Privacy Policy

Last Updated: February 2024

Privacy Commitment Statement

  • The challenges that come with data processing in the digital age are numerous and thus underscore the need to put in place adequate structures and mechanisms to ensure that the personal data within the custody of data controllers are secured against any form of breaches.
  • At Nazzahub Technologies Limited (Hereinafter referred to as ‘our’, ‘we’, ‘us’ or ‘Nazza’), we recognize the severity of these risks and are committed to putting in place adequate mechanisms for the protection of the personal information of our customers, employees and other data subjects whose personal data we may process during our operations.
  • This privacy policy sets out in clear detail how we collect, store, and manage personal data within our custody.

General Principles

The Nigerian Data Protection Act and other relevant data protection laws set out several principles to regulate and guide data processing activities undertaken by data controllers. Nazza recognizes and respects the principles and continues to take active steps towards upholding the same. Some of the principles and steps taken to uphold them are examined below:


Data Minimisation

The data minimization principle envisages that in our capacity as data controllers, we do not collect personal data, more than is reasonably necessary to achieve the purpose for which the data is collected. We take conscious steps to ensure that we undertake a data-sifting activity to ensure that we do not collect more personal information than is necessary.


Purpose Limitation

This principle dictates that personal data should be collected for specific and explicit purposes and should not be used for any other purpose, apart from those specified. We do not use personal information for any other purposes aside from those specified to the data subject unless it is done with the consent of the data subject.


Data protection by default

In accordance with data protection principles and regulations, all systems, processes, and procedures at Nazza shall be designed and implemented to ensure that personal data is protected by default. This includes but is not limited to:

  • Data Minimisation

    Only necessary personal data shall be collected, processed, and retained for the specified purposes outlined in the organization's privacy notices.

  • Access Controls

    Access to personal data shall be restricted to authorized individuals on a need-to-know basis, with appropriate authentication and authorization mechanisms in place.

  • Encryption

    Personal data shall be encrypted both in transit and at rest, using industry-standard encryption algorithms and protocols.

  • Anonymization/Pseudonymization

    Wherever feasible, personal data shall be anonymized or pseudonymized to prevent identification of data subjects.

  • Data Lifecycle Management

    Personal data shall be retained only for the duration necessary to fulfill the purposes for which it was collected, and shall be securely deleted or anonymized thereafter.

  • Regular Review and Audit

    Regular reviews and audits shall be conducted to ensure compliance with this policy and to identify and address any gaps or risks in data protection practices.

  • Training and Awareness

    Employees shall receive regular training and awareness programs to ensure they understand their responsibilities in protecting personal data by default. This is further delineated in later sections of this Policy.

  • Accountability and Governance

    Accountability measures shall be in place to ensure adherence to this policy, with clear governance structures and processes for overseeing data protection practices

  • Continuous Improvement

    Continuous improvement efforts shall be undertaken to enhance data protection practices and adapt to evolving regulatory requirements and technological advancements.


Data protection by design

For us at Nazza, we recognize the fact that privacy and data protection factors should not be an afterthought in the design and lifecycle of our products and services. Our team of cybersecurity experts, product developers, and data protection experts, work together to ensure that data protection principles are inculcated into our products from design to the lifecycle stage.

Laws and Regulations

The goal of this policy is to facilitate compliance with relevant data protection laws, governing our data processing activities.Relevant and applicable laws relating to data protection in Nigeria may be broadly classified into primary and secondary sources. The primary sources are the most authoritative while the secondary sources nonetheless enjoy some force of law as long as they do not contradict the provisions of the primary sources.


Primary Sources
  • a. The Constitution
  • b. The Nigeria Data Protection Act
  • c. Federal Competition and Consumer Protection Act
  • d. Cybercrime (Prohibition, Prevention, etc.) Act.

Secondary Sources
  • a. Nigeria Data Protection Regulations (NDPR)
  • b. Framework for theImplementation of the NDPR
  • c. ISO 27 001 Information by Security Standard
  • d. Privacy by design principles