Legal

Privacy Policy

Last updated: February 2025  ·  Compliant with NIST, GDPR & NDPA

1

Introduction

Smash Technology Limited ("Smash Technology," "we," "our," "us") values and respects the privacy of each of our users ("you", "your") who interact with any of our services and subsidiaries under Our Businesses section.

We are committed to safeguarding the Personally Identifiable Information (PII) and/or Sensitive Personally Identifiable Information (SPII) of all our users, ensuring your data is aligned with the highest standards of security, transparency, and proper handling in compliance with global data regulations — including NIST, GDPR, and the Nigeria Data Protection Act (NDPA).

By using any of our services, you confirm that you have fully read, understood, and accepted this policy regarding your data.

2

Scope of Policy

This policy applies to all users, customers, employees, and vendors engaging with subsidiaries under Smash Technology Limited — spanning transport, e-hailing, e-commerce, food delivery, bookings, virtual office solutions, travel & hospitality, real estate, and social networking. It pertains to all digital and physical data across our ads, applications, and online/in-person services.

3

Information We Collect

Personal Information

  • Full name, date of birth, gender, usernames
  • Contact details (email, phone, home & postal address)
  • National ID, passport, or government-approved verification documents

Financial & Transaction Data

  • Payment details (credit/debit card, bank account)
  • Billing and purchase history
  • Transaction records

Account & Authentication Data

  • Usernames, passwords, biometric identifiers, OTP, and 2FA preferences
  • Security questions and recovery details

Device & Usage Data

  • IP addresses, device identifiers, browser type
  • Location data (GPS, city, country, zip code)
  • Browsing and interaction history within our platforms

Communication & Social Media Data

  • Messages, reviews, and feedback via our platforms
  • Interactions with our official social media accounts
  • Data shared via third-party services (Facebook, Google, LinkedIn)
4

Purpose of Data Processing

  • Develop, enhance, and keep our services operable
  • Identify and validate individuals and preserve personal identification information
  • Handle payments securely and prevent fraudulent schemes
  • Communicate with users, answer requests, and deliver notifications
  • Generate personalised experiences through data-driven recommendations
  • Conduct research, analytics, and business intelligence operations
  • Enhance marketing and advertising campaigns
  • Stay compliant with legal, regulatory, and cybersecurity standards
  • Research, create, and implement new product tools
6

Data Sharing & Third Parties

  • Affiliates & Subsidiaries: For a versatile cross-device experience across our platforms.
  • Service Providers: Payment processors, hosting services, SEO tools, and support platforms.
  • Regulatory Authorities: As required by law, for fraud detection or public interest.
  • Business Partners & Advertisers: Only with user consent, for marketing or promotional purposes.

All third-party partners are required to comply with data protection laws, confidentiality agreements, and information security protocols.

7

Data Protection & Security

  • Encryption Protocols: AES-256 for stored data; TLS 1.3 for data in transit
  • Access Control: Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA)
  • Incident Response: Proactive monitoring with fast, focused breach notification
  • Regular Assessments: Penetration tests, vulnerability scans, and compliance audits
8

Data Retention & Deletion

  • Transaction & Account Data: Retained as required by financial and administrative law
  • Marketing Data: Retained based on user preferences — opt-out available at any time
  • User-Requested Deletion: Contact privacy@smashtechgroup.com to request removal
9

Your Rights (GDPR & NDPA)

  • Access and obtain a copy of your data
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data
  • Restrict processing in specific circumstances
  • Receive and transfer your data in a structured format
  • Opt-out of marketing and automated decision-making
  • Withdraw consent and revoke your data at any time
10

International Data Transfers

When personal data is transferred outside our operating country, we ensure adequate safeguards — including encryption and GDPR Standard Contractual Clauses (SCCs) — are in place.

11

Children's Privacy

Certain services are not intended for individuals under 13. We do not knowingly collect, process, or store data from minors without verifiable parental consent. If discovered, such data is immediately erased.

12

Cookies & Tracking

  • Improve platform performance and user experience
  • Analyse user behaviour and identify areas for improvement
  • Deliver personalised ads and marketing content

Users can manage cookie preferences by accepting or rejecting the prompt, or via browser settings.

13

Policy Updates

This policy is periodically updated to reflect legislative, technological, and business changes. We will notify you via email and in-app notifications. We encourage users to review this policy regularly.

14

Contact Us

For privacy inquiries, complaints, or requests:

privacy@smashtechgroup.com

Head Office — 2 King Jaja Street, Hillside Estate, Works & Housing Gwarinpa, Abuja, Nigeria

Branch Office — Suite 103/104, Workcentral, 5 Alhaji Tokan Street, Alaka Estate, Surulere, Lagos, Nigeria

This Privacy Policy ensures full compliance with NIST, GDPR, and NDPA, reinforcing our commitment to legal protection, information safety, user trust, and transparency across all Smash Technology platforms and services.