PayLater Hub Privacy Policy

Last updated: September 1, 2023


1. Introduction

At PayLater Hub, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines our principles of data protection, the rights of data subjects, how to contact PayLater Hub when exercising your rights, and the lawful basis for processing personal data.

1.1 Purpose: This Privacy Policy describes the policies and procedures regarding the collection, use, and disclosure of your information when you use the services offered by PayLater Hub Limited (referred to as “we,” “us,” or “our”). It also outlines your privacy rights and how your information is protected under the law.

1.2 Scope: This Privacy Policy applies to all users of PayLater Hub Limited’s services, including customers and website visitors, and covers personal information collected in Nigeria.

1.3 Legal Framework: This Privacy Policy is developed in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and other relevant data protection laws.


2. Principles of Data Protection

At PayLater Hub, we adhere to the following principles when handling your personal data:

  1. Transparency: We are transparent about how we collect, use, and share your personal data. Our data processing activities are clearly communicated in this policy.
  2. Lawfulness, Fairness, and Purpose Limitation: We process your data in accordance with applicable laws and regulations. We only use your data for the purposes you have been informed about, and we do not use it in ways that are unexpected or incompatible with those purposes.
  3. Data Minimization: We collect and retain only the minimum amount of data necessary to fulfill our stated purposes. Unnecessary data collection is avoided.
  4. Accuracy: We take steps to ensure the data we collect is accurate and up- to-date. If you believe your data is inaccurate, you can request corrections (see “Rights of Data Subjects” below).
  5. Security: We implement robust technical and organizational measures to safeguard your personal data from unauthorized access, disclosure, alteration, or destruction.
  6. Consent: When required, we obtain your explicit and informed consent before collecting and processing your data. You have the right to withdraw consent at any time.
  7. Data Subject Rights: We respect your rights as a data subject, including the right to access, rectify, delete, or port your data. To exercise these rights, please see the section below.
  8. Data Transfer: If your personal data is transferred across borders, we ensure adequate safeguards are in place to protect it in accordance with relevant data protection laws.
  9. Accountability and Governance: We have established clear roles and responsibilities for data protection within our organization. We have also implemented policies and procedures to demonstrate our compliance with data protection regulations.
  10. Data Breach Response: We have a process in place to identify, report, and mitigate data breaches. In the event of a breach, affected individuals and authorities will be informed as required by law.
  11. Children’s Privacy: If we offer services to children, we comply with additional regulations governing the collection and processing of data from minors.
  12. Privacy by Design: We integrate data protection principles into the design and development of our products, services, and systems from the outset.
  13. Data Retention: We define specific retention periods for different categories of data and delete data that is no longer necessary for the purposes for which it was collected.
  14. Third-party Relationships: We ensure that third-party service providers who process personal data on our behalf adhere to the same data protection standards.
  15. Regular Audits and Assessments: We conduct periodic assessments of our data protection practices, including risk assessments and privacy impact assessments, to identify and mitigate potential privacy risks.
  16. Continuous Improvement: We are committed to continuously improving our data protection practices based on evolving laws, technology, and best practices.


3. Rights of Data Subjects and How to Contact PayLater Hub

As a data subject, you have certain rights regarding your personal data:

  1. Right to Access: You have the right to request access to the personal data we hold about you. If you would like to exercise this right, please contact us using the information provided below.
  2. Right to Rectify: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request corrections.
  3. Right to Delete: You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  4. Right to Portability: You can request a copy of your personal data in a structured, machine-readable format.
  5. Right to Withdraw Consent: If we are processing your data based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights or if you have questions or concerns about your data privacy, please contact us:

PayLater Hub Contact Information:

Please provide your name, contact information, and a clear description of your request or concern. We will respond to your request as soon as possible, in accordance with applicable data protection laws.


4. Lawful Basis for Processing Personal Data

We process personal data under various lawful bases, including:

  • Contractual Necessity: We process your data when it is necessary to fulfill our contractual obligations with you.
  • Legitimate Interests: We process data for legitimate business interests, such as improving our services and protecting against fraud.
  • Legal Obligations: We may process data to comply with legal obligations, such as tax or regulatory requirements.
  • Consent: We will obtain your explicit consent when required by law.

