DATA PRIVACY AND PROTECTION POLICY
Revised on 28th June 2021
Bottom line up front: ONEPIPE.IO SERVICES LIMITED respects your privacy and is committed to protecting your data.
You agree that upon granting us your consent, you have the legal capacity to give consent and you are aware of your privacy rights and your option to withdraw your consent at any given time.
As part of our operations, we collect and process certain types of information (such as name, telephone numbers, address etc.) of individuals that makes them easily identifiable. These individuals include current, past and prospective employees, merchants, suppliers/vendors, customers of merchants, registered users (“Users”) and other individuals whom we communicate or deal with, jointly and/or severally (“Data Subject(s)”).
To use our Services, you will voluntarily provide us with certain Personal Information. Personal Information refers to information relating to an identified person or information that can be used to identify you, (e.g. email address, bank details, name, telephone number). It may also include anonymous information that may be linked to you specifically, (e.g. IP address).
We use your Personal Information to:
We may retrieve additional Personal Information about you from third parties and other identification/verification services such as your financial institution and payment processor. With your consent, we may also collect additional Personal Information in other ways including emails, surveys, and other forms of communication. Once you begin using our Services through our platform, we will keep records of your transactions and collect information about your other activities related to our Services. We will not share or disclose your Personal Information with a third party without your consent except as may be required for the purpose of providing you with our Services or under applicable legislation.
In providing you with the Services, we may rely on third-party servers located in foreign jurisdictions from time to time, which as a result, may require the transfer or maintenance of your personally identifiable information on computers or servers in foreign jurisdictions. In situations where this may occur, we will endeavour to ensure that such foreign jurisdictions have data protection legislation that is no less than the existing data protection regulations in force in Nigeria and your personally identifiable information is treated in a safe and secure manner.
We do not collect any unauthorised Personal Information when you visit our website and platform except for the purpose for which you have consented that we do so. For the avoidance of doubt, any Personal Information collected for the purpose of carrying out the Services will be done further to your explicit consent and shall be used only for the purpose communicated.
However, so we can monitor and improve our platform and Services, we may collect non-personally-identifiable information. We will not share or disclose this information with third parties except as a necessary part of providing our Services. We may, where applicable, use the information to target advertisements to you.
We collect Personal Information only for identified purposes and for which consent has been obtained. Such Personal Information cannot be reused for another purpose that is incompatible with the original purpose, except consent is obtained for such purpose.
4.4 Data Processing Principles
Your personal data will be:
a) collected and processed in accordance with specific, legitimate and lawful purposes, consented to by you;
b) adequate, accurate and without prejudice to the dignity of human person;
c) stored only for the period within which it is reasonably needed; and
d) secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
4.5. Data Minimization
We limit Personal Information collection and usage to data that is relevant, adequate, and absolutely necessary for carrying out the purpose for which the data is processed. We will evaluate whether and to what extent the processing of Personal Information is necessary and where the purpose allows, anonymized data will be used.
Our cookies never store personal or sensitive information. They simply hold a unique random reference to you so that once you visit our website, we can recognize who you are and provide certain content to you. If your browser or browser add-on permits, you have the choice to disable cookies on our website, however this may impact your experience using our website.
You can accept or decline cookies by modifying your browser setting to decline cookies, if you prefer.
We shall establish adequate controls in order to protect the integrity and confidentiality of your Personal Information, both in digital and physical format and to prevent your Personal Information from being accidentally or deliberately compromised.
We are committed to managing your Personal Information in line with global industry best practices. We protect your Personal Information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration, we also use industry recommended security protocols to safeguard your Personal Information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files and only granting access to your Personal Information to only employees who require it to fulfil their job responsibilities. No Personal Information processing will be undertaken by an employee who has not been authorized to carry such out as part of their legitimate duties.
Employees may have access to your Personal Information only as is appropriate for the type and scope of the task in question and are forbidden to use your Personal Information for their own private or commercial purposes or to disclose them to unauthorized persons, or to make them available in any other way.
6. How We Use the Information You Provide
We use the information we collect for business and commercial purposes such as to operate, improve, and develop our Services and to verify your identity and the identities of other members of your company, we also use your information to bill developers for our Services and to transmit payment. We use your information to comply with law, such as for tax reporting purposes and to send you technical notices, updates, security alerts, and administrative messages; to respond to your comments, questions, inquiries, and customer service requests.
We use your data to help personalize the Services experience for you to communicate with you about products, services, offers, and events offered or sponsored by OnePipe, and to provide news and other information we think may be of interest to you. Information that we collect is also used to monitor and analyze trends, usage, and activities in connection with our Services, to detect and prevent fraud, malicious activity, and other illegal activities. We use your data to protect the rights, privacy, safety, or property of OnePipe and others; and for any other purpose described to you when the information was collected.
7. How We Share the Personal Information You Provide
We do not sell, trade or rent personal information to anyone. However, to enable us to render our Services to you on our platform, we may share your information with trusted third parties, such third parties include financial institutions, payment processors verification services, sanctions screening and identity verification services as well as any third parties that you have directly authorized to receive your Personal Information. Your Personal Information may be stored in locations outside our direct control, for instance, on servers or databases co-located with hosting providers.
8. Transfer of Personal Information
8.1. Third Party Processor within Nigeria
We may share your information with law enforcement agencies, public or tax authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
Please see the list of third party processors we share your personal data with on our website.
8.2. Transfer of Personal Information to Foreign Country
Where Personal Information is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such Personal Information. In particular, we shall, among other things, confirm whether the country is on the National Information Technology Development Agency (“NITDA”) White List of Countries with adequate data protection laws.
Transfer of Personal Information out of Nigeria would be in accordance with the provisions of the Nigeria Data Protection Regulation ("NDPR”). We will therefore only transfer Personal Information out of Nigeria on one of the following conditions:
We will take all necessary steps to ensure that your Personal Information is transmitted in a safe and secure manner. Details of the protection given when your Personal Information is transferred outside Nigeria shall be provided to you upon request.
9. Our Lawful Basis for Processing Personal Information
We will only use and process your personal data as permitted by the Nigerian Data Protection Regulation 2019 (Nigerian Data Protection Regulation). We have set out below a description of all the legal bases we may rely on to process your personal data:
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us by sending an email to: firstname.lastname@example.org; email@example.com, if you need details about the specific legal ground we are relying on to process your personal data where more than one ground may have been used to process your personal data.
10. The Data that We Retain
We will retain your Personal Information for as long as is needed to provide our Services to you, comply with our legal and statutory obligations or verify your information with the required verification authorities.
We are statutorily obligated to retain the Personal Information and data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud, holistically carry out our Services and in compliance with laws and regulatory guidelines applicable to us and our service partners. Therefore, even after discontinuance of our Services, we will retain certain Personal Information and transaction data to comply with these obligations. All Personal Information shall be destroyed by us where possible. For all Personal Information and records obtained, used and stored by us, we shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity and requirement to retain.
The length of storage of your Personal Information shall, amongst other things, be determined by:
whether we have another lawful basis for retaining that information beyond the period for which it is necessary to serve the original purpose.
11. Choices and Rights
Once your Personal Information is held by us, you are entitled to reach out to us to exercise the following rights:
Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. You may decline to provide your Personal Information when it is requested by us, however, certain Services or all the Services may be unavailable to you. You may review and update your Personal Information directly or by contacting us on firstname.lastname@example.org.
12. Age Restriction
Our Services are not directed to children under 18. We do not knowingly collect information from children under 18.
13. Compliance with Local and International Regulatory Best Practices
We confirm that we comply with the NDPR on data collection, transmission, usage and protection. We also, for best practices, adopt pertinent best practices per the General Data Protection Regulation (2016/679) (GDPR) to the extent that they do not conflict with Nigerian data protection regulations and laws.
14. Updates, Modifications and Amendments
15. Complaints and Remedies
Please note that, the complaint and resolution procedure is not prejudicial to your right to complain to the data protection authorities (in this case, the National Information Technology Development Agency (NITDA)) using the following contact details:
Address: No. 28, Port Harcourt Crescent,
Off Gimbiya Street, P.M.B 564, Area 11
We will notify you of any breach and also notify National Information Technology Development Agency (NITDA) within 72 hours of becoming aware of such breach.
You may also seek redress in a court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authorities. Kindly contact us in the first instance by sending an email to: email@example.com
16 Questions and Inquiries
If you are in Lagos, we can also be reached at
11B Badagry Street,
Off Adeniyi Jones Avenue