Privacy Policy

We collect and process personal information only for specific, lawful, and legitimate purposes connected with the services we provide through this website. The personal information we collect is limited to what is necessary for those purposes and is usually obtained directly from you when you contact us by email, complete a form, make an inquiry, request a service, or otherwise interact with us. We process personal data in accordance with the principles of fairness, lawfulness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, security, and accountability under the Nigeria Data Protection Act, 2023.

We will use your personal information to respond to your enquiries, provide the services you request, manage our relationship with you, meet legal and regulatory obligations, and where applicable, for other purposes that are compatible with the reason your information was originally collected. We will only process your personal data where we have a valid lawful basis for doing so, including your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests, provided such interests do not override your fundamental rights and freedoms.

We do not sell or rent your personal information to any third party. We may, however, share your information with trusted service providers, partners, regulators, or other third parties where this is necessary to provide our services, comply with legal obligations, protect our rights, or fulfil your request. In such cases, we will ensure that appropriate safeguards are in place and that any third party processes your information only in line with applicable data protection requirements.

Where we wish to send you marketing or promotional communications, we will do so only where permitted by law and, where required, with your consent. You may opt out of receiving such communications at any time.

In the course of our business operations, we collect and process certain categories of personal data relating to identifiable individuals. These individuals may include our current, former, and prospective employees, customers, former customers, suppliers, vendors, guarantors, referees, service providers, business contacts, website users, and other persons with whom we engage in the course of providing our services.

The categories of personal data we may collect and process include:

1. Personal identification information, such as your full name, previous names, date of birth, place of birth, gender, nationality, and similar identifying details;
2. Contact information, such as your residential or business address, email address, telephone number, and other contact details;
3. Verification and identity records, such as government-issued identification documents, national identification number, utility bill, photograph, guarantor details, referee details, and vendor due diligence information;
4. Information about your interactions with us, including communication channels used, location-related information, device or software information, service usage details, enquiries, feedback, and complaints;
5. Information contained in forms, applications, onboarding records, advisory records, support requests, and telephone or in-person communications;
6. Technical data collected through cookies and similar technologies, including information used to remember your preferences, enhance your experience, and improve our website and services;
7. Correspondence records, including emails, letters, chat records, and other communications exchanged with us;
8. Information required to meet legal, regulatory, compliance, audit, fraud prevention, or risk management obligations, including transaction and activity records where applicable;
9. Information received from third parties, business partners, service providers, regulators, or public sources, where lawfully obtained and relevant to the provision of services or compliance obligations;
10. Information used to identify, prevent, investigate, and manage fraud, security incidents, misconduct, or unlawful activity;
11. CCTV images or video recordings captured in and around our offices, facilities, or other controlled premises for security, safety, and incident management purposes; and
12. Any other personal data voluntarily submitted to us through online forms, face-to-face interactions, customer service channels, telephone calls, emails, or other authorised means of communication.

1. Provide and administer the services you request from us;
2. Respond to your enquiries, complaints, requests, and other communications;
3. Verify your identity and validate information submitted by you;
4. Manage our contractual and business relationship with you;
5. Improve our services, platforms, systems, website functionality, and user experience;
6. Monitor, prevent, detect, investigate, and manage fraud, unauthorised activity, security incidents, and other unlawful conduct;
7. Comply with applicable legal, regulatory, audit, risk management, and reporting obligations;
8. Maintain accurate, complete, and up-to-date records;
9. Resolve disputes, support investigations, and cooperate with law enforcement agencies, regulators, and competent authorities where required by law;
10. Communicate important notices, service-related updates, and changes to our terms, policies, or operations; and
11. Carry out any other purpose that is compatible with the original purpose of collection or that is otherwise disclosed to you at the point of collection or prior to further processing, as required by law.

We collect and process personal data only for specific, explicit, and legitimate purposes that have been communicated to the Data Subject at or before the point of collection. We will not further process personal data in a manner that is incompatible with the original purpose for which it was collected, unless such further processing is permitted by law or the Data Subject's consent is obtained where required.

We are committed to ensuring that personal data is:

1. Processed lawfully, fairly, and transparently for specific, legitimate, and lawful purposes;
2. Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
3. Accurate, complete, and where necessary kept up to date, having regard to the dignity and rights of the Data Subject;
4. Retained only for as long as is necessary to fulfil the purpose for which it was collected or as required by applicable law; and
5. Protected by appropriate technical and organisational measures against foreseeable risks, including unauthorised access, alteration, disclosure, destruction, loss, theft, cyberattack, misuse, and accidental damage.

We will process your personal data only where we have a lawful basis under the Nigeria Data Protection Act, 2023. Depending on the nature and purpose of the processing, we may rely on one or more of the following lawful bases:

1. Your consent for one or more specific purposes;
2. The processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request before entering into a contract;
3. The processing is necessary for compliance with a legal or regulatory obligation to which we are subject;
4. The processing is necessary to protect your vital interests or those of another natural person;
5. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
6. The processing is necessary for the purposes of our legitimate interests, or those of a third party, provided that such interests do not override your fundamental rights and freedoms.

