Last updated: September 1, 2025
Fannix Technologies Ltd. (“Fannix”, “we”, “our”, “us”) is committed to protecting the privacy and security of personal data we process. This Privacy Policy explains how we collect, use, disclose, transfer, and store personal data and describes the rights available to individuals in respect of their personal data under applicable laws, including the Nigeria Data Protection Regulation / Nigeria Data Protection Act and the EU General Data Protection Regulation (GDPR). It applies to personal data processed by Fannix in delivering our products and services and via our websites, apps, and offline interactions.
Key Nigerian and EU regulatory frameworks that inform this policy include the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023, and the EU General Data Protection Regulation (GDPR). NITDA+2PLACNG+2
This policy applies to:
Individuals whose personal data we process in Nigeria and any other jurisdiction where we operate.
Customers, prospects, website users, employees, contractors, suppliers, partners, and other third parties (collectively, “you”).
The Act and NDPR apply where processing occurs in Nigeria, where the controller/processor is based or operating in Nigeria, or where personal data of Nigerian residents is processed. Securiti+1
Identity & contact: name, job title, company, email, phone, postal address.
Account & transactional: invoicing, purchase records, payment details (only as necessary; sensitive payment data handled by PCI-compliant providers).
Technical & usage: IP address, device and browser data, cookies, log files, usage analytics.
Service data: project specifications, system configuration details, CRM records, support tickets.
Sensitive personal data: limited and only if expressly required (e.g., biometric/medical data for HIS deployments) — we will seek explicit legal basis/consent and strict safeguards.
We collect this data directly, from third-party integrations, and from public/business directories as appropriate.
We process personal data only when we have a lawful basis, including:
Contract performance (to provide our services, deliver projects, billing).
Consent (where we ask for explicit consent, e.g., marketing communications or processing special categories of personal data).
Legal obligation (to comply with statutory duties or lawful requests from regulators).
Legitimate interests (for example, improving our services, fraud prevention, security), balanced against your rights and freedoms.
Under NDPR/Nigeria Data Protection Act, controllers must process lawfully, fairly, and transparently — we document the lawful basis for each processing activity. NITDA+1
We use personal data for specific purposes, including:
Delivering and improving software, hardware, cloud and managed services.
Project management, contract fulfilment, invoicing and payments.
Security, fraud detection, and incident response.
Support, maintenance and communications regarding your account.
Compliance with legal and regulatory obligations (audits, tax, data protection requests).
Marketing and business development (with consent where required).
We only use collected data for the stated purposes and seek to minimize retention to what is necessary for those purposes.
We may share personal data with:
Service providers and processors (hosting, cloud platforms, payment processors, analytics, email services). Processors we appoint are contractually required to implement appropriate technical and organisational measures. Under GDPR/NDPR, processors have clear obligations and controllers remain responsible for processor selection and oversight. GDPR+1
Professional advisors (legal, auditors) where necessary.
Regulators or law enforcement when required by law.
Group companies, partners for legitimate business purposes or with your consent.
We conduct due diligence and enter into written data processing agreements with third parties to ensure compliance and protect your rights.
If personal data is transferred outside Nigeria (or outside the EEA for EU personal data), we implement appropriate safeguards (e.g., standard contractual clauses, adequate country assessments, binding corporate rules, or other lawful mechanisms). The Nigeria Data Protection Act and NDPR impose requirements for international transfers; we will not transfer personal data internationally without legal safeguards and transparency. PLACNG+1
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, satisfy legal obligations, resolve disputes, and enforce agreements. Typical retention periods:
Contractual records and billing — generally 7 years (or as required by local tax law).
Support and operational logs — retained for operational and security needs (timelines vary).
Marketing preferences — until consent is withdrawn.
Specific retention periods will be documented in our internal retention schedule; please contact our DPO for details.
You have rights under relevant law, including (subject to legal limits):
Access: request a copy of personal data we hold about you.
Rectification: request correction of inaccurate data.
Erasure (“right to be forgotten”): request deletion where lawful.
Restriction: request limitation of processing.
Portability: request transfer of your data in a structured, machine-readable format (where applicable).
Objection: object to processing (including direct marketing) on grounds relating to your particular situation.
Withdraw consent at any time for processing based on consent.
We will respond to valid requests promptly and within statutory timeframes required by applicable law. Under GDPR, there are prescribed response times; NDPR/NDPA also prescribes remedies and enforcement channels for data subjects. GDPR+1
How to exercise your rights: Contact our Data Protection Officer (DPO) at:
DPO: [Name] — Email: [[email protected]] — Address: #24 Oluobasanjo Road, GRA Phase II, Port Harcourt, Nigeria.
If you are unhappy with our response you can lodge a complaint with the Nigeria Data Protection Commission (or the relevant supervisory authority in your country, e.g., an EU supervisory authority). PLACNG
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. Controls include:
Encryption at rest and in transit where appropriate.
Network and application security controls (firewalls, IDS/IPS).
Access controls, role-based access, and least-privilege practices.
Secure development lifecycle, code reviews, and penetration testing.
Data breach detection, incident response plans, and notification procedures.
In the event of a personal data breach that is likely to result in a risk to individuals’ rights, we will notify affected individuals and the relevant supervisory authority as required by law (for example: GDPR’s breach notification rules and NDPR/NDPA obligations). Recent enforcement actions in Nigeria demonstrate that regulators will act where obligations (consent, cookies, unlawful processing) are breached. Reuters+1
We do not knowingly collect personal data from children under 16 without parental consent (or the relevant age as required in local law). If you believe we have inadvertently collected such data, please contact our DPO and we will promptly delete it where appropriate.
Our websites use cookies and similar technologies for necessary site functions, analytics, and (where consented) marketing. You can manage cookies via your browser, and we provide a cookie banner/consent mechanism on our website to enable lawful choices.
We will send marketing communications only where you have given consent (or where permitted under legitimate interest and local law). You can opt out anytime via links in emails or by contacting us. We honour do-not-contact requests promptly.
Where third parties process personal data on our behalf, we use data processing agreements that set out obligations, security measures, and record-keeping requirements. Under GDPR both controllers and processors have specific legal obligations — we ensure contracts meet those standards. GDPR
Fannix maintains records of processing activities and conducts periodic audits and risk assessments to demonstrate compliance with applicable laws. We follow data protection-by-design and by-default principles when developing products and services.
Fannix monitors and adapts to evolving legal requirements — including NDPR/NDPA developments and the GDPR — and implements policies to comply with supervisory guidance and enforcement actions. Recent Nigerian enforcement actions underline the need for informed consent, transparent processing, and lawful cookie use. Reuters+1
We may update this policy to reflect changes in law, regulations, or business practices. Where changes materially affect your rights, we will provide clear notice (e.g., site banner, email). Please check the “Last updated” date at the top.
Questions, requests, or complaints about this policy or how we use your personal data should be directed to our DPO:
Data Protection Officer (DPO)
Fannix Technologies Ltd.
#24 Oluobasanjo Road, GRA Phase II, Port Harcourt, Nigeria
Email: admin@fannix.net — Phone: +234 808-444-3222
If you remain unsatisfied after contacting us, you have the right to complain to the Nigeria Data Protection Commission / Nigeria Data Protection Authority or the relevant supervisory authority in your jurisdiction.
Let’s discuss IT strategy, services, and business solutions & compliance concerns.
Fannix Ltd is a company specializing in custom software, hardware technologies, and cybersecurity.
Follow us
Copyright © 2025 Fannix Ltd | Complete IT/OT Solutions