Privacy Policy for ConfirmNG Limited

2. Definitions

“Consent” means the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they (by a statement or by a clear affirmative action) signify their agreement to the processing of personal data relating to them;

“Data Controller” means the natural or legal person or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this policy, ConfirmNG is the data controller of all personal data relating to data subjects;

“Data Processor” means a person or organisation which processes personal data on behalf of a data controller. This includes ConfirmNG, its employees and third-party service providers;

“Data Protection Legislation” means all applicable data protection and privacy laws including, but not limited to the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and any successor legislation;

“Data Subject” means a living, identified, or identifiable individual about whom ConfirmNG holds personal data;

“Personal Data” means any information relating to a data subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that data subject;

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

“Platform” means, collectively the Company’s website, mobile application and other related applications provided by ConfirmNG.

“Processing” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Consent

3.1 Where processing of your personal data is based on consent, we shall obtain the requisite consent at the time of collection of the personal information. In this regard, you consent to the processing of your personal information when you access our website, Mobile Application (“App”) or use our services, content, features, technologies or functions offered on our website, App or other digital platforms. You can withdraw your consent at any time but such withdrawal will not affect the lawfulness of the processing of your data based on consent given before its withdrawal.

3.2 Where your personal data is to be processed for a different purpose that is incompatible with the purpose or purposes for which that personal data was originally collected that was not disclosed to you when you first provided your consent, we will obtain your consent to the new purpose or purposes.

4. Age Restriction

4.1. You affirm that you are over 18 years old and have the right to contract in your own name, and that you have read the above authorisation and fully understand its contents.

4.2. Individuals under 18 years old are only allowed to sign up for our services or provide us with their information when an adult above the age of 18 is signing contracts in their stead.

5. Data Protection Principles

The Data Protection Legislation sets out the following principles with which anyone handling personal data must comply. We, our employees, agents and contractors comply with the following principles when collecting or processing your personal data. All personal data must be:

5.1. processed lawfully, fairly, and in a transparent manner in relation to the data subject;

5.2. collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

5.3. adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;

5.4. accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay;

5.5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the Data Protection Legislation in order to safeguard the rights and freedoms of the data subject;

5.6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

6. Information We Collect.

In providing our services to you, we collect certain personal and non-personal data about you. Our policy is to keep this information confidential and strictly safeguarded, and to use or disclose it only as needed to provide services to you, or as permitted or required by the Data Protection Legislation. We collect a variety of information from our users and visitors to our website and App in order to properly deliver the services to our users. The information we collect fall into the following categories:

6.1 Information Collected Automatically: Whenever you visit our website, our web servers automatically collect non-personal information such as the domain name of the internet access provider, the internet protocol address used to connect the computer to the internet, the average time spent on our website, pages viewed, information searched for, access times, usage statistics about your interactions with the Platform, including information accessed, time spent on pages or the service, and other relevant statistics.

6.2 Information You Provide Us: If you provide us with personal information, by contacting us, or creating an account on our Platform, we collect the following personal information (for registering your account and other purposes):

6.2.1 Username and password;

6.2.2 Contact information;

6.2.3 Geolocation of the user;

6.2.4 Details of your search queries, saved items, and preferences for notifications,

6.2.5 Information obtained during interactions with us, such as contacting our customer care team, responding to surveys, taking part in promotional activities, gaining access to the prizes won from points gathered;

6.2.6 Email preferences, including subscriptions to marketing communications;

6.2.7 Digital information such as pictures of fuelling stations and related illustrations;

6.2.8 Identity information (e.g., photo ID and nationality etc.);

6.2.9 Information contributed by you to the Platform;

6.2.10 Financial & bank account information where you seek to claim your prizes; and

6.2.11 Any other information you provide to us.

6.3 Information You Share on the Platform: The Platform allows you to submit comments, reviews, ratings and other information. This content may be displayed on the Platform and may be viewable by other users of the service. In addition, if you have created a user profile and uploaded a photograph of yourself in connection with your ConfirmNG account, other users of the service will be able to see your user profile information and your photograph when you submit information to the Platform while logged in to your ConfirmNG account.

6.4 Geolocation Information: If you access the Platform through a mobile device, we will automatically collect information about your geolocation. We cannot offer you some of the features of the Platform, such as the App feature that enables you to find fueling stations around you and their product prices, without your geolocation information.

6.5 Other Information We Collect: We may also collect information from you using cookies and other analytical tools especially when you use our products and services. More details are provided below in our section on Cookies.

