18/11/2024 — Version 7.0

Privacy Policy

Introduction

Gpay Limited understands that your privacy is important and that you care about how your personal data is used and shared online. We respect the privacy of everyone who visits our website and uses our services. We are committed to respecting, securing, and protecting your personal data. We are also committed to being transparent about what we collect from you and how we use it. This privacy policy covers information practices, including how we use, share, and secure the personal information you provide and your legal rights.


Our contact details
Address: 59B, Igboukwu plaza, bba by sokoto gate, international trade fair complex.Lagos
Email: security@Gpayafrica.com

Our Data Processing Princinples

In processing your personal data, we adhere strictly to the principles of data processing by NDPA. Our obligation in terms of the principle is to ensure that personal data is:

  • Processed in a fair, lawful and transparent manner.
  • collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes.
  • adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data was collected or further processed.
  • retained for not longer than is necessary to achieve the lawful bases for which the personal data was collected or further processed.
  • accurate, complete, not misleading, and, where necessary, kept up to date having regard to the purposes for which the personal data is collected or is further processed.
  • processed in a manner that ensures appropriate security of your personal data, including protection against unauthorised or unlawful processing, access, loss, destruction, damage, or any form of data breach.


Furthermore, we are committed to ensuring accountability, demonstrating duty of care to you and also upholding data confidentiality, integrity, and availability.

Data Collection

By expressing an interest in our services, visiting our websites or registering to use our service, we may collect personal information from you:

  • Contact information such as name, company name, address, phone number and email address.
  • System information, such as IP Address, browser type and version, and operating system relating to information gathering tools such as cookies.
  • Information you put into forms and from curriculum vitae
  • Details of your visits to our site and the resources you use.
  • Other information such as the number of people within your organization using our service.

Purpose of Collection

  • EMPLOYMENT – The lawful basis of collection here is contract.  Some instances may involve other lawful basis such as consent, vital interest or legal obligation.
  • CONTRACT – In some instances, it may involve legitimate interest or public interest, particularly in carrying out due diligence.
  • REGULATORY ACTIONS – The main lawful basis for collection in this instance is legal obligation. Some instances may involve public interest.

Data Usage

The data we collect is used to educate and inform customers about our product and to improve our service. We may also collect personal information about our prospective and existing customers, former and prospective employees, contractors, agents, collaborators, clients, suppliers , vendors, and service providers. The information collected is used to provide services to our customers. These may include but not limited to any of the following:

  • Processing service requests
  • Negotiating contracts
  • Handling orders
  • Promotional offers and marketing
  • Providing customer support
  • Managing customer relationships
  • Developing and improving our services.
  • Compliance with governmental, legislative and regulatory bodies, and     investigating complaints about the use of our services


For the purposes of this Privacy Policy, ‘processing’ means any operation or set of operations which is performed on your data, whether or not by automatic means,

such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, restriction, erasure or destruction.

We process personal information for certain business purposes, which include some or all the following:

  • Where the processing enables us ensure efficient transactional purposes
  • Where the processing enables us to enhance, modify, personalize or otherwise  improve our services/communications for the benefit of our customers
  • To better understand how people interact with our websites


Our legitimate business interests do not automatically override your interests. As such, we will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to by law.

If you have any objection to our data processing by legitimate interests, please see ‘your rights’ section below.

Your Rights

Under the Nigerian Data Protection Act (NDPA), you have several rights about your personal data. This policy has been designed to uphold your rights where we act as a data processor/controller:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right to be informed – you have the right to be informed of any data we use, consult or process on you. We must inform you about the processing and its extent timeously.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our record,deleted or forgotten.
  • Right to restriction of processing – where certain conditions apply you a have a right to restrict the processing.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organization.


If we are unable to help, or you are not satisfied with our response, you also have the right to lodge a complaint with the Nigeria Data Protection commission (NDPC).

NDPC can be contacted:
By post – No.12 Clement Isong Street, Asokoro, Abuja, Nigeria,
By telephone – 0916 061 5551
Via website – https://ndpc.gov.ng/

Disclosure

If required by law or if disclosure is necessary to protect our rights and/or to comply with judicial proceedings, court order, or legal process, we reserve the right to disclose any relevant information.

Communication

When you provide information through one of our web forms or other avenues, we might provide you with further information about our services..

Should you request information from us, we will use the data you provide to process this request.

For example, by completing our ‘Access request form’, we will get a better understanding of your requirements.

We may use information you provided to contact you to further discuss your interest in our services and to send you information regarding us and our affiliates. We will only process the information you provide on the grounds of legitimately meeting your requirements.

To consistently provide an expected level of service, we may also use information collected to update, expand and analyze our records to create a more befitting service for you.

Keeping your data up-to-date

We may retain your information for a period consistent with the original reason it was collected. Upon entering into an agreement with us, we reserve the right to store and use your information. Upon termination of the agreement, we would keep your information for required legal reasons.

As a customer, you have the right to request to review, correct, delete or otherwise modify any of the personal information you may have previously provided to us, at any time. As a user of our product, you may generally update information wherever necessary. To update your billing information or terminate your agreement with us, you can contact us.

For other requests: erasure, access, portability, rectification, and objection, your requests will be addressed within thirty (30) days.

Your Data

Our customers submit data and information, whether electronically or by other means, to us for processing purposes. We will not review, share, alter or distribute this data unless otherwise requested by law. We only access your data only for the purposes of continuing to provide our services or to prevent or address any service or technical problems. As stated above, the information we hold about you can be accessed upon request.

Security

As part of delivering optimum service to our customers, we take adequate security measures to maintain your data in a secure and organized manner. Only authorized employees from our organization can access, alter, disclose and destroy personal data, when required.

We have implemented the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of  access.

These measures shall include the following measures regarding your personal data transmitted, stored or otherwise processed:

  • Prevention of unauthorised persons from gaining access; Prevention of unauthorised use or disclosure;
  • Ensuring that persons entitled to use your personal data gain access only to such personal data as they are entitled to access in accordance with their access rights;
  • Ensuring that your personal data cannot be read, copied, modified or deleted by persons not having the right authorisation to do so;
  • Ensuring that your personal data are processed solely in accordance with the purposes for which your personal data is collected;
  • Protection against alteration;
  • Protections against accidental destruction or loss; Data recovery procedures;
  • Anti-malware controls; security updates.


In addition, our employees only act within the scope of their authority and are trained to prevent any errors or omissions.

We also carry out ongoing security monitoring exercises to ensure that our systems are updated and adopt appropriate industry data collection, storage, and processing practices.

Physical security measures are in place to protect against unauthorized access, alteration, disclosure of personal information, username, password, transaction information and data stored in your user account. Access to your name and address is restricted to our employees who need to know such information in connection with delivering our services to you and are bound by legal confidential obligations.

Transfer to Third Parties and Countries

In carrying out our mandate effectively, we may require the services of third parties who may be within or outside the NDPA jurisdiction (Nigeria). Examples of such services include but are not limited to the following:

  • a) Internet connectivity,
  • b) Cloud storage,
  • c) Data analytics,
  • d) Data security, and
  • e) Software development.


In transferring your data to third parties, we shall be guided by the NDPA.

We reserve the right to change this privacy policy. This policy will be reviewed annually or whenever there is a significant business change.