Privacy Policy

1. Introduction and Scope

Smart Estate Technology Ltd ("Smart Estate", "we", "us", or "our") operates the Smart Estate MLS platform, accessible via web applications, mobile applications, APIs, and associated services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use the Platform.

This Privacy Policy applies to all users of the Platform, including property buyers and renters ("Consumers"), licensed real estate agents and brokers ("Realtors"), property developers and companies ("Developers"), and authorised administrative users ("Admin Users"). It covers all Smart Estate products and services, including but not limited to: the MLS Platform, IDX Plugin, CRM Dashboard, Website Building Services, Home Evaluation Tool, TitleSecure™, Trust Tenant™, Pay Small Small™, and Market Reports.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Data Controller Information

The data controller responsible for your personal data is:

Smart Estate Technology Ltd determines the purposes and means of processing your personal data in connection with the Platform and is therefore the data controller under the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and, where applicable, the General Data Protection Regulation (GDPR).

3. Definitions

In this Privacy Policy, the following terms have the meanings set out below:

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, phone numbers, location data, and online identifiers.
• "Processing" means any operation performed on personal data, whether by automated means or not, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
• "Data Subject" means any natural person whose personal data is processed by us, including Consumers, Realtors, Developers, and Admin Users.
• "Data Processor" means any third party that processes personal data on our behalf, such as cloud hosting providers, payment processors, and email service providers.
• "Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data.
• "Platform" means all Smart Estate MLS web applications, mobile applications, APIs, plugins, and associated digital services.
• "NDPR" means the Nigeria Data Protection Regulation 2019 issued by NITDA.
• "NDPA" means the Nigeria Data Protection Act 2023.
• "GDPR" means the General Data Protection Regulation (EU) 2016/679.
• "Cookies" means small text files or similar technologies placed on your device when you access the Platform.

4. Data We Collect

The categories of personal data we collect depend on how you interact with the Platform and your user type. Below is a detailed breakdown:

4.1 Account Data

When you create an account, we collect: full name, email address, phone number, password (stored only as a cryptographic hash; we never store plaintext passwords), account type (Consumer, Realtor, Developer, or Admin), OAuth provider identifiers (if you sign in via Google or other third-party authentication providers), and date of account creation.

4.2 Profile Data

Depending on your user type, you may provide additional profile information:

• Consumers/Buyers: Saved search preferences, property bookmarks, enquiry history, preferred locations.
• Realtors/Agents: Profile photograph, professional biography, LASRERA registration number, NIESV membership number, office address, years of experience, specialisations, brokerage affiliation, social media links, and verification documents.
• Developers: Company name, CAC/RC registration number, company logo, corporate address, portfolio information, project details, and authorised representative details.
• Admin Users: Role designation, access permissions, and administrative activity logs.

4.3 Listing Data

Realtors and Developers who publish property listings provide: property title, description, property type, listing type (sale, rent, or lease), price, currency denomination, number of bedrooms and bathrooms, square meterage, property features and amenities, property images and videos, neighbourhood information, Local Government Area (LGA), state, geographic coordinates (latitude and longitude), and listing status.

4.4 Usage Data

We automatically collect certain information when you access the Platform: IP address, browser type and version, device type and operating system, referring URL, pages visited and features used, search queries entered, time spent on each page, click and interaction patterns, and timestamps of all activity. This data is collected via server logs, cookies, and similar tracking technologies.

4.5 Financial Data

When you subscribe to a paid plan or make a payment through the Platform, financial transactions are processed by our payment partner, Paystack. We collect: transaction reference identifiers, subscription plan selected, payment status (successful, failed, pending), transaction amounts and currency, billing cycle dates, and Paystack customer identifiers. We do not collect, store, or have access to your full credit or debit card numbers, CVV codes, PINs, or bank account details. All card data is handled exclusively by Paystack in compliance with PCI-DSS standards.

4.6 Location Data

With your consent, we may collect precise geolocation data from your device to power features such as "Properties Near Me" searches and distance-based sorting. For Realtors and Developers, office address coordinates are geocoded for display on maps. You may disable location sharing at any time through your device settings or browser permissions. When location sharing is disabled, location-dependent features will use approximate location based on IP address or will be unavailable.

