Privacy Policy
EdekiHub privacy policy. Privacy policy for EdekiHub for all users (buyers and sellers ) of EdekiHub.com
1. Introduction
This Privacy Policy (“Policy”) governs how EdekiHub, a product of Edeki Multipurpose Company Ltd (“Company”, “Platform”, “we”, “us”, “our”) collects, processes, stores, transfers, and protects personal data of users globally.
We operate a multivendor digital marketplace, enabling third-party vendors (“Vendors”) to sell goods/services to customers (“Users”).
This Policy complies with:
- Nigeria Data Protection Act (NDPA) 2023
- NDPA GAID(General Application and Implementation Directive) 2025
- EU General Data Protection Regulation (GDPR)
- Other applicable international data protection laws
We adopt globally recognized principles including lawfulness, fairness, transparency, data minimization, and accountability.
2. Definitions
- Personal Data: Any information identifying a person (name, email, IP, etc.)
- Sensitive Data: Health, biometrics, religion, financial info, etc
- Data Subject: The individual whose data is processed
- Data Controller: The entity determining purposes of processing (the Platform).
- Data Processor: Entity processing data on behalf of controller (vendors, service providers)
- Vendor: Third-party seller using the platform
3. Scope of Application
This Policy applies to:
- All users globally.
- Vendors operating on the platform.
- Visitors to the website/app.
- Any person whose data is processed in connection with the platform.
Extraterritorial Scope:
This Policy applies globally, including users in the EU, UK, US, and other jurisdictions, consistent with NDPA and GDPR extraterritorial reach.
4. Role Clarifications(Critical Liability Protection)
- The Platform acts primarily as a Data Controller.
- Vendors act as Independent Data Controllers for transactions they initiate.
- In some cases, Vendors may act as Processors.
⚠️ Liability Shield Clause:
The Platform shall not be liable for Vendor misuse of data, except where required by law or due to direct negligence.
All Vendors must enter into a Data Processing Agreement (DPA).
5. Data we Collect
5.1. Information Provided Directly
- Name, email, phone number
- Billing & shipping addresses
- Payment details (processed via third-party providers)
- Vendor registration details
5.2 Automatically Collected Data
- IP address
- Device identifiers
- Cookies and tracking data
- Browsing activity
5.3 Third-Party Data
- Payment processors
- Logistics partners
- Identity verification services
6. Legal Basis for Processing
We process data under lawful bases including:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interest
- Vital interest
These align with NDPA and GDPR lawful bases.
7. Purpose of Data Processing
We process data to;
- Provide marketplace services
- Facilitate transactions between users and vendors
- Verify identities and prevent fraud
- Improve platform functionality
- Comply with legal obligations
- Conduct analytics and marketing
8. Data Sharing and Disclosure
We may share data with:
8.1 Vendors
To complete transactions
8.2 Service Providers
- Payment processors
- Cloud storage providers
- Logistics companies
8.3 Legal Authorities
Where required by law or legal process
8.4 Corporate Transactions
In case of merger, acquisition, or restructuring
⚠️ Strict Safeguards:
All third parties must comply with contractual data protection obligations as required under NDPA.
9. International Data Transfers
We may transfer data across borders.
Safeguards include:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Binding Corporate Rules
- Encryption and anonymization
10. Data Privacy Protection
We retain data;
- Only as long as necessary
- Based on legal, contractual, and operational needs
After retention:
- Data is securely deleted or anonymized
This aligns with storage limitation principles.
11. Data Security Measures
- End-to-end encryption
- Access controls
- Multi-factor authentication
- Regular audits
- PseudonymizationIntrusion detection systems
We ensure protection against unauthorized access, loss, or breach.
12. Data Breach Response
In case of breach:
- Notify regulators within required timelines (e.g., 72 hours)
- Notify affected users where risk exists
- Conduct forensic investigation
- Implement remediation
13. Data Subject Rights
Usrrs have right to:
- Access their data
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
14. Children’s Data
We do not knowingly collect data from individuals under 18 without parental consent.
15. Cookies and Tracking
We use cookies to:
- Authentication
- Analytics
- Advertising
Users can manage cookies via browser settings.
16. Automated Decision Making
We may use algorithm for:
- Fraud detection
- Product recommendations
Users may request human intervention.
17. Vendor Data Responsibilities(Critical Clause)
Vendors must:
- Comply with NDPA, GDPR, and applicable laws
- Process data only for legitimate purposes
- Implement adequate security
- Not misuse customer data
⚠️ Vendors bear full legal responsibility for independent misuse.
18. Disclaimer of Liability
To the fullest extent permitted by law:
The platform is not liable for:
- Vendor misconduct
- Third-party breaches
- External cyberattacks beyond reasonable control
19. Indemnification
Users and Vendors agree to indemnify the Platform against:
- Claims arising from misuse of data
- Breaches caused by their actions
- Legal violations
20. Data Protection Officer(DPO)
We appoint a Data Protection Officer as required under NDPA for large-scale processing. Contact Us
21. Compliance and Audits
We conduct:
- Annual data protection audits
- Risk assessments (DPIA)
- Vendor compliance reviews
22. Governing Law
Primary jurisdiction:
- Federal Republic of Nigeria
However, where applicable:
- GDPR applies to EU users
- Other local laws apply based on user location
23. Changes to this Policy
We may update this Policy periodically.
Users are encouraged to always check if there are material changes.
24. Contact Information
For privacy inquiries: Contact Us