This policy establishes principles and procedures that ensure all personal and sensitive data is handled lawfully, transparently, and securely in compliance with applicable data protection laws. Fekxir Limited is committed to protecting the rights and privacy of individuals whose personal data it collects, processes, or stores. Fekxir Limited needs to gather and use certain information about individuals. These individuals are known as data subjects and may include customers, suppliers, business contracts, employees, directors, shareholders and other people whom the Company has a relationship with or may need to contact. The information obtained from these data subjects is protected by law and the Company is obliged to ensure compliance. To this end, the Company is committed to: Restricting and monitoring access to sensitive data; Developing transparent data collection procedures; Training employees in online privacy and security measures; Building secure networks to protect online data from cyber-attacks; Establishing clear procedures for reporting privacy breaches or data misuse; Including contract clauses and communicating statements on how the Company handles data; Establishing data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc; Communicating its data protection provisions on its website; Make sound judgement about the effectiveness, efficiency and responsiveness of services and in making complex decisions about priorities and the use of resources. To the extent possible, the provisions of this policy shall apply to all information belonging to the company in whatever form (whether oral, written, pictorial or electronic media) containing, without limitation, material of technical, operational, administrative, economic, planning, business, finance, decision making, regulatory compliance or legal nature and any intellectual property of any kind.
This policy applies to persons authorised to use the Fekxir Limited network including its employees, contractors, consultants, partners, vendors, and any third-parties who access or use Fekxir’s systems, infrastructure, and information, it also applies to all personal data processed in any form - digital, paper, verbal or otherwise.
This includes but is not limited to:
Computer equipment(s)
Software
Operating systems
Storage media
Own equipment (such as home PCs, mobile and smart phones)
Network accounts providing electronic mail
World Wide Web (www; browsing)
File copying (e.g. using the File Transfer Protocol-FTP).
This policy is designed to ensure that the Company:
Complies with the data protection legislation and follow best practice;
Protects the rights of stakeholders and other interested parties, including but not limited to employees, customers and partners;
Has proper procedures in place for the safe storage, handling, and lawful processing of individuals’ data; and
Protects itself from the risk of data breach and data security risks, including:
Breaches of confidentiality: Where data is given out inappropriately; and
Reputational Damage: Where the Company could suffer if hackers successfully gained access to sensitive data.
The Data Protection Act, 2023 provides how the Company must collect, handle and store personal information. The Act requires that personal information must be collected and used fairly, stored safely and not disclosed unlawfully. The rules apply regardless of whether the data is stored electronically, on paper or on other materials.
Fekxir Limited collects and processes personal data only for legitimate business purposes, in compliance with applicable data protection laws. When you fill the eligibility assessment, we collect Personal Information which you voluntarily provide to us. It may also include anonymous information that may be linked to you specifically, (e.g. IP address).
The Personal Information we have about you is directly made available to us when you:
Take the eligibility assessment
Use any of our products or services
Contact us or our customer support team
In certain cases if and when you engage in high-value or high-volume transactions, or when we are required to comply with applicable anti-money laundering (AML) regulations, we may request additional information. This may include documents required for identity verification or compliance purposes.
We also gather your personal data using cookies, pixel tags, and other advanced tracking technologies to enhance your experience, tailor content, and optimize our services during your interactions with our platform. These tools allow us to understand your preferences, monitor usage patterns, detect and prevent fraudulent activities and strengthen security, ensuring a safer and more personalized user experience.
We may collect, use, process, store, or transfer personal data such as:
Identity Data & Identification Documents: Information such as, your full name(s), your government-issued identity number, and your date of birth. Identification documents may include passport or any Government-issued identity card, a photograph (if applicable) and any other registration information you may provide to prove you are eligible to use our services. This data is to enable us to verify your identity in order to offer our services to you.
Contact Data: This is data that is needed to reach out to you, such as your contact address, email address, telephone number, and if required billing details.
