Privacy Policy

Table of Contents

Effective Date: 19 June 2025

1. Introduction

At Transacta Technologies Limited (“Transacta,” “we,” “us,” or “our”), a company incorporated under the laws of the Federal Republic of Nigeria (registration number RC 1234567, registered office at 123 Fintech Avenue, Victoria Island, Lagos, Nigeria), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our website, mobile application, or related services (collectively, the “Platform”).

This policy applies to all users (“you” or “your”) who access or register on the Platform to facilitate fiat deposits, cross-border supplier payments, or other services. By using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to our data practices as described.

2. Definitions

For clarity, the following terms have specific meanings in this Privacy Policy:

  • Personal Data: Any information relating to an identified or identifiable individual, such as name, contact details, or identification documents.
  • Processing: Any operation performed on Personal Data, including collection, storage, use, or deletion.
  • Data Subject: The individual to whom the Personal Data relates (i.e., you, the User).
  • Data Controller: Transacta, the entity determining the purposes and means of Processing your Personal Data.
  • Third Parties: External entities, such as payment processors or regulators, with whom we may share data.
  • KYC Provider: A Third Party used to verify your identity for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.
  • Service Provider: A Third Party that supports Platform operations, such as cloud hosting or payment processing services.

3. What Data We Collect

We collect the following categories of data to provide and improve our Services:

3.1 Personal Identification Information

  • Full name, phone number, email address, date of birth, and nationality.
  • Provided during registration or when updating your account.

3.2 Identity & KYC Information

  • Government-issued ID (Nigerian National Identification Number (NIN), passport, Ghana Card).
  • Proof of address (utility bill or bank statement, not older than three months).
  • Biometric data (selfie or facial recognition scan for identity verification).
  • Source of funds documentation (bank statements, payslips) for high-risk accounts, as required by AML regulations.

3.3 Transaction Data

  • Records of fiat deposits (bank transfers, mobile money).
  • Supplier details (name, bank account information) and payout instructions.
  • Transaction amounts, dates, currencies, and exchange rates applied.
  • Transaction history and status logs.

3.4 Technical Information

  • Internet Protocol (IP) address and browser type.
  • Device information (operating system, device ID).
  • Location data (where permitted, to detect fraud or comply with jurisdictional requirements).
  • Usage logs, including pages visited, features used, and time spent on the Platform.
  • Cookies and similar tracking technologies (see Section 9).

4. How We Use Your Data

We process your Personal Data for the following purposes:

  • Identity Verification: To comply with KYC/AML laws, including Nigeria’s Money Laundering (Prevention and Prohibition) Act 2022 and Ghana’s Anti-Money Laundering Act 2020.
  • Transaction Processing: To facilitate fiat deposits, cross-border payments, and Supplier settlements.
  • Communication: To send transactional notifications (payment confirmations), respond to support queries, and provide service updates.
  • Fraud Prevention: To detect and prevent fraudulent activities, money laundering, or other illegal uses of the Platform.
  • Service Improvement: To analyze usage patterns, gather feedback, and enhance Platform functionality and user experience.
  • Legal Compliance: To meet regulatory requirements, including reporting to authorities like the Nigeria Financial Intelligence Unit (NFIU) or Ghana’s Financial Intelligence Centre (FIC).
  • Marketing (with consent): To send promotional offers or updates about new features, where you have opted in.

5. Legal Bases for Processing

We process your Personal Data based on the following legal grounds, as permitted by the NDPA, GDPR, and other applicable laws:

  • Consent: Where you explicitly agree (for marketing communications or certain cookies). You may withdraw consent at any time (see Section 8).
  • Contractual Necessity: To perform our contract with you, such as processing payments or providing access to the Platform.
  • Legal Obligation: To comply with laws, such as KYC/AML requirements or regulatory reporting.
  • Legitimate Interests: For purposes like fraud prevention, Platform security, or service improvement, provided these do not override your rights.

