share information only in the following circumstances:

4.1 With Your Consent

We share information when you have provided explicit consent, such as for academic partnerships or credential verification.

4.2 Service Providers

We work with trusted third-party service providers (learning management systems, payment processors, communication platforms) who are contractually obligated to protect your information and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information when required by Nigerian law, court orders, or government regulations, or to protect the university’s rights and safety of our community.

4.4 Academic and Professional Organizations

We may share information with accreditation bodies, professional licensing organizations, and other educational institutions for legitimate academic purposes.

4.5 Industry Partners

For dual certification programs with partners like Google and Cisco, we share necessary information as outlined in program agreements and with student consent.

5. Your Rights and Choices

Under the Nigeria Data Protection Act 2023, you have the following rights:

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy and comply with legal obligations:

• Student Academic Records: Maintained permanently in accordance with educational regulations
• Application Materials: Retained for 3 years for unsuccessful applicants
• Financial Records: Retained for 7 years as required by Nigerian law
• Employment Records: Retained according to labor law requirements
• Technical Logs: Retained for 12-24 months for security purposes

7. Cookies and Tracking Technologies

Our website and learning platforms use cookies and similar technologies to enhance user experience, analyze usage patterns, and maintain security. You can control cookie preferences through your browser settings, though some features may not function properly if cookies are disabled.

Types of Cookies We Use:

• Essential Cookies: Required for platform functionality and security
• Analytical Cookies: Help us understand how visitors use our services
• Functional Cookies: Remember your preferences and settings
• Performance Cookies: Improve website and platform performance

8. Children’s Privacy

Our programs are designed for adults aged 18 and above. We do not knowingly collect information from individuals under 18 without parental or guardian consent. If you believe we have inadvertently collected such information, please contact us immediately.

9. International Data Transfers

As a globally-oriented institution with international faculty and partnerships, some of your information may be transferred to and processed in countries outside Nigeria. We ensure such transfers comply with applicable data protection laws and implement appropriate safeguards, including contractual protections and security measures.

10. Security Incident Response

In the event of a data security breach that poses a risk to your rights and freedoms, we will:

• Notify affected individuals within 72 hours of discovery
• Report the breach to the Nigeria Data Protection Commission as required
• Provide information about the nature of the breach and steps being taken
• Offer guidance on protective measures you can take
• Implement remedial actions to prevent future incidents

11. Third-Party Links

Our website and platforms may contain links to external websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Updates to This Policy

We may update this policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. Significant changes will be communicated through email, website notices, or other appropriate channels. Your continued use of university services after such updates constitutes acceptance of the revised policy.

13. Compliance and Oversight

American Open University is committed to compliance with:

• Nigeria Data Protection Act (NDPA) 2023
• Nigeria Data Protection Regulation (NDPR) 2019
• Relevant educational regulations and accreditation standards
• International data protection best practices

Our Data Protection Officer oversees compliance with this policy and applicable laws, conducts regular audits, and serves as the primary contact for data protection matters.

Contact Our Data Protection Officer

For questions, concerns, or to exercise your data protection rights:

Email: info@aouniversity.edu.ng
Phone: (+234) 0816-3597-200
Address: Data Protection Officer
American Open University
03 OlaDosu Oladipo Cl, Ibadan 200285
Oyo State, Nigeria.

14. Acknowledgment

By accessing our services, submitting an application, or enrolling at American Open University, you acknowledge that you have read, understood, and agree to the practices described in this Information Security and Privacy Policy.

American Open University is dedicated to maintaining the trust you place in us by protecting your personal information with the highest standards of security and privacy.