Log/Technical information: When you access Fekxir’s services, our servers automatically record information that your browser sends whenever you visit a website, links you have clicked on, length of visit on certain pages, unique device identifier, log-in information, location and other device details.
Traceable Information: These are information that can be linked directly or indirectly to you whenever you use or interact with our services. This includes details about your device (e.g., type, OS, unique identifiers), interactions with our services (e.g., features accessed, actions performed, usage duration), financial transactions (e.g., history, payment details, timestamps), and additional data such as location, usage patterns, and session information.
Marketing and Communications Data: This includes both a record of your decision to subscribe or to withdraw from receiving marketing materials from us or from our third parties.
Records of your discussions with us, if we contact you and if you contact us.
We may disclose or share your Personal Information with third parties which include our affiliates, employees, officers, service providers, agents, suppliers, subcontractors as may be reasonably necessary for the purposes set out in this policy.
Fekxir Limited only shares personal information with External Third parties in the following limited circumstances:
We have your consent. We require opt-in consent for the sharing of any personal information
We share Personal Information with third parties directly authorised by you to receive Personal Information, such as when you authorise a third-party application provider to access your account. The use of your Personal Information by an authorised third party is subject to the third party's privacy policy and Fekxir shall bear no liability for any breach which may arise from such authorisation by you.
We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons to process personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
Satisfy any applicable law, regulation, legal process or enforceable governmental request;
Enforce applicable Terms of Service, including investigation of potential violations thereof;
Detect, prevent, or otherwise address fraud, security or technical issues;
Protect against imminent harm to the rights, property or safety of Fekxir, its users or the public as required or permitted by law.
If Fekxir Limited becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.
In addition to the rights described in this Privacy Policy, you have the following rights concerning how we handle your personal data. These rights apply under applicable data protection laws, including the UK GDPR, Data Protection Act 2018, and Nigeria Data Protection Act 2023. Below are the rights you have as a user in relation to your Personal Information. You are entitled to reach out to us to exercise the following rights, which are guaranteed by the Nigeria Data Protection Act with some limitations:
Right to access: You may request a copy of the personal data we hold about you, this enables you to receive a copy of the personal data we hold about you and to verify if it is being processed lawfully. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
Right to objection or request for restriction: You may ask us to refrain from doing certain things with your data or restrict the extent of our collection or processing of your data. This grants you the right to request that we suspend the processing of your personal data in specific instances.
Right to rectify: This enables you to have any incomplete or inaccurate data we hold about you corrected, completed or updated.
Right to object: You have a right to ask us not to contact you for marketing purposes by adjusting your notification preference on the settings page or by opting out via the unsubscribe link in marketing emails we send you.
Right to Erasure: You have the right to ask us to erase your Personal Information. Please note that this is a limited right which applies where the data is no longer required, or the processing has no legal justification.
Right to Data Portability: You have the right to request that we provide your personal data to you or a third party; We will provide you or a third party you have chosen with your personal data in a structured, commonly used, machine-readable format.
Right to withdraw consent: Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
If you wish to exercise any of the rights set above, please contact via using the contact information provided in the Contact Us segment below.
You are deemed to have accepted the contents of this Privacy Policy when you access our platforms; use our services, content, features, technologies or functions offered on our website or digital platforms; or otherwise, interact with us.
If you do not accept this Privacy Policy and do not wish to comply with the provisions set forth herein, you may not use or access our services or website.
Note that you can withdraw your consent at any time. Such withdrawal of consent would not affect the lawfulness of processing information done prior to the withdrawal of consent. Where such withdrawal of consent would prevent us from providing services to you, we will endeavour to inform you.
We will hold your personal information on Fekxir’s systems for as long as is necessary to fulfil the purpose for which it was collected or to comply with any legal, regulatory, tax, accounting, reporting requirements or internal policy requirements. We endeavour to dispose of your data once we have concluded that we no longer require your personal data in connection with the purpose for which it was collected, and if disposing of such personal data would not expose us to any actions, sanctions or claims.
