Privacy Policy

01 Acceptance of Terms

By accessing the Site or engaging Baxter & Third for any consulting, advisory, or professional services, you signify your acceptance of this Policy and our Terms of Service. If you are entering into this Policy on behalf of a company or other legal entity, you represent that you have the authority to bind such entity. Continued use of the Services following the posting of changes to this Policy constitutes acceptance of those changes.

02 Information We Collect

We collect several types of information from and about users of our Services, including:

2.1 Information You Provide Directly

• Identity & Contact Data: name, job title, employer, business email, business phone number, mailing address.
• Engagement Data: information you provide when submitting inquiries, scheduling consultations, or entering into engagement letters.
• Communications: records and copies of correspondence (including email addresses), notes from calls or meetings, and any documentation you provide as part of an engagement.
• Marketing Preferences: your preferences in receiving marketing communications from us.

2.2 Information We Collect Automatically

• Usage Data: details of your visits to the Site, including traffic data, location data, logs, page views, click paths, referring URLs, session duration, and other communication data.
• Device Data: information about your device, including IP address, browser type and version, time-zone setting, browser plug-in types and versions, operating system, and platform.
• Cookies & Similar Technologies: see Section 5 below for details.

2.3 Information from Third-Party Sources

We may receive information about you from publicly available sources, business partners, marketing service providers, and analytics providers. Where required by law, we will only use such information in accordance with this Policy.

03 How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information, for the following purposes:

• To provide, operate, maintain, and improve our Services and the Site.
• To respond to your inquiries, fulfill your requests, and provide customer support.
• To enter into and perform consulting engagements, including delivering work product, communicating with engagement teams, and issuing invoices.
• To send administrative information, such as updates to our terms, conditions, and policies.
• To send marketing and promotional communications, where you have opted in or where permitted by applicable law.
• To personalize your experience and to deliver content relevant to your interests.
• To monitor and analyze trends, usage, and activities in connection with our Services.
• To detect, investigate, and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
• To enforce our Terms of Service, engagement agreements, and other contractual obligations.
• To comply with legal obligations, regulatory requirements, and lawful requests from public authorities.
• For any other purpose with your consent or as otherwise disclosed at the time of collection.

We may aggregate or de-identify information so that it can no longer reasonably be used to identify you. We may use and share such aggregated or de-identified information for any lawful business purpose without restriction.

04 Disclosure of Your Information

We may disclose personal information that we collect or you provide as described in this Policy:

• To Subsidiaries & Affiliates: entities under common ownership or control with Baxter & Third, for the purposes described in this Policy.
• To Service Providers: contractors, vendors, and third-party service providers we use to support our business (e.g., hosting, payment processing, analytics, email delivery, customer relationship management), who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it.
• To Professional Advisors: lawyers, auditors, bankers, and insurers, where necessary in the course of professional services they render to us.
• For Business Transfers: to a successor or acquirer in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Baxter & Third's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
• To Comply With Legal Obligations: to comply with any court order, law, or legal process, including responding to any government or regulatory request.
• To Enforce Our Rights: to enforce or apply our Terms of Service, engagement agreements, and other agreements, including for billing and collection purposes.
• To Protect Rights & Safety: if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Baxter & Third, our clients, our personnel, or others.
• With Your Consent: for any other purpose disclosed by us when you provide the information, or with your explicit consent.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.

05 Cookies & Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to track activity on our Site and to hold certain information.

5.1 Types of Cookies We Use

• Strictly Necessary Cookies: required for the operation of the Site.
• Analytical/Performance Cookies: allow us to recognize and count the number of visitors and see how visitors move around the Site.
• Functionality Cookies: used to recognize you when you return to the Site.
• Targeting Cookies: record your visit to our Site, the pages you have visited, and the links you have followed.

5.2 Your Choices Regarding Cookies

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience and certain features of the Site may not function properly. Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device.

5.3 Do Not Track Signals

Our Site does not currently respond to "Do Not Track" browser signals, as no industry standard has been adopted. We continue to monitor developments in this area.

06 Data Security

We have implemented commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include encryption in transit and at rest where appropriate, access controls, employee training, and regular security assessments.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of any information we collect, store, or transmit. To the maximum extent permitted by law, we disclaim any liability for the unauthorized access, use, alteration, or disclosure of your personal information. The safety and security of your information also depends on you. Where you have chosen credentials to access certain parts of our Services, you are responsible for keeping those credentials confidential.

