Data Protection Agreement

Last updated: February 2025
Your Data is Protected! We comply with NDPR and GDPR to keep your information secure.

1. Overview

This Data Protection Agreement explains how Wazobia List protects your personal data in compliance with:

  • Nigerian Data Protection Regulation (NDPR) 2019
  • General Data Protection Regulation (GDPR) EU 2016/679
  • International data protection standards

2. Data Controller Information

Entity: Wazobia List

Contact: privacy@wazobialist.com

Data Protection Officer: dpo@wazobialist.com

3. Legal Basis for Processing

We process your personal data based on:

Purpose Legal Basis
Account creation and management Contract performance
Identity verification Legal obligation & legitimate interest (fraud prevention)
Transaction processing Contract performance
Marketing communications Your consent (opt-in required)
Platform security Legitimate interest

4. Data We Collect

4.1 Personal Data

  • Identity Data: Name, date of birth, government ID details
  • Contact Data: Email, phone number, address
  • Account Data: Username, password (hashed), profile information
  • Transaction Data: Listing history, messages, offers
  • Technical Data: IP address, browser type, device information

4.2 Sensitive Personal Data (Verification Only)

  • Government-issued ID documents (photo and details)
  • Biometric data (selfie for face comparison)
  • Residential address proof
  • National Identification Number (NIN) - optional

Sensitive data is only collected for Level 2 verification and is processed with enhanced security measures.

5. How We Protect Your Data

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Control

Role-based permissions, multi-factor authentication, audit logs

Secure Storage

AWS infrastructure with SOC 2 compliance, regular security audits

5.1 Technical Safeguards

  • Regular security assessments and penetration testing
  • Automated threat detection and monitoring
  • Secure backup and disaster recovery procedures
  • Employee training on data protection
  • Incident response plan for data breaches

6. Data Sharing and Transfers

6.1 We DO NOT Sell Your Data

Wazobia List will never sell your personal data to third parties.

6.2 Limited Sharing

We only share data when necessary:

  • Service Providers: AWS (hosting), Mailgun (emails), Paystack (payments)
  • Legal Requirements: Court orders, law enforcement, regulatory compliance
  • Business Transfers: In case of merger or acquisition (you'll be notified)

6.3 International Transfers

Your data may be transferred outside Nigeria to:

  • USA: AWS servers (adequacy decision pending)
  • EU: GDPR-compliant processors

All transfers use Standard Contractual Clauses (SCCs) approved by NDPR/GDPR.

7. Data Retention Periods

Data Type Retention Period Reason
Account data Until account deletion + 90 days Service provision
Verification documents 18 months from submission Regulatory compliance
Transaction history 7 years Legal obligation (tax/audit)
Marketing consent Until withdrawal + 30 days Compliance
Security logs 90 days Security monitoring

8. Your Data Rights

Under NDPR and GDPR, you have the right to:

  • Access: Request copies of your data
  • Correction: Fix inaccurate information
  • Deletion: Request data removal ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Portability: Receive data in portable format
  • Objection: Object to certain processing
  • Withdraw Consent: Opt-out anytime
  • Complain: Lodge complaint with DPA

To exercise your rights, contact: privacy@wazobialist.com

We will respond within 30 days (NDPR/GDPR requirement).

9. Children's Privacy

Wazobia List is not intended for users under 18 years old. We do not knowingly collect data from children. If you're a parent and believe your child has provided us with personal data, please contact us immediately for deletion.

10. Data Breach Notification

In the unlikely event of a data breach:

  • We will notify affected users within 72 hours of discovery
  • Notification will include: what happened, what data was affected, and what we're doing
  • We will report to NITDA (NDPR) and relevant supervisory authorities
  • We will provide guidance on protecting yourself

11. Cookies and Tracking

We use cookies for:

  • Essential cookies: Login sessions, security (always on)
  • Analytics cookies: Usage patterns, performance (opt-in required)
  • Preference cookies: Language, theme settings

You can manage cookie preferences in your browser or account settings.

12. Third-Party Links

Our platform may contain links to external websites. We are not responsible for the privacy practices of third-party sites. Always review their privacy policies.

13. Updates to This Agreement

We may update this agreement to reflect:

  • Changes in data protection laws
  • New features or services
  • Feedback from regulators or users

Material changes will be notified via email at least 30 days in advance.

14. Supervisory Authority

For NDPR compliance issues, you may contact:

National Information Technology Development Agency (NITDA)

Email: info@nitda.gov.ng

Website: https://nitda.gov.ng

15. Contact Us

Questions or concerns about data protection?

Email

General: privacy@wazobialist.com
DPO: dpo@wazobialist.com

Support

Contact Form

Review our related policies:
Privacy Policy Verification Policy Terms of Service