Privacy Policy

Vendesquare Technologies Limited, a company incorporated under the laws of the Federal Republic of Nigeria ("Company," "we," "us," or "our"), is committed to protecting the privacy of our users ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our “Vendesquare” mobile application (the "App") and the services provided through the App (the "Services"). This Privacy Policy complies with the Nigeria Data Protection Regulation (NDPR) 2019, the principles of the General Data Protection Regulation (GDPR), and other applicable data protection laws.

Last Updated: February 26, 2025

1. INFORMATION WE COLLECT

We may collect the following types of information, including personal data, from and about you:

1.1 Information You Provide Directly:

Account Information: When you create an account, we collect your name, email address, phone number, and password. You may also choose to provide additional information, such as your profile picture and delivery address.
Order Information: When you place an order, we collect information about the products you purchase, the vendor you purchase from, your billing and shipping address, and payment information (processed through a secure third-party payment processor – we do not store your full payment card details).
Communication Information: When you contact us (e.g., via email, customer support), we collect the content of your communications and any information you choose to provide.
Vendor Information (If Applicable): If you register as a vendor, we collect additional information, such as your business name, address, tax identification number, and bank account details.

1.2 Information Collected Automatically:

Usage Data: We collect information about how you use the App, such as the features you use, the pages you visit, the products you view, and the time and date of your access.
Device Information:We collect information about the device you use to access the App, including the device type, operating system, unique device identifiers (e.g., UDID, IMEI), IP address, mobile network information, and browser type.
Location Information (With Your Consent): If you enable location services, we may collect your device's precise location to facilitate deliveries and provide location-based features. You can disable location services at any time through your device settings.
Cookies and Similar Technologies: We may use cookies, web beacons, and other tracking technologies to collect information about your browsing activity and preferences. You can control cookies through your browser settings.

1.3 Information from Third Parties:

Payment Processors: We receive transaction information (but not full payment card details) from our third-party payment processor.
Logistics Providers: We may receive delivery status updates from third-party logistics providers.
Social Media (If Applicable): If you choose to connect your account to a social media platform, we may collect information from your social media profile, in accordance with your privacy settings on that platform.
Vendors: We receive information from vendors relating to orders and transactions

2. HOW WE USE YOUR INFORMATION

We use your information, including personal data, for the following purposes:

2.1 Providing and Improving the Services:

To operate and maintain the App and Services.
To process your orders and transactions.
To facilitate communication between you and vendors.
To provide customer support.
To personalize your experience on the App.
To improve the App and Services, develop new features, and conduct research and analysis.

2.2 Communication:

To send you transactional emails and notifications related to your account and orders.
To send you marketing communications (with your consent, where required by law).
You can opt out of marketing communications at any time.
To respond to your inquiries and requests.

2.3 Legal Compliance and Safety:

To comply with applicable laws and regulations, including the NDPR and the FCCPA.
To enforce our Terms of Service and other policies.
To respond to your inquiries and requests.
To detect, prevent, and address fraud, security breaches, and other illegal or harmful activities.

2.4 With Your Consent:

For any other purpose for which we obtain your explicit consent.

3. LEGAL BASIS FOR PROCESSING (NDPR and GDPR)

We rely on the following legal bases for processing your personal data:

Performance of a Contract: Processing your data is necessary to fulfil our contractual obligations to you, such as processing your orders and providing the Services.
Consent: We will obtain your explicit consent for certain processing activities, such as sending marketing communications (where required by law) and collecting precise location data. You have the right to withdraw your consent at any time.
Legitimate Interests: We may process your data based on our legitimate interests, such as improving the App, preventing fraud, and ensuring the security of our systems. We will always balance our legitimate interests against your rights and freedoms.
Legal Obligation:: We may process your data to comply with legal obligations, such as tax reporting requirements and responding to lawful requests from authorities.

4. SHARING YOUR INFORMATION

We may share your information, including personal data, with the following categories of recipients:

4.1 Vendors: We share your order information with vendors to enable them to fulfill your orders.
4.2 Logistics Providers: We will obtain your explicit consent for certain processing activities, such as sending marketing communications (where required by law) and collecting precise location data. You have the right to withdraw your consent at any time.
4.3 Payment Processors: We share your payment information with our secure third-party payment processor to process transactions. We do not store your full payment card details.
4.4 Service Providers: We may share your information with third-party service providers who assist us with various aspects of our business, such as data hosting, analytics, customer support, and marketing. These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
4.5 Legal Authorities: We may disclose your information to legal authorities if required by law or legal process, or if we believe it is necessary to protect the rights, property, or safety of the Company, our users, or others.
4.6 Business Transfers: We may share your information with third-party service providers who assist us with various aspects of our business, such as data hosting, analytics, customer support, and marketing. These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
4.7 With Your Consent:We may share your information with other third parties with your explicit consent.

5. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

Encryption of data in transit and at rest.
Access controls to limit access to your data to authorized personnel.
Regular security assessments and audits.
Data breach response plan.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

6. DATA RETENTION

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will also retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

7. YOUR RIGHTS (NDPR and GDPR)

Under the NDPR and, where applicable, the GDPR, you have the following rights regarding your personal data:

Right to Access: You have the right to request access to the personal data we hold about you.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object: YYou have the right to object to the processing of your personal data under certain circumstances, including processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with the National Information Technology Development Agency (NITDA) if you believe that we have violated your data protection rights.

To exercise these rights, please contact us using the contact information provided below. We will respond to your request within a reasonable timeframe, and no later than one month. We may need to verify your identity before processing your request.

8. INTERNATIONAL DATA TRANSFERS

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

Standard Contractual Clauses: We may use standard contractual clauses approved by the European Commission or NITDA.
Adequacy Decisions: We may transfer data to countries that have been deemed to provide an adequate level of data protection by the European Commission or NITDA.
Binding Corporate Rules: We may rely on binding corporate rules (if applicable).
Other Legitimate transfer mechanism

9. CHILDREN'S PRIVACY

We may update this Privacy Policy from time to time. We will post the updated Privacy Policy on the App and update the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the App after the posting of the revised Privacy Policy constitutes your acceptance of the changes.

10. CHANGES TO THIS PRIVACY POLICY

11. CONTACT US

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected]
By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described.