DBMartNGDBMartNG
BrowsePricingAboutWork With Us

NDPR Data Protection Policy

Last updated: 9 July 2026

Compliance: Nigeria Data Protection Regulation (NDPR) 2019

1. Scope & Applicability

This Data Protection Policy (“Policy”) describes how DBMartNG collects, processes, stores, and protects personal data in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Data Protection Act 2023.

This Policy applies to all personal data collected from users of the DBMartNG platform, including buyers, vendors, job applicants, and website visitors, regardless of where they access the platform from.

2. Data Controller Information

DBMartNG is the data controller responsible for the personal data collected through the platform. For inquiries regarding this Policy or data protection matters, contact our Data Protection Officer at:

Email: dpo@dbmart.ng
Platform: DBMartNG
Jurisdiction: Federal Republic of Nigeria

3. Lawful Basis for Processing

We process personal data only on the following lawful bases as defined by the NDPR:

  • Consent: Where you have given explicit consent for specific processing purposes (e.g., marketing communications, cookies).
  • Contractual Necessity: Processing required to fulfill our obligations under our Terms of Service (e.g., account management, subscription billing).
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.
  • Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, platform improvement, and security, provided these do not override your fundamental rights.

4. Categories of Data Subjects

4.1 Vendors

Vendors provide business and personal data including names, contact information, business details, identification documents (in future KYC upgrades), and payment information (processed by Paystack).

4.2 Buyers

Buyers provide names, email addresses, and any information shared in messages to vendors. Account creation is optional for browsing.

4.3 Job Applicants

Job applicants provide names, contact details, work history, and other information submitted through the “Work With Us” application form.

4.4 Website Visitors

Visitors who browse the platform without creating an account may have limited data collected through cookies and analytics tools.

5. Data Collection Principles

We adhere to the following NDPR data collection principles:

  • Lawfulness, Fairness, and Transparency: Data is collected lawfully, fairly, and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
  • Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary.
  • Accuracy: We take reasonable steps to ensure data is accurate and kept up to date.
  • Storage Limitation: Data is kept only as long as necessary for the purposes collected.
  • Integrity and Confidentiality: Data is processed securely against unauthorized access, loss, or damage.

6. Data Subject Rights

Under the NDPR, data subjects in Nigeria have the following rights:

  • Right to be Informed: You have the right to be informed about the collection and use of your personal data (this Policy fulfills this obligation).
  • Right of Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data, subject to our legal obligations.
  • Right to Restrict Processing: You have the right to request restriction of processing in certain circumstances.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used format and transmit it to another controller.
  • Right to Object: You have the right to object to processing based on legitimate interests or direct marketing.
  • Rights Related to Automated Decision Making: You have the right not to be subject to decisions based solely on automated processing.

7. Data Security Measures

We implement the following technical and organizational measures to protect personal data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Row Level Security (RLS) policies in our database ensuring users can only access their own data.
  • Service-role API routes isolated from client-side access.
  • Regular security audits and vulnerability assessments.
  • Access controls limiting data access to authorized personnel only.
  • Webhook signature verification to prevent unauthorized payment data access.
  • Rate limiting on messaging to prevent spam and abuse.
  • Automated content moderation to filter prohibited content.

8. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects, DBMartNG will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach. Affected data subjects will also be notified without undue delay.

9. Cross-Border Data Transfer

Your personal data may be stored and processed on servers located in Nigeria and other jurisdictions where our service providers operate (including the United States, EU, and others). Where data is transferred outside Nigeria, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms compliant with the NDPR.

10. Data Retention Schedule

We retain personal data according to the following schedule:

  • Active accounts: Retained for the duration of account activity plus 90 days.
  • Deleted accounts: Anonymized or deleted within 30 days of deletion request, except where retention is required by law.
  • Payment records: Retained for 6 years as required by financial regulations.
  • Communication logs: Retained for 2 years.
  • Analytics data: Retained for 26 months.

11. Complaints & Enforcement

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC):

Website: ndpc.gov.ng
Email: hello@ndpc.gov.ng

Before filing a complaint with the NDPC, we encourage you to contact us first at dpo@dbmart.ng so we can address your concerns.

12. Policy Review

This Policy is reviewed annually or whenever there are material changes to our data processing activities or applicable regulations. The most current version is always available on this page.

DBMartNGDBMartNG

Nigeria's premier business directory and marketplace — discover verified vendors, browse products and services, and connect directly with businesses near you.

Platform

  • Browse Vendors
  • Pricing
  • Categories
  • List Your Business

Company

  • About Us
  • Work With Us
  • Contact
  • Credits

Legal

  • Terms of Service
  • Privacy Policy
  • NDPR Data Policy

Support

  • FAQ
  • Help Center
  • About DBMartNG

© 2026 DBMartNG. All rights reserved.

Made with ❤️ in Asaba, Delta State, Nigeria