GDPR Compliance

1.1 What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It governs how personal data of EU residents must be processed, regardless of where the processing takes place.

1.2 Our GDPR Commitment

Although Akewe.com is based in Nigeria, we recognize that we may have users from the European Union. We are committed to:

• • Respecting the data protection rights of all users
• • Implementing GDPR-compliant practices where applicable
• • Providing transparency about our data processing activities
• • Offering appropriate mechanisms for exercising data rights

1.3 Scope of Application

This GDPR compliance statement applies to EU residents who use Akewe.com, regardless of whether they are visiting Nigeria or accessing our services from within the EU.

2.1 Legal Bases We Rely On

Under GDPR Article 6, we process personal data based on the following lawful bases:

2.2 Consent Management

Where we rely on consent, we ensure that it is:

• • Freely given, specific, informed, and unambiguous
• • Obtained through clear affirmative action
• • Easy to withdraw at any time
• • Documented and verifiable

3.1 Right to Information (Articles 13-14)

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR compliance statement.

3.2 Right of Access (Article 15)

You have the right to:

• • Confirm whether we are processing your personal data
• • Access your personal data and receive a copy
• • Receive information about our processing activities

3.3 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if it is incomplete. You can update most of your information directly through your account settings.

3.4 Right to Erasure (Article 17)

Also known as the “right to be forgotten,” you can request deletion of your personal data in certain circumstances:

• • The data is no longer necessary for the original purpose
• • You withdraw consent and there’s no other legal basis
• • The data has been unlawfully processed
• • Deletion is required for legal compliance

3.5 Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in certain situations:

• • While we verify the accuracy of disputed data
• • When processing is unlawful but you don’t want erasure
• • When you need the data for legal claims
• • While we consider your objection to processing

3.6 Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller.

3.7 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

3.8 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects. We do not currently engage in such automated decision-making.

4.1 Submitting Requests

To exercise your GDPR rights, please contact us at:

4.2 Identity Verification

To protect your privacy, we may need to verify your identity before processing your request. We may ask for:

• • Account credentials or verification through your registered email
• • Additional identifying information if necessary
• • Proof of authorization if you’re acting on behalf of someone else

4.3 Response Timeframes

We will respond to your requests:

• • Acknowledgment: Within 3 business days
• • Full Response: Within 30 days (may be extended to 60 days for complex requests)
• • Urgent Requests: Prioritized based on the nature of the request

4.4 Fees

We do not charge fees for most GDPR requests. However, we may charge a reasonable fee for:

• • Manifestly unfounded or excessive requests
• • Repetitive requests for the same information
• • Additional copies of data beyond the first free copy

5.1 Data Processing Locations

Your personal data may be processed in:

• • Nigeria: Our primary data processing location
• • Third-party services: Some services may process data in other countries
• • EU-based services: When we use EU-based service providers

5.2 Safeguards for International Transfers

When we transfer personal data outside the EU, we implement appropriate safeguards:

• • Standard Contractual Clauses (SCCs) approved by the European Commission
• • Adequacy decisions where applicable
• • Binding Corporate Rules for multinational service providers
• • Additional technical and organizational measures

5.3 Third-Party Processors

We work with third-party service providers who may process your data. All processors are required to:

• • Provide sufficient guarantees of GDPR compliance
• • Process data only on our documented instructions
• • Maintain confidentiality and security of data
• • Assist with data subject rights and breach notifications

6.1 Security Measures

We implement appropriate technical and organizational measures to ensure data security:

• • Encryption of data in transit and at rest
• • Access controls and authentication systems
• • Regular security assessments and monitoring
• • Staff training on data protection
• • Incident response procedures

6.2 Data Breach Response

In the event of a personal data breach that is likely to result in high risk to individuals, we will:

• • Supervisory Authority: Notify within 72 hours of becoming aware
• • Affected Individuals: Notify without undue delay when high risk exists
• • Documentation: Maintain records of all breaches
• • Remediation: Take immediate steps to address the breach

6.3 Privacy by Design and Default

We implement privacy by design principles by:

• • Building privacy considerations into system design
• • Setting privacy-friendly defaults
• • Minimizing data collection to what’s necessary
• • Regularly reviewing and updating practices

7.1 Retention Principles

We retain personal data only as long as necessary for:

• • Providing our services to you
• • Complying with legal obligations
• • Resolving disputes and enforcing agreements
• • Legitimate business purposes

7.2 Retention Periods

7.3 Secure Deletion

When data is deleted, we ensure it is securely removed from all systems and backups within a reasonable timeframe.

8.1 Age Restrictions

Our platform is not intended for children under 16 years of age (or the applicable age of digital consent in their EU member state).

8.2 Parental Consent

If we become aware that we have collected personal data from a child under the applicable age without proper parental consent, we will:

• • Immediately stop processing the data
• • Delete the data as soon as reasonably possible
• • Take steps to prevent future collection

8.3 Reporting Underage Users

If you believe a user is under the required age, please contact us immediately at [email protected].

9.1 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

9.2 Relevant Supervisory Authorities

You can contact:

• • The supervisory authority in your EU member state of residence
• • The supervisory authority where the alleged infringement occurred
• • The European Data Protection Board (EDPB) for cross-border issues

9.3 Contact Before Escalation

We encourage you to contact us first at [email protected] so we can try to resolve any concerns directly.

Related Documentation

For complete information about our data practices:

• • Privacy Policy
• • Cookie Policy
• • Terms of Service