Home How It Works Use Cases About Contact WhatsApp (Soon) Open Telegram
NDPR Compliance

Data Protection.

We are fully compliant with the Nigeria Data Protection Act 2023 and NDPR regulations.

1. Principles of Data Processing

Askvenda adheres to the core principles of data protection as outlined in the Nigeria Data Protection Act (NDPA) 2023. We ensure that personal data is processed lawfully, fairly, and transparently. Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

2. Rights of Data Subjects

Under the NDPR and NDPA 2023, users (data subjects) possess the following rights:

  • Right to Information: To know what data is collected and how it is used.
  • Right of Access: To request a copy of the personal data we hold.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): To request deletion of data when no longer necessary.
  • Right to Restrict Processing: To limit how we process your data in certain circumstances.
  • Right to Data Portability: To receive your data in a structured, commonly used format.
  • Right to Object: To object to processing based on legitimate interests or direct marketing.

3. Data Security & Encryption

We implement robust technical and organizational measures to safeguard your data:

  • At-Rest Encryption: Sensitive data such as National Identification Numbers (NIN) are encrypted using AES-256-CBC before storage.
  • In-Transit Encryption: All communications between your device and our servers are secured using TLS 1.3.
  • Access Control: Only authorized staff with specific roles can access personal data, governed by strict internal policies.
  • Regular Audits: We conduct periodic security assessments and database audits to ensure continuous compliance.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Vendor profile data is retained for the duration of the account's active status and a standard period thereafter as required by law.

5. Breach Notification

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, in accordance with regulatory requirements.