@tantainnovative/ndpr-toolkit 3.5.1 → 3.6.0

package/dist/chunk-6HZL2WDU.mjs

@@ -1,2 +0,0 @@
-import {a as a$2}from'./chunk-GKKAK6ES.mjs';import {a}from'./chunk-AYKLAEOU.mjs';import {b,a as a$1}from'./chunk-WWT2ZSNU.mjs';import {useState}from'react';import {jsxs,jsx}from'react/jsx-runtime';var gi=({requestTypes:P,onSubmit:V,onValidationError:y,title:N="Submit a Data Subject Request",description:s="Use this form to exercise your rights under the Nigeria Data Protection Act (NDPA), Part IV, Sections 29-36.",submitButtonText:ii="Submit Request",className:q="",buttonClassName:ri="",showConfirmation:ei=true,confirmationMessage:ti="Your request has been submitted successfully. You will receive a confirmation email shortly.",requireIdentityVerification:k=true,identifierTypes:F=[{id:"email",label:"Email Address"},{id:"account",label:"Account Number"},{id:"customer_id",label:"Customer ID"}],collectAdditionalContact:oi=true,labels:v={},classNames:i,unstyled:e=false,isSubmitting:T=false,defaultValues:p,onReset:C})=>{var Y,H,L,U,W,J;let[c,j]=useState((p==null?void 0:p.requestType)||""),[$,w]=useState(((Y=p==null?void 0:p.dataSubject)==null?void 0:Y.fullName)||""),[S,E]=useState(((H=p==null?void 0:p.dataSubject)==null?void 0:H.email)||""),[I,B]=useState(((L=p==null?void 0:p.dataSubject)==null?void 0:L.phone)||""),[O,z]=useState(((U=p==null?void 0:p.dataSubject)==null?void 0:U.identifierType)||((W=F[0])==null?void 0:W.id)||""),[x,M]=useState(((J=p==null?void 0:p.dataSubject)==null?void 0:J.identifierValue)||""),[_,A]=useState((p==null?void 0:p.additionalInfo)||{}),[ni,D]=useState(false),[d,Z]=useState({}),di=()=>{var r;j(""),w(""),E(""),B(""),z(((r=F[0])==null?void 0:r.id)||""),M(""),A({}),D(false),Z({}),C==null||C();},a$3=P.find(r=>r.id===c),pi=r=>{j(r.target.value),A({});},h=(r,b$1)=>{A(l=>b(a$1({},l),{[r]:b$1}));},ai=()=>{let r={};return $.trim()||(r.fullName="Full name is required"),S.trim()?/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(S)||(r.email="Email is invalid"):r.email="Email is required",c||(r.requestType="Please select a request type"),k&&!x.trim()&&(r.identifierValue="Identifier value is required"),a$3!=null&&a$3.requiresAdditionalInfo&&a$3.additionalFields&&a$3.additionalFields.forEach(b=>{b.required&&!_[b.id]&&(r[`additional_${b.id}`]=`${b.label} is required`);}),Z(r),r},ui=r=>{r.preventDefault();let b=ai();if(Object.keys(b).length>0){y==null||y(b);return}let l=Object.keys(_).length>0?Object.fromEntries(Object.entries(_).map(([u,m])=>[u,typeof m=="string"?a$2(m):m])):void 0,R={requestType:c,dataSubject:{fullName:a$2($),email:a$2(S),phone:I?a$2(I):void 0,identifierType:O,identifierValue:a$2(x)},additionalInfo:l,submittedAt:Date.now()};V(R),ei&&D(true);},G=`ndpr-dsr-form__button ndpr-dsr-form__button--primary ${ri}`.trim(),bi="ndpr-dsr-form__button ndpr-dsr-form__button--secondary";return ni?jsxs("div",{"data-ndpr-component":"dsr-request-form","data-ndpr-state":"submitted",className:a(`ndpr-dsr-form__success${q?` ${q}`:""}`,i==null?void 0:i.successMessage,e),"aria-live":"polite",children:[jsx("h2",{className:a("ndpr-dsr-form__success-title",i==null?void 0:i.title,e),children:"Request Submitted"}),jsx("p",{className:a("ndpr-dsr-form__success-body",i==null?void 0:i.description,e),children:ti}),jsx("button",{onClick:()=>D(false),className:a(G,(i==null?void 0:i.primaryButton)||(i==null?void 0:i.submitButton),e),children:"Submit Another Request"})]}):jsxs("div",{"data-ndpr-component":"dsr-request-form",className:a(`ndpr-dsr-form${q?` ${q}`:""}`,i==null?void 0:i.root,e),children:[jsx("h2",{className:a("ndpr-dsr-form__title",i==null?void 0:i.title,e),children:N}),jsx("p",{className:a("ndpr-dsr-form__description",i==null?void 0:i.description,e),children:s}),jsx("form",{onSubmit:ui,className:a("",i==null?void 0:i.form,e),children:jsxs("div",{className:a("ndpr-dsr-form__sections",i==null?void 0:i.fieldGroup,e),children:[jsxs("div",{children:[jsx("h3",{className:e?"":"ndpr-form-section__heading",children:"Personal Information"}),jsxs("div",{className:e?"":"ndpr-form-grid ndpr-form-grid--2",children:[jsxs("div",{children:[jsxs("label",{htmlFor:"fullName",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:[v.name||"Full Name"," ",jsx("span",{className:e?"":"ndpr-form-field__required",children:"*"})]}),jsx("input",{type:"text",id:"fullName",value:$,onChange:r=>w(r.target.value),className:a("ndpr-form-field__input",i==null?void 0:i.input,e),required:true,"aria-required":"true","aria-invalid":!!d.fullName,"aria-describedby":d.fullName?"fullName-error":void 0}),d.fullName&&jsx("p",{id:"fullName-error",role:"alert",className:e?"":"ndpr-form-field__error",children:d.fullName})]}),jsxs("div",{children:[jsxs("label",{htmlFor:"email",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:[v.email||"Email Address"," ",jsx("span",{className:e?"":"ndpr-form-field__required",children:"*"})]}),jsx("input",{type:"email",id:"email",value:S,onChange:r=>E(r.target.value),className:a("ndpr-form-field__input",i==null?void 0:i.input,e),required:true,"aria-required":"true","aria-invalid":!!d.email,"aria-describedby":d.email?"email-error":void 0}),d.email&&jsx("p",{id:"email-error",role:"alert",className:e?"":"ndpr-form-field__error",children:d.email})]}),oi&&jsxs("div",{children:[jsx("label",{htmlFor:"phone",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:"Phone Number (Optional)"}),jsx("input",{type:"tel",id:"phone",value:I,onChange:r=>B(r.target.value),className:a("ndpr-form-field__input",i==null?void 0:i.input,e)})]})]})]}),jsxs("div",{children:[jsx("h3",{className:e?"":"ndpr-form-section__heading",children:"Request Details"}),jsxs("div",{className:e?"":"ndpr-form-field",children:[jsxs("label",{htmlFor:"requestType",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:[v.requestType||"Request Type"," ",jsx("span",{className:e?"":"ndpr-form-field__required",children:"*"})]}),jsxs("select",{id:"requestType",value:c,onChange:pi,className:a("ndpr-form-field__select",i==null?void 0:i.select,e),required:true,"aria-required":"true","aria-invalid":!!d.requestType,"aria-describedby":d.requestType?"requestType-error":void 0,children:[jsx("option",{value:"",children:"Select a request type"}),P.map(r=>jsx("option",{value:r.id,children:r.name},r.id))]}),d.requestType&&jsx("p",{id:"requestType-error",role:"alert",className:e?"":"ndpr-form-field__error",children:d.requestType})]}),a$3&&jsxs("div",{className:e?"":"ndpr-dsr-form__type-info",children:[jsx("p",{children:a$3.description}),jsxs("p",{children:["Estimated completion time: ",a$3.estimatedCompletionTime," ",a$3.estimatedCompletionTime===1?"day":"days"]})]}),jsxs("div",{className:e?"":"ndpr-form-field",children:[jsx("label",{htmlFor:"requestDescription",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:v.description||"Additional Information"}),jsx("textarea",{id:"requestDescription",className:a("ndpr-form-field__textarea",i==null?void 0:i.textarea,e),rows:4,placeholder:"Please provide any additional details that might help us process your request"})]})]}),k&&jsxs("div",{children:[jsx("h3",{className:e?"":"ndpr-form-section__heading",children:"Identity Verification"}),jsx("p",{className:e?"":"ndpr-form-section__hint",children:"To protect your privacy, we need to verify your identity before processing your request."}),jsxs("div",{className:e?"":"ndpr-form-grid ndpr-form-grid--2",children:[jsxs("div",{children:[jsxs("label",{htmlFor:"identifierType",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:["Identifier Type ",jsx("span",{className:e?"":"ndpr-form-field__required",children:"*"})]}),jsx("select",{id:"identifierType",value:O,onChange:r=>z(r.target.value),className:a("ndpr-form-field__select",i==null?void 0:i.select,e),required:true,"aria-required":"true",children:F.map(r=>jsx("option",{value:r.id,children:r.label},r.id))})]}),jsxs("div",{children:[jsxs("label",{htmlFor:"identifierValue",className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:["Identifier Value ",jsx("span",{className:e?"":"ndpr-form-field__required",children:"*"})]}),jsx("input",{type:"text",id:"identifierValue",value:x,onChange:r=>M(r.target.value),className:a("ndpr-form-field__input",i==null?void 0:i.input,e),required:true,"aria-required":"true","aria-invalid":!!d.identifierValue,"aria-describedby":d.identifierValue?"identifierValue-error":void 0}),d.identifierValue&&jsx("p",{id:"identifierValue-error",role:"alert",className:e?"":"ndpr-form-field__error",children:d.identifierValue})]})]})]}),(a$3==null?void 0:a$3.requiresAdditionalInfo)&&a$3.additionalFields&&a$3.additionalFields.length>0&&jsxs("div",{children:[jsx("h3",{className:e?"":"ndpr-form-section__heading",children:"Additional Information"}),jsx("div",{className:e?"":"ndpr-form-section",children:a$3.additionalFields.map(r=>{var b,l,R;return jsxs("div",{children:[jsxs("label",{htmlFor:r.id,className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:[r.label," ",r.required&&jsx("span",{className:e?"":"ndpr-form-field__required",children:"*"})]}),r.type==="text"&&jsx("input",{type:"text",id:r.id,value:String((b=_[r.id])!=null?b:""),onChange:u=>h(r.id,u.target.value),placeholder:r.placeholder,className:a("ndpr-form-field__input",i==null?void 0:i.input,e),required:r.required,"aria-required":r.required||void 0,"aria-invalid":!!d[`additional_${r.id}`],"aria-describedby":d[`additional_${r.id}`]?`additional-${r.id}-error`:void 0}),r.type==="textarea"&&jsx("textarea",{id:r.id,value:String((l=_[r.id])!=null?l:""),onChange:u=>h(r.id,u.target.value),placeholder:r.placeholder,className:a("ndpr-form-field__textarea",i==null?void 0:i.textarea,e),rows:4,required:r.required,"aria-required":r.required||void 0,"aria-invalid":!!d[`additional_${r.id}`],"aria-describedby":d[`additional_${r.id}`]?`additional-${r.id}-error`:void 0}),r.type==="select"&&r.options&&jsxs("select",{id:r.id,value:String((R=_[r.id])!=null?R:""),onChange:u=>h(r.id,u.target.value),className:a("ndpr-form-field__select",i==null?void 0:i.select,e),required:r.required,"aria-required":r.required||void 0,"aria-invalid":!!d[`additional_${r.id}`],"aria-describedby":d[`additional_${r.id}`]?`additional-${r.id}-error`:void 0,children:[jsx("option",{value:"",children:r.placeholder||"Select an option"}),r.options.map(u=>jsx("option",{value:u,children:u},u))]}),r.type==="checkbox"&&jsxs("div",{className:e?"":"ndpr-form-field__checkbox-row",children:[jsx("input",{type:"checkbox",id:r.id,checked:!!_[r.id],onChange:u=>h(r.id,u.target.checked),className:e?"":"ndpr-form-field__checkbox",required:r.required,"aria-required":r.required||void 0,"aria-invalid":!!d[`additional_${r.id}`],"aria-describedby":d[`additional_${r.id}`]?`additional-${r.id}-error`:void 0}),jsx("label",{htmlFor:r.id,className:a("ndpr-form-field__label",i==null?void 0:i.label,e),children:r.placeholder||r.label})]}),r.type==="file"&&jsx("input",{type:"file",id:r.id,onChange:u=>{var K;let m=(K=u.target.files)==null?void 0:K[0];m&&h(r.id,m.name);},className:a("ndpr-form-field__input",i==null?void 0:i.input,e),required:r.required,"aria-required":r.required||void 0,"aria-invalid":!!d[`additional_${r.id}`],"aria-describedby":d[`additional_${r.id}`]?`additional-${r.id}-error`:void 0}),d[`additional_${r.id}`]&&jsx("p",{id:`additional-${r.id}-error`,role:"alert",className:e?"":"ndpr-form-field__error",children:d[`additional_${r.id}`]})]},r.id)})})]}),jsxs("div",{className:e?"":"ndpr-dsr-form__notice",children:[jsx("h3",{className:e?"":"ndpr-dsr-form__notice-title",children:"Privacy Notice"}),jsx("p",{className:e?"":"ndpr-dsr-form__notice-body",children:"The information you provide in this form will be used solely for the purpose of processing your data subject request. We will retain this information for as long as necessary to fulfill your request and to comply with our legal obligations. For more information, please refer to our Privacy Policy."})]}),jsxs("div",{className:e?"":"ndpr-dsr-form__actions",children:[T&&(i==null?void 0:i.loadingOverlay)&&jsx("div",{className:i.loadingOverlay}),jsx("button",{type:"submit",disabled:T,className:a(G,(i==null?void 0:i.primaryButton)||(i==null?void 0:i.submitButton),e),children:T?"Submitting...":v.submit||ii}),jsx("button",{type:"button",onClick:di,className:a(bi,void 0,e),children:"Reset"})]})]})})]})};export{gi as a};//# sourceMappingURL=chunk-6HZL2WDU.mjs.map
-//# sourceMappingURL=chunk-6HZL2WDU.mjs.map

package/dist/chunk-75TJPK2N.mjs

@@ -1,2 +0,0 @@
-var n={AT:{country:"Austria",isoCode:"AT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},BE:{country:"Belgium",isoCode:"BE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},BG:{country:"Bulgaria",isoCode:"BG",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},HR:{country:"Croatia",isoCode:"HR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},CY:{country:"Cyprus",isoCode:"CY",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},CZ:{country:"Czech Republic",isoCode:"CZ",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},DK:{country:"Denmark",isoCode:"DK",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},EE:{country:"Estonia",isoCode:"EE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},FI:{country:"Finland",isoCode:"FI",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},FR:{country:"France",isoCode:"FR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},DE:{country:"Germany",isoCode:"DE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR with additional national provisions (BDSG).",lastUpdated:"2024-01-01"},GR:{country:"Greece",isoCode:"GR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},HU:{country:"Hungary",isoCode:"HU",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},IE:{country:"Ireland",isoCode:"IE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR. Hosts many multinational data processors.",lastUpdated:"2024-01-01"},IT:{country:"Italy",isoCode:"IT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},LV:{country:"Latvia",isoCode:"LV",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},LT:{country:"Lithuania",isoCode:"LT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},LU:{country:"Luxembourg",isoCode:"LU",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},MT:{country:"Malta",isoCode:"MT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},NL:{country:"Netherlands",isoCode:"NL",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},PL:{country:"Poland",isoCode:"PL",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},PT:{country:"Portugal",isoCode:"PT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},RO:{country:"Romania",isoCode:"RO",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},SK:{country:"Slovakia",isoCode:"SK",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},SI:{country:"Slovenia",isoCode:"SI",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},ES:{country:"Spain",isoCode:"ES",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},SE:{country:"Sweden",isoCode:"SE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},IS:{country:"Iceland",isoCode:"IS",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EEA member; GDPR applies through EEA Agreement.",lastUpdated:"2024-01-01"},LI:{country:"Liechtenstein",isoCode:"LI",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EEA member; GDPR applies through EEA Agreement.",lastUpdated:"2024-01-01"},NO:{country:"Norway",isoCode:"NO",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EEA member; GDPR applies through EEA Agreement.",lastUpdated:"2024-01-01"},GB:{country:"United Kingdom",isoCode:"GB",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Protected by UK GDPR and the Data Protection Act 2018. EU adequacy decision granted post-Brexit.",lastUpdated:"2024-01-01"},US:{country:"United States",isoCode:"US",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"No comprehensive federal data protection law. Adequacy depends on transfer mechanism used (e.g. EU-US Data Privacy Framework, standard contractual clauses). Sector-specific laws exist (HIPAA, CCPA, etc.).",lastUpdated:"2024-01-01"},CA:{country:"Canada",isoCode:"CA",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Protected by PIPEDA (Personal Information Protection and Electronic Documents Act) and provincial privacy laws. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},ZA:{country:"South Africa",isoCode:"ZA",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Protected by POPIA (Protection of Personal Information Act, 2013). Comprehensive data protection framework with an independent Information Regulator.",lastUpdated:"2024-01-01"},GH:{country:"Ghana",isoCode:"GH",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Data Protection Act 2012 (Act 843) establishes a data protection framework. Enforcement capacity is still developing.",lastUpdated:"2024-01-01"},KE:{country:"Kenya",isoCode:"KE",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Data Protection Act 2019 provides a modern framework. The Office of the Data Protection Commissioner is operational but still maturing.",lastUpdated:"2024-01-01"},RW:{country:"Rwanda",isoCode:"RW",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Law No. 058/2021 on the Protection of Personal Data and Privacy. Framework is relatively new.",lastUpdated:"2024-01-01"},EG:{country:"Egypt",isoCode:"EG",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Personal Data Protection Law No. 151 of 2020. Implementation and enforcement are still in early stages.",lastUpdated:"2024-01-01"},TZ:{country:"Tanzania",isoCode:"TZ",adequacyStatus:"not_adequate",recognizedBy:"NDPC",notes:"No comprehensive data protection legislation in force.",lastUpdated:"2024-01-01"},UG:{country:"Uganda",isoCode:"UG",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Data Protection and Privacy Act 2019 provides a framework, but enforcement capacity is limited.",lastUpdated:"2024-01-01"},SN:{country:"Senegal",isoCode:"SN",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Law No. 2008-12 on the Protection of Personal Data. One of the earlier African data protection laws.",lastUpdated:"2024-01-01"},MA:{country:"Morocco",isoCode:"MA",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data (2009). Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},MU:{country:"Mauritius",isoCode:"MU",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Data Protection Act 2017 provides a comprehensive framework modelled on international standards.",lastUpdated:"2024-01-01"},CN:{country:"China",isoCode:"CN",adequacyStatus:"not_adequate",recognizedBy:"NDPC",notes:"Personal Information Protection Law (PIPL) enacted in 2021 but government access provisions and limited independent oversight raise concerns. Transfers require security assessments or standard contracts.",lastUpdated:"2024-01-01"},IN:{country:"India",isoCode:"IN",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Digital Personal Data Protection Act 2023 enacted. Implementation rules and enforcement mechanisms are still being finalized.",lastUpdated:"2024-01-01"},SG:{country:"Singapore",isoCode:"SG",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Personal Data Protection Act 2012 (PDPA) provides a robust framework. Strong enforcement by the PDPC.",lastUpdated:"2024-01-01"},JP:{country:"Japan",isoCode:"JP",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Act on the Protection of Personal Information (APPI). Recognized as adequate by the EU under mutual adequacy arrangement.",lastUpdated:"2024-01-01"},KR:{country:"South Korea",isoCode:"KR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Personal Information Protection Act (PIPA). Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},AE:{country:"United Arab Emirates",isoCode:"AE",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Federal Decree-Law No. 45 of 2021 on Personal Data Protection. DIFC and ADGM free zones have their own data protection regulations with stronger frameworks.",lastUpdated:"2024-01-01"},SA:{country:"Saudi Arabia",isoCode:"SA",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Personal Data Protection Law (Royal Decree M/19, 2021). Framework is new and enforcement is still developing.",lastUpdated:"2024-01-01"},IL:{country:"Israel",isoCode:"IL",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Protection of Privacy Law 5741-1981 and regulations. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},BR:{country:"Brazil",isoCode:"BR",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Lei Geral de Protecao de Dados (LGPD, 2020) provides a comprehensive framework. The ANPD is actively enforcing.",lastUpdated:"2024-01-01"},AR:{country:"Argentina",isoCode:"AR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Personal Data Protection Act No. 25,326. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},AU:{country:"Australia",isoCode:"AU",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Privacy Act 1988 provides protection but does not fully align with GDPR-level standards. Reform efforts are ongoing.",lastUpdated:"2024-01-01"},NZ:{country:"New Zealand",isoCode:"NZ",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Privacy Act 2020 provides a comprehensive framework. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},CH:{country:"Switzerland",isoCode:"CH",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Federal Act on Data Protection (FADP, revised 2023). Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},RU:{country:"Russia",isoCode:"RU",adequacyStatus:"not_adequate",recognizedBy:"NDPC",notes:"Federal Law on Personal Data (No. 152-FZ). Data localization requirements and government access concerns.",lastUpdated:"2024-01-01"}};function u(e){let t=e.trim().toUpperCase();if(n[t])return n[t];let a=e.trim().toLowerCase();for(let o of Object.values(n))if(o.country.toLowerCase()===a)return o}function m(){return Object.values(n).filter(e=>e.adequacyStatus==="adequate")}function q(e){let t=u(e);return t?t.adequacyStatus!=="adequate":true}function p(e){return e==="standard_clauses"||e==="binding_corporate_rules"||e==="ndpc_authorization"}function C(e){return {adequacy_decision:"Adequacy Decision (NDPA Section 41) \u2014 Transfer to a country or territory that the NDPC has determined provides an adequate level of data protection.",standard_clauses:"Standard Contractual Clauses (NDPA Section 42) \u2014 Transfer based on standard contractual clauses approved by the NDPC between the controller/processor and the recipient.",binding_corporate_rules:"Binding Corporate Rules (NDPA Section 43) \u2014 Transfer within a group of undertakings based on binding corporate rules approved by the NDPC.",ndpc_authorization:"NDPC Authorization (NDPA Section 44) \u2014 Transfer authorized by the Nigeria Data Protection Commission under specific conditions.",explicit_consent:"Explicit Consent (NDPA Section 45(a)) \u2014 Transfer based on the explicit and informed consent of the data subject after being informed of the risks.",contract_performance:"Contract Performance (NDPA Section 45(b)) \u2014 Transfer necessary for the performance of a contract between the data subject and the controller.",public_interest:"Public Interest (NDPA Section 45(c)) \u2014 Transfer necessary for important reasons of public interest.",legal_claims:"Legal Claims (NDPA Section 45(d)) \u2014 Transfer necessary for the establishment, exercise, or defense of legal claims.",vital_interests:"Vital Interests (NDPA Section 45(e)) \u2014 Transfer necessary to protect the vital interests of the data subject or other persons."}[e]}function P(e){var o,r;let t=[],a=[];return e.id||t.push("Transfer ID is required."),(!e.destinationCountry||e.destinationCountry.trim()==="")&&t.push("Destination country is required."),(!e.recipientOrganization||e.recipientOrganization.trim()==="")&&t.push("Recipient organization is required."),(!((o=e.recipientContact)!=null&&o.name)||e.recipientContact.name.trim()==="")&&t.push("Recipient contact name is required."),(!((r=e.recipientContact)!=null&&r.email)||e.recipientContact.email.trim()==="")&&t.push("Recipient contact email is required."),(!e.purpose||e.purpose.trim()==="")&&t.push("Purpose of the transfer is required."),e.transferMechanism||t.push("Transfer mechanism is required."),(!e.dataCategories||e.dataCategories.length===0)&&t.push("At least one data category must be specified."),(!e.riskAssessment||e.riskAssessment.trim()==="")&&t.push("Risk assessment summary is required."),(!e.safeguards||e.safeguards.length===0)&&t.push("At least one safeguard must be documented for the transfer."),p(e.transferMechanism)&&(e.ndpcApproval?(e.ndpcApproval.required||a.push("NDPC approval is marked as not required, but the selected transfer mechanism requires NDPC approval."),e.ndpcApproval.required&&!e.ndpcApproval.applied&&t.push("NDPC approval is required but an application has not been submitted."),e.ndpcApproval.applied&&!e.ndpcApproval.approved&&e.status==="active"&&t.push('Transfer is marked as active but NDPC approval has not been granted. Status should be "pending_approval".')):t.push(`NDPC approval documentation is required for transfers using ${l(e.transferMechanism)}.`)),e.tiaCompleted||a.push("A Transfer Impact Assessment (TIA) has not been completed for this transfer."),e.adequacyStatus==="inadequate"&&e.transferMechanism==="adequacy_decision"&&t.push("Cannot rely on adequacy decision (Section 41) when the destination country is marked as inadequate."),e.endDate&&e.startDate>e.endDate&&t.push("Start date must be before end date."),e.includesSensitiveData&&e.riskLevel!=="high"&&a.push("Transfer includes sensitive personal data but the risk level is not set to high. Consider reviewing the risk assessment."),e.reviewDate||a.push("No review date has been set for this transfer. Periodic reviews are recommended."),{isValid:t.length===0,errors:t,warnings:a}}function f(e){var d,c;let t=[],a=[],o=0,y={adequate:0,pending_review:2,unknown:3,inadequate:4}[e.adequacyStatus];o+=y,e.adequacyStatus==="inadequate"?(t.push("Destination country does not have an adequate level of data protection."),a.push("Implement supplementary technical and organizational measures.")):e.adequacyStatus==="unknown"?(t.push("Data protection adequacy of the destination country has not been assessed."),a.push("Conduct an adequacy assessment of the destination country.")):e.adequacyStatus==="pending_review"&&(t.push("Destination country adequacy is currently under review."),a.push("Monitor the adequacy review outcome and plan for contingencies."));let i={adequacy_decision:0,standard_clauses:1,binding_corporate_rules:1,ndpc_authorization:1,contract_performance:2,explicit_consent:2,legal_claims:2,public_interest:2,vital_interests:3}[e.transferMechanism];o+=i,i>=2&&(t.push(`Transfer relies on a derogation mechanism (${l(e.transferMechanism)}), which provides fewer structural safeguards.`),a.push("Consider whether a stronger transfer mechanism (adequacy decision, standard clauses, or BCRs) could be used instead.")),e.includesSensitiveData&&(o+=3,t.push("Transfer includes sensitive personal data, increasing the potential impact of unauthorized access."),a.push("Ensure encryption in transit and at rest, and apply strict access controls.")),e.estimatedDataSubjects&&e.estimatedDataSubjects>1e4?(o+=2,t.push("Large number of data subjects involved increases the scope of potential harm."),a.push("Consider data minimization strategies and ensure robust incident response procedures.")):e.estimatedDataSubjects&&e.estimatedDataSubjects>1e3&&(o+=1,t.push("Moderate number of data subjects involved.")),e.tiaCompleted||(o+=2,t.push("Transfer Impact Assessment has not been completed."),a.push("Complete a Transfer Impact Assessment before proceeding with the transfer.")),p(e.transferMechanism)&&((d=e.ndpcApproval)!=null&&d.approved||(o+=2,t.push("NDPC approval is required but has not been granted."),a.push("Obtain NDPC approval before activating the transfer."))),(((c=e.safeguards)==null?void 0:c.length)||0)<3&&(o+=1,t.push("Limited number of safeguards documented."),a.push("Document additional technical, organizational, and contractual safeguards.")),e.frequency==="continuous"&&(o+=1,t.push("Continuous data transfer increases exposure window."),a.push("Implement real-time monitoring and anomaly detection for the transfer."));let s;return o<=4?s="low":o<=9?s="medium":s="high",{riskLevel:s,riskScore:o,factors:t,recommendations:a}}function l(e){return {adequacy_decision:"Adequacy Decision",standard_clauses:"Standard Contractual Clauses",binding_corporate_rules:"Binding Corporate Rules",ndpc_authorization:"NDPC Authorization",explicit_consent:"Explicit Consent",contract_performance:"Contract Performance",public_interest:"Public Interest",legal_claims:"Legal Claims",vital_interests:"Vital Interests"}[e]}export{n as a,u as b,m as c,q as d,p as e,C as f,P as g,f as h};//# sourceMappingURL=chunk-75TJPK2N.mjs.map
-//# sourceMappingURL=chunk-75TJPK2N.mjs.map

package/dist/chunk-ABDB7LEV.mjs

@@ -1,2 +0,0 @@
-var p=["critical","high","medium","low"];function m(e){let i=new Date(e).getTime();if(isNaN(i))return 1/0;let t=(Date.now()-i)/(1e3*60*60*24*30.44);return Math.max(0,t)}function u(e){if(e.length===0)return 100;let i=e.filter(t=>t.pass).length;return Math.round(i/e.length*100)}function f(e){return [{key:"hasConsentMechanism",label:"Consent collection mechanism",priority:"critical",effort:"high",recommendation:"Implement a clear, affirmative consent collection mechanism before processing personal data.",ndpaSection:"Section 25",pass:e.hasConsentMechanism},{key:"hasPurposeSpecification",label:"Purpose specification at collection",priority:"critical",effort:"medium",recommendation:"Specify and communicate the purpose of data collection at the point of consent.",ndpaSection:"Section 25",pass:e.hasPurposeSpecification},{key:"hasWithdrawalMechanism",label:"Consent withdrawal mechanism",priority:"high",effort:"medium",recommendation:"Provide a simple mechanism for data subjects to withdraw consent at any time.",ndpaSection:"Section 26",pass:e.hasWithdrawalMechanism},{key:"hasMinorProtection",label:"Minor (child) data protection controls",priority:"high",effort:"high",recommendation:"Implement age-verification and parental-consent controls for processing data of minors.",ndpaSection:"Section 26",pass:e.hasMinorProtection},{key:"consentRecordsRetained",label:"Consent records retained",priority:"medium",effort:"low",recommendation:"Retain records of all consents obtained, including what was agreed to and when.",ndpaSection:"Section 25",pass:e.consentRecordsRetained}]}function g(e){let i=e.responseTimelineDays<=30;return [{key:"hasRequestMechanism",label:"DSR submission mechanism",priority:"critical",effort:"high",recommendation:"Implement a formal channel (e.g. a web form or email address) for data subjects to submit requests.",ndpaSection:"Section 34",pass:e.hasRequestMechanism},{key:"supportsAccess",label:"Right of access supported",priority:"high",effort:"medium",recommendation:"Enable data subjects to request and receive a copy of their personal data.",ndpaSection:"Section 34",pass:e.supportsAccess},{key:"supportsRectification",label:"Right to rectification supported",priority:"high",effort:"medium",recommendation:"Allow data subjects to request correction of inaccurate or incomplete personal data.",ndpaSection:"Section 35",pass:e.supportsRectification},{key:"supportsErasure",label:"Right to erasure supported",priority:"high",effort:"high",recommendation:"Implement processes to delete personal data upon valid erasure requests.",ndpaSection:"Section 36",pass:e.supportsErasure},{key:"supportsPortability",label:"Right to data portability supported",priority:"medium",effort:"high",recommendation:"Provide personal data in a structured, machine-readable format upon request.",ndpaSection:"Section 37",pass:e.supportsPortability},{key:"supportsObjection",label:"Right to object supported",priority:"medium",effort:"medium",recommendation:"Honour objections to processing where no compelling legitimate grounds override the data subject's interests.",ndpaSection:"Section 38",pass:e.supportsObjection},{key:"responseTimeline",label:"DSR response within 30 days",priority:"high",effort:"medium",recommendation:"Reduce DSR response time to 30 days or less as required by the NDPA.",ndpaSection:"Section 39",pass:i}]}function y(e){return [{key:"conductedForHighRisk",label:"DPIA conducted for high-risk processing",priority:"critical",effort:"high",recommendation:"Conduct a Data Protection Impact Assessment before undertaking high-risk processing activities.",ndpaSection:"Section 28",pass:e.conductedForHighRisk},{key:"documentedRisks",label:"Risks documented in DPIA",priority:"high",effort:"medium",recommendation:"Document identified risks to data subjects' rights and freedoms within the DPIA.",ndpaSection:"Section 28",pass:e.documentedRisks},{key:"mitigationMeasures",label:"Mitigation measures documented",priority:"high",effort:"medium",recommendation:"Document mitigation measures and residual risk acceptance within the DPIA.",ndpaSection:"Section 28",pass:e.mitigationMeasures}]}function b(e){return [{key:"hasNotificationProcess",label:"Breach notification process in place",priority:"critical",effort:"high",recommendation:"Establish a documented breach notification process covering detection, assessment, and reporting.",ndpaSection:"Section 40",pass:e.hasNotificationProcess},{key:"notifiesWithin72Hours",label:"NDPC notified within 72 hours",priority:"critical",effort:"medium",recommendation:"Ensure the NDPC is notified of qualifying breaches within 72 hours of discovery.",ndpaSection:"Section 40",pass:e.notifiesWithin72Hours},{key:"hasRiskAssessment",label:"Breach risk assessment performed",priority:"high",effort:"medium",recommendation:"Perform a risk assessment for every identified breach to determine notification obligations.",ndpaSection:"Section 40",pass:e.hasRiskAssessment},{key:"hasRecordKeeping",label:"Breach records maintained",priority:"medium",effort:"low",recommendation:"Maintain a breach register documenting all incidents, assessments, and actions taken.",ndpaSection:"Section 40",pass:e.hasRecordKeeping}]}function S(e){let t=m(e.lastUpdated)<=13;return [{key:"hasPrivacyPolicy",label:"Privacy policy exists",priority:"critical",effort:"high",recommendation:"Draft and publish a comprehensive privacy policy that satisfies NDPA requirements.",ndpaSection:"Section 29",pass:e.hasPrivacyPolicy},{key:"isPubliclyAccessible",label:"Privacy policy publicly accessible",priority:"high",effort:"low",recommendation:"Make the privacy policy easily accessible to data subjects on your website or app.",ndpaSection:"Section 29",pass:e.isPubliclyAccessible},{key:"policyUpToDate",label:"Privacy policy reviewed within 13 months",priority:"medium",effort:"medium",recommendation:"Review and update the privacy policy at least annually to reflect current practices.",ndpaSection:"Section 29",pass:t},{key:"coversAllSections",label:"Privacy policy covers all required sections",priority:"high",effort:"medium",recommendation:"Ensure the privacy policy addresses all NDPA-mandated disclosures including lawful basis, retention, and subject rights.",ndpaSection:"Section 29",pass:e.coversAllSections}]}function R(e){return [{key:"documentedForAllProcessing",label:"Lawful basis documented for all processing",priority:"critical",effort:"high",recommendation:"Identify and document a valid lawful basis for every processing activity before it begins.",ndpaSection:"Section 25(1)",pass:e.documentedForAllProcessing},{key:"hasLegitimateInterestAssessment",label:"Legitimate interest assessment completed",priority:"medium",effort:"medium",recommendation:"Complete a Legitimate Interest Assessment (LIA) where legitimate interests is the chosen lawful basis.",ndpaSection:"Section 25(1)",pass:e.hasLegitimateInterestAssessment}]}function v(e){return [{key:"hasTransferMechanisms",label:"Transfer mechanisms in place",priority:"critical",effort:"high",recommendation:"Implement appropriate transfer mechanisms (SCCs, BCRs, or adequacy decisions) for all cross-border transfers.",ndpaSection:"Section 43",pass:e.hasTransferMechanisms},{key:"adequacyAssessed",label:"Adequacy of destination country assessed",priority:"high",effort:"medium",recommendation:"Assess whether the destination country provides an adequate level of data protection before transferring.",ndpaSection:"Section 43",pass:e.adequacyAssessed},{key:"ndpcApprovalObtained",label:"NDPC approval obtained where required",priority:"high",effort:"high",recommendation:"Obtain NDPC approval for transfers to countries without adequacy decisions where required.",ndpaSection:"Section 44",pass:e.ndpcApprovalObtained}]}function w(e){let t=m(e.lastReviewed)<=6;return [{key:"maintained",label:"Record of Processing Activities maintained",priority:"critical",effort:"high",recommendation:"Create and maintain a comprehensive Record of Processing Activities (ROPA) as required by the NDPA.",ndpaSection:"Section 30",pass:e.maintained},{key:"includesAllProcessing",label:"ROPA includes all processing activities",priority:"high",effort:"medium",recommendation:"Ensure the ROPA captures every processing activity across all departments and systems.",ndpaSection:"Section 30",pass:e.includesAllProcessing},{key:"ropaUpToDate",label:"ROPA reviewed within 6 months",priority:"medium",effort:"low",recommendation:"Review and update the ROPA at least every six months to reflect changes in processing activities.",ndpaSection:"Section 30",pass:t}]}var k=[{name:"consent",weight:.2,ndpaSections:["Section 25","Section 26"],evaluate:e=>f(e.consent)},{name:"dsr",weight:.15,ndpaSections:["Section 34","Section 35","Section 36","Section 37","Section 38","Section 39"],evaluate:e=>g(e.dsr)},{name:"breach",weight:.15,ndpaSections:["Section 40"],evaluate:e=>b(e.breach)},{name:"policy",weight:.12,ndpaSections:["Section 29"],evaluate:e=>S(e.policy)},{name:"dpia",weight:.12,ndpaSections:["Section 28"],evaluate:e=>y(e.dpia)},{name:"lawfulBasis",weight:.1,ndpaSections:["Section 25(1)"],evaluate:e=>R(e.lawfulBasis)},{name:"crossBorder",weight:.08,ndpaSections:["Section 43","Section 44"],evaluate:e=>v(e.crossBorder)},{name:"ropa",weight:.08,ndpaSections:["Section 30"],evaluate:e=>w(e.ropa)}];function P(e){return e>=90?"excellent":e>=70?"good":e>=40?"needs-work":"critical"}function A(e){let i={},t=[],s=0;for(let o of k){let a=o.evaluate(e),c=u(a),l=c*o.weight;s+=l;let d=[];for(let n of a)n.pass||(d.push(n.label),t.push({module:o.name,key:n.key,label:n.label,priority:n.priority,effort:n.effort,recommendation:n.recommendation,ndpaSection:n.ndpaSection}));i[o.name]={name:o.name,score:c,maxScore:100,weightedScore:Math.round(l*100)/100,ndpaSections:o.ndpaSections,gaps:d};}t.sort((o,a)=>p.indexOf(o.priority)-p.indexOf(a.priority));let r=Math.round(s),h=[{section:"Section 25",title:"Consent and lawful basis for processing"},{section:"Section 26",title:"Withdrawal of consent and minor protection"},{section:"Section 28",title:"Data Protection Impact Assessment"},{section:"Section 29",title:"Privacy notice requirements"},{section:"Section 30",title:"Records of processing activities"},{section:"Section 34",title:"Right of access"},{section:"Section 35",title:"Right to rectification"},{section:"Section 36",title:"Right to erasure"},{section:"Section 37",title:"Right to data portability"},{section:"Section 38",title:"Right to object"},{section:"Section 39",title:"Response timelines for data subject requests"},{section:"Section 40",title:"Data breach notification"},{section:"Section 43",title:"Cross-border transfer restrictions"},{section:"Section 44",title:"NDPC approval for cross-border transfers"}];return {score:r,rating:P(r),modules:i,recommendations:t,regulatoryReferences:h,generatedAt:new Date().toISOString()}}export{A as a};//# sourceMappingURL=chunk-ABDB7LEV.mjs.map
-//# sourceMappingURL=chunk-ABDB7LEV.mjs.map

package/dist/chunk-AYKLAEOU.mjs

@@ -1,2 +0,0 @@
-function s(t,n,r){return r?n||"":n||t}export{s as a};//# sourceMappingURL=chunk-AYKLAEOU.mjs.map
-//# sourceMappingURL=chunk-AYKLAEOU.mjs.map

package/dist/chunk-C4YM4UMI.js

@@ -1,2 +0,0 @@
-'use strict';var n={AT:{country:"Austria",isoCode:"AT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},BE:{country:"Belgium",isoCode:"BE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},BG:{country:"Bulgaria",isoCode:"BG",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},HR:{country:"Croatia",isoCode:"HR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},CY:{country:"Cyprus",isoCode:"CY",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},CZ:{country:"Czech Republic",isoCode:"CZ",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},DK:{country:"Denmark",isoCode:"DK",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},EE:{country:"Estonia",isoCode:"EE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},FI:{country:"Finland",isoCode:"FI",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},FR:{country:"France",isoCode:"FR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},DE:{country:"Germany",isoCode:"DE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR with additional national provisions (BDSG).",lastUpdated:"2024-01-01"},GR:{country:"Greece",isoCode:"GR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},HU:{country:"Hungary",isoCode:"HU",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},IE:{country:"Ireland",isoCode:"IE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR. Hosts many multinational data processors.",lastUpdated:"2024-01-01"},IT:{country:"Italy",isoCode:"IT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},LV:{country:"Latvia",isoCode:"LV",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},LT:{country:"Lithuania",isoCode:"LT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},LU:{country:"Luxembourg",isoCode:"LU",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},MT:{country:"Malta",isoCode:"MT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},NL:{country:"Netherlands",isoCode:"NL",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},PL:{country:"Poland",isoCode:"PL",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},PT:{country:"Portugal",isoCode:"PT",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},RO:{country:"Romania",isoCode:"RO",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},SK:{country:"Slovakia",isoCode:"SK",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},SI:{country:"Slovenia",isoCode:"SI",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},ES:{country:"Spain",isoCode:"ES",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},SE:{country:"Sweden",isoCode:"SE",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EU member state; protected by GDPR.",lastUpdated:"2024-01-01"},IS:{country:"Iceland",isoCode:"IS",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EEA member; GDPR applies through EEA Agreement.",lastUpdated:"2024-01-01"},LI:{country:"Liechtenstein",isoCode:"LI",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EEA member; GDPR applies through EEA Agreement.",lastUpdated:"2024-01-01"},NO:{country:"Norway",isoCode:"NO",adequacyStatus:"adequate",recognizedBy:"EU",notes:"EEA member; GDPR applies through EEA Agreement.",lastUpdated:"2024-01-01"},GB:{country:"United Kingdom",isoCode:"GB",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Protected by UK GDPR and the Data Protection Act 2018. EU adequacy decision granted post-Brexit.",lastUpdated:"2024-01-01"},US:{country:"United States",isoCode:"US",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"No comprehensive federal data protection law. Adequacy depends on transfer mechanism used (e.g. EU-US Data Privacy Framework, standard contractual clauses). Sector-specific laws exist (HIPAA, CCPA, etc.).",lastUpdated:"2024-01-01"},CA:{country:"Canada",isoCode:"CA",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Protected by PIPEDA (Personal Information Protection and Electronic Documents Act) and provincial privacy laws. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},ZA:{country:"South Africa",isoCode:"ZA",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Protected by POPIA (Protection of Personal Information Act, 2013). Comprehensive data protection framework with an independent Information Regulator.",lastUpdated:"2024-01-01"},GH:{country:"Ghana",isoCode:"GH",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Data Protection Act 2012 (Act 843) establishes a data protection framework. Enforcement capacity is still developing.",lastUpdated:"2024-01-01"},KE:{country:"Kenya",isoCode:"KE",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Data Protection Act 2019 provides a modern framework. The Office of the Data Protection Commissioner is operational but still maturing.",lastUpdated:"2024-01-01"},RW:{country:"Rwanda",isoCode:"RW",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Law No. 058/2021 on the Protection of Personal Data and Privacy. Framework is relatively new.",lastUpdated:"2024-01-01"},EG:{country:"Egypt",isoCode:"EG",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Personal Data Protection Law No. 151 of 2020. Implementation and enforcement are still in early stages.",lastUpdated:"2024-01-01"},TZ:{country:"Tanzania",isoCode:"TZ",adequacyStatus:"not_adequate",recognizedBy:"NDPC",notes:"No comprehensive data protection legislation in force.",lastUpdated:"2024-01-01"},UG:{country:"Uganda",isoCode:"UG",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Data Protection and Privacy Act 2019 provides a framework, but enforcement capacity is limited.",lastUpdated:"2024-01-01"},SN:{country:"Senegal",isoCode:"SN",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Law No. 2008-12 on the Protection of Personal Data. One of the earlier African data protection laws.",lastUpdated:"2024-01-01"},MA:{country:"Morocco",isoCode:"MA",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data (2009). Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},MU:{country:"Mauritius",isoCode:"MU",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Data Protection Act 2017 provides a comprehensive framework modelled on international standards.",lastUpdated:"2024-01-01"},CN:{country:"China",isoCode:"CN",adequacyStatus:"not_adequate",recognizedBy:"NDPC",notes:"Personal Information Protection Law (PIPL) enacted in 2021 but government access provisions and limited independent oversight raise concerns. Transfers require security assessments or standard contracts.",lastUpdated:"2024-01-01"},IN:{country:"India",isoCode:"IN",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Digital Personal Data Protection Act 2023 enacted. Implementation rules and enforcement mechanisms are still being finalized.",lastUpdated:"2024-01-01"},SG:{country:"Singapore",isoCode:"SG",adequacyStatus:"adequate",recognizedBy:"NDPC",notes:"Personal Data Protection Act 2012 (PDPA) provides a robust framework. Strong enforcement by the PDPC.",lastUpdated:"2024-01-01"},JP:{country:"Japan",isoCode:"JP",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Act on the Protection of Personal Information (APPI). Recognized as adequate by the EU under mutual adequacy arrangement.",lastUpdated:"2024-01-01"},KR:{country:"South Korea",isoCode:"KR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Personal Information Protection Act (PIPA). Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},AE:{country:"United Arab Emirates",isoCode:"AE",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Federal Decree-Law No. 45 of 2021 on Personal Data Protection. DIFC and ADGM free zones have their own data protection regulations with stronger frameworks.",lastUpdated:"2024-01-01"},SA:{country:"Saudi Arabia",isoCode:"SA",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Personal Data Protection Law (Royal Decree M/19, 2021). Framework is new and enforcement is still developing.",lastUpdated:"2024-01-01"},IL:{country:"Israel",isoCode:"IL",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Protection of Privacy Law 5741-1981 and regulations. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},BR:{country:"Brazil",isoCode:"BR",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Lei Geral de Protecao de Dados (LGPD, 2020) provides a comprehensive framework. The ANPD is actively enforcing.",lastUpdated:"2024-01-01"},AR:{country:"Argentina",isoCode:"AR",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Personal Data Protection Act No. 25,326. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},AU:{country:"Australia",isoCode:"AU",adequacyStatus:"partially_adequate",recognizedBy:"NDPC",notes:"Privacy Act 1988 provides protection but does not fully align with GDPR-level standards. Reform efforts are ongoing.",lastUpdated:"2024-01-01"},NZ:{country:"New Zealand",isoCode:"NZ",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Privacy Act 2020 provides a comprehensive framework. Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},CH:{country:"Switzerland",isoCode:"CH",adequacyStatus:"adequate",recognizedBy:"EU",notes:"Federal Act on Data Protection (FADP, revised 2023). Recognized as adequate by the EU.",lastUpdated:"2024-01-01"},RU:{country:"Russia",isoCode:"RU",adequacyStatus:"not_adequate",recognizedBy:"NDPC",notes:"Federal Law on Personal Data (No. 152-FZ). Data localization requirements and government access concerns.",lastUpdated:"2024-01-01"}};function u(e){let t=e.trim().toUpperCase();if(n[t])return n[t];let a=e.trim().toLowerCase();for(let o of Object.values(n))if(o.country.toLowerCase()===a)return o}function m(){return Object.values(n).filter(e=>e.adequacyStatus==="adequate")}function q(e){let t=u(e);return t?t.adequacyStatus!=="adequate":true}function p(e){return e==="standard_clauses"||e==="binding_corporate_rules"||e==="ndpc_authorization"}function C(e){return {adequacy_decision:"Adequacy Decision (NDPA Section 41) \u2014 Transfer to a country or territory that the NDPC has determined provides an adequate level of data protection.",standard_clauses:"Standard Contractual Clauses (NDPA Section 42) \u2014 Transfer based on standard contractual clauses approved by the NDPC between the controller/processor and the recipient.",binding_corporate_rules:"Binding Corporate Rules (NDPA Section 43) \u2014 Transfer within a group of undertakings based on binding corporate rules approved by the NDPC.",ndpc_authorization:"NDPC Authorization (NDPA Section 44) \u2014 Transfer authorized by the Nigeria Data Protection Commission under specific conditions.",explicit_consent:"Explicit Consent (NDPA Section 45(a)) \u2014 Transfer based on the explicit and informed consent of the data subject after being informed of the risks.",contract_performance:"Contract Performance (NDPA Section 45(b)) \u2014 Transfer necessary for the performance of a contract between the data subject and the controller.",public_interest:"Public Interest (NDPA Section 45(c)) \u2014 Transfer necessary for important reasons of public interest.",legal_claims:"Legal Claims (NDPA Section 45(d)) \u2014 Transfer necessary for the establishment, exercise, or defense of legal claims.",vital_interests:"Vital Interests (NDPA Section 45(e)) \u2014 Transfer necessary to protect the vital interests of the data subject or other persons."}[e]}function P(e){var o,r;let t=[],a=[];return e.id||t.push("Transfer ID is required."),(!e.destinationCountry||e.destinationCountry.trim()==="")&&t.push("Destination country is required."),(!e.recipientOrganization||e.recipientOrganization.trim()==="")&&t.push("Recipient organization is required."),(!((o=e.recipientContact)!=null&&o.name)||e.recipientContact.name.trim()==="")&&t.push("Recipient contact name is required."),(!((r=e.recipientContact)!=null&&r.email)||e.recipientContact.email.trim()==="")&&t.push("Recipient contact email is required."),(!e.purpose||e.purpose.trim()==="")&&t.push("Purpose of the transfer is required."),e.transferMechanism||t.push("Transfer mechanism is required."),(!e.dataCategories||e.dataCategories.length===0)&&t.push("At least one data category must be specified."),(!e.riskAssessment||e.riskAssessment.trim()==="")&&t.push("Risk assessment summary is required."),(!e.safeguards||e.safeguards.length===0)&&t.push("At least one safeguard must be documented for the transfer."),p(e.transferMechanism)&&(e.ndpcApproval?(e.ndpcApproval.required||a.push("NDPC approval is marked as not required, but the selected transfer mechanism requires NDPC approval."),e.ndpcApproval.required&&!e.ndpcApproval.applied&&t.push("NDPC approval is required but an application has not been submitted."),e.ndpcApproval.applied&&!e.ndpcApproval.approved&&e.status==="active"&&t.push('Transfer is marked as active but NDPC approval has not been granted. Status should be "pending_approval".')):t.push(`NDPC approval documentation is required for transfers using ${l(e.transferMechanism)}.`)),e.tiaCompleted||a.push("A Transfer Impact Assessment (TIA) has not been completed for this transfer."),e.adequacyStatus==="inadequate"&&e.transferMechanism==="adequacy_decision"&&t.push("Cannot rely on adequacy decision (Section 41) when the destination country is marked as inadequate."),e.endDate&&e.startDate>e.endDate&&t.push("Start date must be before end date."),e.includesSensitiveData&&e.riskLevel!=="high"&&a.push("Transfer includes sensitive personal data but the risk level is not set to high. Consider reviewing the risk assessment."),e.reviewDate||a.push("No review date has been set for this transfer. Periodic reviews are recommended."),{isValid:t.length===0,errors:t,warnings:a}}function f(e){var d,c;let t=[],a=[],o=0,y={adequate:0,pending_review:2,unknown:3,inadequate:4}[e.adequacyStatus];o+=y,e.adequacyStatus==="inadequate"?(t.push("Destination country does not have an adequate level of data protection."),a.push("Implement supplementary technical and organizational measures.")):e.adequacyStatus==="unknown"?(t.push("Data protection adequacy of the destination country has not been assessed."),a.push("Conduct an adequacy assessment of the destination country.")):e.adequacyStatus==="pending_review"&&(t.push("Destination country adequacy is currently under review."),a.push("Monitor the adequacy review outcome and plan for contingencies."));let i={adequacy_decision:0,standard_clauses:1,binding_corporate_rules:1,ndpc_authorization:1,contract_performance:2,explicit_consent:2,legal_claims:2,public_interest:2,vital_interests:3}[e.transferMechanism];o+=i,i>=2&&(t.push(`Transfer relies on a derogation mechanism (${l(e.transferMechanism)}), which provides fewer structural safeguards.`),a.push("Consider whether a stronger transfer mechanism (adequacy decision, standard clauses, or BCRs) could be used instead.")),e.includesSensitiveData&&(o+=3,t.push("Transfer includes sensitive personal data, increasing the potential impact of unauthorized access."),a.push("Ensure encryption in transit and at rest, and apply strict access controls.")),e.estimatedDataSubjects&&e.estimatedDataSubjects>1e4?(o+=2,t.push("Large number of data subjects involved increases the scope of potential harm."),a.push("Consider data minimization strategies and ensure robust incident response procedures.")):e.estimatedDataSubjects&&e.estimatedDataSubjects>1e3&&(o+=1,t.push("Moderate number of data subjects involved.")),e.tiaCompleted||(o+=2,t.push("Transfer Impact Assessment has not been completed."),a.push("Complete a Transfer Impact Assessment before proceeding with the transfer.")),p(e.transferMechanism)&&((d=e.ndpcApproval)!=null&&d.approved||(o+=2,t.push("NDPC approval is required but has not been granted."),a.push("Obtain NDPC approval before activating the transfer."))),(((c=e.safeguards)==null?void 0:c.length)||0)<3&&(o+=1,t.push("Limited number of safeguards documented."),a.push("Document additional technical, organizational, and contractual safeguards.")),e.frequency==="continuous"&&(o+=1,t.push("Continuous data transfer increases exposure window."),a.push("Implement real-time monitoring and anomaly detection for the transfer."));let s;return o<=4?s="low":o<=9?s="medium":s="high",{riskLevel:s,riskScore:o,factors:t,recommendations:a}}function l(e){return {adequacy_decision:"Adequacy Decision",standard_clauses:"Standard Contractual Clauses",binding_corporate_rules:"Binding Corporate Rules",ndpc_authorization:"NDPC Authorization",explicit_consent:"Explicit Consent",contract_performance:"Contract Performance",public_interest:"Public Interest",legal_claims:"Legal Claims",vital_interests:"Vital Interests"}[e]}exports.a=n;exports.b=u;exports.c=m;exports.d=q;exports.e=p;exports.f=C;exports.g=P;exports.h=f;//# sourceMappingURL=chunk-C4YM4UMI.js.map
-//# sourceMappingURL=chunk-C4YM4UMI.js.map

package/dist/chunk-CKJAECGV.js

@@ -1,2 +0,0 @@
-'use strict';var chunkJ5WCPZLW_js=require('./chunk-J5WCPZLW.js'),chunkELKB2AFZ_js=require('./chunk-ELKB2AFZ.js'),chunkMQFZHA2D_js=require('./chunk-MQFZHA2D.js'),react=require('react');function G(D,o){return o?chunkELKB2AFZ_js.a(D):{load:()=>null,save:()=>{},remove:()=>{}}}function Q({initialRequests:D=[],requestTypes:o,adapter:m,storageKey:O="ndpr_dsr_requests",useLocalStorage:P=true,onSubmit:p,onUpdate:f}){let y=m!=null?m:G(O,P),R=react.useRef(y);R.current=y;let[r,a]=react.useState(D),[x,l]=react.useState(true);react.useEffect(()=>{let e=false;try{let t=R.current.load();t instanceof Promise?t.then(s=>{e||(s&&a(s),l(!1));},()=>{e||l(!1);}):(t&&a(t),l(!1));}catch(t){e||l(false);}return ()=>{e=true;}},[]);let c=react.useCallback(e=>{Promise.resolve(R.current.save(e)).catch(t=>{console.warn("[ndpr-toolkit] Failed to save DSR requests:",t);});},[]),B=()=>"dsr_"+Date.now()+"_"+Math.random().toString(36).substr(2,9),I=react.useCallback(e=>{let t=o.find(g=>g.id===e.type),s=(t==null?void 0:t.estimatedCompletionTime)||30,n=Date.now(),i=n+s*24*60*60*1e3,b=e,{createdAt:A}=b,d=chunkMQFZHA2D_js.c(b,["createdAt"]),q=chunkMQFZHA2D_js.a({id:B(),status:"pending",createdAt:n,updatedAt:n,dueDate:i},d);return a(g=>{let v=[...g,q];return c(v),v}),p&&p(q),q},[o,c,p]),L=react.useCallback((e,t)=>{let s=null;return a(n=>{let i=n.findIndex(q=>q.id===e);if(i===-1)return n;let A=n[i];s=chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a(chunkMQFZHA2D_js.a({},A),t),{updatedAt:Date.now()});let d=[...n];return d[i]=s,c(d),d}),s&&f&&f(s),s},[c,f]),_=react.useCallback(e=>r.find(t=>t.id===e)||null,[r]),U=react.useCallback(e=>r.filter(t=>t.status===e),[r]),F=react.useCallback(e=>r.filter(t=>t.type===e),[r]),E=react.useCallback(e=>o.find(t=>t.id===e),[o]),K=react.useCallback(e=>{let{formattedRequest:t}=chunkJ5WCPZLW_js.b(e);return t},[]),M=react.useCallback(()=>{a([]),Promise.resolve(R.current.remove()).catch(e=>{console.warn("[ndpr-toolkit] Failed to remove DSR requests:",e);});},[R]);return {requests:r,submitRequest:I,updateRequest:L,getRequest:_,getRequestsByStatus:U,getRequestsByType:F,getRequestType:E,formatRequest:K,clearRequests:M,isLoading:x}}exports.a=Q;//# sourceMappingURL=chunk-CKJAECGV.js.map
-//# sourceMappingURL=chunk-CKJAECGV.js.map

package/dist/chunk-CPK5D5FY.js

@@ -1,132 +0,0 @@
-'use strict';var p="\xABTODO: ",I="\xBB";function s(e){return `${p}${e}\xBB`}function i(e,t,n,o,a){return {id:e,title:t,template:n,order:o,required:a,included:true}}function h(e){return e.filter(t=>t.selected)}function g(e){return {service_delivery:"Service Delivery \u2014 to provide, maintain, and improve the services you have requested from us",marketing:"Marketing \u2014 to send promotional communications where you have opted in to receive them",analytics:"Analytics \u2014 to analyse usage patterns and improve user experience",research:"Research \u2014 to conduct research and development for service improvement",legal_compliance:"Legal Compliance \u2014 to meet our obligations under Nigerian law, including the NDPA 2023",fraud_prevention:"Fraud Prevention \u2014 to detect, prevent, and respond to fraud, security threats, and abuse"}[e]}function f(e,t){let n=e.org.name||s("orgName"),o=e.org.website||s("website"),a=new Date().toISOString().slice(0,10);return i("introduction","Introduction & Scope",`This Privacy Policy explains how ${n} ("we", "us", or "our") collects, uses, stores, and protects personal data when you use our services and visit our website at ${o}. This policy is issued in compliance with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR). It applies to all personal data processed by ${n}, whether collected online or offline.
-
-Effective Date: ${a}.
-
-We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in accordance with applicable data protection legislation.`,t,true)}function m(e,t){let n=e.org.name||s("orgName"),o=h(e.dataCategories),a={identity:"Identity & Contact Information",financial:"Financial Information",behavioral:"Technical & Behavioral Data",sensitive:"Sensitive / Special-Category Data",children:"Children's Data"},r="",c=["identity","financial","behavioral","sensitive","children"];for(let d of c){let u=o.filter(l=>l.group===d);if(u.length>0){r+=`
-${a[d]}:
-`;for(let l of u)r+=`- ${l.label}: ${l.dataPoints.join(", ")}.
-`;}}return r===""&&(r=`
-- Personal data categories have not yet been specified.
-`),i("data-collection","Data We Collect",`${n} collects the following categories of personal data in the course of providing our services. Data may be collected directly from you (e.g. through forms, account registration, or correspondence) or automatically (e.g. through cookies, server logs, and similar technologies).
-`+r+`
-We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this policy, in accordance with the NDPA 2023.`,t,true)}function y(e,t){let n=e.org.name||s("orgName"),o=[];return (e.purposes.includes("service_delivery")||e.purposes.length===0)&&(o.push("- Consent: where you have given clear, informed, and voluntary consent for specific processing activities (NDPA Section 25)."),o.push("- Contract: where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request (NDPA Section 25).")),e.purposes.includes("legal_compliance")&&o.push("- Legal Obligation: where processing is required for compliance with a legal obligation to which we are subject under Nigerian law."),e.purposes.includes("fraud_prevention")&&o.push("- Legitimate Interest: where processing is necessary for our legitimate interests (such as fraud prevention and network security), provided those interests are not overridden by your rights and freedoms (NDPA Section 25)."),e.purposes.includes("research")&&o.push("- Public Interest / Research: where processing is necessary for scientific or historical research purposes, or statistical purposes, subject to appropriate safeguards."),o.length===0&&(o.push("- Consent: where you have given clear, informed, and voluntary consent for specific processing activities (NDPA Section 25)."),o.push("- Contract: where processing is necessary for the performance of a contract to which you are a party (NDPA Section 25).")),i("legal-basis","Legal Basis for Processing",`${n} processes personal data under one or more of the following lawful bases as prescribed by the Nigeria Data Protection Act (NDPA) 2023:
-
-`+o.join(`
-`)+`
-
-We will always inform you of the specific legal basis applicable to each processing activity at the time of data collection.`,t,true)}function b(e,t){let o=(e.purposes.length>0?e.purposes:["service_delivery"]).map(a=>`- ${g(a)}`).join(`
-`);return i("data-usage","How We Use Your Data",`We process the personal data we collect for the following purposes:
-
-`+o+`
-
-We will not process your personal data for purposes incompatible with those stated above without providing you with prior notice and, where required by the NDPA, obtaining your consent.`,t,true)}function w(e,t){let n=e.org.name||s("orgName"),o=e.thirdPartyProcessors,a;return o.length>0?a=`We share personal data with the following third-party processors under data processing agreements that comply with the NDPA 2023:
-
-| Processor | Purpose | Country |
-| --- | --- | --- |
-`+o.map(c=>`| ${c.name} | ${c.purpose} | ${c.country} |`).join(`
-`)+`
-
-All processors are contractually required to implement appropriate technical and organisational measures to protect personal data.`:a="We do not currently share your personal data with third-party processors. Should this change, we will update this policy and, where required, obtain your consent before any sharing takes place.",i("data-sharing","Data Sharing & Disclosure",`${n} does not sell personal data under any circumstances.
-
-`+a+`
-
-We may also disclose personal data where required by law, regulation, or valid legal process, including requests from Nigerian regulatory and law enforcement authorities.`,t,true)}function v(e,t){let n=e.org.privacyEmail||s("privacyEmail");return i("data-subject-rights","Your Rights as a Data Subject",`Under the Nigeria Data Protection Act (NDPA) 2023, you are entitled to the following rights regarding your personal data:
-
-1. Right of Access \u2014 You may request confirmation of whether we process your personal data and obtain a copy of that data (NDPA Section 34).
-2. Right to Rectification \u2014 You may request correction of inaccurate or incomplete personal data we hold about you (NDPA Section 35).
-3. Right to Erasure \u2014 You may request deletion of your personal data where there is no compelling legal reason for its continued processing (NDPA Section 36).
-4. Right to Data Portability \u2014 You may request to receive your personal data in a structured, commonly used, and machine-readable format (NDPA Section 38).
-5. Right to Restrict Processing \u2014 You may request that we limit the processing of your personal data in certain circumstances (NDPA Section 37).
-6. Right to Object \u2014 You may object to the processing of your personal data where processing is based on legitimate interest or is carried out for direct marketing purposes (NDPA Section 37).
-
-You also have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
-
-To exercise any of these rights, please contact us at ${n}. We will respond to your request within 30 days, as required by the NDPA. If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).`,t,true)}function P(e,t){let n=e.org.privacyEmail||s("privacyEmail"),o=e.org.industry,a="";return o==="fintech"?a=`
-- Compliance with Payment Card Industry Data Security Standard (PCI-DSS) for cardholder data protection.
-- End-to-end encryption of financial transactions.
-- Multi-factor authentication for account access.`:o==="healthcare"?a=`
-- HIPAA-aligned safeguards for health information, including access controls and audit logging.
-- Segregation of medical data from other personal data.
-- Role-based access controls restricting health data to authorised personnel.`:o==="ecommerce"?a=`
-- PCI-DSS compliant payment processing.
-- Secure checkout and tokenisation of payment credentials.`:o==="government"&&(a=`
-- Compliance with Nigeria's Cybercrimes Act 2015 requirements.
-- Government-grade access controls and audit trails.`),i("data-security","Data Security Measures",`We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
-
-- Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256).
-- Access controls and least-privilege principles for all systems handling personal data.
-- Regular security assessments, penetration testing, and vulnerability scanning.
-- Staff training on data protection obligations and information security best practices.
-- Incident response procedures aligned with NDPA breach notification requirements (72-hour notification to NDPC).`+a+`
-
-While we employ industry-standard safeguards, no method of electronic transmission or storage is entirely secure. If you become aware of any security incident affecting your data, please contact us immediately at ${n}.`,t,true)}function D(e,t){let n=e.org.name||s("orgName"),o=e.org.privacyEmail||s("privacyEmail"),a=[];e.org.address&&a.push(`Address: ${e.org.address}`),e.org.website&&a.push(`Website: ${e.org.website}`);let r=[];e.org.dpoName&&r.push(`Data Protection Officer: ${e.org.dpoName}`),e.org.dpoEmail&&r.push(`DPO Email: ${e.org.dpoEmail}`);let c=r.length>0?`
-
-${r.join(`
-`)}`:"";return i("contact-info","Contact Information",`If you have questions, concerns, or requests regarding this privacy policy or our data protection practices, please contact us:
-
-Organisation: ${n}
-Email: ${o}`+(a.length>0?`
-${a.join(`
-`)}`:"")+c+`
-
-You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been infringed.
-
-Nigeria Data Protection Commission
-Website: https://ndpc.gov.ng
-Email: info@ndpc.gov.ng`,t,true)}function S(e){return i("children-data-protection","Children's Data Protection",`We recognise the importance of protecting the privacy of children. In accordance with Section 31 of the NDPA 2023, we implement the following safeguards when processing children's personal data:
-
-- We do not knowingly collect personal data from children under the age of 13 without verifiable parental or guardian consent.
-- Where we process data of children between the ages of 13 and 17, we obtain consent from a parent or guardian, taking into account the child's age and maturity.
-- Parents and guardians may request access to, correction of, or deletion of their child's personal data at any time by contacting us.
-- We limit the collection of children's data to what is strictly necessary for the service provided and do not use it for marketing or profiling.
-- A Data Protection Impact Assessment (DPIA) is conducted before any new processing activity involving children's data.
-
-If we discover that we have inadvertently collected personal data from a child without appropriate consent, we will delete that data promptly.`,e,true)}function N(e){return i("sensitive-data-processing","Sensitive / Special-Category Data",`Certain categories of personal data are considered sensitive under the NDPA 2023 and require additional safeguards. Sensitive data includes information relating to health, biometric identifiers, ethnic origin, religious or political beliefs, and genetic data.
-
-We process sensitive personal data only where:
-
-- You have given explicit consent for the specific processing purpose.
-- Processing is necessary to protect your vital interests or those of another person.
-- Processing is required for the establishment, exercise, or defence of legal claims.
-- Processing is necessary for reasons of substantial public interest under Nigerian law.
-
-Enhanced security measures are applied to all sensitive data, including additional encryption, strict access controls, and enhanced audit logging. Sensitive data is stored separately from other personal data where technically feasible.`,e,true)}function C(e,t){let n=e.thirdPartyProcessors.filter(a=>a.country.toLowerCase()!=="nigeria"),o="";return n.length>0&&(o=`
-
-We currently transfer personal data to the following jurisdictions: ${Array.from(new Set(n.map(r=>r.country))).join(", ")}. Each transfer is subject to the safeguards described above.`),i("cross-border-transfers","Cross-Border Data Transfers",`Where we transfer personal data outside Nigeria, we do so in strict compliance with Sections 43 and 44 of the NDPA 2023. We ensure that any cross-border transfer of personal data is subject to one or more of the following safeguards:
-
-- The receiving country has been assessed by the NDPC as providing an adequate level of data protection.
-- We have put in place appropriate contractual safeguards, such as Standard Contractual Clauses approved by the NDPC.
-- You have provided explicit consent to the transfer after being informed of the associated risks.
-- The transfer is necessary for the performance of a contract between you and us, or for pre-contractual steps taken at your request.
-- The NDPC has granted an administrative authorisation for the transfer.`+o,t,true)}function A(e){return i("automated-decision-making","Automated Decision-Making & Profiling",`In accordance with Section 39 of the NDPA 2023, we inform you of any automated decision-making processes, including profiling, that produce legal effects or similarly significant effects on you.
-
-Where we use automated decision-making:
-
-- We will inform you that automated processing is being used and provide meaningful information about the logic involved.
-- You have the right to request human intervention in any automated decision.
-- You have the right to express your point of view and contest the decision.
-- We will carry out regular reviews of automated decision-making systems to ensure fairness, accuracy, and absence of bias.
-- We will not base automated decisions solely on sensitive personal data unless you have given explicit consent or the processing is authorised by Nigerian law.
-
-You may object to automated decision-making at any time by contacting us using the details provided in this policy.`,e,true)}function q(e,t){let n=e.org.name||s("orgName"),o=e.org.industry,a="";return o==="fintech"?a=`
-
-Financial transaction records are retained for a minimum of six (6) years in compliance with the Central Bank of Nigeria (CBN) guidelines and the Money Laundering (Prevention and Prohibition) Act.`:o==="healthcare"?a=`
-
-Medical and health records are retained for a minimum of ten (10) years after the last date of treatment, or longer where required by applicable health regulations.`:o==="ecommerce"?a=`
-
-Order and transaction records are retained for six (6) years in accordance with Nigerian tax and commercial law requirements.`:o==="education"&&(a=`
-
-Student academic records may be retained indefinitely for verification purposes. Other personal data is retained only for the duration of enrolment plus five (5) years.`),i("data-retention","Data Retention Schedule",`${n} retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Nigerian law. Our retention periods are determined based on the following criteria:
-
-- The nature and sensitivity of the personal data.
-- The purposes for which the data is processed.
-- Legal, regulatory, and contractual obligations (including NDPA 2023 requirements).
-- Legitimate business needs such as maintaining records for audits, dispute resolution, and regulatory examinations.
-
-General retention periods:
-- Account data: retained for the duration of your relationship with us, plus three (3) years.
-- Communication records: retained for two (2) years from the date of correspondence.
-- Analytics and usage data: retained in identifiable form for twelve (12) months, then aggregated or anonymised.`+a+`
-
-When personal data is no longer required, it is securely deleted or irreversibly anonymised in accordance with our internal data retention and disposal policy.`,t,true)}function T(e){let t=1,n=[];return n.push(f(e,t++)),n.push(m(e,t++)),n.push(y(e,t++)),n.push(b(e,t++)),n.push(w(e,t++)),n.push(v(e,t++)),n.push(P(e,t++)),n.push(D(e,t++)),e.hasChildrenData&&n.push(S(t++)),e.hasSensitiveData&&n.push(N(t++)),e.hasCrossBorderTransfer&&n.push(C(e,t++)),e.hasAutomatedDecisions&&n.push(A(t++)),n.push(q(e,t++)),n}exports.a=p;exports.b=I;exports.c=T;//# sourceMappingURL=chunk-CPK5D5FY.js.map
-//# sourceMappingURL=chunk-CPK5D5FY.js.map

package/dist/chunk-CWHBCQGT.mjs

@@ -1,2 +0,0 @@
-import {b as b$1}from'./chunk-B4Z5MBUC.mjs';import {a as a$1}from'./chunk-6WIP33TW.mjs';import {c,a,b}from'./chunk-WWT2ZSNU.mjs';import {useRef,useState,useEffect,useCallback}from'react';function G(D,o){return o?a$1(D):{load:()=>null,save:()=>{},remove:()=>{}}}function Q({initialRequests:D=[],requestTypes:o,adapter:m,storageKey:O="ndpr_dsr_requests",useLocalStorage:P=true,onSubmit:p,onUpdate:f}){let y=m!=null?m:G(O,P),R=useRef(y);R.current=y;let[r,a$1]=useState(D),[x,l]=useState(true);useEffect(()=>{let e=false;try{let t=R.current.load();t instanceof Promise?t.then(s=>{e||(s&&a$1(s),l(!1));},()=>{e||l(!1);}):(t&&a$1(t),l(!1));}catch(t){e||l(false);}return ()=>{e=true;}},[]);let c$1=useCallback(e=>{Promise.resolve(R.current.save(e)).catch(t=>{console.warn("[ndpr-toolkit] Failed to save DSR requests:",t);});},[]),B=()=>"dsr_"+Date.now()+"_"+Math.random().toString(36).substr(2,9),I=useCallback(e=>{let t=o.find(g=>g.id===e.type),s=(t==null?void 0:t.estimatedCompletionTime)||30,n=Date.now(),i=n+s*24*60*60*1e3,b=e,{createdAt:A}=b,d=c(b,["createdAt"]),q=a({id:B(),status:"pending",createdAt:n,updatedAt:n,dueDate:i},d);return a$1(g=>{let v=[...g,q];return c$1(v),v}),p&&p(q),q},[o,c$1,p]),L=useCallback((e,t)=>{let s=null;return a$1(n=>{let i=n.findIndex(q=>q.id===e);if(i===-1)return n;let A=n[i];s=b(a(a({},A),t),{updatedAt:Date.now()});let d=[...n];return d[i]=s,c$1(d),d}),s&&f&&f(s),s},[c$1,f]),_=useCallback(e=>r.find(t=>t.id===e)||null,[r]),U=useCallback(e=>r.filter(t=>t.status===e),[r]),F=useCallback(e=>r.filter(t=>t.type===e),[r]),E=useCallback(e=>o.find(t=>t.id===e),[o]),K=useCallback(e=>{let{formattedRequest:t}=b$1(e);return t},[]),M=useCallback(()=>{a$1([]),Promise.resolve(R.current.remove()).catch(e=>{console.warn("[ndpr-toolkit] Failed to remove DSR requests:",e);});},[R]);return {requests:r,submitRequest:I,updateRequest:L,getRequest:_,getRequestsByStatus:U,getRequestsByType:F,getRequestType:E,formatRequest:K,clearRequests:M,isLoading:x}}export{Q as a};//# sourceMappingURL=chunk-CWHBCQGT.mjs.map
-//# sourceMappingURL=chunk-CWHBCQGT.mjs.map

package/dist/chunk-E64TU6IU.js

@@ -1,2 +0,0 @@
-'use strict';function s(t,n,r){return r?n||"":n||t}exports.a=s;//# sourceMappingURL=chunk-E64TU6IU.js.map
-//# sourceMappingURL=chunk-E64TU6IU.js.map

package/dist/chunk-F5TXUA4O.mjs

@@ -1,4 +0,0 @@
-import {c as c$2,d as d$1,a as a$2,b as b$2}from'./chunk-JFFOPHU3.mjs';import {b,c as c$1}from'./chunk-I557S566.mjs';import {c}from'./chunk-GRLIPT5V.mjs';import {a}from'./chunk-6WIP33TW.mjs';import {b as b$1,a as a$1,d}from'./chunk-WWT2ZSNU.mjs';import {useRef,useState,useEffect,useMemo,useCallback}from'react';var nt=10,Rt="ndpr_policy_draft",_t=2e3;function st(){return `section_${Date.now()}_${Math.random().toString(36).slice(2,9)}`}function it(){return `draft_${Date.now()}_${Math.random().toString(36).slice(2,9)}`}function w(u,A,M){let S=Date.now();return {id:M,title:`Privacy Policy${u.org.name?` \u2014 ${u.org.name}`:""}`,templateId:"adaptive-policy-wizard",organizationInfo:{name:u.org.name,website:u.org.website,privacyEmail:u.org.privacyEmail,address:u.org.address,dpoName:u.org.dpoName,dpoEmail:u.org.dpoEmail,industry:u.org.industry},sections:A,variableValues:{},effectiveDate:S,lastUpdated:S,version:"1.0",applicableFrameworks:["ndpa","ndpr"]}}function Ut(u={}){var K;let{onComplete:A,onComplianceChange:M}=u,S=useRef((K=u.adapter)!=null?K:a(Rt));u.adapter&&(S.current=u.adapter);let f=useRef(it()),[P,y]=useState(1),[n,v]=useState(b),[b$3,O]=useState([]),[x,I]=useState({}),[E,$]=useState([]),[at,q]=useState(false),[ct,z]=useState(null),[N,U]=useState(true),T=useRef(false),R=useRef(null);useEffect(()=>{let t=false,e=r=>{r&&(f.current=r.id,v(r.templateContext),O(r.customSections),I(r.sectionOverrides),$(r.sectionOrder),y(r.currentStep),z(r.lastSavedAt),q(true));};try{let r=S.current.load();r instanceof Promise?r.then(i=>{t||(e(i),U(!1));},()=>{t||U(!1);}):(e(r),U(!1));}catch(r){t||U(false);}return ()=>{t=true;}},[]);let l=useMemo(()=>{let e=c(n).map(o=>x[o.id]?b$1(a$1({},o),{template:x[o.id]}):o),r=b$3.map(o=>{var d;return {id:o.id,title:o.title,template:(d=x[o.id])!=null?d:o.content,order:o.order,required:false,included:true}}),i=[...e,...r];if(E.length>0){let o=new Map(E.map((d,p)=>[d,p]));return [...i].sort((d,p)=>{let m=o.has(d.id)?o.get(d.id):i.length,C=o.has(p.id)?o.get(p.id):i.length;return m-C})}return [...i].sort((o,d)=>{var p,m;return ((p=o.order)!=null?p:0)-((m=d.order)!=null?m:0)})},[n,b$3,x,E]),s=useMemo(()=>!n.org.name&&!n.org.privacyEmail?null:w(n,l,f.current),[n,l]),Y=useMemo(()=>w(b(),[],f.current),[]),V=useMemo(()=>c$1(s!=null?s:Y,n),[s,n,Y]),_=V.percentage,D=V.gaps,j=useRef({score:-1,gaps:[]});useEffect(()=>{let t=j.current;M&&(_!==t.score||D!==t.gaps)&&M(_,D),j.current={score:_,gaps:D};},[_,D,M]);let dt=useMemo(()=>{switch(P){case 1:return n.org.name.trim().length>0&&n.org.privacyEmail.trim().length>0;case 2:return n.dataCategories.some(t=>t.selected);case 3:return n.purposes.length>0;case 4:return  true;default:return  false}},[P,n]),lt=useCallback(t=>{let e=Math.min(Math.max(1,t),4);e<4&&(T.current=false),y(e);},[]),pt=useCallback(()=>{y(t=>Math.min(t+1,4));},[]),ut=useCallback(()=>{T.current=false,y(t=>Math.max(t-1,1));},[]),mt=useCallback(t=>{v(e=>a$1(a$1({},e),t));},[]),gt=useCallback(t=>{v(e=>b$1(a$1({},e),{org:a$1(a$1({},e.org),t)}));},[]),ft=useCallback(t=>{v(e=>b$1(a$1({},e),{dataCategories:e.dataCategories.map(r=>r.id===t?b$1(a$1({},r),{selected:!r.selected}):r)}));},[]),Pt=useCallback(t=>{v(e=>{let r=t,i=e.purposes.includes(r);return b$1(a$1({},e),{purposes:i?e.purposes.filter(o=>o!==t):[...e.purposes,r]})});},[]),yt=useCallback(t=>{v(e=>b$1(a$1({},e),{thirdPartyProcessors:[...e.thirdPartyProcessors,t]}));},[]),Ct=useCallback(t=>{v(e=>b$1(a$1({},e),{thirdPartyProcessors:e.thirdPartyProcessors.filter((r,i)=>i!==t)}));},[]),St=useCallback(t=>{O(e=>e.length>=nt?e:[...e,b$1(a$1({},t),{id:st(),required:false})]);},[]),vt=useCallback((t,e)=>{O(r=>r.map(i=>i.id===t?a$1(a$1({},i),e):i));},[]),xt=useCallback(t=>{O(e=>e.filter(r=>r.id!==t)),$(e=>e.filter(r=>r!==t)),I(e=>{let r=a$1({},e);return delete r[t],r});},[]),ht=useCallback((t,e)=>{$(r=>{let i=r.length>0?r:l.map(m=>m.id),o=i.indexOf(t);if(o===-1){let m=l.map(It=>It.id),C=m.indexOf(t);if(C===-1)return r;let G=e==="up"?C-1:C+1;if(G<0||G>=m.length)return m;let k=[...m];return [k[C],k[G]]=[k[G],k[C]],k}let d=e==="up"?o-1:o+1;if(d<0||d>=i.length)return i;let p=[...i];return [p[o],p[d]]=[p[d],p[o]],p});},[l]),Dt=useCallback((t,e)=>{I(r=>b$1(a$1({},r),{[t]:e}));},[]),bt=useCallback(t=>{let e=D.find(r=>r.requirementId===t);if(e)switch(e.fixType){case "fill_field":{T.current=false;let i=["data-categories-disclosed"],o=["purpose-of-processing"];i.includes(t)?y(2):o.includes(t)?y(3):(y(1));break}case "add_section":{if(!e.suggestedContent)break;O(r=>r.length>=nt?r:[...r,{id:st(),title:e.requirement,content:e.suggestedContent,order:999,required:false}]);break}case "add_content":{if(!e.suggestedContent)break;let r="data-subject-rights";I(i=>{var d,p,m;let o=(m=(p=i[r])!=null?p:(d=l.find(C=>C.id===r))==null?void 0:d.template)!=null?m:"";return b$1(a$1({},i),{[r]:`${o}
-
-${e.suggestedContent}`.trim()})});break}}},[D,l]),X=useCallback(t=>({id:f.current,templateContext:n,customSections:b$3,sectionOverrides:x,sectionOrder:E,currentStep:t,lastSavedAt:Date.now(),status:"draft"}),[n,b$3,x,E]),Ot=useCallback(()=>d(null,null,function*(){let t=X(P);try{yield Promise.resolve(S.current.save(t)),z(t.lastSavedAt),q(!0);}catch(e){console.warn("[ndpr-toolkit] Failed to save draft:",e);}}),[X,P]),Et=useCallback(()=>{Promise.resolve(S.current.remove()).catch(t=>{console.warn("[ndpr-toolkit] Failed to remove draft:",t);}),f.current=it(),T.current=false,v(b()),O([]),I({}),$([]),y(1),q(false),z(null);},[]);useEffect(()=>{if(!N)return R.current&&clearTimeout(R.current),R.current=setTimeout(()=>{let t=X(P);Promise.resolve(S.current.save(t)).then(()=>{z(t.lastSavedAt),q(true);}).catch(e=>{console.warn("[ndpr-toolkit] Auto-save failed:",e);});},_t),()=>{R.current&&clearTimeout(R.current);}},[n,b$3,x,E,P,N,X]),useEffect(()=>{P===4&&s&&A&&!T.current&&(T.current=true,A(s));},[P,s,A]);let Tt=useCallback(t=>d(null,null,function*(){let e=s!=null?s:w(n,l,f.current);return c$2(e,t)}),[s,n,l]),wt=useCallback(t=>d(null,null,function*(){let e=s!=null?s:w(n,l,f.current);return d$1(e,t)}),[s,n,l]),At=useCallback(t=>{let e=s!=null?s:w(n,l,f.current);return a$2(e,t)},[s,n,l]),Mt=useCallback(()=>{let t=s!=null?s:w(n,l,f.current);return b$2(t)},[s,n,l]);return {currentStep:P,goToStep:lt,nextStep:pt,prevStep:ut,canProceed:dt,context:n,updateContext:mt,updateOrg:gt,toggleDataCategory:ft,togglePurpose:Pt,addProcessor:yt,removeProcessor:Ct,policy:s,sections:l,customSections:b$3,addCustomSection:St,updateCustomSection:vt,removeCustomSection:xt,reorderSections:ht,editSectionContent:Dt,sectionOverrides:x,complianceScore:_,complianceResult:V,complianceGaps:D,applyFix:bt,handleExportPDF:Tt,handleExportDOCX:wt,handleExportHTML:At,handleExportMarkdown:Mt,isDraftSaved:at,lastSavedAt:ct,saveDraft:Ot,discardDraft:Et,isLoading:N}}export{Ut as a};//# sourceMappingURL=chunk-F5TXUA4O.mjs.map
-//# sourceMappingURL=chunk-F5TXUA4O.mjs.map

package/dist/chunk-GN5C32JB.mjs

@@ -1,2 +0,0 @@
-import {a as a$1}from'./chunk-AYKLAEOU.mjs';import {a,b}from'./chunk-WWT2ZSNU.mjs';import {useState,useRef,useEffect,useCallback}from'react';import {createPortal}from'react-dom';import {jsx,jsxs}from'react/jsx-runtime';var xn=({options:d,onSave:X,title:Z="We Value Your Privacy",description:m="We use cookies and similar technologies to provide our services and enhance your experience. Your consent is collected in accordance with NDPA Sections 25-26.",acceptAllButtonText:N="Accept All",rejectAllButtonText:nn="Reject All",customizeButtonText:tn="Customize",saveButtonText:en="Save Preferences",position:on="bottom",variant:y="bar",zIndex:s=9999,version:h="1.0",show:C,manageStorage:R=true,storageKey:L="ndpr_consent",className:H="",buttonClassName:z="",primaryButtonClassName:rn="",secondaryButtonClassName:dn="",classNames:n,unstyled:o,onAnalytics:k})=>{let[c,u]=useState(false),[b$1,D]=useState(false),[S,E]=useState({}),[O,cn]=useState(false),l=useRef(null),P=useRef(null),w=useRef(false);useEffect(()=>{cn(true);},[]);let p=useCallback((t,e)=>{k==null||k(a({action:t,timestamp:Date.now(),version:h},e!==void 0?{categories:e}:{}));},[k,h]);useEffect(()=>{let t={};if(d.forEach(e=>{t[e.id]=e.defaultValue||false;}),E(t),C===void 0)if(!R)u(true);else {let e=localStorage.getItem(L);if(e)try{JSON.parse(e).version!==h?u(!0):u(!1);}catch(B){u(true);}else u(true);}else u(C);},[d,L,h,R]),useEffect(()=>{C!==void 0&&u(C);},[C]);let un=()=>{let t={};d.forEach(e=>{t[e.id]=true;}),p("accepted_all",t),T(t);},F=()=>{let t={};d.forEach(e=>{t[e.id]=e.required||false;}),p("rejected_all",t),T(t);},bn=(t,e)=>{E(B=>b(a({},B),{[t]:e}));},ln=()=>{let t={};d.forEach(e=>{t[e.id]=true;}),E(t);},pn=()=>{let t={};d.forEach(e=>{t[e.id]=e.required||false;}),E(t);},M=d.length>0&&d.every(t=>S[t.id]),fn=()=>{p("customized",S),T(S);},T=t=>{let e={consents:t,timestamp:Date.now(),version:h,method:b$1?"customize":"banner",hasInteracted:true};R&&localStorage.setItem(L,JSON.stringify(e)),X(e),u(false),D(false);};if(useEffect(()=>{if(!c)return;let t=e=>{e.key==="Escape"&&(p("dismissed"),F());};return document.addEventListener("keydown",t),()=>document.removeEventListener("keydown",t)},[c,p,d,b$1]),useEffect(()=>{c&&!w.current&&(w.current=true,p("shown")),c||(w.current=false);},[c,p]),useEffect(()=>{if(!c||!l.current)return;let t='a[href], button:not([disabled]), input:not([disabled]), select:not([disabled]), textarea:not([disabled]), [tabindex]:not([tabindex="-1"])',B=setTimeout(()=>{if(!l.current)return;let f=l.current.querySelectorAll(t);f.length>0?f[0].focus():l.current.focus();},0),J=f=>{if(f.key!=="Tab"||!l.current)return;let x=l.current.querySelectorAll(t);if(x.length===0)return;let W=x[0],Y=x[x.length-1];f.shiftKey?document.activeElement===W&&(f.preventDefault(),Y.focus()):document.activeElement===Y&&(f.preventDefault(),W.focus());};return document.addEventListener("keydown",J),()=>{clearTimeout(B),document.removeEventListener("keydown",J);}},[c,b$1]),useEffect(()=>{if(b$1&&P.current){let t=P.current;t.style.maxHeight="0px",t.style.opacity="0",t.offsetHeight,t.style.maxHeight=`${t.scrollHeight}px`,t.style.opacity="1";}},[b$1]),!c)return null;let a$2=y==="modal"?"center":on,G=a$2==="inline",j=a$2==="center",_=["ndpr-consent-banner"];y!=="bar"&&_.push(`ndpr-consent-banner--${y}`),a$2==="top"?_.push("ndpr-consent-banner--top"):a$2==="bottom"?_.push("ndpr-consent-banner--bottom"):a$2==="inline"&&_.push("ndpr-consent-banner--inline"),H&&_.push(H);let gn=_.join(" "),K=`ndpr-consent-banner__button ndpr-consent-banner__button--primary ${z} ${rn}`.trim(),vn=`ndpr-consent-banner__button ndpr-consent-banner__button--secondary ${z} ${dn}`.trim(),an=`ndpr-consent-banner__button ndpr-consent-banner__button--ghost ${z}`.trim(),_n=(n==null?void 0:n.primaryButton)||(n==null?void 0:n.acceptButton)||K,V=(n==null?void 0:n.secondaryButton)||(n==null?void 0:n.rejectButton)||vn,hn=(n==null?void 0:n.customizeButton)||an,Cn=(n==null?void 0:n.saveButton)||K,I=jsx("div",{ref:l,tabIndex:-1,"data-ndpr-component":"consent-banner","data-ndpr-variant":y,"data-ndpr-position":a$2,className:a$1(gn,n==null?void 0:n.root,o),style:!G&&!j?{zIndex:s}:void 0,role:"dialog","aria-modal":j||void 0,"aria-labelledby":"consent-banner-title","aria-describedby":"consent-banner-description",children:jsxs("div",{className:a$1("ndpr-consent-banner__container",n==null?void 0:n.container,o),children:[jsx("h2",{id:"consent-banner-title",className:a$1("ndpr-consent-banner__title",n==null?void 0:n.title,o),children:Z}),jsx("p",{id:"consent-banner-description",className:a$1("ndpr-consent-banner__description",n==null?void 0:n.description,o),children:m}),b$1&&jsxs("div",{ref:P,className:a$1("ndpr-consent-banner__customize-panel",n==null?void 0:n.customizePanel,o),children:[jsx("div",{className:o?"":"ndpr-consent-banner__select-all-row",children:jsx("button",{type:"button",onClick:M?pn:ln,className:a$1("ndpr-consent-banner__select-all-button",n==null?void 0:n.selectAllButton,o),children:M?"Deselect All":"Select All"})}),jsx("div",{className:a$1("ndpr-consent-banner__options-list",n==null?void 0:n.optionsList,o),children:d.map(t=>jsxs("div",{className:a$1("ndpr-consent-banner__option",n==null?void 0:n.optionItem,o),children:[jsx("input",{id:`consent-${t.id}`,type:"checkbox",checked:S[t.id]||false,onChange:e=>bn(t.id,e.target.checked),disabled:t.required,className:a$1("ndpr-consent-banner__option-checkbox",n==null?void 0:n.optionCheckbox,o)}),jsxs("div",{className:o?"":"ndpr-consent-banner__option-text",children:[jsxs("label",{htmlFor:`consent-${t.id}`,className:a$1("ndpr-consent-banner__option-label",n==null?void 0:n.optionLabel,o),children:[t.label,t.required&&jsx("span",{className:o?"":"ndpr-consent-banner__required-marker",children:" *"})]}),jsx("p",{className:a$1("ndpr-consent-banner__option-description",n==null?void 0:n.optionDescription,o),children:t.description})]})]},t.id))}),jsxs("div",{className:a$1("ndpr-consent-banner__buttons",n==null?void 0:n.buttonGroup,o),children:[jsx("button",{onClick:fn,className:a$1(Cn,n==null?void 0:n.saveButton,o),children:en}),jsx("button",{onClick:()=>D(false),className:a$1(V,n==null?void 0:n.rejectButton,o),children:"Back"})]})]}),!b$1&&jsxs("div",{className:a$1("ndpr-consent-banner__buttons",n==null?void 0:n.buttonGroup,o),children:[jsx("button",{onClick:un,className:a$1(_n,n==null?void 0:n.acceptButton,o),children:N}),jsx("button",{onClick:F,className:a$1(V,n==null?void 0:n.rejectButton,o),children:nn}),jsx("button",{onClick:()=>D(true),className:a$1(hn,n==null?void 0:n.customizeButton,o),children:tn})]}),jsx("div",{className:a$1("ndpr-consent-banner__footer-text",void 0,o),children:'By clicking "Accept All", you agree to the use of ALL cookies. Visit our Cookie Policy to learn more.'})]})});if(G)return I;if(j){let t=jsx("div",{className:o?"":"ndpr-consent-banner__overlay",style:{zIndex:s},children:I});return O?createPortal(t,document.body):null}return O?createPortal(I,document.body):null};export{xn as a};//# sourceMappingURL=chunk-GN5C32JB.mjs.map
-//# sourceMappingURL=chunk-GN5C32JB.mjs.map

