DEELAA DATA PRIVACY POLICY
PRIVACY POLICY
This Policy discloses Deelaa Travels' internal practices. It applies to personal biodata collected by the company and to all types of systems, operations, and processes within our environment that involve the collection, storage, use, transmission, and disposal of Personal Information. This policy will help you understand how the information we collect about you is used, how we protect it, and your rights to it, among others.
This Policy is restricted to our services and does not apply to services not owned or controlled by us, including third-party platforms/websites. We are committed to handling all personal data provided to us in compliance with data privacy and protection acts.
This policy informs you of the following;
1. Personal identifiable information collected from you through the website, how it is used, and with whom it may be shared.
2. Choices are available to you regarding the use of your data.
3. Security procedures are in place to protect your information from misuse.
4. How you can correct any inaccuracies in the information.
INFORMATION COLLECTION, USE, AND SHARING
We are the sole owners of the information collected on this site. We store information that you voluntarily release to us via email or other communication channels. We will use your details to respond to you regarding the reason you contacted us. We will not trade your information to anyone.
We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.
PERSONAL INFORMATION
We collect and process the names, telephone numbers, and addresses of individuals that make them easily identifiable. These individuals include current, past, and prospective employees, guarantors, referees, suppliers/vendors, customers or former customers, and other individuals whom we communicate or deal with, jointly and/or severally.
You may voluntarily provide us with certain Personal Information, to enable you to gain access to and use our services. This information relates to an identified person or information that can be used to identify you.
We will always solicit your consent before sharing or disclosing your Personal Information with a third party except as may be required for the purpose of providing you with our services or under applicable legislation. The following is the information that we collect and process:
i. Individual personal information
ii. Individual personal contact details
iii. Identifying information
v. Information captured in customer documentation or data exchange such as application forms or advisory documents or via telephone.
vii. Data or records of correspondence related to relevant exchanges of information
viii. Information to fulfill regulatory obligations.
ix. Information from other entities.
x. Information from third parties provides information to identify and manage fraud;
xii. Other information about you that is voluntarily provided by filling in online forms or by communicating with us, whether face-to-face or via other available channels.
WE USE YOUR PERSONAL INFORMATION TO:
a) provide you with the required services;
b) respond to your questions or requests;
c) improve features, platform, and website content analyses data to develop services;
d) address inappropriate use of our Services;
e) prevent, detect, and manage risk against fraud and illegal activities using internal and third-party screening tools;
f) verify your identity and the information you provide in line with our statutory obligations using internal and third-party tools;
g) maintain up-to-date records;
h) resolve disputes that may arise, including investigations by law enforcement or regulatory bodies; and
PURPOSE LIMITATION
We collect Personal Information only for identified purposes and for which consent has been obtained. Such Personal Information cannot be reused for another purpose that is incompatible with the original purpose, except consent is obtained for such purpose.
DATA PROCESSING PRINCIPLES
Your data will be:
a) collected and processed under specific, legitimate, and lawful purposes, consented to by you;
b) adequate, accurate, and without prejudice to the dignity of the human person;
c) stored only for the period within which it is reasonably needed; and
d) secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire, or exposure to other natural elements.
OUR LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION
We will only use and process your data as permitted by the Nigerian Data Protection Act, 2023. We have set out below a description of all the legal bases we may rely on to process your personal data:
a) Where you have given, us consent to the processing of your personal data for one or more specific purposes;
b) where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract;
c) where processing is necessary for compliance with a legal obligation to which we are subject;
d) where processing is necessary to protect your vital interests or the vital interests of another natural person, and
e) where processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official public mandate vested in us.
f) For the legitimate interests pursued by us as the data controller or data processor, or by a third party to whom the data is disclosed.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us by sending an email to: legal@deelaa.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground may have been used to process your personal data.
For the purpose of this Privacy Policy, consent means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they, through a statement or a clear affirmative action, signify their agreement to the processing of Personal Information relating to them.
DATA MINIMIZATION
We limit Personal Information collection and usage to data that is relevant, adequate, and necessary for carrying out the purpose for which the data is processed. We will evaluate whether and to what extent the processing of Personal Information is necessary and where the purpose allows, anonymized data will be used.
DATA RETENTION
We will retain your Personal Information for as long as is needed to provide our services to you, comply with our legal and statutory obligations, or verify your information with the required verification authorities.
We are statutorily obligated to retain the Personal Information and data you provide us with to carry out our services and in compliance with laws and regulatory guidelines applicable to us and our partners. Therefore, even after discontinuance of our services, we will retain certain Personal Information and transaction data to comply with these obligations.
For all Personal Information and records obtained, used, and stored by us, we shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity, and requirement to retain.