We are statutorily obligated to retain the Personal Information and data you provide us with to carry out our services and in compliance with laws and regulatory guidelines applicable to us and our partners. Therefore, even after discontinuance of our services, we will retain certain Personal Information and transaction data to comply with these obligations.
Under some circumstances, we may anonymize personal information so that it can no longer be associated with a particular individual. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to the relevant individual or its consent.
For all Personal Information and records obtained, used, and stored by us, we shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity, and requirement to retain.
The periods for which we hold different categories of data differ. For example, we may hold personal data received:
from unsuccessful job applications for six (6) months after notifying the applicant of the outcome
during a request to the help desk for three (3) years after the resolution of such request
while handling customer complaints for six (6) years after the resolution of the complaint
from customers in relation to their accounts for six (6) years after the successful closure of their accounts.
Electronic records: Secure deletion, permanent erasure, or encryption-based anonymisation.
Physical records: Cross-cut shredding, incineration, or secure disposal through certified vendors.
Retention periods are reviewed annually to ensure compliance with legal obligations and business needs. Exceptions may apply where records are required for ongoing legal proceedings, regulatory investigations, or enforcement of our rights.
Please note that the periods stated above are subject to overriding legal obligations and public policy, as well as changing business realities. Therefore, we shall endeavour to update the above-stated periods accordingly.
We take the security of your personal data seriously. In the unlikely event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data, immediate steps will be taken to contain the breach, prevent further unauthorised access, and protect affected systems. The DPO will assess the nature and scope of the breach within 24 hours of discovery.
The assessment will determine the type and volume of personal data involved; the number of individuals affected; the potential consequences for data subjects. Serious breaches will be escalated to senior management for decision-making.
Where we ascertain that such breach is detrimental to your rights and freedom in relation to your personal data, we shall within 7 (Seven) days of knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.
Where required by law, the DPO will notify the relevant supervisory authority such as the UK Information Commissioner’s Office within 72 hours of becoming aware of the breach.
All breaches, whether reportable or not, will be logged in a Data Breach Register, the register will include details of the incident, decisions taken, and corrective actions implemented. Records will be retained for a minimum of 7 years. Following any breach, corrective measures will be implemented, which may include system upgrades, policy changes, or additional staff training.
We sometimes engage third-party service providers to support our operations, such as IT providers, cloud hosting services, marketing platforms, and professional consultants. To safeguard your personal information, we apply strict measures to ensure that all vendors and partners meet the same data protection and security standards that we uphold.
Before engaging any third party that may process personal data on our behalf, we conduct a due diligence review that includes:
Assessing the vendor’s data protection and security policies.
Reviewing compliance with applicable laws (e.g., UK GDPR, Data Protection Act 2018, Nigeria Data Protection Act 2023).
Verifying technical and organisational safeguards (e.g., encryption, access controls).
Reviewing certifications, such as ISO 27001 or SOC 2, where applicable.
Evaluating the vendor’s history of data protection incidents or breaches.
All third parties engaged to process personal data on our behalf must enter into a Data Processing Agreement (DPA) or equivalent contract that clearly defines their role as a processor or sub-processor, restricts processing to our documented instructions, requires the implementation of adequate security measures, prohibits unauthorised cross-border transfers without safeguards, and grants us rights to conduct audits and compliance checks.
Vendors are subject to periodic compliance reviews—which may include questionnaires, audits, or evidence of security controls—with high-risk vendors monitored more frequently, and any non-compliant vendors required to implement corrective measures or risk termination of engagement.
Vendors are contractually required to notify us without undue delay of any actual or suspected data breach affecting personal data they process on our behalf. Such incidents will be managed in line with our Data Breach Response Policy.
We remain accountable for all personal data shared with third parties and ensure that personal information is not disclosed to vendors beyond what is strictly necessary for the purposes of service delivery.
