Privacy Policy
1. Introduction
Mantra Attorneys LP ("we", "us", "our") is committed to protecting the privacy and security of personal information...
2. Scope
This policy applies to all users of our website, including clients, visitors, job applicants, and third parties.
3. Information We Collect
- Personal Data: Name, email, phone, address, job title, firm affiliation.
- Usage Data: IP address, browser type, pages visited, time stamps, referring site.
- Cookies and Tracking: See our Cookie Policy for details.
4. Purposes of Processing
- Provide legal advisory and client services.
- Communicate updates and newsletters (with consent).
- Improve website functionality and user experience.
- Comply with legal obligations.
5. Lawful Bases
- Consent: For subscriptions and marketing communications.
- Contractual Necessity: To fulfill our engagement with clients.
- Legal Obligation: To comply with court orders or regulations.
- Legitimate Interest: For network security, fraud prevention, and service improvements.
6. Data Subject Rights
You have right to:
- You have the right to access, rectify, erase your personal date
- Restrict or object to processing
- Request data portability.
- Withdraw consent at any time.
- To Exercise rights,dataprotection@mantraattorneys.ng
7. Data Retention
We retain personal data for the duration of our client relationship and up to 7 years thereafter, unless a longer period is required by law.
8. Data Security
We implement administrative, technical, and physical safeguards aligned with ISO 27001 and NIST to protect data against unauthorized access or loss.
9.Third-Party Sharing
We may share data with: service providers, professional advisors, regulators, and as required by law. All third parties adhere to equivalent data protection standards.
10. International Transfers
Data may be transferred outside Nigeria. We ensure adequate safeguards such as Standard Contractual Clauses or Binding Corporate Rules.
11. Updates to Policy
We may update this policy. Revised versions will be posted with an updated "Last Updated" date.
Terms of Service (ToS) / Acceptable Use Policy
1. Agreement
By accessing our website, you agree to these Terms. If you do not consent, please discontinue use.
2. Allowed Use
You may use the website for lawful purposes: seeking legal information, contacting us, or viewing content.
3. Prohibited Activities
- Harvest data or personal information
- Transmit malware, spam, or harmful code.
- Violate intellectual property rights.
- Attempt unauthorized access to systems.
All content is property of Mantra Attorneys LP.
4. Intellectual Property
You may use the website for lawful purposes: seeking legal information, contacting us, or viewing content.
5. Disclaimers
Your use of the website is at your own risk. We do not warrant accuracy or completeness of information.
6. Liability Limitations
To the fullest extent permitted by law, we disclaim all liability for any loss or damage arising from your use of the site.
7. Governing Law
These Terms are governed by the laws of the Federal Republic of Nigeria.
Vulnerability Disclosure Policy
1. Purpose
Encourage responsible reporting of security vulnerabilities in our web properties.
2. Scope
All publicly accessible Mantra Attorneys LP web systems.
3. Reporting Proces
All publicly accessible Mantra Attorneys LP web systems.
4. Acknowledgment & Response
Acknowledge within 72 hours.
Provide status updates every 7 days until resolution.
5. Safe Harbor
Researchers acting in good faith will not face legal action.
6. Disclosure
We may publicly credit researchers upon fix deployment, unless anonymity requested.
Data Protection Policy
1. Purpose
To define internal practices for handling personal data in compliance with NDPR, GDPR (where applicable), and other laws.
2. Scope
Applies to all employees, contractors, and third parties processing personal data on behalf of Mantra Attorneys LP
3. Principles
- Lawfulness, fairness, transparency.
- Purpose limitation and data minimization.
- Accuracy and storage limitation.
- Integrity and confidentiality
4. Roles & Responsibilities
- Data Protection Officer (DPO):Oversees compliance.
- Data Owners:Classify and approve data usage.
- IT Security: Classify and approve data usage.
5. Technical Controls
- Encryption at rest (AES-256) and in transit (TLS 1.2+).
- Access controls and logging.
- Antivirus, intrusion detection.
7. Training & Awareness
- Data classification procedures.
- Secure disposal of media.
- Regular backups and integrity checks.
6. Operational Controls
Annual mandatory training on data protection and privacy.
8. Breach Notification
DPO must notify regulators within 72 hours of a notifiable breach.
Access Control Policy
1. Objective
Ensure only authorized individuals access systems and data; enforce least privilege.
2. Scope
Covers all systems, applications, and physical locations.
3. Authentication
- Unique user IDs.
- Password complexity: min 12 characters, mix of types.
- Multi-Factor Authentication (MFA) for admin and remote access.
4. Authorization
- Role-Based Access Control (RBAC).
- Privileged accounts require formal approval and periodic review.
5. Account Management
- Onboarding: Request, approval, provisioning.
- Offboarding: Immediate revocation on exit.
- Quarterly access reviews.
6. Session Controls
- Automatic session timeout after 15 minutes of inactivity.
- Enforced secure cookie flags.
Incident Response Policy
1. Purpose
Define process for identifying, containing, eradicating, and recovering from security incidents.
2. Scope
All digital infrastructure, applications, and data under our control.
3. Incident Response Team (IRT)
- Incident Manager: Leads response.
- IT Security Lead, Legal, PR, HR: Support roles.
4. Phases
- Preparation: Tools, training, playbooks.
- Identification: Monitor SIEM, user reports.
- Containment: Short-term and long-term.
- Eradication: Remove malware or unauthorized access.
- Recovery: Restore systems, validate integrity.
- Lessons Learned: Post-mortem report.
5. Communication
- Defined escalation matrix by severity.
- Internal and external notification templates.
6. Reporting
All incidents logged and reviewed monthly by the IRT.
Backup & Retention Policy
1. Purpose
Ensure availability and integrity of data via regular backups.
2. Scope
Covers production databases, file storage, and configurations.
3. Backup Frequency
- Critical databases: hourly incremental, daily full.
- File shares: nightly incremental.
4. Storage & Encryption
- Off-site encrypted backups (AES-256).
- Retention: 90 days for incremental, 1 year for full backups.
5. Restoration Testing
Quarterly drills to validate backup integrity and recovery procedures.
Business Continuity & Disaster Recovery
1. Objective
Maintain critical operations and recover from disruptions with minimal impact.
2. Scope
All critical business functions and supporting IT systems.
3. Roles & Responsibilities
- BCM Lead: Owns plan maintenance.
- DR Coordinator: Executes IT recovery.
4. Recovery Objectives
- RTO: 4 hours for website and email.
- RPO: 1 hour for transactional data.
5. Plan Components
- Business Impact Analysis.
- Continuity strategies (alternate sites, remote work).
- IT Recovery procedures (failover to DR site).
- Communication plan for stakeholders.
6. Testing & Review
Annual full-scale exercises, biannual tabletop drills. Plans updated post-exercise
Last Updated: May 12, 2025
Third-Party Integrations Security
1. Purpose
Manage risks associated with third-party services and APIs.
2. Vendor Due Diligence
- Security questionnaire, audit reports (e.g. SOC 2).
- Data Processing Agreements for any PII sharing
3. Integration Controls
- API keys stored in Vault.
- Least-privilege permissions.
- Regular review of third-party access.
4. Monitoring
Alerts on unusual third-party activity.