Privacy

26.08.2024

1. Who We Are

1.1. TradeDepot Limited (“TradeDepot” or “Us” or “We” or “Our”) is a retail technology company based in Lagos, Nigeria, with Our registered address at 3/4 Adewunmi Industrial Estate, Kudirat Abiola Way, Oregun, Lagos. Our business involves the supply of fast-moving consumer goods and certain financial services to small and medium-scale businesses (Our “Services”). Our Privacy Policy has been prepared to meet the requirements of the Nigeria Data Protection Act (the “NDPA”). We are committed to protecting the confidentiality and privacy of personally identifiable information (“Personal Data”) entrusted to Us through this website and/or Our mobile application (“Website”). Our Privacy Policy, together with our Terms of Use, explains when and why We collect Personal Data, how We use the Personal Data, conditions under which We may disclose Personal Data to others and the efforts We take to keep Personal Data secure. The terms ‘you’ and ‘your’ means you as an individual accessing this Website, and applying for or utilising Our Services. Where We make decisions on how Personal Data is used in connection with Our Services, We are acting as a Data Controller and will be responsible for the obligations of a Data Controller under the NDPA in connection with the processing of Personal Data. For example, We use this Privacy Policy and other notices to provide you with information about Our use of Personal Data, as required by the NDPA. Where We only use Personal Data requested by other Data Controllers, We would be acting as Data Processors and those other Data Controllers are similarly responsible for the obligations of a Data Controller under the NDPA in connection with the processing of those categories of Personal Data. If you are using Our Services through those other Data Controllers, you should contact them if you have questions or concerns about the processing of your Personal Data or compliance with the NDPA and other applicable laws.

1.2. We may update and modify this Privacy Policy from time to time, so please do return to the Website and review this Privacy Policy regularly. Unless otherwise stated, any updates to this Privacy Policy become effective when We post the updates on the Website. Your continued use of the Website for Our Services following an update to the Privacy Policy means that you are aware of the updated Privacy Policy and have no objections to any such updated Privacy Policy. Please read the following carefully to understand Our views and practices regarding the processing of your Personal Data.

2. Personal Data We Collect

2.1. We may collect the following information from you as part of the process of providing the Services. The categories of Personal Data We may collect from you includes:

2.1.1. Basic Personal Data which may include your name, date of birth, and gender;

2.1.2. Information that you provide by filling in forms on the Website;

2.1.3. Your contact details such as postal address, home address, delivery address, email address, and phone number;

2.1.4. Banking and payment card details, including account number, National Identity Number(NIN) and Bank Verification Number(BVN);

2.1.5. Verification information such as past addresses and proof of income and expenditure, including national identification number;

2.1.6. Details of any loan applied for, such as the amount, preferred repayment period, and bank details for making repayments;

2.1.7. Information We need to assess the affordability of the loan, such as your employment details and your monthly income;

2.1.8. Identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address and other information about your visits to the Website;

2.1.9. Work details – such as job title, department, company name, company address, personal information of employees who may act as your agents, work email address, and office phone number;

2.1.10. Log in details – such as username and password;

2.1.11. Usage Information and Browsing History - such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, content, and advertising interactions);

2.1.12. Location Information. We may collect or infer your general location information when you use Our Services;

2.1.13. We may also collect additional information involving your opinion of Our Services and your preferences regarding other services such as newsletter subscription;

2.1.14. Any other Personal Data that you choose to provide on the Website or in your communications with Us. Please note, call recordings of conversations may be retained for monitoring and training purposes, except where bank card details are provided. When providing bank card details, the call recording will be paused and resumed once the card details have been fully provided.

