The data we collect from you is personal data. Personal data, or personal information, means any information about an individual from which that person can be identified.
We may collect, use, store specific types of personal data we may collect are as follows:
We use different methods to collect data from and about you including through:
We will only use your personal data as allowed by law. Under the Nigeria Data Protection Regulation 2019 (NDPR), personal data may be processed under any of the following lawful basis:
While we mostly collect and process your data with your consent, we may collect and process your data under any of the identified lawful basis depending on the circumstance. We do not always need your consent to process your data. However, we do need your consent before we can process your data for purposes such as direct marketing communications. You are at liberty to withdraw your consent to such kinds of processing at any time. Where such withdrawal makes us unable to proceed with providing you with certain services, we will inform you accordingly.
We collect data to enable us process requests which you make, or which are made on your behalf with your consent and to provide you with our services.
We collect data to be able to communicate with you, to provide further information on our products and services and to assist you.
We also collect data to be able to respond to questions or requests which you submit as well as anticipate and resolve problems with any services we offer to you.
Where you refuse to provide data required under contract or under law when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods). Where we have to cancel an order, you have made with us because you have not provided us with relevant data, we will notify you.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
It may be necessary for us to share your personal data with third parties. These third parties may include internal third parties such as members of our company or our affiliates, or external third parties such as our service providers, business partners, and merchants.
We may disclose any information about you as required by law and we may make such disclosures to law enforcement agencies and government officials, as necessary or appropriate under the relevant circumstance. Other than these instances and other instances allowed under law, we do not disclose or share your personal data provided to us without your authorisation.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not routinely transfer your data outside of Nigeria. Whenever we transfer your personal data out of Nigeria, we ensure that a similar degree of protection is afforded to it in the country to which it is transferred. You hereby consent to such transfers where such adequate protection has been ensured for your data.
We have well-maintained systems for storing and managing your data, and we commit to carefully utilising your data in line with the provisions of this policy. We have suitable security measures in place to prevent your personal data from being accidentally lost or used or accessed in an unauthorised way by a third party.
In addition, we limit access to your personal data to only those employees, agents, merchants, service providers and other third parties who need to have access to your personal data in order to enable us to provide our services to you. They will only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We admit however that no database is completely secure or “hacker proof” and we only guarantee the safety of your data to the extent of our undertaking all reasonable measures to protect your data.
If you need to delete your account on our website, please reach out to [email protected] and request account deletion. Upon request, accounts will be deleted immediately from our system, along with all of the created content, uploads, profile image, etc. associated with the account. However, please note that we will retain certain information on your account subject to paragraph 13 of this policy.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. We have an internal data retention policy in place to this effect.
In addition to being able to control the data your directly provide to us, you may exercise any of the below rights with respect to your data:
We may use CCTV Cameras in some of our physical facilities and we may process your personal data using a CCTV system when you visit our physical facilities. Our CCTV systems monitor and record visual images, including your personal appearance, in our facilities. We process these recordings to ensure the continued integrity and security of our property and to detect incidents of security threats, theft, or hazard which would require our attention and which we would otherwise not be aware of.
Specifically, we use CCTV systems to:
We process your data through CCTV systems under the tripartite legal basis of public interest, vital interest, and consent, in certain circumstances. Images captured by CCTV may be monitored and recorded and kept for up to 90 days after the recording was made. After this time, recording stored on the hard drive of our CCTV system will usually be overwritten. Information collected by our CCTV systems would only be viewed by authorized personnel and shall not be made available to third parties, except legal authorities or on compulsion by law. We will endeavour to inform you that your data is being taken through CCTV systems at our premises.
We may also collect your data at our physical facilities through our visitors’ logbook and other records. Typically, we obtain basic personal information from you which includes but is not limited to name, company name, phone number, reason of visit, date, and time of visit. We collect such data to be able to prevent and detect crimes, identify visitors in the case of investigations, to ensure contact tracing for the prevention of transmittable diseases and in line with health standards, to ensure the physical security of the people and items, security of confidential information located in our premises or accessible from our premises and to prevent loss, frauds, thefts, injuries, terrorism, and other events of such kind in our premises. We only take your information through the visitors’ logbook with your permission. On filling the visitor’s logbook, you may be required to consent to the routine collection of physical data by CCTV cameras located within our premises.
Full name of legal entity: O2O Network Limited (SABI)
Email address: [email protected]
Telephone number: +47 3432 323
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.