7. Using Your Personal Data

7.1 We primarily collect your personal data to ensure that we provide the most efficient services to you, monitor the use and improve our website/App and other legitimate interests. Your information will solely be used and disclosed for the following purposes:

7.1.1 To help us verify your identity;

7.1.2 To carry out our obligations ensuing from any contracts entered into between you and us;

7.1.3 To provide you with the products, services and information you request from us and we offer to you;

7.1.4 To assist you with enquiries and improve our customer service;

7.1.5 To carry out marketing and advertising, including to send you marketing and advertising communications tailored to our services and your specific usage;

7.1.6 To assist us in carrying out marketing analysis and customer profiling, (conduct research, including creating statistical, geolocational and testing information;

7.1.7 To analyse the accuracy, effectiveness, usability, or popularity of the service(s);

7.1.8 To generate and review reports and data about our user base and service usage patterns;

7.1.9 To facilitate the Platform’s technical functioning, including troubleshooting and resolving issues, securing the services, and preventing fraud and abuse;

7.1.10 To allow us to communicate with you in any way (including e-mail, telephone, and text or multimedia messages);

7.1.11 For our user reward program purposes;

7.1.12 To help prevent and detect fraud or loss;

7.1.13 To update our records;

7.1.14 To make recommendations and suggestions to you about services offered by us unless you have previously asked us not to do so;

7.1.15 To send you service or support messages, such as updates, security alerts, email notifications and /or newsletters;

7.1.16 To conduct investigations and risk assessments;

7.1.17 As required or permitted by law;

7.1.18 For compliance with legal and regulatory obligations; and

7.1.19 As we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, the public, or our services.

7.2 Employees, agents, contractors, or other parties working on behalf of ConfirmNG shall collect your personal data only to the extent required for the performance of their job duties and only in accordance with this Policy.

7.3 Employees, agents, contractors, or other parties working on behalf of ConfirmNG shall process your personal data only when the performance of their job duties requires it. Your personal data held by ConfirmNG cannot be processed for any unrelated reasons.

8. Data Accuracy

Your personal data must be accurate and kept up to date. In this regard, ConfirmNG shall ensure that any data it collects and/or processes is accurate and not misleading in a way that could be harmful to you; make efforts to keep your personal data updated where reasonable and applicable; and make timely efforts to correct or erase your personal data when inaccuracies are discovered.

9. Data Confidentiality

Your information is regarded as confidential and will not be divulged to any third party, except under legal and/or regulatory conditions. You have the right to request copies of any and all information we keep on you, if such requests are made in compliance with applicable laws and other relevant enactments. While we are responsible for safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details, adherence with physical security protocols on our premises, dealing with only authorised officers of ConfirmNG.

10. Disclosures

10.1 We will not sell, publish, or disclose to third parties your personal data collected on our website, through our servers or otherwise obtained by us, other than to provide our services and as set forth in this policy. We may share generic aggregated demographic information not linked to any personally identifiable information regarding visitors and users with our business partners, trusted affiliates, professional advisers and advertisers for the purposes outlined above. We may share your information with these third parties for those limited purposes if you have given us your permission and in compliance with the Data Protection Legislation.

10.2 We may request and provide information about you from and to third parties to provide our services.

10.3 We will notify you as soon as we become aware of a harmful data breach which may result in a risk of your rights and freedom.

10.4 You have the right to request an erasure of your data at any time.

10.5 We will notify you if we are transferring your data.

10.6 You may request at any time that we halt further dissemination of your data or cease to use your data.

10.7 If you submit content in a public forum or a social media post, or use a similar feature on our website, that content is publicly visible.

10.8 We may disclose personally identifiable information if required to do so by law or in the good faith belief that such action is necessary to (a) conform with the requirements of the law or comply with legal process served on us, or (b) act in urgent circumstances to protect the personal safety of users of our service or members of the public.

10.9 To the extent practicable and legally permitted, we will attempt to advise you prior to any such disclosure, so that you may seek a protective order or other relief limiting such disclosure.

11. Transfer of Personal Data

11.1 Third Party Processor We may engage the services of third parties in order to process your personal data. The processing by such third parties shall be governed by a written contract with ConfirmNG to ensure adequate protection and security measures are put in place by the third party for the protection of your personal data in accordance with the terms of this policy and the Data Protection Regulation.

11.2 International Transfers Your information may be transferred to a foreign country or international organisation for the purpose of providing our service to you. We will ensure that there are adequate data protection laws in the recipient country or organisation before transferring your information. In particular, we shall, among other things, conduct a detailed assessment of whether the said country is on the Nigeria Data Protection Commission (NDPC) Whitelist of Countries with adequate data protection laws or any other relevant authorities that exist and may come into existence in the jurisdictions where the company has offices.

