INTRODUCTION

Welcome to SCAPA! We respect your privacy and are committed to protecting your personal data. In line with the provisions of the Nigeria Data Protection Regulation and other applicable Data Privacy laws and regulations, SCAPA maintains the following privacy policies, which govern how we collect, use, store, share and protect your personal data when you navigate, visit or use our platform and services (regardless of where or how you navigate, visit or use it from) and tell you about your privacy rights and how the law protects you. 

SCOPE

This Policy applies to our website and all database, applications, services, platforms, tools and physical contact with us, regardless of where, how you access or use them. 

It is important that you read this privacy policy together with any other policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

This Privacy Policy does not apply to services that are not owned or controlled by SCAPA, including third-party websites and the services of SCAPA’s Merchants/customers. By using or accessing our services, you agree to the collection, use, and disclosure of your personal data as described in this Privacy Policy. Your use of our Services is also subject to SCAPA’s Terms and Conditions and other policies and is meant to supplement and not override them.

CONSENT

Upon access to our platforms or use of our services, content, features, technologies or functions offered on our website, platforms (collectively the “Scapa Services”), or continuing to visit, navigate or use this platform, you acknowledge and confirm the acceptance and consent to this Privacy policy. This privacy policy also governs the use of Scapa Services and collaboration projects by our users and stakeholders, unless otherwise agreed through a valid written contract.

THIRD-PARTY LINKS

Our website may include links to third-party websites, plug-ins, platform and or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy policies and we are, therefore, not liable for how such third parties use or process your data. When you leave our website, we advise that you read the privacy policy of every website you visit.

WHY DO WE NEED IT?

We require your some personal data to provide you with SCAPA services which you have engaged us for based on the requirements from respective governmental regulations in line with the applicable Data Privacy regulations and our Data Privacy Policy.

WHAT DO WE DO WITH IT?

To enable you access our services and website, we collect, store and process some of your personal data as required under the law. Your consent is required to make these services available to you in accordance with the law/regulation in force. 

Unless required by a Legal or regulatory requirement for the provision of these services, your data will be held confidential. We will take all reasonable actions to ensure that the personal data of all customers are handled securely and in a controlled manner.

CATEGORIES OF PERSONAL DATA

Personal data, or personal information, means any information about you from which you can be identified. We may collect, use, process, store and or transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Financial Data includes bank account and payment details.
• Transaction Data includes details about payments to and from you and other details of products and services using our platform.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Profile Data includes your username and password, purchases or orders made on your account, your interests, preferences, feedback and survey responses. If you know or suspect that anyone other than you knows your security details or profile data you must immediately notify us at support@scapa.io and scapasystems@gmail.com.
• Usage Data includes information about how you use our website, products and services. 
• Marketing, educational, sales and or Communications Data includes your preferences in receiving marketing from/through us and our third parties and your communication preferences.
• Sensitive Data includes details about your race or ethnicity, religious, or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data, criminal convictions and offences
• We also collect, use and share aggregated data such as statistical or demographic data for any purpose (Aggregated Data). Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

INFORMATION WE COLLECT

The personal data we collect depends on how you interact with us, the services you use, and the choices you make. SCAPA may collect information from the following sources. When you:

• Register and create an account and use our services, through your user account with SCAPA;
• Use of all or any of our services; or
• View or interact with SCAPA link on a third party website

We collect the following types of information from you, some of which might be considered personal information under applicable law.

a.Personal Data You Provide Directly

• i.when you create a SCAPA account: When you create an Account, we may collect personal information from you, such as your name, phone number, company name, industry, email address, and sign-in information, home address, BVN, Account name, Financial Institution etc. We use your contact information to send you information about our services and communicate with you about your Account, your activities on our website and services and policy changes. You may unsubscribe from receiving certain types of these messages through your Account settings, although SCAPA reserves the right to contact you when we believe it is necessary, such as for administrative and account management purposes.
• ii.Communications. If you contact us directly, for example, with an inquiry or a support request, we may request additional personal data about you.
• iii.filling in forms/questionnaire or by corresponding with us by post, phone, email or otherwise. subscribe to our service, products or publications, request or accept marketing or promotions to be sent to you or give us feedback. 
• iv.Where you share personal data of third parties with us, including your directors, officers and authorized signatories (Data Subjects), you are responsible for and warrant that you shall obtain their written consent for the processing and transfer of their personal data for the purpose of your contract with us and the provision of services to you.

b.When You Interact With a SCAPA Link/Website

We automatically collect personal information about the interaction (such as clicks or views) with our links on a third-party website. This information includes, but not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; (v) cookies, as described below, and mobile advertising identifiers. We use SCAPA Link Metrics to provide the Services, to understand and analyze how our Services are used and to identify trends, and to detect, deter and prevent malicious, fraudulent or unlawful activity.

c.Personal Data We Collect Automatically

• Device Information. We receive information about the device and software you use to access our services, including Internet Protocol (IP) address, web browser type, operating system version, and device identifiers.
• Usage Information. To help us understand how you use our services and website, and to help us improve them, we automatically receive information about your interactions with our services. This information includes records of your transactions and information about your other activities related to our services, such as date and time of your sessions, the pages you view, links to/from any page, and time spent in a session.
• Location Information. When you use our services, we may collect or infer your general location information. For example, your IP address may indicate your general geographic region.

d.Personal Data That We Receive from Others or Infer

• i.Partners. We may retrieve additional personal data about you from third parties and other identification/verification services such as your financial institution and payment processor. We may combine that data with other information we have about you.
• ii.Publicly available sources. Public sources of information, such as open government databases.
• iii.Inferences. We may infer additional Personal Data based on the Personal Data described above. For example, for site visitors, we may infer your interests based on the web pages you view.

