Cooperativ

Data Privacy Policy

Effective: 3 June 2026Last updated: 3 June 2026

In compliance with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR).

1. Introduction and Compliance

COOPERATIV ("we," "our," or "us") is committed to protecting the fundamental rights and freedoms, and the interests of Data Subjects, as guaranteed under the Constitution of the Federal Republic of Nigeria and the Nigeria Data Protection Act (NDPA) 2023.

This policy outlines how we, as a Data Controller, process the personal data of our customers, employees, and website visitors in line with the NDPA's principles of lawfulness, fairness, and transparency.

2. Data Protection Officer (DPO) and Commission

The responsibility for data protection compliance rests with our designated Data Protection Officer (DPO).

Data Protection Officer (DPO)
Adeniyi Shobowale
DPO Phone
08127126592
Office Address
5 Akinola Adeniyi Street, Soluyi, Gbagada

3. Personal Data Processed

We adhere to the principles of Data Minimisation (collecting only what is necessary) and Purpose Limitation (using data only for specified, legitimate purposes).

Category of Data SubjectBusiness Contacts / Clients
Type of Personal Data CollectedName, job title, work email, phone, company details.
Purpose of ProcessingContract management, service billing, relationship maintenance.
Lawful Basis (NDPA Section 25)Performance of a Contract
Category of Data SubjectSoftware Users
Type of Personal Data CollectedUser ID, login activity, system interaction logs.
Purpose of ProcessingGranting access, ensuring security, delivering contracted service functionality.
Lawful Basis (NDPA Section 25)Performance of a Contract
Category of Data SubjectMarketing Leads / Visitors
Type of Personal Data CollectedEmail, IP address, browsing data, demographic information.
Purpose of ProcessingSending promotional materials, improving website user experience.
Lawful Basis (NDPA Section 25)Consent (Freely given, specific, informed, and unambiguous)
Category of Data SubjectJob Applicants
Type of Personal Data CollectedCV, educational records, professional history, reference checks.
Purpose of ProcessingRecruitment, internal personnel management.
Lawful Basis (NDPA Section 25)Legitimate Interest (when overriding Data Subject rights) or Contract

5. Data Security, Integrity, and Confidentiality

In line with Section 39 of the NDPA, we implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Measures include: data encryption, access control policies, regular security audits, and staff data protection training.

Data Breach: In the event of a personal data breach that is likely to result in a high risk to your rights, we will notify the NDPC and affected Data Subjects without undue delay.

6. Data Subject Rights (Part VI, NDPA)

As a Data Subject under the NDPA, you have the following rights, which you can exercise by contacting our DPO:

  • Right to be Informed: The right to know what personal data is being processed, why, how, and for how long.
  • Right to Access: The right to obtain confirmation as to whether your personal data is being processed and, where it is, access to the data.
  • Right to Rectification: The right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): The right to have your personal data deleted, especially when the data is no longer necessary for the original purpose or consent is withdrawn.
  • Right to Restrict Processing: The right to temporarily limit the use of your data under certain conditions.
  • Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and transmit that data to another Data Controller.
  • Right to Object: The right to object to the processing of your personal data, especially where the basis is Legitimate Interest or for Direct Marketing (which is an absolute right).
  • Right to Withdraw Consent: The right to withdraw consent at any time.
  • Right to Lodge a Complaint: The right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe our processing violates the NDPA.

7. Cross-Border Transfer of Personal Data (Part VIII, NDPA)

Cooperativ may transfer your personal data outside Nigeria, particularly if our cloud servers or specialized service providers are located internationally. We will only do so if we ensure an adequate level of protection for the data.

This adequacy is ensured through:

  • Adequacy Decisions: Transferring data to a country deemed by the NDPC to have adequate data protection laws.
  • Standard Contractual Clauses (SCCs): Implementing Commission-approved contractual clauses that impose NDPA-compliant obligations on the recipient.

8. Responsibility as a Data Processor

Where Cooperativ provides software services to a client (who is the Data Controller), and processes that client's customer data on their behalf, our processing is governed by a Data Processing Agreement (DPA) with that client, ensuring compliance with the NDPA.

If you are an end-user of one of our clients, you must direct your privacy rights requests (e.g., access, deletion) to the client (the Data Controller).

9. Changes to This Policy

This policy will be reviewed and updated periodically to reflect changes in our data processing practices or amendments to the NDPA. The latest version will always be available on our website.