The length of storage of your Personal Information shall, amongst other things, be determined by:
a) the contract terms agreed between us and the Data Subject or as long as it is needed for the purpose for which it was obtained; or
b) where the relationship has statutory implication or a required retention period; or
c) where there is an express request for deletion of the Personal Information by the Data Subject, provided that such request only be treated where the Data Subject is not under any investigation which may require us to retain such Personal Information or there is no subsisting contractual arrangement with the Data Subject that would require the processing of the Personal Information; or
d) where we have another lawful basis for retaining that information beyond the period for which it is necessary to serve the original purpose.
YOUR ACCESS TO AND CONTROL OVER INFORMATION
Once your Personal Information is held by us, you are entitled to reachout to us to exercise the following rights which are guaranteed by the Nigeria Data Protection Act with some limitations.
a) Request access to your personal data (commonly known as a “data subject access request”): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may notify you of our refusal to comply with your request in these circumstances. Where we have reasonable doubts concerning the identity of the natural person requesting information, we may request the provision of additional information necessary to confirm the identity of the data subject. Where data is held electronically in a structured form, such as in a database, as the Data Subject, you have a right to receive that data in a common electronic format;
b) Right to request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, complete, or updated, though we may need to verify the accuracy of the new data you provide to us.
c) Right to request erasure or deletion of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with
local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d) Right to object to the processing of your personal data: Where we are relying on a legitimate interest (or those of a third party) there may be something about your situation that could justify an objection to processing on this ground as you may feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e) Right to request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios:
i. If you want us to establish the data’s accuracy;
ii. Where our use of the data is unlawful but you do not want us to erase it;
iii. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
iv. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f) Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
g) Right to withdraw consent at any time where we are relying on consent to process your personal data: This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. You may decline to provide your Personal Information when it is requested by us, however, certain services or all services may be unavailable to you. You may review and update your Personal Information directly or by contacting us.
SECURITY
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and securely transmitted to us. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
UPDATES, MODIFICATIONS AND AMENDMENTS
We reserve the right to update, modify, change, or revise this Privacy Policy from time to time. The changes will not be retroactive, and the most current version of this Privacy Policy which will always be on this page and will continue to govern our relationship with you. We advise that you check this page often, referring to the date of the last modification on the page. We will also try to notify you of any material changes which could be done via email associated with your account or service notification. By continuing to use our services after the changes become effective, you agree to be bound by the revised Privacy Policy.
If you feel that we are not abiding by this privacy policy, you should contact us immediately via email at legal@deelaa.com.
REGISTRATION
For effective use of this website, users are advised to complete the registration form. During registration, a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site
in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required.
COOKIES
We use "cookies" on this site. A cookie is a piece of data stored on a site visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, depending on your browser settings you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.
Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies.
SHARING
We share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any person. We use a credit card processing company to bill users for products and services. These companies do not retain, share, store, or use personally identifiable information for any secondary purposes beyond fulfilling your order.
We partner with 3rd party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except to provide these services.
Using the Deelaa mobile phone and tablet Apps (the "MobileApps")
When you use the Mobile App, we collect and use information about you in the same way and for the same purposes as we do when you use our website.
In addition to this, we also use some other information that we collect automatically when you use our Mobile Apps e.g. we collect information about mobile App functionality that you access and use. This allows us to identify those areas of the Mobile App that are of interest to our customers so that we can
refine and continuously improve the Mobile App. The information we collect for this purpose does not enable us to directly identify you.
When you use our Mobile App, you can choose to allow access to your current location – provided by your mobile device using GPS or similar technologies – in order to identify nearby hotels or airports. If you choose to allow access, this location data may be collected anonymously as part of search requests logged by our servers. You can switch off the Mobile App’s access to your location at any time through your phone settings menu.
Each Mobile App will also send us error-reporting information if it crashes or hangs. This enables us to investigate the error and to improve the stability of the Mobile App for future releases. We do not use this information for any purpose other than investigating and remedying the error.
You always can control what information a Mobile app sends to us. You can exercise this control either by changing the settings oft he Mobile App under its setting menu or changing the settings of your mobile device. Alternatively, you can remove the Mobile App from your mobile device entirely and access our services through our website.
We may share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
a) comply with a legal obligation, process, or request (including tax and related reporting requirements);
b) enforce our Terms of Service and other agreements, policies, and standards, including investigation of any potential violation thereof;
c) detect, prevent, or otherwise address security, fraud, or technical issues; or
d) protect the rights, property or safety of us, our users, a third party, or the public as required or permitted by law (including exchanging information with other companies and organizations for fraud protection and credit risk reduction).
TRANSFER OF PERSONAL INFORMATION TO FOREIGN COUNTRY
Where Personal Information is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such Personal Information. In particular, we shall, among other things, confirm whether the country is on the Nigeria Data Protection Commission ("NDPC”) Whitelist of Countries with adequate data protection laws.