Please note that, depending on the circumstances, we may rely on more than one lawful basis for a particular processing activity. Where you would like further information about the specific lawful basis relied upon for any processing of your personal data, you may contact us at legal@flyaux.com.

We limit the collection and processing of personal data to information that is adequate, relevant, and necessary for the specific purpose for which it is processed. We do not collect more personal data than is reasonably required. Where the purpose of processing can be achieved without directly identifying an individual, we may use anonymised or otherwise de-identified data.

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, provide our services, comply with legal, regulatory, contractual, accounting, audit, or reporting obligations, resolve disputes, enforce our rights, and prevent fraud or abuse.

We undertake periodic reviews of the personal data in our custody to determine whether it remains accurate, relevant, up to date, and necessary to retain. Where personal data is no longer required, and we are under no legal or operational obligation to retain it, we will securely delete, destroy, anonymise, or otherwise dispose of it in accordance with our retention procedures and applicable law.

Where we hold your personal data, you have certain rights under the Nigeria Data Protection Act, 2023, subject to applicable legal and regulatory limitations. These rights include:

1. Right of access — You have the right to request access to the personal data we hold about you and to obtain information about how we process it.
2. Right to rectification — You have the right to request that we correct, update, or complete any inaccurate or incomplete personal data that we hold about you.
3. Right to erasure — You have the right to request the deletion or removal of your personal data where there is no lawful basis for us to continue processing it.
4. Right to object to processing — You have the right to object to the processing of your personal data where we rely on legitimate interests as the lawful basis for processing.
5. Right to restrict processing — You may request that we restrict the processing of your personal data in certain circumstances.
6. Right to data portability — Where processing is based on your consent or on a contract, and is carried out by automated means, you may request that your personal data be provided to you or to another organisation in a structured, commonly used, and machine-readable format.
7. Right to withdraw consent — Where we rely on your consent as the lawful basis for processing, you have the right to withdraw that consent at any time.

You may exercise any of these rights by contacting us at legal@flyaux.com.

We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, misuse, and other reasonably foreseeable risks.

Where sensitive personal data is transmitted through our website, such data is protected using secure encryption technologies. Access to personal data is restricted to authorised personnel, agents, contractors, and service providers who require such access for legitimate business purposes and who are subject to duties of confidentiality.

We do not sell or rent your personal data to third parties. However, we may share your personal data where necessary and lawful, including:

1. With service providers, contractors, payment processors, and technology partners who process personal data on our behalf for the purpose of providing services to you;
2. With business partners where this is necessary to provide a service you have requested;
3. With regulators, public authorities, law enforcement agencies, tax authorities, courts, or other competent bodies where disclosure is required by law, regulation, legal process, or lawful request;
4. Where disclosure is necessary to enforce our terms, policies, and agreements, or to protect our rights, users, systems, or operations;
5. Where disclosure is necessary to detect, prevent, investigate, or address fraud, security incidents, technical issues, or unlawful conduct; and
6. Where disclosure is otherwise permitted or required by applicable law.

For payment processing, we may engage third-party providers such as Flutterwave, Paystack or other authorised payment service providers, solely for the purpose of processing transactions and related payment services.

We use cookies and similar technologies on our website to improve functionality, enhance user experience, remember your preferences, support security, analyse site usage, and better understand how visitors interact with our services.

Cookies are small data files stored on your device when you visit a website. You may manage or disable cookies through your browser settings, although doing so may affect the availability or functionality of certain parts of our website.

Where your personal data is transferred outside Nigeria, we will ensure that such transfer is carried out in accordance with the Nigeria Data Protection Act, 2023, and that appropriate safeguards are in place to protect your personal data.

Our services are not intended for children without appropriate parental or guardian involvement where required by law. Where a user is under the age of 18, parental or guardian consent may be required before personal data is processed. We do not knowingly collect personal data from children without lawful basis or verifiable parental or guardian consent.

We may review and update this Privacy Policy from time to time to reflect changes in our business practices, technology, legal requirements, or regulatory obligations. Any update will take effect from the date it is published on this page, unless otherwise stated.

Your continued use of our services after any update becomes effective constitutes your acknowledgement of the revised Privacy Policy, to the extent permitted by law.

If you believe that your privacy rights have been violated or that your personal data has been processed in a manner inconsistent with this Privacy Policy or applicable law, you may lodge a complaint with us by contacting our Data Protection Officer at:

Email: legal@flyaux.com

This does not affect your right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or seek redress before a court of competent jurisdiction.

If you have any questions, comments, requests, or concerns about this Privacy Policy or about how we process your personal data, please contact us at legal@flyaux.com.