6. Sharing of Data

We may share your Personal Data with the following parties, only as necessary and with appropriate safeguards:

  • KYC/AML Vendors: Third Parties to verify your identity and screen against sanctions or watchlists.
  • Payment Processors and Payout Partners: Banks or mobile money providers to process deposits and Supplier payments.
  • Regulators and Law Enforcement: Authorities like the NFIU, FIC, or Central Bank of Nigeria when required by law or in response to legal requests (fraud investigations).
  • Affiliates and Successors: In case of a merger, acquisition, or business transfer, your data may be shared with relevant parties under strict confidentiality agreements.

We do not sell your Personal Data or share it for purposes unrelated to our Services.

7. Data Retention

  • Retention Period: We retain Personal Data for at least seven years after your last Transaction or account closure, as required by AML/CFT regulations in Nigeria and Ghana (exceeding the minimum five-year requirement for added diligence).
  • Post-Retention: After the retention period, we securely delete or anonymize your data, except where further retention is required by law.
  • Inactive Accounts: Data from accounts inactive for 12 months may be archived, but KYC and Transaction records are retained for the full seven years.

8. Your Data Rights

Depending on your jurisdiction, you may have the following rights under the NDPA, Ghana’s Data Protection Act, GDPR, or other applicable laws:

  • Access: Request a copy of your Personal Data held by us.
  • Correction: Request updates or corrections to inaccurate or incomplete data.
  • Deletion: Request deletion of your data (subject to legal retention requirements).
  • Restriction: Object to or restrict certain types of data processing.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Withdraw Consent: Revoke consent for non-essential processing at any time.

To exercise these rights, contact our Data Protection Officer at contact@transacta.to. We will respond within 30 days (or as required by law, e.g., 21 days under NDPA). You may also lodge complaints with a supervisory authority, such as Nigeria’s National Data Protection Commission or Ghana’s Data Protection Commission.

9. Cookies and Tracking

9.1 Cookies: We use cookies and similar technologies (web beacons) to enhance your Platform experience. Cookies may include:

  • Essential Cookies: Required for Platform functionality.
  • Analytics Cookies: To track usage patterns and improve Services.
  • Preference Cookies: To remember your settings.

9.2 Consent: Where required (under GDPR), we display a consent banner for non-essential cookies. You can manage preferences via our cookie settings tool on the Platform.

9.3 Opt-Out: You can disable cookies through your browser settings, but this may affect Platform functionality. For analytics opt-out, contact contact@transacta.to.

10. Data Security

We implement robust measures to protect your Personal Data:

  • Encryption: Sensitive data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).
  • Secure Infrastructure: Data is stored on reputable cloud platforms with industry-standard security certifications.
  • Access Controls: Data access is on a need-to-know basis, subject to strict confidentiality agreements.
  • Breach Response: In the unlikely event of a data breach, we will notify affected Users and regulators (National Data Protection Commission) within 72 hours, as required by NDPA and GDPR, and take steps to mitigate harm.

11. International Transfers

Your Personal Data may be stored or processed outside your country (in cloud servers in the EU or US) to support Platform operations. We ensure compliance with cross-border transfer requirements:

  • Safeguards: We use Standard Contractual Clauses (SCCs) approved by the GDPR or NDPA-compliant agreements with Service Providers.
  • Jurisdictional Compliance: Transfers comply with Nigeria’s NDPA, Ghana’s Data Protection Act, and FATF Recommendations for data sharing in AML/CFT contexts.
  • User Notification: You will be informed if your data is transferred to a jurisdiction with different privacy standards, where required by law.

12. Children’s Privacy

The Platform is not intended for individuals under 18 years old. We do not knowingly collect or process Personal Data from minors. If we discover that a minor’s data has been collected, we will promptly delete it and suspend the associated account. Parents or guardians can contact contact@transacta.to to address concerns about minor data.

13. Policy Updates

We may update this Privacy Policy to reflect changes in our Services, legal requirements, or industry standards. Material changes will be notified via:

  • Email to your registered address (at least 14 days before changes take effect, per NDPA).
  • A prominent notice on the Platform.

The updated policy will always be accessible at www.transacta.to/privacy. Continued use of the Platform after changes constitutes acceptance.

14. Contact Us

For questions, concerns, or to exercise your data rights, contact our Data Protection Officer:

We aim to respond within 48 hours. For complaints, you may also contact Nigeria’s National Data Protection Commission or Ghana’s Data Protection Commission.