4.7 AI Interaction Data

When you use AI-powered features on the Platform, we collect: natural language search queries submitted to the AI search assistant, property evaluation requests and the parameters you provide (location, property type, size, condition), AI-generated responses and recommendations you receive, and feedback you provide on AI outputs (e.g., ratings or corrections). AI interaction data may be transmitted to third-party AI model providers (see Section 9) for processing. We retain aggregated, anonymised versions of AI queries to improve model accuracy and feature quality.

4.8 Communication Data

We collect the contents of communications you send or receive through the Platform: property enquiry messages between Consumers and Realtors, reviews and ratings of Realtors or properties, comments on listings or market reports, support requests and correspondence with our team, and any other messages sent via Platform messaging features.

5. How We Collect Data

We collect personal data through the following means:

5.1 Directly From You

When you create an account, fill out your profile, submit a property listing, send an enquiry, make a payment, submit a support request, complete a form, or otherwise voluntarily provide information to us through the Platform.

5.2 Automatically

When you access or use the Platform, we automatically collect usage data, device information, and certain location data through server logs, cookies, JSON Web Tokens (JWTs), local storage, and similar technologies. See Section 15 (Cookies and Tracking Technologies) for more detail.

5.3 From Third Parties

We may receive personal data from the following third-party sources:

• Google OAuth: When you sign in using Google, we receive your name, email address, profile picture URL, and Google account identifier.
• Paystack: We receive transaction confirmation data, subscription status updates, and webhook notifications related to your payments.
• Regulatory Databases: We may verify Realtor credentials against LASRERA, NIESV, or CAC public records to confirm professional standing.
• Publicly Available Sources: We may supplement listing data with publicly available property records, land registry information, or geographic data to ensure accuracy.

6. Legal Basis for Processing

We process your personal data only where we have a valid legal basis to do so. The legal bases we rely on include:

• Consent (NDPR Art. 2.3; GDPR Art. 6(1)(a)): Where you have given explicit consent to the processing of your personal data for one or more specific purposes, such as receiving marketing communications, enabling location-based features, or participating in AI-powered property evaluations. You may withdraw your consent at any time (see Section 13).
• Contractual Necessity (NDPR Art. 2.2; GDPR Art. 6(1)(b)): Processing necessary for the performance of a contract to which you are a party, including: providing the Platform services you have registered for, processing subscription payments, delivering property listing services, and fulfilling obligations under our Terms of Service.
• Legitimate Interest (GDPR Art. 6(1)(f)): Processing necessary for the purposes of legitimate interests pursued by us or a third party, provided those interests are not overridden by your fundamental rights. Our legitimate interests include: improving Platform functionality and user experience, preventing fraud and ensuring platform security, conducting anonymised analytics to understand usage patterns, and ensuring the integrity of property listings and Realtor profiles.
• Legal Obligation (NDPR Art. 2.2; GDPR Art. 6(1)(c)): Processing necessary for compliance with a legal obligation to which we are subject, including: maintaining financial records as required by Nigerian tax law, responding to lawful requests from law enforcement or regulatory bodies, fulfilling data protection reporting obligations under NDPR/NDPA, and complying with the Cybercrimes (Prohibition, Prevention, etc.) Act 2015.

7. How We Use Your Data

We use your personal data for the following purposes:

7.1 Service Delivery

To create and manage your account, authenticate your identity, display property listings, connect Consumers with Realtors, process subscription payments, generate and deliver market reports, facilitate the IDX Plugin service for Realtor websites, power the CRM Dashboard, and provide Website Building Services.

7.2 AI-Powered Features

To power the Home Evaluation Tool (AI-generated property value estimates), natural language property search, personalised property recommendations, and automated market analysis within Market Reports.

7.3 Communications

To send you transactional emails (account verification, password resets, payment confirmations, listing status updates), property enquiry notifications, system announcements and service updates, and, where you have opted in, marketing communications about new features, promotions, or market insights.

7.4 Fraud Prevention and Security

To detect and prevent fraudulent activity, verify the identity and credentials of Realtors and Developers, monitor for abuse or misuse of the Platform, enforce our Terms of Service, and protect the rights, property, and safety of our users and the public.