Transfer of Personal Information out of Nigeria would be by the provisions of the Nigeria Data Protection Act ("NDPA”) 2023. Will therefore only transfer Personal Information out of Nigeria on one of the following conditions:
- the consent of the Data Subject has been obtained;
b) the transfer is necessary for the performance of a contract between us and the Data Subject or implementation of pre-contractual measures taken at the Data Subject’s request;
c) the transfer is necessary to conclude a contract between us and a third party in the interest of the subject;
d) the transfer is necessary for reason of public interest;
e) the transfer is for the establishment, exercise, or defense of legal claims;
f) the transfer is necessary to protect the vital interests of the Data Subjects or other persons, where the data subject is physically or legally incapable of giving consent.
We will take all necessary steps to ensure that your Personal Information is transmitted in a safe and secure manner. Details of the protection given when your Personal Information is transferred outside Nigeria shall be provided to you upon request.
LINKS
This website contains links to other sites. Our website includes hyperlinks to, and details of, third-party websites.
Please be aware that we are not responsible and have no control over the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site to read the privacy statements of any other site that collects personally identifiable information.
VISITING OUR WEBSITE FROM OUTSIDE NIGERIA
If you are visiting our website from outside Nigeria, please be aware that your information may be transferred to, stored, and processed in Nigeria from where our central database is operated. The data protection law and other laws of Nigeria may vary in content or may not be as comprehensive as those in your country, but please be assured that we take steps to ensure that your privacy is protected. By using our services, you understand that your information may be transferred to our facilities and to those third parties with whom we share it as described in this Policy.
PRIVACY POLICY
This privacy policy applies to personal information collected through our website and personal information collected offline.
YOUR CONSENT
By accessing or using our services in any manner, you suggest to us that you have read and adopted this Privacy Policy and consent to the data practices described herein.
You agree that upon granting us your consent, you have the legal capacity to give consent and you are aware of your privacy rights and your option to withdraw your consent at any given time.
If you do not accept this Privacy Policy and do not meet or comply with the provisions set forth herein,then you may not use our services.
AGE RESTRICTION
If you access our services or platform and you are below 18 years, you represent and warrant that you have obtained consent from your parent(s) or legal guardian(s). If you have inadvertently provided the personal data of a child to us, please notify us at : travels@deelaa.com and we will delete such personal data.
Consistent with Section 8 of the Nigeria Child Rights Act (“the Act”), Cap C50, Laws of the Federation of Nigeria 2010, Section 31 of the Nigeria Data Protection Act 2023, we will never knowingly request Personal Identifiable Information from anyone below the age of 18 under the Act without prior verifiable parental consent. If we become aware that a child below the age of 18 under the Act has provided us with personal data without verifiable parental consent, we will use our best efforts to remove such information from our files. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy.
COMPLIANCE
Please note that the collection, processing, security, storage, and erasure of your personal data including any updates to this privacy policy will be in accordance with existing or new privacy and data protection provisions and laws in Nigeria which includes but not limited to the following:
a) Constitution of the Federal Republic of Nigeria 1999 (as Amended);
b) Nigeria Data Protection Act 2023("NDPA”);
c) Nigeria Data Protection Regulation2019 ("NDPR”);
d) NDPR 2019 Implementation Framework ;
e) Nigeria Cybercrimes (Prohibition, Prevention, Amendments) Act 2024 ;
f) Nigeria Money Laundering (Prevention and Prohibition) Act, 2022;
g) Nigeria Federal Competition and Consumer Protection Act, 2018 (FCCPA);
h) Nigeria Freedom of Information Act2011;
i) Central Bank of Nigeria Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions 2022.
COMPLAINTS ANDREMEDIES
You may file a complaint in accordance with this Privacy Policy if you believe that any provision of this Privacy Policy or your privacy rights have been violated in respect of your personal information or if your access to our Services have been compromised, to enable us to take the necessary steps
towards ensuring the security of your Personal Information. All complaints must be addressed to the company by sending an email to travels@deelaa.com
Please note that the complaint and resolution procedure is not prejudicial to your right to complain to the data protection authorities (in this case, you should contact the Nigeria Data Protection Commission (NDPC)using the following contact details:
Address:
NDPC: No. 5, Donau Crescent,
Off Amazon Street, Maitama,
Abuja, Nigeria.
Email: info@ndpc.gov.ng
We will notify you of any breach and also notify Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of such breach.
You may also seek redress in a court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authorities. Kindly contact us in the first instance by sending an email to: travels@deelaa.com
QUESTIONS AND INQUIRIES
You may also contact us if you have any questions, comments, and requests relating to this Privacy Policy or would like to find out more about exercising your data protection rights. Please contact us via travels@deelaa.com
If you are in Lagos, we can also be reached at:
SystemSpecs Nigeria LIMITED
6, Ojualari Road,
Off Kusenla, Ikate
Lekki/Epe Expressway
Lagos State, Nigeria.