2.2. Information that we may obtain from third parties

In some circumstances, We may collect Personal Data about you from Our partners or from publicly available websites to help Us better understand Our audience and enhance the relevance of Our content. We may collect Personal Data about you from third parties, such as:

2.2.1. Some organisations and others with whom you have a relationship that provide or publish Personal Data related to you, such as from Our customers when they arrange access to Our Services for you or from others when they create, post, or submit user content on Our Services that may include your Personal Data;

2.2.2. Professional or industry organisations and certification / licensure agencies that provide or publish Personal Data related to you;

2.2.3. Third parties and affiliates who resell or integrate with Our Services.

2.2.4. Service providers and business partners who work with Us in relation to Our Services and that We may utilise to deliver certain content, products, or services or to enhance your experience;

2.2.5. Marketing, sales generation, and recruiting business partners;

2.2.6. Credit bureaus and other similar agencies;

2.2.7. Government agencies and others who release or publish public records.

2.2.8. Other publicly or generally available sources, such as social media sites, public and online websites, open databases, the corporate affairs commission, and data in the public domain.

2.2.9. If you own any asset, We may carry out a search at the relevant asset registry. Performing the search helps Us verify you and, in some cases, means We can lend higher amounts;

2.2.10. A credit check will be carried out by licensed credit bureaus in Nigeria to view your credit history and financial commitments. If you advise of any other financial commitments not shown on the credit file, details will be required;

2.2.11. We may also carry out a credit search if payments are missed or if We are unable to contact you;

2.2.12. We may obtain information about complaints from a regulator, if you make a complaint.

2.3. Information that may be generated during the course of your relationship with us, for example:

2.3.1. Details of repayments that you have made or missed;

2.3.2. Account reference details on Our system; and

2.3.3. We may collect information about your interactions with the Website using cookies and similar technologies. Cookies are small files placed on your computer’s hard drive that enable the Website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferences in order to present contents, options or functions that are specific to you. Like most interactive websites, Our Website may use cookies to enable the tracking of your activity for the duration of a session. We may also use cookies (and similar technologies) and analytics tools to collect information about you. This information can be used to improve the performance of the site, make advertising more relevant and enhance your user experience, such as Your location – We use cookies to display information that is most relevant to your location. Your usage – We use cookies to understand how Our customers use Our Website and interact with Our communications. For example, We use technology on Our Website, which record user movements, including page scrolling, clicks and text entered. (It does not record payment details.) This helps Us identify usability issues and improve the assistance We can provide to users and is also used for aggregated and statistical reporting purposes. Your device – We use cookies to understand what type of device you are using to show you the best version of the site. For instance, if you visit Our Website on a mobile device, Our technology will ensure that you see a version that is optimised for mobile viewing and interaction. Your engagement with advertisements – We use cookies to understand what advertisements you have been shown, or clicked on, to bill Our advertising partners, and to present you with advertisements that are more relevant to you

3. How We Use Personal Data

5.1. We may store and use your Personal Data for the following purposes:

  • Search for and subscribe to Our Services.
  • Use Our Services or otherwise interact with Us.
  • Create or maintain a profile or account with Us.
  • Purchase, use, or otherwise interact with content, products, or services from third-party providers who have a relationship with Us.
  • Create, post, or submit user content on Our Services.
  • Register for or attend one of Our events or locations.
  • Improve features and website content, and analyse data to develop products and services.
  • Request or sign up for information.
  • Communicate with Us by phone, email, chat, in person, or otherwise.
  • Complete a questionnaire, survey, support ticket, or other information request form.
  • When you express an interest in working with Us or apply for a job or position with Us.
  • Address any inappropriate use of Our Website. (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  • Prevent, detect and manage risk against fraud and illegal activities using internal and third-party screening tools. (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  • Verify your identity. (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  • Administering your application and loan agreement (as is necessary for the performance of a contract between you and Us and/or as is necessary for Our legitimate interests).
  • Carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
  • Assessing financial risks, including by carrying out credit reference checks (as is necessary for the performance of a contract between you and Us and/or as is necessary for Our legitimate interests).
  • Using your payment details to process payments relating to your loan repayments, and refunds (as is necessary for the performance of a contract between you and Us and/or as is necessary for Our legitimate interests);
  • Communicating with you about your loan application/agreement, including responding to your enquiries (as is necessary for the performance of a contract between you and Us and/or as is necessary for Our legitimate interests);
  • Administering debt recoveries, where you owe Us money under a contract or otherwise (as is necessary for the performance of a contract between you and Us and/or as is necessary for Our legitimate interests);
  • Undertaking statistical analysis, including analysing your use of Our Website. This allows Us to develop new, or improve existing products and services (as is necessary for Our legitimate interests); and
  • fulfilling Our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with Our legal obligations and/or as is necessary for Our legitimate interests).
5.2. Our “legitimate interests” as referred to above, include Our legitimate business purposes and commercial interests in operating Our business in a customer-focused, efficient, and sustainable manner, in accordance with all applicable legal and regulatory requirements. Your Personal Data is not used for the purposes of solely automated decision making or profiling.

4. How We Share Personal Data

4.1. We may share your Personal Data with Our associated companies and with certain third parties including:

4.1.1. Third parties that assist Us in preparing or sending any communications to you, or to assist Us in connection with any of Our administrative or business functions, or in the provision of any of Our services to you, or to third parties acting as Our agents.

4.1.2. We reserve the right to sell non-performing accounts. We will inform you if We do this.

4.1.3. If We are unable to make contact with you, We may employ third party companies to trace your whereabouts and re-engage with Us. We may also employ third parties to enforce Our rights under any agreement with you.

4.1.4. If We or Our assets are potentially to be acquired by a third party, or if We consider restructuring, Personal Data held by Us about Our customers (including borrowers and investors) will be one of the transferred assets and may be shared during the potential transaction or restructuring process or as part of a mergers & acquisition transaction.

4.1.5. Anyone to whom We transfer or may transfer Our rights and duties under any agreement with you

4.1.6. Legal and regulatory bodies, including fraud prevention agencies or when We have a legal obligation to do so.

4.1.7. Our auditors, solicitors, professional advisors, sub-contractors who have agreed to treat your Personal Data as confidential

5. How We Protect your Personal Data

5.1. We employ all reasonable efforts to keep your Personal Data secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing of Personal Data and against its accidental loss, destruction or damage. We are committed to managing your Personal Data in line with the NDPA and best practices. We protect your Personal Data using physical, technical, and organisational measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We also use industry-recommended security protocols to safeguard your Personal Data. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to Our buildings and files.

6. Grounds for Processing your Personal Data

6.1. We may process your Personal Data for anyone of the lawful basis specified below in accordance with the NDPA. If you are unsure as to the lawful basis for processing any category of your Personal Data which We process, please reach out to Us via dataprotection@tradedepot.co.

6.1.1. the Data Subject has given consent to the processing of his/her Personal Data for one or more specific purposes;

6.1.2. the processing is necessary for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering into a contract;

6.1.3. processing is necessary for compliance with a legal obligation to which We are subject;

6.1.4. processing is necessary for legitimate interests pursued by Us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of Personal Data; and

6.1.5. processing is necessary for the performance of a task carried out in the public interest or in exercise of an official public mandate vested in Us.

7. Transfers of Personal Data outside Nigeria

7.1.The Personal Data that We collect from you may be transferred to, and stored at, a destination outside Nigeria. Where your Personal Data is transferred outside Nigeria, We will take all steps reasonably necessary to ensure that your Personal Data is transferred to a country on the Adequacy Whitelist published by the NDPC and, generally, in accordance with the provisions of the NDPA. We will take reasonable steps to use contractual terms which ensure that any such category of Personal Data is adequately protected or that the country to which the data is being transferred has reasonably adequate data protection laws in place.

8. Data Retention

8.1. We retain the Personal Data processed by Us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In accordance with Our retention policy, We may retain your Personal Data for a minimum of 6 (six) years from the end of Our business relationship with you. That is, when your account is closed or when all the outstanding sums payable to Us have been paid by you.

9. Security of Information

9.1. We are aware of the importance of protecting the Personal Data We collect from you and therefore We store data in encrypted form on computers and control access via secure web pages. We employ firewalls and other security technologies to protect Our servers from external attacks. We train Our employees in the proper handling of Personal Data and when We use other companies to provide services for Us, We require them to protect the confidentiality of Personal Data they receive. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your Personal Data, We cannot guarantee the security of your data transmitted to Our Website; any transmission is at your own risk. Once We have received your Personal Data, We will use strict procedures and security features to try to prevent unauthorised access.

10. Your rights under the NDPA

10.1. Your Personal Data is protected under the NDPA and you have a number of data protection rights (explained below) which you can seek to exercise. Please contact Us via: dataprotection@tradedepot.co. , if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights, We will explain to you whether or not the right applies to you; these rights do not apply in all circumstances. Please be aware that if your request is manifestly unfounded or excessive, We may refuse to deal with your request in accordance with the provisions of the NDPA. We may also charge a reasonable fee for dealing with any such requests as requested by the NDPA.

  • Right to access of Personal Data
    You have the right to access the Personal Data We hold about you and to obtain certain prescribed information about how We process it, as well as the source of the Personal Data We hold about you. This is more commonly known as submitting a ‘Data Subject Access Request’. We may request proof of your identity before sharing such information.

  • Right to rectify or erase your Personal Data
    If you discover that the Personal Data We hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected). You may ask Us to delete information We hold about you in certain circumstances. This right is not absolute and only applies in particular circumstances. It may therefore not be possible for Us to delete the Personal Data We hold about you, for example, if We have an ongoing relationship or are required to retain information to comply with Our legal obligations or to exercise or defend legal claims.

  • Right to Withdraw Consent
    Where We have relied on consent as the lawful basis to process your Personal Data, You may withdraw your consent by notifying Us immediately.

  • Right to object to processing
    You may not object to the processing of your Personal Data when it is based on Our legitimate interests. You may also object to the processing of your Personal Data for the purposes of direct marketing and profiling, to the extent that such profiling is related to direct marketing.

  • Right to restriction of processing
    In some cases, you may have the right to have the processing of your Personal Data restricted. For example, where you contest the accuracy of your Personal Data, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it be restricted instead.

  • Right to data portability
    You have the right to receive, move, copy, or transfer your Personal Data to a controller which is also known as ‘data portability’.

  • Right to Complain
    Right to submit a complaint to the Nigeria Data Protection Commission (NDPC).

  • Right to Object
    You have the right to object to any automated decision making made in connection with your Personal Data. Automated decision making are decisions based solely on automated processing by automated means, without any human involvement. We may still process your Personal Data by automated means, where such is (a) necessary for entering into or the performance of a contract between the data subject and a data controller; (b) authorised by a written law, which establishes suitable measures to safeguard your fundamental rights and freedoms; or where this is authorised by you. In that event, We would take reasonable steps to implement suitable measures to safeguard your fundamental rights, freedoms and interests.

11. Complaints

11.1. If you have any complaints about Our use of Personal Data, please send an email with the details of your complaint to dataprotection@tradedepot.co. or use the contact details above. We will investigate and respond to any complaints We receive. You also have the right to lodge a complaint with the NDPC. For further information on your rights and how to complain to the NDPC, please refer to the NDPC Website.

12. HOW DO WE COLLECT AND STORE CONTACT INFORMATION?

12.1. The data controller is TradeDepot Limited, registered in Nigeria and doing business at No 3/4 Adewunmi Industrial Estate, Kudirat Abiola Way, Oregun, Lagos. If you have any questions about this Privacy Policy or how and why We process Personal Data, please contact Us at dataprotection@tradedepot.co.

Last Modified: 26th Aug., 2024