Privacy Policy
Effective Date: 17th March 2025
Introduction
Saroafrica International Limited (“Saroafrica”, “we”, “our”, “us”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Notice explains how we collect, use, disclose, store, and protect your personal data in compliance with the Nigerian Data Protection Act, 2023 (NDPA) and other applicable laws.
By accessing our website, providing your data, or using our services, you consent to our privacy settings, acknowledge and accept the practices described in this Privacy Notice.
Information We Collect
We may collect and process the following categories of personal data:
1. Personal Information
- Personal Identifiable Information: We may collect personal information such as your name, email address, phone number, next of kin details, marital status, and images captured via CCTV (where applicable), and payment information.
- Financial Information: We may collect financial information such as payment details, bank account information, and transaction history.
- Technical Information: We may collect technical information, such as your IP address, unique device identifiers, browser type, and smart device information.
- Sensitive Personal Information: We may collect sensitive personal data, such as biometric data and health-related data only when necessary and with your explicit consent.
- Communication Information: We may collect communication information such as feedback, queries, and customer support interactions.
Purpose of Information Collection
We collect and process your personal information for the following purposes:
- To provide, improve and manage our services to you.
- To process payments and manage financial transactions.
- To manage our relationship with you and to communicate our updates, service-related notifications, offers, and support.
- To comply with legal and regulatory requirements.
- To enhance user experience, improve our services and website functionality.
- To ensure system security, prevent fraud and cyber threats.
Information Sharing
We may share your personal information with the following recipients only when it is legally permitted by the NDPA:
1. Third-Party Service Providers: We may share your information with service providers who support our operations. These providers are required to comply with our data protection policies and Data Processing Agreements in line with this Privacy Notice and NDPA 2023.
2. Legal or Regulatory Authorities: We may disclose your information if required by law, court order, or valid requests from public authorities (e.g., a court or government agencies).
3. Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.
International Data Transfers
We may transfer your personal information outside Nigeria to jurisdictions that may not offer the same level of data protection. In such cases, we will ensure that your data is protected according to the standards required by the NDPA, using mechanisms like:
- Standard contractual clauses (SCCs) or equivalent legal mechanisms or;
- Binding Corporate Rules (BCRs) where applicable.
Data Security
We implement appropriate industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of sensitive information, access controls to restrict information access, and regular security audits and vulnerability assessments.
Data Retention
We retain your personal information only as long as necessary for the stated purposes or as required by law, in line with our Data Retention Policy. Upon expiration of the retention period, data is securely deleted or anonymized.
Your Rights
Under the Nigerian Data Protection Act 2023, you have the following rights:
- Right to Access: You may request a copy of your personal data.
- Right to Rectification: You may correct any inaccurate or incomplete data.
- Right to Erasure: You may request data deletion, subject to legal exceptions.
- Right to Restriction of Processing: You may limit how we process your data.
- Right to Data Portability: You may request your data be transferred to another party or service provider in a structured machine-readable format.
- Right to Object: You may object to certain types of data processing, including direct marketing.
- Right to Withdraw Consent: If processing is based on your consent, you may revoke your consent at any time.
- Right to Lodge a Complaint: If you believe your rights have been violated, you may lodge a complaint with the Nigerian Data Protection Commission (NDPC).
To exercise any of these rights, please contact DPO@saroafrica.com
Data Protection Impact Assessment (DPIA)
We conduct Data Protection Impact Assessment (DPIA) before processing data that may pose significant risks to individuals’ rights and freedoms.
Children's Privacy
Saroafrica does not knowingly collect personal data from children under the age of 13 without verifiable parental consent. If we become aware that a child under 13 has provided us with personal data, we will delete such data immediately.
Policy Updates
We may update this Privacy Notice periodically reflect changes in our practices or for other operational, legal, or regulatory changes. We will notify you of any significant changes to the new Privacy Policy on our official website and updating the “Effective Date” above.
Contact Us
For inquiries, questions, requests, or concerns about this Privacy Notice, please contact us at:
Name: Saroafrica International Ltd
Email: DPO@saroafrica.com
Phone Number: [+234 02016311110]
Physical Address: Empire Place, Plot 1683, Sanusi Fafunwa Street, Victoria Island, Lagos, Nigeria.