We ensure that the processing of personal data is always in compliance with applicable laws and respects your rights and freedoms.


5. Interpretation and Definitions

5.1 Interpretation: The following definitions shall have the same meaning regardless of whether they appear in singular or plural:

5.2 Definitions:

  1. Account” means a unique account created for you to access our services.
  2. Affiliate” means an entity that controls, is controlled by, or is under common control with us.
  3. Application” refers to the software program provided by the Company, named “PayLater Credit Checkout.”
  4. Company” (referred to as “the Company,” “we,” “us,” or “our” in this Agreement) refers to PayLater Hub Limited.

  5. Cookies” are small files placed on your computer or device by a website for various purposes, including tracking your browsing history.

  6. Country” refers to Nigeria.

  7. Device” refers to any device that can access our services, such as a computer, cellphone, or digital tablet.

  8. Personal Data” includes any information that relates to an identified or identifiable individual.

  9. Service” refers to the Application or the Website or both.

  10. Service Provider” refers to any natural or legal person who processes data on behalf of the Company.

  11. Usage Data” refers to data collected automatically during the use of our services.

  12. Website” refers to PayLater Hub, accessible from [Website URL].

  13. You” means the individual accessing or using our services or the company or other legal entity on behalf of which such individual is accessing or using the services.


6. Collecting and Using Your Personal Data

6.1 Types of Data Collected

6.1.1 Personal Data: While using our services, we may request and collect the following personally identifiable information that can be used to contact or identify you:

  • Email address
  • First name and last name
  • Phone number
  • Bank Verification Number
  • Personal Image
  • Address, State, Province, ZIP/Postal code, City

6.1.2 Usage Data: Usage Data is collected automatically when using our services and may include:

  • Your Device’s Internet Protocol (IP) address
  • Browser type and version
  • Pages of our Service visited
  • Time and date of your visit
  • Time spent on pages
  • Unique device identifiers and other diagnostic data

When you access our services via a mobile device, we may also collect certain information automatically, including:

  • Type of mobile device used
  • Mobile device unique ID
  • IP address of your mobile device
  • Mobile operating system
  • Type of mobile internet browser used
  • Unique device identifiers and other diagnostic data

We may also collect information that your browser sends whenever you visit our Service or access it via a mobile device.

6.1.3 Information Collected while Using the Application: While using our Application and with your prior permission, we may collect the following information:

  • Information regarding your location
  • Information from your device’s phone book (contacts list)
  • Pictures and other information from your device’s camera and photo library

We use this information to provide features of our Service and to improve and customize the user experience. This information may be stored on our servers or your device.

6.2 Tracking Technologies and Cookies: We use Cookies and similar tracking technologies to track activity on our Service and store certain information. These technologies may include:

  • Cookies or Browser Cookies: These are small files placed on your device that help us provide you with certain services and features. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Service.
  • Web Beacons: Certain sections of our Service and our emails may contain small electronic files known as web beacons or clear gifs. These help us count users who have visited certain pages or opened emails, and they may be used for other website statistics and to verify system and server integrity.

Cookies may be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

6.3 Use of Your Personal Data: We use Your Personal Data for the following purposes:

6.3.1 To provide and maintain our Service: This includes monitoring the usage of our Service.

6.3.2 To manage Your Account: We use your Personal Data to manage your registration as a user of our Service. This enables you to access various functionalities of the Service available to registered users.

6.3.3 For the performance of a contract: We process your Personal Data for the development, compliance, and execution of purchase contracts, products, items, or services you have purchased or any other contract with us through the Service.

6.3.4 To contact You: We may contact you by email, telephone calls, SMS, or other electronic communication forms, such as mobile application push notifications. This contact may include updates or informative communications related to the functionalities, products, or contracted services, including security updates when necessary or reasonable for their implementation.

6.3.5 To provide You with news, special offers, and general information: We may use your information to provide you with information about goods, services, and events similar to those you have already purchased or inquired about, unless you have opted not to receive such information.

6.3.6 To manage Your requests: We use your information to attend and manage your requests to us.

6.3.7 For business transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Service users is among the assets transferred.