07 Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, regulatory, tax, or reporting requirements, to resolve disputes, and to enforce our agreements. When we no longer need to use personal information, we will securely delete or anonymize it. Where this is not possible (for example, because the information has been stored in backup archives), we will securely store the information and isolate it from any further use until deletion is possible.

08 Your Rights & Choices

Depending on your location, you may have certain rights regarding your personal information, subject to applicable law. These may include:

• Right to Access: request a copy of the personal information we hold about you.
• Right to Rectification: request correction of inaccurate or incomplete information.
• Right to Erasure: request deletion of your personal information, subject to applicable exceptions.
• Right to Restrict Processing: request that we limit our processing of your information.
• Right to Data Portability: receive your information in a structured, machine-readable format.
• Right to Object: object to our processing of your information for direct marketing or other legitimate-interest purposes.
• Right to Withdraw Consent: where we rely on consent, you may withdraw it at any time.
• Right to Lodge a Complaint: with a supervisory authority in your jurisdiction.

8.1 California Residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under California law.

8.2 European Economic Area, UK & Switzerland Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, our processing of your personal information is based on one or more of the following legal bases: your consent, the performance of a contract, our legitimate interests, or compliance with a legal obligation.

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@baxterandthird.com. We will respond within the timeframes required by applicable law. We may require you to verify your identity before we respond to your request. We reserve the right to deny requests where permitted by law, including where granting the request would impose an unreasonable burden or conflict with our legal obligations.

09 International Data Transfers

Baxter & Third is headquartered in Abuja, Nigeria. Personal information we collect is primarily processed in Nigeria in accordance with the Nigeria Data Protection Act 2023 (the "NDPA") and regulations issued by the Nigeria Data Protection Commission. Where we engage cloud providers, subcontractors, or service providers located outside Nigeria, your personal information may be transferred to, stored in, and processed in jurisdictions whose data protection laws may differ from those of your country of residence.

When we transfer personal information across borders, we put in place appropriate safeguards (such as adequacy assessments under the NDPA, Standard Contractual Clauses where transfers involve EEA/UK data subjects, or your explicit consent) to ensure your personal information receives adequate protection. By using our Services, you consent to such transfers where consent is the lawful basis.

10 Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete the information.

11 Third-Party Links & Services

The Site may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every site you visit.

12 Confidentiality of Engagement Information

For clients engaging Baxter & Third for consulting or advisory services, information shared in the course of the engagement is governed by the confidentiality and data-handling provisions of the applicable engagement letter, master services agreement, or other contract executed between you and Baxter & Third. Where such agreement conflicts with this Policy, the terms of the agreement shall control with respect to engagement information. This Policy applies to your use of the Site and other general interactions with Baxter & Third.

13 Limitation of Liability

To the fullest extent permitted by applicable law, Baxter & Third, its affiliates, officers, directors, employees, agents, and licensors shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages arising from or related to your use of the Site or our Services, or from any disclosure or use of personal information in connection with the Site, even if Baxter & Third has been advised of the possibility of such damages. Our aggregate liability for any claim arising out of or relating to this Policy shall not exceed the greater of one hundred thousand Nigerian Naira (₦100,000) or the amount paid by you to Baxter & Third for the Services giving rise to the claim in the twelve (12) months preceding the event giving rise to liability. Some jurisdictions do not allow the exclusion or limitation of certain damages, so the above limitations may not apply to you.

14 Indemnification

You agree to defend, indemnify, and hold harmless Baxter & Third and its affiliates, officers, directors, employees, contractors, agents, and licensors from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to your violation of this Policy or your misuse of the Site or our Services.

15 Changes to This Policy

We reserve the right to modify this Policy at any time. If we make material changes, we will post the updated Policy on this page and update the "Last Updated" date above. Where required by law, we will provide additional notice (such as by email or through a notice on the Site). Your continued use of the Services following the posting of changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

16 Governing Law & Dispute Resolution

This Policy and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria, without regard to its conflict of law provisions. Any dispute arising under this Policy shall be resolved exclusively in the courts of competent jurisdiction located in the Federal Capital Territory, Abuja, Nigeria, and you consent to the personal jurisdiction of such courts. Where your local law mandates that disputes be resolved in your jurisdiction, this provision shall apply only to the extent permitted by such law.

17 Contact Information

If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at: