DATA PROTECTION POLICY

Compliance with the Nigeria Data Protection Act 2023 (NDPA) & NDPR 2019

🇳🇬 REGULATORY FRAMEWORK

This policy is framed in accordance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), the Federal Competition and Consumer Protection Act 2018 (FCCPA), and the Companies and Allied Matters Act 2020 (CAMA).

1. DATA CONTROLLER

Ojify ("the Company") is the data controller responsible for your personal data. As a registered Nigerian business under CAMA 2020, we are committed to protecting the personal data of all users of our platform.

Data Protection Officer: dpo@ojify.com

2. CATEGORIES OF DATA PROCESSED

• Identity Data: Full name, date of birth (where required)
• Contact Data: Phone number, email address, delivery address
• Transaction Data: Order history, payment references, amounts
• Technical Data: IP address, browser type, device identifiers
• Usage Data: Search queries, page views, product interactions

3. LAWFUL BASIS FOR PROCESSING

Under Section 25 of the NDPA, we process personal data on the following bases:

Consent (Section 26)

Marketing communications, optional analytics

Performance of Contract (Section 25(b))

Order processing, delivery, customer support

Legitimate Interest (Section 25(d))

Fraud prevention, platform security, service improvement

Legal Obligation (Section 25(c))

Tax records, regulatory compliance, law enforcement requests

4. DATA SUBJECT RIGHTS

Under the NDPA, you have the following rights:

• Right of Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing

To exercise any right, email: dpo@ojify.com. We respond within 30 days.

5. DATA SECURITY MEASURES

• All data transmitted via HTTPS/TLS encryption
• Payment processing via PCI-DSS compliant Paystack
• Passwords hashed using bcrypt with salting
• Regular security audits and vulnerability assessments
• Role-based access controls for internal staff
• Data minimization, we only collect what is necessary

6. DATA RETENTION

• Account data: retained while account is active + 2 years after deletion
• Order records: 7 years (Nigerian tax compliance requirements)
• Payment records: 7 years (as per CBN guidelines)
• Technical logs: 12 months
• Marketing consent records: duration of consent + 1 year

7. INTERNATIONAL DATA TRANSFERS

We primarily store data within Nigeria. Where data is processed internationally (e.g., cloud infrastructure), we ensure adequate protection measures are in place as required by Section 43 of the NDPA, including data processing agreements with all third-party processors.

8. DATA BREACH NOTIFICATION

In the event of a personal data breach, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours as required under the NDPA. Affected data subjects will be notified without undue delay where the breach poses a high risk to their rights.

9. CONSUMER RIGHTS (FCCPC)

In addition to data protection rights, the Federal Competition & Consumer Protection Act 2018 guarantees you the right to fair trade practices, accurate product information, safety, and the right to seek redress. You may file complaints with the FCCPC at fccpc.gov.ng.

10. COMPLAINTS & REGULATORY BODIES

If you are dissatisfied with how we handle your data, contact us first:

📧 dpo@ojify.com | 📱 +234 810 306 9369

You also have the right to lodge complaints with:

• NDPC: Nigeria Data Protection Commission — ndpc.gov.ng
• FCCPC: Federal Competition & Consumer Protection Commission — fccpc.gov.ng