package/dist/chunk-GRLIPT5V.mjs

@@ -1,132 +0,0 @@
-var p="\xABTODO: ",I="\xBB";function s(e){return `${p}${e}\xBB`}function i(e,t,n,o,a){return {id:e,title:t,template:n,order:o,required:a,included:true}}function h(e){return e.filter(t=>t.selected)}function g(e){return {service_delivery:"Service Delivery \u2014 to provide, maintain, and improve the services you have requested from us",marketing:"Marketing \u2014 to send promotional communications where you have opted in to receive them",analytics:"Analytics \u2014 to analyse usage patterns and improve user experience",research:"Research \u2014 to conduct research and development for service improvement",legal_compliance:"Legal Compliance \u2014 to meet our obligations under Nigerian law, including the NDPA 2023",fraud_prevention:"Fraud Prevention \u2014 to detect, prevent, and respond to fraud, security threats, and abuse"}[e]}function f(e,t){let n=e.org.name||s("orgName"),o=e.org.website||s("website"),a=new Date().toISOString().slice(0,10);return i("introduction","Introduction & Scope",`This Privacy Policy explains how ${n} ("we", "us", or "our") collects, uses, stores, and protects personal data when you use our services and visit our website at ${o}. This policy is issued in compliance with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR). It applies to all personal data processed by ${n}, whether collected online or offline.
-
-Effective Date: ${a}.
-
-We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in accordance with applicable data protection legislation.`,t,true)}function m(e,t){let n=e.org.name||s("orgName"),o=h(e.dataCategories),a={identity:"Identity & Contact Information",financial:"Financial Information",behavioral:"Technical & Behavioral Data",sensitive:"Sensitive / Special-Category Data",children:"Children's Data"},r="",c=["identity","financial","behavioral","sensitive","children"];for(let d of c){let u=o.filter(l=>l.group===d);if(u.length>0){r+=`
-${a[d]}:
-`;for(let l of u)r+=`- ${l.label}: ${l.dataPoints.join(", ")}.
-`;}}return r===""&&(r=`
-- Personal data categories have not yet been specified.
-`),i("data-collection","Data We Collect",`${n} collects the following categories of personal data in the course of providing our services. Data may be collected directly from you (e.g. through forms, account registration, or correspondence) or automatically (e.g. through cookies, server logs, and similar technologies).
-`+r+`
-We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this policy, in accordance with the NDPA 2023.`,t,true)}function y(e,t){let n=e.org.name||s("orgName"),o=[];return (e.purposes.includes("service_delivery")||e.purposes.length===0)&&(o.push("- Consent: where you have given clear, informed, and voluntary consent for specific processing activities (NDPA Section 25)."),o.push("- Contract: where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request (NDPA Section 25).")),e.purposes.includes("legal_compliance")&&o.push("- Legal Obligation: where processing is required for compliance with a legal obligation to which we are subject under Nigerian law."),e.purposes.includes("fraud_prevention")&&o.push("- Legitimate Interest: where processing is necessary for our legitimate interests (such as fraud prevention and network security), provided those interests are not overridden by your rights and freedoms (NDPA Section 25)."),e.purposes.includes("research")&&o.push("- Public Interest / Research: where processing is necessary for scientific or historical research purposes, or statistical purposes, subject to appropriate safeguards."),o.length===0&&(o.push("- Consent: where you have given clear, informed, and voluntary consent for specific processing activities (NDPA Section 25)."),o.push("- Contract: where processing is necessary for the performance of a contract to which you are a party (NDPA Section 25).")),i("legal-basis","Legal Basis for Processing",`${n} processes personal data under one or more of the following lawful bases as prescribed by the Nigeria Data Protection Act (NDPA) 2023:
-
-`+o.join(`
-`)+`
-
-We will always inform you of the specific legal basis applicable to each processing activity at the time of data collection.`,t,true)}function b(e,t){let o=(e.purposes.length>0?e.purposes:["service_delivery"]).map(a=>`- ${g(a)}`).join(`
-`);return i("data-usage","How We Use Your Data",`We process the personal data we collect for the following purposes:
-
-`+o+`
-
-We will not process your personal data for purposes incompatible with those stated above without providing you with prior notice and, where required by the NDPA, obtaining your consent.`,t,true)}function w(e,t){let n=e.org.name||s("orgName"),o=e.thirdPartyProcessors,a;return o.length>0?a=`We share personal data with the following third-party processors under data processing agreements that comply with the NDPA 2023:
-
-| Processor | Purpose | Country |
-| --- | --- | --- |
-`+o.map(c=>`| ${c.name} | ${c.purpose} | ${c.country} |`).join(`
-`)+`
-
-All processors are contractually required to implement appropriate technical and organisational measures to protect personal data.`:a="We do not currently share your personal data with third-party processors. Should this change, we will update this policy and, where required, obtain your consent before any sharing takes place.",i("data-sharing","Data Sharing & Disclosure",`${n} does not sell personal data under any circumstances.
-
-`+a+`
-
-We may also disclose personal data where required by law, regulation, or valid legal process, including requests from Nigerian regulatory and law enforcement authorities.`,t,true)}function v(e,t){let n=e.org.privacyEmail||s("privacyEmail");return i("data-subject-rights","Your Rights as a Data Subject",`Under the Nigeria Data Protection Act (NDPA) 2023, you are entitled to the following rights regarding your personal data:
-
-1. Right of Access \u2014 You may request confirmation of whether we process your personal data and obtain a copy of that data (NDPA Section 34).
-2. Right to Rectification \u2014 You may request correction of inaccurate or incomplete personal data we hold about you (NDPA Section 35).
-3. Right to Erasure \u2014 You may request deletion of your personal data where there is no compelling legal reason for its continued processing (NDPA Section 36).
-4. Right to Data Portability \u2014 You may request to receive your personal data in a structured, commonly used, and machine-readable format (NDPA Section 38).
-5. Right to Restrict Processing \u2014 You may request that we limit the processing of your personal data in certain circumstances (NDPA Section 37).
-6. Right to Object \u2014 You may object to the processing of your personal data where processing is based on legitimate interest or is carried out for direct marketing purposes (NDPA Section 37).
-
-You also have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
-
-To exercise any of these rights, please contact us at ${n}. We will respond to your request within 30 days, as required by the NDPA. If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).`,t,true)}function P(e,t){let n=e.org.privacyEmail||s("privacyEmail"),o=e.org.industry,a="";return o==="fintech"?a=`
-- Compliance with Payment Card Industry Data Security Standard (PCI-DSS) for cardholder data protection.
-- End-to-end encryption of financial transactions.
-- Multi-factor authentication for account access.`:o==="healthcare"?a=`
-- HIPAA-aligned safeguards for health information, including access controls and audit logging.
-- Segregation of medical data from other personal data.
-- Role-based access controls restricting health data to authorised personnel.`:o==="ecommerce"?a=`
-- PCI-DSS compliant payment processing.
-- Secure checkout and tokenisation of payment credentials.`:o==="government"&&(a=`
-- Compliance with Nigeria's Cybercrimes Act 2015 requirements.
-- Government-grade access controls and audit trails.`),i("data-security","Data Security Measures",`We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
-
-- Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256).
-- Access controls and least-privilege principles for all systems handling personal data.
-- Regular security assessments, penetration testing, and vulnerability scanning.
-- Staff training on data protection obligations and information security best practices.
-- Incident response procedures aligned with NDPA breach notification requirements (72-hour notification to NDPC).`+a+`
-
-While we employ industry-standard safeguards, no method of electronic transmission or storage is entirely secure. If you become aware of any security incident affecting your data, please contact us immediately at ${n}.`,t,true)}function D(e,t){let n=e.org.name||s("orgName"),o=e.org.privacyEmail||s("privacyEmail"),a=[];e.org.address&&a.push(`Address: ${e.org.address}`),e.org.website&&a.push(`Website: ${e.org.website}`);let r=[];e.org.dpoName&&r.push(`Data Protection Officer: ${e.org.dpoName}`),e.org.dpoEmail&&r.push(`DPO Email: ${e.org.dpoEmail}`);let c=r.length>0?`
-
-${r.join(`
-`)}`:"";return i("contact-info","Contact Information",`If you have questions, concerns, or requests regarding this privacy policy or our data protection practices, please contact us:
-
-Organisation: ${n}
-Email: ${o}`+(a.length>0?`
-${a.join(`
-`)}`:"")+c+`
-
-You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been infringed.
-
-Nigeria Data Protection Commission
-Website: https://ndpc.gov.ng
-Email: info@ndpc.gov.ng`,t,true)}function S(e){return i("children-data-protection","Children's Data Protection",`We recognise the importance of protecting the privacy of children. In accordance with Section 31 of the NDPA 2023, we implement the following safeguards when processing children's personal data:
-
-- We do not knowingly collect personal data from children under the age of 13 without verifiable parental or guardian consent.
-- Where we process data of children between the ages of 13 and 17, we obtain consent from a parent or guardian, taking into account the child's age and maturity.
-- Parents and guardians may request access to, correction of, or deletion of their child's personal data at any time by contacting us.
-- We limit the collection of children's data to what is strictly necessary for the service provided and do not use it for marketing or profiling.
-- A Data Protection Impact Assessment (DPIA) is conducted before any new processing activity involving children's data.
-
-If we discover that we have inadvertently collected personal data from a child without appropriate consent, we will delete that data promptly.`,e,true)}function N(e){return i("sensitive-data-processing","Sensitive / Special-Category Data",`Certain categories of personal data are considered sensitive under the NDPA 2023 and require additional safeguards. Sensitive data includes information relating to health, biometric identifiers, ethnic origin, religious or political beliefs, and genetic data.
-
-We process sensitive personal data only where:
-
-- You have given explicit consent for the specific processing purpose.
-- Processing is necessary to protect your vital interests or those of another person.
-- Processing is required for the establishment, exercise, or defence of legal claims.
-- Processing is necessary for reasons of substantial public interest under Nigerian law.
-
-Enhanced security measures are applied to all sensitive data, including additional encryption, strict access controls, and enhanced audit logging. Sensitive data is stored separately from other personal data where technically feasible.`,e,true)}function C(e,t){let n=e.thirdPartyProcessors.filter(a=>a.country.toLowerCase()!=="nigeria"),o="";return n.length>0&&(o=`
-
-We currently transfer personal data to the following jurisdictions: ${Array.from(new Set(n.map(r=>r.country))).join(", ")}. Each transfer is subject to the safeguards described above.`),i("cross-border-transfers","Cross-Border Data Transfers",`Where we transfer personal data outside Nigeria, we do so in strict compliance with Sections 43 and 44 of the NDPA 2023. We ensure that any cross-border transfer of personal data is subject to one or more of the following safeguards:
-
-- The receiving country has been assessed by the NDPC as providing an adequate level of data protection.
-- We have put in place appropriate contractual safeguards, such as Standard Contractual Clauses approved by the NDPC.
-- You have provided explicit consent to the transfer after being informed of the associated risks.
-- The transfer is necessary for the performance of a contract between you and us, or for pre-contractual steps taken at your request.
-- The NDPC has granted an administrative authorisation for the transfer.`+o,t,true)}function A(e){return i("automated-decision-making","Automated Decision-Making & Profiling",`In accordance with Section 39 of the NDPA 2023, we inform you of any automated decision-making processes, including profiling, that produce legal effects or similarly significant effects on you.
-
-Where we use automated decision-making:
-
-- We will inform you that automated processing is being used and provide meaningful information about the logic involved.
-- You have the right to request human intervention in any automated decision.
-- You have the right to express your point of view and contest the decision.
-- We will carry out regular reviews of automated decision-making systems to ensure fairness, accuracy, and absence of bias.
-- We will not base automated decisions solely on sensitive personal data unless you have given explicit consent or the processing is authorised by Nigerian law.
-
-You may object to automated decision-making at any time by contacting us using the details provided in this policy.`,e,true)}function q(e,t){let n=e.org.name||s("orgName"),o=e.org.industry,a="";return o==="fintech"?a=`
-
-Financial transaction records are retained for a minimum of six (6) years in compliance with the Central Bank of Nigeria (CBN) guidelines and the Money Laundering (Prevention and Prohibition) Act.`:o==="healthcare"?a=`
-
-Medical and health records are retained for a minimum of ten (10) years after the last date of treatment, or longer where required by applicable health regulations.`:o==="ecommerce"?a=`
-
-Order and transaction records are retained for six (6) years in accordance with Nigerian tax and commercial law requirements.`:o==="education"&&(a=`
-
-Student academic records may be retained indefinitely for verification purposes. Other personal data is retained only for the duration of enrolment plus five (5) years.`),i("data-retention","Data Retention Schedule",`${n} retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Nigerian law. Our retention periods are determined based on the following criteria:
-
-- The nature and sensitivity of the personal data.
-- The purposes for which the data is processed.
-- Legal, regulatory, and contractual obligations (including NDPA 2023 requirements).
-- Legitimate business needs such as maintaining records for audits, dispute resolution, and regulatory examinations.
-
-General retention periods:
-- Account data: retained for the duration of your relationship with us, plus three (3) years.
-- Communication records: retained for two (2) years from the date of correspondence.
-- Analytics and usage data: retained in identifiable form for twelve (12) months, then aggregated or anonymised.`+a+`
-
-When personal data is no longer required, it is securely deleted or irreversibly anonymised in accordance with our internal data retention and disposal policy.`,t,true)}function T(e){let t=1,n=[];return n.push(f(e,t++)),n.push(m(e,t++)),n.push(y(e,t++)),n.push(b(e,t++)),n.push(w(e,t++)),n.push(v(e,t++)),n.push(P(e,t++)),n.push(D(e,t++)),e.hasChildrenData&&n.push(S(t++)),e.hasSensitiveData&&n.push(N(t++)),e.hasCrossBorderTransfer&&n.push(C(e,t++)),e.hasAutomatedDecisions&&n.push(A(t++)),n.push(q(e,t++)),n}export{p as a,I as b,T as c};//# sourceMappingURL=chunk-GRLIPT5V.mjs.map
-//# sourceMappingURL=chunk-GRLIPT5V.mjs.map