In compliance with the Privacy and Electronic Communications Regulations (PECR), we operate on a default opt-in basis for all electronic marketing communications, ensuring that individuals provide clear and informed consent before receiving such messages. A limited soft opt-in exception may be applied where legally permissible (for example, when marketing similar products or services to existing customers who have previously purchased from us or registered for our webinar), provided that a simple and effective opportunity to refuse or opt out is offered at the point of data collection and with every subsequent communication. All marketing messages will include a clear and prominent unsubscribe option, and any opt-out requests will be processed promptly and in accordance with applicable legal requirements.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Our marketing communications have opt-out links through which you can inform us to stop processing your data for such purposes. Ideally, we would ensure to acquire your consent before we send such marketing communications in the first place. However, where, for some reason, we are unable to acquire your consent before sending marketing communications or where we inadvertently send marketing communications to you, we would provide you with the option to opt-out of receiving such marketing communications.
If you do not wish to receive offers or other notices from us in the future, you can "opt out" by contacting us as indicated at the end of this Privacy Policy or by following the "unsubscribe" instructions in any communication you receive from us. Please be aware that if you are a User, you are not able to opt out of receiving communications about your account or related transactions with us.
When personal data is transferred to countries outside the UK, EU, or Nigeria that do not provide an adequate level of data protection as determined by the relevant supervisory authorities, we implement appropriate safeguards to ensure that such transfers comply with applicable data protection laws. These safeguards may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement (IDTA) or Addendum, and other legally recognised mechanisms that impose enforceable obligations on the recipient to protect personal data in line with GDPR and NDPA standards. In addition, we conduct transfer impact assessments to evaluate potential risks in the destination country and apply supplementary technical and organisational measures—such as encryption, access controls, and minimisation of personal data—to mitigate those risks. We also ensure that individuals are informed about such international transfers through our Privacy Policy, and, where required, obtain their explicit consent before proceeding with the transfer.
Fekxir Limited may transfer personal data across borders to facilitate business operations, client services, or vendor engagements. Such transfers will only occur where one of the following safeguards is in place:
The receiving country has been granted an adequacy decision by the UK Secretary of State, the European Commission, or the NDPC.
The transfer is governed by legally recognized safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission,
UK International Data Transfer Agreement (IDTA),
Binding Corporate Rules (BCRs), or
Other approved transfer mechanisms under applicable law.
Where no adequate decision or safeguards exist, Fekxir will rely on limited exceptions (e.g., explicit informed consent from the data subject) and ensure that the rights of individuals are protected.
Fekxir Limited will maintain a record of all international transfers, including the legal mechanism relied upon, and ensure that data subjects can exercise their rights regardless of where their data is processed.
Fekxir is committed to complying with all data protection and privacy regulations in the jurisdictions where it operates or processes data. The following laws apply:
United Kingdom
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018 (DPA 2018)
Nigeria
Nigeria Data Protection Act 2023 (NDPA 2023)
Regulations and directives issued by the Nigeria Data Protection Commission (NDPC)
Other Jurisdictions
Where Fekxir operates outside the UK or Nigeria, or processes data belonging to individuals in other jurisdictions, it will comply with the applicable local data protection laws.
In cases where multiple laws apply, Fekxir will adopt the higher standard of protection to safeguard data subjects’ rights.
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse traffic, and personalise content and services. In line with the UK Privacy and Electronic Communications Regulations (PECR), the UK GDPR, and the Nigeria Data Protection Act 2023, we are committed to being transparent about how these tools are used and obtaining your consent where required.
Strictly Necessary Cookies enable core site functionality (such as security, session management, and form submissions), are retained only for the duration of your browsing session before being automatically deleted, and do not require user consent as they are essential for site operation.
Performance & Analytics Cookies collect information about how visitors use our site (such as pages visited, time spent, and errors encountered) to help us monitor and improve overall website performance.
Functional Cookies remember your preferences (such as language, region, or login details) to provide a personalized experience, are typically stored for 6–12 months unless cleared, and require your prior consent.