11.2.1. Transfer of your personal data out of Nigeria would be in accordance with the provisions of the NDPA. We will therefore only transfer your personal data out of Nigeria on one of the following conditions:

a. Your explicit consent has been obtained;

b. The transfer is necessary for the performance of a contract between you and ConfirmNG;

c. The transfer is necessary to conclude a contract between ConfirmNG and a third party in your interest;

d. The transfer is necessary for reason of public interest;

e. The transfer is for the establishment, exercise or defense of legal claims;

f. The transfer is necessary in order to protect your vital interests or the interests of other persons, where you are physically or legally incapable of giving consent.

11.2.2. Provided, in all circumstances, that you have been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this provision shall not apply to any instance where you are answerable in duly established legal action for any civil or criminal claim in another country.

11.2.3. We will take all necessary steps to ensure that your personal data is transmitted in a safe and secure manner. Details of the protection given to your information when it is transferred outside Nigeria shall be provided to you upon request.

11.2.4. Where none of the conditions stipulated in clause 11.2.1 and 11.2.2 of this policy are met, ConfirmNG will engage with NDPC for approval with respect to such transfer.

12. Your Rights

Subject to certain limitations and exceptions, you are entitled to the following principal rights under the Data Protection Legislation:

12.1 under the Data Protection Legislation: You have the right to be notified if we are transferring your personal information.

12.2 You have the right to request an erasure of your personal data at any time.

12.3 You have the right to request that we rectify inaccurate personal information.

12.4 You may request at any time that we halt further dissemination of your data or cease to use your personal information.

12.5 You have the right to request for copies of your personal information.

12.6 You can opt out of marketing or advertising emails by following the unsubscribe process included in the promotional email you received or by logging into your account and indicating your preference. You may also request to opt out of marketing or advertising emails by contacting us at info@confirmng.com. Please keep in mind that you if you opt out of receiving marketing messages, you will still receive service-related emails from us (such as emails related to your requests or searches, your account on our Platform, correction of personal information, password reset requests, reminder emails you have requested, updates to our Terms of Service and policies and other similar communications essential to your transactions on the Platform) that may be necessary for us to make the Platform available to you or respond to your inquiries.

13. Website Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We store collected data in ConfirmNG’s database in cloud provider instances provided by aws and firebase. We use encryption tools when accepting and transmitting delicate visitor information through our website and App.

14. Training

We shall ensure that employees who collect, access and process your personal data receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this policy and the Data Protection Legislation with regard to the protection of personal data. On an annual basis, we shall develop a capacity building plan for our employees on data privacy and protection in accordance with the Data Protection Legislation.

15. Use of Cookies

We use cookies to identify you as a user and make your user experience easier, customise our services, content and advertising; help you ensure that your account security is not compromised, mitigate risk and prevent fraud; and to promote trust and safety on our website. Cookies allow our servers to remember your account log-in information when you visit our website, IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities. If your browser or browser add-on permits, you have the choice to disable cookies on our website; however, this may limit your ability to use our website.

16. The Data We Retain

We will retain your information for as long as needed to provide you with our services, comply with our legal and statutory obligations or verify your information with a financial institution. We are statutory obligated to retain the data you provide us with in order to process requests, ensure settlements, identify fraud and in compliance with laws and regulatory guidelines applicable to us.

17. Data Breach Management Procedure

17.1 In the event where there is any accidental or unlawful destruction, processing, loss, alteration, unauthorized disclosure of, or access to your personal data, we shall:

17.1.1. notify you within 24 hours of the occurrence of the data breach;

17.1.2 properly investigate the breach and take the necessary steps to mitigate such breach;

17.1.3 identify remediation requirements and track the resolution of such breach; and

17.1.4 notify the NDPC and/or any other regulatory authority, where necessary.

18. Links to Third Party Websites

18.1 Our website may contain links to third-party websites or services that are not owned or controlled by us.

18.2 We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such websites or services.

18.3 We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.

19. Limitation of Liability

We exercise reasonable efforts to safeguard the security and confidentiality of your personal data; however, we will not be liable for unauthorised disclosure of personal data that occurs through no fault of ours.

20. Changes to this Privacy Policy

Changes may be made to this Privacy Policy from time. Whenever such changes are made, we will notify you. These changes will take effect immediately after you have been notified.

21. Contact Us

If you would like more information or you have any comments or questions on our Privacy Policy, please contact us a info@confirmng.com

This policy is effective as of February 2024.

Last updated: February 2024.