You may decline providing this personal data and you may use web browser or operating system controls to prevent certain types of automatic data collection. If you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

HOW WE USE PERSONAL INFORMATION

We use the Personal Data we collect to:

• 1.Provide you with the required services or for the performance of a contract;
• 2.Respond to your enquiries, questions or requests and provide customer and technical support;
• 3.Improve features, website content and analyze data to develop new products and services;
• 4.Address inappropriate use of our website;
• 5.Prevent, detect and manage risk against fraud and illegal activities using internal and third party screening tools;
• 6.Send you marketing content, newsletters and service updates curated by SCAPA (You have the right to withdraw consent to marketing at any time by contacting us);
• 7.Verify your identity and the information you provide in line with SCAPA’s statutory obligations using internal and third party tools;
• 8.Maintain up-to-date records;
• 9.Resolve disputes that may arise, including investigations by law enforcement or regulatory bodies; and
• 10.Any other purpose that we disclose to you in the course of providing services to you

HOW WE SHARE PERSONAL DATA

We do not sell, trade or rent personal data to any individual or organization. We will not share or disclose your personal data with a third party without your consent except as necessary to provide the services or as described in this Privacy Policy.

We may disclose your personal data:

• 1.If we are required to do so by law or legal process;
• 2.To law enforcement authorities or other government officials;
• 3.When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
• 4.If disclosure is necessary to protect the vital interests of a person;
• 5.To enforce our Terms and Conditions;
• 6.To protect our property, services and legal rights;
• 7.To support auditing, compliance, and corporate governance functions; or
• 8.To comply with any applicable laws.

LAWFUL PROCESSING OF PERSONAL DATA

Processing of Personal Data by SCAPA shall be lawful if at least one of the following applies:

• a.the Data Subject has given consent to the processing of his/her Personal Information for one or more specific purposes;
• b.offer of payment assurance and allied services to the data subject
• c.offer of employment to the data subject
• d.the processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
• e.processing is necessary for compliance with a legal obligation to which SCAPA is subject; and
• f.processing is necessary in order to protect the vital interests of the Data Subject or of another natural person in line with Data Privacy regulations

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible or similar with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose not contemplated or contained in this policy, we will notify you and we will explain the legal basis which allows us to do so.

CHOICES, ACCESS AND RIGHTS

You do not need an Account to access our website, and you can view our services without registering, thereby limiting the type of information that is collected about you. If you register and have a SCAPA Account, you may access, correct, or request deletion of your personal information by sending us an email at support@scapa.io scapaassurance@gmail.com

Registered merchants who have Personal Information held by SCAPA are entitled to reach out to SCAPA to exercise the following rights:

• Right to request for and access any Personal Information collected and stored;
• Right to be informed regarding their Personal Information;
• Right to be informed about appropriate safeguards in place where data is transferred abroad;
• Right to object to automated decision making and processing;
• Right to request rectification and modification of Personal Information which we keep;
• Right to request the deletion of their data
• Right to request the movement of data from SCAPA to a third party - this is the right to the portability of data;
• Right to revoke consent;
• Right to object to direct marketing, and to request that SCAPA restricts the processing of their information; and
• Right to submit a complaint to the National Information Technology Development Agency (NITDA).

Note that some laws may prevent us from providing access to your personal data or otherwise fully complying with your request depending upon the circumstances and the request. For example, producing your information may reveal another person’s identity. We reserve the right to charge an appropriate fee for complying with your request where applicable law allows, and/or deny your requests where they may be manifestly unfounded, and excessive, or otherwise objectionable or unwarranted under applicable law. 

All requests are to be sent by email and will be reviewed and responded to by SCAPA’s Data Protection Officer within a 30 day period.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing, sales, promotions and or advertising. 

Promotional offers

We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is one of the ways we decide which products, services and offers may be relevant to you.

You may receive marketing communications from us if you have requested information from us or purchased, received/used our services and you have not opted out of receiving that marketing.

Opting out

You can request that we cease sending you marketing messages at any time by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service provision, service experience or other transactions.

COOKIES

We employ the use of cookies and similar technologies on our website. We use Cookies to remember users, customize our services, content and advertising, help ensure that your account security is not compromised, mitigate risk and prevent fraud, to promote trust and safety on our website and to ensure you get the best experience when using our website.

Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. If you disable cookies, you will not be able to use some features of the Services.

Please see more information about our cookies policy here

DATA SECURITY

At SCAPA, we take data security seriously. We always strive to ensure that your personal data is protected against unauthorized or accidental access.

We have established adequate controls in order to protect the integrity and confidentiality of personal data, by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data with us from being accidentally or deliberately compromised.

We also use industry recommended security protocols to safeguard your personal data. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files, and only granting access to personal data to employees who require it to fulfill their job responsibilities. Employees may have access to personal data only as is appropriate for the type and scope of the task in question and are contractually forbidden to use personal data for their own private or commercial purposes or to disclose them to unauthorized persons, or to make them available in any other way.

All practical steps shall be taken to ensure that your personal data will not be kept longer than necessary and will comply with all statutory and regulatory requirements concerning the retention of personal data.

SECURITY ASSURANCE

SCAPA endeavors to protect the information it collects about its customers and users using reasonable security processes and controls, however, despite these efforts, no security measure is perfect or impenetrable and we do not guarantee or warrant that such measures will prevent unauthorized access to the information about you that is stored by us. In the event we experience a breach of security, we will promptly notify you if your personal information has been compromised, in accordance with applicable law.

You can help prevent unauthorized access to your Account by selecting and protecting your password appropriately, making use of two-factor authentication, and limiting access to your computer and browser by signing off after you have finished accessing your Account.

DATA PROTECTION OFFICER (DPO)

On proactive measures, we have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, privacy practices including any requests to exercise your legal rights, please contact the DPO by sending an email to support@scapa.io scapaassurance@gmail.com or visit us at our Lagos address at 55G Adebisi Omotola Close, Victoria Island, Lagos, Nigeria.

You have the right to make a complaint at any time to the National Information Technology Development Agency and Nigeria Data Protection Bureau, the regulators for data protection. We would, however, appreciate the chance to deal with your concerns before you approach the regulator, so kindly contact us in the first instance. 

REMEDIES FOR PERSONAL DATA VIOLATION

If your personal data is violated at any given time, you are at liberty to contact our Data Protection Officer (DPO) for appropriate sanctioning and treatment.

Within a reasonable timeframe of receiving a complaint, SCAPA shall notify you in line with data privacy requirements of either:

• a.SCAPA’s position with regard to the complaint and any action SCAPA has taken or will take in response; or
• b.when a response will be gotten of SCAPA’s position, which date shall be in line with data privacy requirements.

Remedies shall include but are not limited to investigating and reporting to appropriate authorities, recovering the personal data, correcting it and enhancing controls around it.

CROSS BORDER TRANSFER OF DATA

As part of providing our services, we may rely on third-party servers, databases co-located with hosting providers, resident in foreign jurisdictions, which constitutes the transfer of your personal data to computers or servers in foreign countries. Countries where we process data may have laws different from, and potentially not as protective as the laws of Nigeria and the European Union (EU). We take steps designed to ensure that the data we collect under this Privacy Policy is processed and protected according to the provisions of this Policy and applicable law wherever the data is located.

Where personal data is to be transferred to a country or organization outside Nigeria, SCAPA shall put adequate measures in place to ensure the security of such personal data. Any transfer of personal data out of Nigeria will be in accordance with the provisions of relevant data protection regulations. In particular, those listed in Nigeria’s National Information Technology Development Agency’s [“NITDA”] White List of Countries or the General Data Protection Regulation’s [“GDPR”] Adequacy List).

DATA RETENTION

We retain the personal information we receive as described in this Privacy Policy for as long as you use our services or as necessary to fulfill the purposes for which it was collected, provide our services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable tax or legal obligations and laws in respect of data retention.

We will retain your information for the following periods:

• for a period of six (6) year or as long as reasonably necessary for the purpose of providing our services to you;
• For the duration your account is active and we have your consent;
• For the period needed to comply with our legal and statutory obligations;
• As needed to verify your information with a financial institution.

INDEMNITY

You agree to defend, indemnify and hold harmless SCAPA, its affiliates and their employees, officers, directors, representatives, contractors, business partners, successors and assigns from and against any third party claims and actions, resulting from the collection, use and or processing (or otherwise) of your data and in respect and costs (including reasonable attorneys’ fees and expenses) or liabilities whatsoever suffered or incurred directly or indirectly by us in consequence of such collection, usage and or processing or your breach or non-observance of any of these policy.

CHANGES TO THIS PRIVACY POLICY

SCAPA reserves the right to update, modify or amend this Privacy Policy as our technology and services evolves and/or as required by business or legal requirements. If there are material changes in the ways we use or share personal data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law.

Updates to this Privacy Policy will be made available on our website and is effective from the date provided on our website.

We require that you all your personal data, are accurate, up-to-date and complete to enable us comply with regulatory requirements and applicable laws. Kindly inform us of any changes in your personal data by sending us an email on support@scapa.io scapaassurance@gmail.com or visit us at our Lagos address at 55G Adebisi Omotola Close, Victoria Island, Lagos, Nigeria.