NDPR Compliance

Our commitment to the Nigeria Data Protection Regulation.

Last updated: February 23, 2026

NaijaMarket Intel is fully committed to compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023, administered by the Nigeria Data Protection Commission (NDPC).

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: You provide explicit consent when registering and submitting price data
  • Contract: Processing is necessary to deliver our services (price intelligence, alerts, rewards)
  • Legitimate interest: Fraud detection and platform integrity protection

Data Processing Activities

Trader Data

  • Phone number (account identification)
  • GPS coordinates (submission verification — collected only during price submission)
  • Reputation score (calculated from submission history)
  • Reward balance (airtime credits earned)

Validator Data

  • Phone number (account identification)
  • Accuracy rate (calculated from validation history)
  • Reward balance (airtime credits earned)

Consumer Data

  • Phone number or email (account identification)
  • Subscription tier and payment history
  • Query history and alert preferences

Data Protection Officer

In compliance with NDPR Article 3.1, we have appointed a Data Protection Officer (DPO) who can be reached at:

Email: dpo@naijamarketintel.ng
Company: Giggababytes Oy
Address: Helsinki, Finland

Data Subject Rights

Under the NDPR, Nigerian data subjects have the following rights:

  • Right to be informed — We provide clear information about how your data is used
  • Right of access — Request a copy of all personal data we hold about you
  • Right to rectification — Correct any inaccurate personal data
  • Right to erasure — Request deletion of your personal data
  • Right to restrict processing — Limit how we use your data
  • Right to data portability — Receive your data in a structured format
  • Right to object — Object to processing based on legitimate interest

Cross-Border Data Transfer

As Giggababytes Oy is headquartered in Finland (EU), some data processing occurs within the European Economic Area. All cross-border transfers comply with NDPR requirements and are protected by EU GDPR standards, which provide an equivalent level of data protection.

Our primary database is hosted on Microsoft Azure South Africa North (Johannesburg), ensuring data residency within Africa for operational data.

Data Breach Notification

In the event of a personal data breach, we will notify the Nigeria Data Protection Commission within 72 hours of becoming aware of the breach, as required by NDPR. Affected data subjects will be notified without undue delay when the breach is likely to result in high risk to their rights.

Filing a Complaint

If you believe your data protection rights have been violated, you may file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.