7.5 Analytics and Improvement

To analyse usage patterns and trends, improve the Platform's features, performance, and user experience, conduct A/B testing and feature experiments, debug technical issues, and generate aggregated, anonymised statistics for internal reporting and business planning.

7.6 Marketing

Where you have provided consent, we may use your email address or phone number to send promotional messages about Smart Estate products and services. You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email, adjusting your notification preferences in your account settings, or contacting us at info@smartestateio.com.

8. AI and Automated Decision-Making

The Platform uses artificial intelligence and machine learning technologies to enhance several features. We are committed to transparency about how these technologies affect you.

8.1 AI-Powered Property Valuations

The Home Evaluation Tool uses AI models to generate estimated property values based on factors such as location, property type, size, condition, and comparable market data. These valuations are estimates only and should not be treated as formal appraisals, certified valuations, or guarantees of market value. AI-generated valuations do not constitute professional valuation advice and should not be the sole basis for any financial, legal, or investment decision. We strongly recommend engaging a qualified, licensed valuer for any formal property valuation needs.

8.2 Automated Recommendations

The Platform may use automated systems to recommend properties, Realtors, or content based on your search history, preferences, and behaviour. These recommendations are intended to enhance your experience and do not restrict your access to any content or services on the Platform.

8.3 No Fully Automated Decisions with Legal Effect

We do not make any fully automated decisions that produce legal effects or similarly significant effects concerning you. Specifically, no automated system on the Platform will: approve or deny a property transaction, determine your creditworthiness, restrict your access to the Platform based solely on profiling, or make any binding determination about your rights or obligations. Where automated processing plays a role in a decision that may significantly affect you, a human review process is always available.

8.4 Your Right to Human Review

You have the right to request human review of any decision that has been significantly influenced by automated processing. To exercise this right, contact us at info@smartestateio.com.

9. Data Sharing and Disclosure

We take your privacy seriously and only share your personal data in the circumstances described below. We never sell your personal data to third parties.

9.1 With Other Users

Certain personal data is shared between users as part of the Platform's core functionality:

• Realtor profile information (name, photo, biography, contact details, credentials) is displayed publicly on listings and Realtor directory pages to enable Consumers to evaluate and contact agents.
• Developer company information and project portfolios are displayed publicly on listings.
• When a Consumer submits a property enquiry, their name, email address, and phone number are shared with the listing Realtor or Developer to facilitate communication.
• Reviews and ratings submitted by Consumers are displayed publicly alongside Realtor profiles.

9.2 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf under contractual data processing agreements. These include:

• Cloudflare: Content delivery, DDoS protection, DNS resolution, and image storage (Cloudflare R2). Cloudflare may process IP addresses and request metadata.
• Paystack: Payment processing for subscriptions and one-time transactions. Paystack receives transaction data necessary to process payments and is PCI-DSS compliant.
• SendGrid / Brevo: Transactional and marketing email delivery. These providers receive recipient email addresses and email content.
• AI Model Providers (OpenRouter, Anthropic Claude, OpenAI, Google Gemini): AI-powered features transmit relevant query data (such as search text or property parameters) to these providers for processing. We minimise the personal data sent and rely on provider data processing agreements.
• Mapbox: Map rendering and geocoding services. Mapbox may receive location queries and IP addresses when map tiles are loaded.
• Amazon Web Services (AWS): Cloud infrastructure hosting. AWS processes data stored on and transmitted through our servers.

9.3 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid legal process, including: court orders or subpoenas, lawful requests from Nigerian law enforcement or regulatory bodies, requests from data protection authorities (NITDA or the Nigeria Data Protection Commission), and legal proceedings to which Smart Estate is a party.

9.4 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity or successor organisation. We will notify you via email or prominent notice on the Platform before your data is transferred and becomes subject to a different privacy policy.

9.5 With Your Consent

We may share your personal data with other third parties where you have provided explicit consent for such sharing.

10. International Data Transfers

Smart Estate Technology Ltd is based in Nigeria. However, certain service providers we use operate servers and processing facilities outside Nigeria. As a result, your personal data may be transferred to, stored in, or processed in countries outside Nigeria, including the United States, the European Union, and other jurisdictions where our service providers maintain infrastructure.

