Mantra Attorneys LP logo

Mantra Attorneys LP

Privacy Policy

1. Introduction

Mantra Attorneys LP ("we", "us", "our") is committed to protecting the privacy and security of personal information...

2. Scope

This policy applies to all users of our website, including clients, visitors, job applicants, and third parties.

3. Information We Collect

  • Personal Data: Name, email, phone, address, job title, firm affiliation.
  • Usage Data: IP address, browser type, pages visited, time stamps, referring site.
  • Cookies and Tracking: See our Cookie Policy for details.

4. Purposes of Processing

  • Provide legal advisory and client services.
  • Communicate updates and newsletters (with consent).
  • Improve website functionality and user experience.
  • Comply with legal obligations.

5. Lawful Bases

  • Consent: For subscriptions and marketing communications.
  • Contractual Necessity: To fulfill our engagement with clients.
  • Legal Obligation: To comply with court orders or regulations.
  • Legitimate Interest: For network security, fraud prevention, and service improvements.

6. Data Subject Rights

You have right to:

  • You have the right to access, rectify, erase your personal date
  • Restrict or object to processing
  • Request data portability.
  • Withdraw consent at any time.
  • To Exercise rights,dataprotection@mantraattorneys.ng

7. Data Retention

We retain personal data for the duration of our client relationship and up to 7 years thereafter, unless a longer period is required by law.

8. Data Security

We implement administrative, technical, and physical safeguards aligned with ISO 27001 and NIST to protect data against unauthorized access or loss.

9.Third-Party Sharing

We may share data with: service providers, professional advisors, regulators, and as required by law. All third parties adhere to equivalent data protection standards.

10. International Transfers

Data may be transferred outside Nigeria. We ensure adequate safeguards such as Standard Contractual Clauses or Binding Corporate Rules.

11. Updates to Policy

We may update this policy. Revised versions will be posted with an updated "Last Updated" date.

Cookie Policy

1. Introduction

This Cookie Policy explains how Mantra Attorneys LP uses cookies and similar technologies...

2. What Are Cookies?

Cookies are small text files stored on your device to recognize you and remember your preferences.

3. Updates to Policy

  • Essential Cookies: Required for site functionality (e.g., session cookies).
  • Performance Cookies: Collect anonymous usage data (e.g., Google Analytics).
  • Functional Cookies: Remember preferences (e.g., language).
  • Targeting Cookies: Track browsing habits to deliver relevant ads.

4. Duration

Session Cookies: Deleted when browser closes

Persistent Cookies: Remain until expiry or deletion (typically 6–24 months)

5. Management

You can set your browser to refuse or delete cookies. Opt-out of non-essential cookies via our on-site consent banner or browser settings.

You may manage cookies through your browser or our consent banner.

6. Changes

Policy updates will be posted here with an updated date.

Terms of Service (ToS) / Acceptable Use Policy

1. Agreement

By accessing our website, you agree to these Terms. If you do not consent, please discontinue use.

2. Allowed Use

You may use the website for lawful purposes: seeking legal information, contacting us, or viewing content.

3. Prohibited Activities

  • Harvest data or personal information
  • Transmit malware, spam, or harmful code.
  • Violate intellectual property rights.
  • Attempt unauthorized access to systems.

All content is property of Mantra Attorneys LP.

4. Intellectual Property

You may use the website for lawful purposes: seeking legal information, contacting us, or viewing content.

5. Disclaimers

Your use of the website is at your own risk. We do not warrant accuracy or completeness of information.

6. Liability Limitations

To the fullest extent permitted by law, we disclaim all liability for any loss or damage arising from your use of the site.

7. Governing Law

These Terms are governed by the laws of the Federal Republic of Nigeria.

Vulnerability Disclosure Policy

1. Purpose

Encourage responsible reporting of security vulnerabilities in our web properties.

2. Scope

All publicly accessible Mantra Attorneys LP web systems.

3. Reporting Proces

All publicly accessible Mantra Attorneys LP web systems.

4. Acknowledgment & Response

Acknowledge within 72 hours.

Provide status updates every 7 days until resolution.

5. Safe Harbor

Researchers acting in good faith will not face legal action.

6. Disclosure

We may publicly credit researchers upon fix deployment, unless anonymity requested.

