Privacy Policy

1. Introduction

NEM Insurance Plc ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Salvage Auction Platform.

We comply with the Nigeria Data Protection Act 2023 (NDPA 2023) and the Nigeria Data Protection Regulation (NDPR). This policy should be read together with our Terms of Service and our NDPR Compliance Statement.

2. Data Controller Information

3. Personal Data We Collect

3.1 Information You Provide

• Account Information: Name, email address, phone number, password
• KYC Information: BVN, NIN, Driver's License number, biometric data (Tier 2)
• Financial Information: Bank account details, payment card information (processed by Paystack)
• Business Information: Company name, business registration number (for corporate accounts)
• Communications: Messages, support tickets, feedback

3.2 Information Collected Automatically

• Device Information: IP address, browser type, device type, operating system
• Usage Data: Pages visited, time spent, clicks, bids placed
• Location Data: Approximate location based on IP address
• Cookies: See our Cookie Policy

3.3 Information from Third Parties

• Dojah: KYC verification results, biometric data
• Paystack: Payment transaction data
• Google Cloud: AI assessment data

4. How We Use Your Data

We process your personal data for the following purposes:

4.1 Contract Performance

• Creating and managing your account
• Processing bids and auction transactions
• Facilitating payments and refunds
• Generating auction documents

4.2 Legal Compliance

• KYC/AML verification
• Fraud detection and prevention
• Responding to legal requests
• Tax reporting

4.3 Legitimate Interests

• Improving Platform functionality
• Analyzing usage patterns
• Sending service notifications
• Protecting against security threats

5. Data Sharing & Disclosure

We share your data with:

5.1 Service Providers

• Paystack: Payment processing
• Dojah: KYC verification
• Google Cloud: AI services, hosting
• Vercel: Platform hosting

5.2 Legal Requirements

We may disclose your data to:

• Law enforcement agencies
• Regulatory authorities (NITDA, NAICOM)
• Courts and tribunals
• Tax authorities (FIRS)

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

6. Your Rights Under NDPA 2023

You have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with NITDA

7. Data Retention

We retain your data for:

• Account Data: Duration of account + 7 years (tax/legal requirements)
• Transaction Data: 7 years (financial regulations)
• KYC Data: 5 years after account closure (AML requirements)
• Marketing Data: Until consent is withdrawn
• Cookies: See our Cookie Policy

8. Data Security

We implement appropriate technical and organizational measures:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security audits
• Employee training on data protection
• Incident response procedures

9. International Data Transfers

Some of our service providers (Google Cloud, Vercel) may process data outside Nigeria. We ensure adequate safeguards through:

• Standard Contractual Clauses
• Adequacy decisions by NITDA
• Binding Corporate Rules

10. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or Platform notification 30 days before taking effect.

12. Contact Us