When we transfer personal data outside Nigeria, we ensure that adequate safeguards are in place, including: data processing agreements with all service providers that include appropriate data protection obligations, reliance on providers certified under recognised frameworks (such as SOC 2, ISO 27001, or PCI-DSS), and, where applicable for EU/EEA data subjects, Standard Contractual Clauses (SCCs) approved by the European Commission.

Key international transfers include: Cloudflare (global edge network), AWS (data centres in multiple regions), Paystack (data processed in Nigeria with international banking connections), AI model providers (servers primarily in the United States), and Mapbox (servers in the United States).

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. Our specific retention periods are:

Upon expiry of the applicable retention period, personal data is either permanently deleted or irreversibly anonymised so that it can no longer be associated with you. Anonymised data may be retained indefinitely for statistical and analytical purposes.

12. Your Rights

Under the NDPR 2019, NDPA 2023, and (where applicable) the GDPR, you have the following rights with respect to your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you and information about how it is processed.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Right to Be Forgotten): You have the right to request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal retention obligations.
• Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interest.
• Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interest as the legal basis, or where your data is processed for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significant effects concerning you.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or, for EU/EEA residents, with your local supervisory authority if you believe your data protection rights have been violated.

13. How to Exercise Your Rights

You may exercise any of the rights described above through the following channels:

• Email: Send a request to info@smartestateio.com with the subject line "Data Subject Request". Please include your full name, the email address associated with your account, and a description of the right(s) you wish to exercise.
• In-App Settings: You can update your profile information, adjust notification preferences, manage marketing consent, and download your data directly from your account settings page.
• Account Deactivation: You may deactivate your account from the Settings page. Upon deactivation, your profile and listings will be hidden from public view. If you do not reactivate within 30 days, your account and associated personal data will be permanently deleted, subject to any legal retention obligations.

We will respond to all valid data subject requests within 30 days of receipt. If a request is complex or we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it within the initial 30-day period. We may request additional information to verify your identity before processing your request.

14. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at info@smartestateio.com and we will take steps to delete such data promptly.

If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will delete that information as soon as reasonably practicable.

15. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies to provide, secure, and improve the Platform. Below is a summary of the types of cookies we use:

15.1 Essential Cookies

These cookies are strictly necessary for the Platform to function and cannot be disabled. They include: JSON Web Token (JWT) authentication cookies that maintain your logged-in session, CSRF protection tokens that prevent cross-site request forgery attacks, and session cookies that enable core Platform functionality such as navigation and form submission.

15.2 Functional Cookies

These cookies enable enhanced functionality and personalisation, such as remembering your preferred language, currency display, map view settings, and saved search filters. If you disable functional cookies, certain features may not operate correctly.

15.3 Analytics Cookies

We may use analytics cookies to understand how users interact with the Platform, including which pages are visited most frequently, how users navigate between pages, and which features are used. Analytics data is collected in an anonymised or pseudonymised form and is used solely to improve the Platform. We do not use third-party advertising cookies.

15.4 Third-Party Cookies

Certain third-party services integrated into the Platform may set their own cookies: Mapbox may set cookies when loading map tiles and geolocation data, and Paystack may set cookies during the payment checkout process. These cookies are governed by the respective third party's cookie policy.

15.5 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies will prevent you from using core Platform features. For more information on managing cookies, visit your browser's help documentation.

16. Security Measures

We implement robust technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in Transit: All data transmitted between your device and the Platform is encrypted using TLS 1.2 or higher. All API communications use HTTPS exclusively.
• Encryption at Rest: Personal data stored in our databases is encrypted at rest using AES-256 encryption.
• Password Security: User passwords are hashed using bcrypt with a unique salt per user. We never store or transmit plaintext passwords.
• Access Controls: Access to production systems and personal data is restricted to authorised personnel on a need-to-know basis, with role-based access controls and multi-factor authentication.
• Infrastructure Security: Our infrastructure is protected by Cloudflare's web application firewall (WAF), DDoS mitigation, and bot management services.
• Regular Audits: We conduct periodic security assessments and vulnerability scans to identify and remediate potential weaknesses.
• Incident Response: We maintain an incident response plan to ensure rapid detection, containment, and notification in the event of a data breach (see Section 17).