Targeting & Advertising Cookies track your browsing behaviour across websites to deliver relevant advertising and measure campaign effectiveness, are retained for up to 24 months unless cleared sooner, and require your explicit consent.
When you first visit our website, a cookie banner will appear requesting your consent to use non-essential cookies, allowing you to “Accept All,” “Reject All,” or manage your preferences by cookie category, and you may withdraw or change your consent at any time through the Cookie Settings link provided at the bottom of our website.
We may use trusted third-party services (e.g., analytics providers, social media integrations, or advertisers) that set cookies on our website. These parties may collect and use information in accordance with their own privacy policies.
You can control or delete cookies through your browser settings. Please note that disabling certain cookies may affect site functionality or your user experience.
Our services are not directed to individuals under the age of 18, and we do not knowingly collect or process personal data from children. If, in limited circumstances, it becomes necessary to process the personal data of a child, we will obtain verifiable parental or guardian consent prior to collection and ensure that such processing is carried out strictly in compliance with applicable data protection laws. If we become aware that personal data has been collected from a child without appropriate consent, we will take immediate steps to delete such information. Parents or guardians who believe their child may have provided personal information to us are encouraged to contact us promptly to request its removal or exercise any applicable rights on behalf of the child, in accordance with the Data Subject Rights section of this Privacy Policy.
We are committed to the principles of data minimisation and purpose limitation. This means that we will only collect and process personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is collected. Personal data will only be processed for specified, explicit, and legitimate purposes, and we will not use it in ways that are incompatible with those purposes unless required by law or with your explicit consent. Regular reviews are carried out to ensure that personal data held is still necessary, and any data that is no longer required will be securely deleted or anonymised in accordance with our Retention Policy.
If you have any questions, comments, or concerns with respect to your Personal Information or this Privacy Policy, you may contact us by sending an email to our data protection team via Data Protection.
“Consent” means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, whether by a written or oral statement, or a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her or to another individual on whose behalf he has the permission to provide such consent.
"Cross-Border Data Transfer" means the movement of personal data to a jurisdiction outside the country of origin, subject to appropriate safeguards under applicable laws.
"Database" means a collection of data organized in a manner that allows access, retrieval, deletion and processing of that data; which includes but not limited to structured, unstructured, cached and file system type databases.
"Data Controller" means an individual, private entity, public Commission, agency or any other body who, alone or jointly with others, determines the purposes and means of processing of personal data.
"Data Processor" means a person or organization that processes Personal Data on behalf and on instructions of Fekxr Limited.
"Data Subject" means any person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
"Data Subject Access Request" The mechanism for an individual to request a copy of their data under a formal process which may include payment of a fee.
"DPIA" means Data Protection Impact Assessment.
"Foreign Country" Other sovereign states, autonomous or semi-autonomous territories within the international community.
"GDPR" means General Data Protection Regulation.
"ICO" means Information Commissioner’s Office.
"NDPA" means the Nigeria Data Protection Act, 2023.
"NDPR" means the Nigeria Data Protection Regulation, 2019.
"NDPC" means the Nigeria Data Protection Commission.
"Processing" means any operation or set of operations which is performed on Personal data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Personal Data/Information" means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples include but not limited to: Name, Address, Phone number, Email address.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal data transmitted, stored, or otherwise processed.
"Sensitive Personal Data" means data relating to religious or other beliefs, sexual orientation, health, race, ethnicity, political views, trades union membership, criminal records, genetic and biometric data - for the purpose of uniquely identifying a natural person or any other sensitive personal information prescribed by the NDPC, as sensitive personal data.
"Supervisory Authority" means an independent public authority established by law to monitor compliance with data protection regulations like the ICO and NDPC.
"Third Party" means any natural or legal person, public authority, establishment, or any other body other than the Data Subject, the Data Controller, the Data Administrator, and the persons who are engaged by the Data Controller or the Data Administrator to process Personal Data.