6.3.8 For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.

6.4 Sharing Your Personal Data

6.4.1 With Service Providers: We may share your personal information with service providers to monitor and analyze the use of our Service and to contact you.

6.4.2 For business transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.

6.4.3 With Affiliates: We may share your information with our affiliates. In such cases, we will require these affiliates to honor this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners, or companies under common control with us.

6.4.4 With business partners: We may share your information with business partners to offer you certain products, services, or promotions.

6.4.5 With other users: When you share personal information or otherwise interact in public areas with other users, such information may be viewed by all users and may be publicly distributed outside our Service.

6.4.6 With Your consent: We may disclose your personal information for any other purpose with your consent.


7. Retention of Your Personal Data

We will retain your Personal Data only for as long as it is necessary for the purposes outlined in this Privacy Policy. We will retain and use your Personal Data to the extent required to comply with legal obligations, resolve disputes, enforce our legal agreements and policies, and support business-related activities.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or improve the functionality of our Service or when we are legally obligated to retain it for longer periods.


8. Transfer of Your Personal Data

Your information, including Personal Data, may be processed at the Company’s operating offices and in other locations where parties involved in data processing are located. This means that your information may be transferred to — and maintained on — computers located outside your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

By consenting to this Privacy Policy and providing your information, you agree to this transfer. The Company will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.


9. Delete Your Personal Data

You have the right to request the deletion of your Personal Data that we have collected about you. Our Service may provide you with the ability to delete certain information about yourself from within the Service. You may also update, amend, or delete your information at any time by signing in to your Account, if you have one, and visiting the account settings section that allows you to manage your personal information.

If you need assistance in deleting your Personal Data, you can contact us using the contact information provided in Section 12 of this Privacy Policy. Please note that we may need to retain certain information when we have a legal obligation or lawful basis to do so.


10. Disclosure of Your Personal Data

10.1 Business Transactions: If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

10.2 Law Enforcement: Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities, such as a court or a government agency, in Nigeria.

10.3 Other Legal Requirements: The Company may disclose your Personal Data in good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability


11. Security of Your Personal Data

The security of Your Personal Data is of paramount importance to us. While we take all reasonable measures to protect your Personal Data, it’s important to acknowledge that no method of transmission over the Internet or electronic storage is entirely secure. We employ commercially acceptable safeguards and security practices to protect your data, but we cannot guarantee its absolute security.

We implement a range of security measures, including but not limited to encryption, access controls, regular security audits, and ongoing staff training to protect your data from unauthorized access, disclosure, alteration, or destruction.

We are committed to maintaining the security of your Personal Data, and in the event of a data breach that may compromise your information, we will take swift and appropriate action in accordance with applicable laws and regulations to notify you and the relevant authorities, where required.


12. Children’s Privacy

Our Service is not intended for individuals under the age of 18, and we do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from anyone under the age of 18 without verified parental consent, we will take prompt steps to remove that information from our servers.

In cases where we need to rely on consent as a legal basis for processing Personal Data, and your country requires parental consent, we will seek and obtain such consent before collecting and using that information.


13. Links to Other Websites

Our Service may include links to external websites or resources that are not operated by us. Please be aware that we have no control over the content, privacy policies, or practices of these third-party sites or services. We strongly advise you to review the privacy policies of any third-party websites you visit.

These links are provided solely for your convenience and do not imply our endorsement of the content or practices of these third-party websites. We do not assume any responsibility for the content, privacy policies, or actions of any third-party websites or services.


14. Changes to this Privacy Policy

We may periodically update this Privacy Policy to reflect changes in our data practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on this page. We will also endeavor to inform you via email or by prominently displaying a notice on our Service before the changes become effective.

Please review this Privacy Policy regularly to stay informed about how we are protecting your Personal Data. Changes to this Privacy Policy are effective when they are posted on this page.


15. Contact Us

If you have any questions, concerns, or inquiries about this Privacy Policy or our data practices, please do not hesitate to contact us through one of the following methods:

Your privacy matters to us, and we are committed to addressing any concerns or questions you may have regarding the protection of your Personal Data.