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

17. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, we will:

• Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, as required by the NDPR 2019 and NDPA 2023.
• Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
• For EU/EEA data subjects, notify the relevant supervisory authority within 72 hours as required by GDPR Article 33.
• Document the breach, its effects, and the remedial actions taken, maintaining this record for a minimum of 5 years.

Breach notifications will include: the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences of the breach, the measures taken or proposed to address the breach and mitigate its effects, and the contact details of our Data Protection Officer.

18. Third-Party Links

The Platform may contain links to third-party websites, services, or applications that are not operated by us. These include links to Paystack's payment pages, Mapbox map services, social media profiles, external property listings, and Realtor websites built using our Website Building Services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service before providing your personal data. This Privacy Policy applies only to data collected by the Smart Estate MLS Platform.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Post a prominent notice on the Platform at least 14 days before the changes take effect.
• Send an email notification to registered users where the changes are significant.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

20. GDPR Compliance (for EU/EEA Users)

If you are located in the European Union (EU) or the European Economic Area (EEA), the following additional provisions apply to you:

• Legal Basis: We process your personal data under one of the legal bases specified in GDPR Article 6(1): consent, contractual necessity, legitimate interest, or legal obligation, as detailed in Section 6 of this Privacy Policy.
• International Transfers: Where your personal data is transferred outside the EU/EEA to Nigeria or other third countries, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.
• Data Protection Officer: You may contact our Data Protection Officer at info@smartestateio.com for any GDPR-related enquiries.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority if you believe your rights under the GDPR have been violated. A list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
• Data Minimisation: We adhere to the principle of data minimisation and only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Privacy by Design: We integrate data protection considerations into the design and development of all Platform features and services.

21. NDPR/NDPA Compliance (for Nigerian Users)

As a company registered in Nigeria, Smart Estate Technology Ltd is fully subject to and compliant with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. The following provisions are relevant to Nigerian users:

• Lawful Processing: We process personal data only on the lawful grounds specified in the NDPR and NDPA, including consent, contractual necessity, legal obligation, vital interest, public interest, and legitimate interest.
• Consent Requirements: Where consent is the basis for processing, we obtain consent that is freely given, specific, informed, and unambiguous. Consent is obtained through clear affirmative action (e.g., opt-in checkboxes) and is not bundled with acceptance of terms of service.
• Data Subject Rights: Nigerian data subjects have all the rights enumerated in Section 12 of this Privacy Policy, including the rights of access, rectification, erasure, portability, restriction, objection, and withdrawal of consent, as guaranteed by the NDPR and NDPA.
• Data Protection Impact Assessment (DPIA): We conduct Data Protection Impact Assessments for new processing activities that are likely to result in a high risk to the rights and freedoms of data subjects, as required by the NDPA.
• Filing with NDPC: We file annual audit reports with the Nigeria Data Protection Commission (NDPC), formerly the National Information Technology Development Agency (NITDA), as required by the NDPR.
• Breach Notification: We comply with the 72-hour breach notification requirement under the NDPR/NDPA (see Section 17).
• Third-Party Processing: All third-party data processors engaged by us are bound by data processing agreements that require them to implement appropriate security measures and process data only in accordance with our instructions.

22. Cybercrimes (Prohibition, Prevention, etc.) Act 2015 Compliance

Smart Estate Technology Ltd complies with the provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 of the Federal Republic of Nigeria. In this regard:

• Critical Infrastructure Protection: We implement security measures to protect the Platform as critical national information infrastructure, including network security controls, intrusion detection systems, and regular security audits.
• Lawful Interception: We will comply with lawful interception and disclosure orders issued by Nigerian courts or authorised agencies in accordance with the Cybercrimes Act.
• Data Preservation: Upon receipt of a lawful preservation order, we will preserve specified data for the period required by law, not exceeding the periods permitted under the Act.
• Computer-Related Fraud Prevention: We implement technical measures to detect and prevent computer-related fraud, identity theft, and phishing attacks targeting our users.
• Record Keeping: We maintain traffic data and subscriber information as required by the Act, with appropriate safeguards to prevent unauthorised access.
• Reporting: We report cybercrime incidents affecting our users or infrastructure to the appropriate Nigerian authorities as required by the Act.

23. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

We aim to respond to all enquiries and data subject requests within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Nigeria Data Protection Commission (NDPC) or, for EU/EEA residents, to your local data protection supervisory authority.