Data Protection Policy

1. Purpose

To define internal practices for handling personal data in compliance with NDPR, GDPR (where applicable), and other laws.

2. Scope

Applies to all employees, contractors, and third parties processing personal data on behalf of Mantra Attorneys LP

3. Principles

  • Lawfulness, fairness, transparency.
  • Purpose limitation and data minimization.
  • Accuracy and storage limitation.
  • Integrity and confidentiality

4. Roles & Responsibilities

  • Data Protection Officer (DPO):Oversees compliance.
  • Data Owners:Classify and approve data usage.
  • IT Security: Classify and approve data usage.

5. Technical Controls

  • Encryption at rest (AES-256) and in transit (TLS 1.2+).
  • Access controls and logging.
  • Antivirus, intrusion detection.

7. Training & Awareness

  • Data classification procedures.
  • Secure disposal of media.
  • Regular backups and integrity checks.

6. Operational Controls

Annual mandatory training on data protection and privacy.

8. Breach Notification

DPO must notify regulators within 72 hours of a notifiable breach.

Access Control Policy

1. Objective

Ensure only authorized individuals access systems and data; enforce least privilege.

2. Scope

Covers all systems, applications, and physical locations.

3. Authentication

  • Unique user IDs.
  • Password complexity: min 12 characters, mix of types.
  • Multi-Factor Authentication (MFA) for admin and remote access.

4. Authorization

  • Role-Based Access Control (RBAC).
  • Privileged accounts require formal approval and periodic review.

5. Account Management

  • Onboarding: Request, approval, provisioning.
  • Offboarding: Immediate revocation on exit.
  • Quarterly access reviews.

6. Session Controls

  • Automatic session timeout after 15 minutes of inactivity.
  • Enforced secure cookie flags.

Incident Response Policy

1. Purpose

Define process for identifying, containing, eradicating, and recovering from security incidents.

2. Scope

All digital infrastructure, applications, and data under our control.

3. Incident Response Team (IRT)

  • Incident Manager: Leads response.
  • IT Security Lead, Legal, PR, HR: Support roles.

4. Phases

  • Preparation: Tools, training, playbooks.
  • Identification: Monitor SIEM, user reports.
  • Containment: Short-term and long-term.
  • Eradication: Remove malware or unauthorized access.
  • Recovery: Restore systems, validate integrity.
  • Lessons Learned: Post-mortem report.

5. Communication

  • Defined escalation matrix by severity.
  • Internal and external notification templates.

6. Reporting

All incidents logged and reviewed monthly by the IRT.

Backup & Retention Policy

1. Purpose

Ensure availability and integrity of data via regular backups.

2. Scope

Covers production databases, file storage, and configurations.

3. Backup Frequency

  • Critical databases: hourly incremental, daily full.
  • File shares: nightly incremental.

4. Storage & Encryption

  • Off-site encrypted backups (AES-256).
  • Retention: 90 days for incremental, 1 year for full backups.

5. Restoration Testing

Quarterly drills to validate backup integrity and recovery procedures.

Business Continuity & Disaster Recovery

1. Objective

Maintain critical operations and recover from disruptions with minimal impact.

2. Scope

All critical business functions and supporting IT systems.

3. Roles & Responsibilities

  • BCM Lead: Owns plan maintenance.
  • DR Coordinator: Executes IT recovery.

4. Recovery Objectives

  • RTO: 4 hours for website and email.
  • RPO: 1 hour for transactional data.

5. Plan Components

  • Business Impact Analysis.
  • Continuity strategies (alternate sites, remote work).
  • IT Recovery procedures (failover to DR site).
  • Communication plan for stakeholders.

6. Testing & Review

Annual full-scale exercises, biannual tabletop drills. Plans updated post-exercise

Last Updated: May 12, 2025

Third-Party Integrations Security

1. Purpose

Manage risks associated with third-party services and APIs.

2. Vendor Due Diligence

  • Security questionnaire, audit reports (e.g. SOC 2).
  • Data Processing Agreements for any PII sharing

3. Integration Controls

  • API keys stored in Vault.
  • Least-privilege permissions.
  • Regular review of third-party access.

4. Monitoring

Alerts on unusual third-party activity.