1. Who We Are

Dafe Software is a software engineering and digital product company incorporated in the Federal Republic of Nigeria (RC165234) with its principal place of business at Golf Estate, 43 Ikalile Road, Trans Amadi, Port Harcourt, Rivers State, Nigeria. For the purposes of applicable data protection law, Dafe Software is the data controller responsible for the personal data described in this Policy, except where we process data on behalf of a client, in which case we act as a data processor under the terms of our engagement with that client.

If you have any questions about this Policy or how we handle your personal data, you can contact us using the details set out in the "Contact Us" section below.

2. Scope of This Policy

This Policy applies to personal data we collect:

• through your use of the Website and any associated pages;
• when you complete a contact form, project enquiry, MVP calculator, newsletter sign-up or similar form;
• when you communicate with us by email, telephone, messaging platforms or social media;
• in the course of providing software development, web, mobile, desktop, game, enterprise, product design and consultancy services to you or to your organisation; and
• when you apply for a role, partnership or supplier relationship with us.

Where we provide services to a business client, that client is generally the controller of any end-user or customer data contained within the systems we build or maintain. In those cases, the client's own privacy notice governs that data, and we process it strictly on the client's documented instructions under a separate data processing agreement.

3. Information We Collect

3.1 Information you provide to us

• Identity and contact data: such as your name, job title, company name, email address, telephone number and postal address.
• Project and enquiry data: details of your project requirements, budget, timelines, technical specifications and any other information you choose to share when requesting a quote or proposal.
• Account data: where you or your organisation hold an account on a platform we operate, including usernames and securely hashed passwords.
• Communications data: the contents of messages, emails, call notes and feedback you send to us.
• Recruitment data: where you apply to work with us, your CV, work history, qualifications and any information contained in your application.

3.2 Information we collect automatically

When you visit the Website, we and our service providers may automatically collect certain technical data, including:

• your IP address, device type, browser type and version, operating system and language settings;
• the pages you view, links you click, the date and time of your visit, time spent on pages and referral source; and
• cookie identifiers and similar information collected through the technologies described in Section 5 below.

3.3 Information from third parties

We may receive information about you from third parties such as our analytics and hosting providers, professional referrals, publicly available sources and business networking platforms. We combine this information with data we hold only where it is lawful and relevant to our relationship with you.

We do not knowingly collect special categories of personal data (such as data revealing health, religion, ethnicity or political opinions) through the Website. Please do not submit such information to us unless we have specifically requested it and explained why it is required.

4. Cookies and Similar Technologies

The Website uses cookies and similar tracking technologies to operate effectively, remember your preferences and understand how visitors use our pages. Cookies are small text files placed on your device. We use the following broad categories:

• Strictly necessary cookies: required for the Website to function and to keep it secure.
• Analytics cookies: such as Google Analytics, which help us measure traffic and improve the Website. These cookies collect information in an aggregated and pseudonymised form.
• Functional cookies: which remember choices you make to improve your experience.

You can control and delete cookies through your browser settings and, where required, through any consent banner presented on the Website. Disabling some cookies may affect the functionality of the Website. For more information about Google Analytics and how to opt out, please refer to Google's own privacy resources.

5. How We Use Your Information

We use personal data to:

• respond to your enquiries, prepare quotes and proposals, and communicate with you about your project;
• provide, manage and improve our software development, design and consultancy services;
• operate, maintain, secure and improve the Website and our internal systems;
• administer contracts, process payments and keep accounting and tax records;
• send you service updates, and, where permitted, relevant marketing communications about our services;
• conduct recruitment and assess applications for roles and partnerships;
• detect, prevent and address fraud, security incidents and misuse of the Website; and
• comply with our legal, regulatory and contractual obligations.

6. Legal Bases for Processing

Under the NDPA and, where applicable, the GDPR, we rely on one or more of the following lawful bases to process your personal data:

• Consent: where you have given us clear consent to process your data for a specific purpose, such as receiving marketing emails. You may withdraw consent at any time.
• Contract: where processing is necessary to enter into or perform a contract with you or your organisation.
• Legal obligation: where processing is necessary to comply with the law.
• Legitimate interests: where processing is necessary for our legitimate business interests (such as improving our services, securing our systems and growing our business), provided those interests are not overridden by your rights and freedoms.

7. How We Share Your Information

We do not sell your personal data. We may share it with the following categories of recipients, only as necessary and subject to appropriate safeguards:

• Service providers: such as hosting, cloud infrastructure, content delivery, email, analytics and payment providers who process data on our behalf under contract;
• Professional advisers: including lawyers, accountants, auditors and insurers;
• Authorities and regulators: where required to comply with the law, a court order or a lawful request; and
• Business transfers: in connection with a merger, acquisition, reorganisation or sale of assets, in which case personal data may be transferred to the relevant party subject to this Policy.

Our processors are contractually required to protect your data, to use it only for the purposes we specify, and to implement appropriate technical and organisational security measures.

8. International Data Transfers

We are based in Nigeria but use service providers and clients who may be located in other countries. As a result, your personal data may be transferred to, stored in, or accessed from jurisdictions outside your country of residence, including outside Nigeria. Where we transfer personal data internationally, we take steps to ensure an adequate level of protection, such as transferring to countries recognised as providing adequate protection, or putting in place appropriate safeguards such as standard contractual clauses or equivalent mechanisms required under the NDPA and the GDPR.

9. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, tax or reporting requirements. The criteria we use to determine retention periods include the nature of the data, the duration of our relationship with you, our contractual commitments and applicable limitation periods. When personal data is no longer required, we securely delete, anonymise or destroy it.

10. How We Protect Your Information

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures include access controls, encryption in transit, secure password hashing, network protection, regular updates and staff confidentiality obligations. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.

11. Your Data Protection Rights

Subject to applicable law and certain exceptions, you have the following rights in relation to your personal data:

• Right to be informed: about how your data is collected and used;
• Right of access: to request a copy of the personal data we hold about you;
• Right to rectification: to have inaccurate or incomplete data corrected;
• Right to erasure: to request deletion of your data in certain circumstances;
• Right to restrict processing: to limit how we use your data in certain circumstances;
• Right to data portability: to receive your data in a structured, commonly used, machine-readable format;
• Right to object: to processing based on legitimate interests or for direct marketing; and
• Right to withdraw consent: at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the details below. We may need to verify your identity before acting on your request. We will respond within the timeframe required by applicable law and free of charge, unless your request is manifestly unfounded or excessive.

12. Children's Privacy

The Website and our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate steps to delete it.

13. Marketing Communications

Where you have consented or where we are otherwise permitted by law, we may send you marketing communications about our services. You can opt out at any time by following the unsubscribe link in our emails or by contacting us directly. Opting out of marketing will not affect service-related communications that are necessary for the performance of a contract.

14. Third-Party Links and Services

The Website may contain links to third-party websites, plugins and services that are not operated by us. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you access.

15. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement. Where this changes, we will update this Policy and provide you with information about the logic involved and your rights in relation to such processing.

16. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we do, we will revise the "Last updated" date at the top of this page. Where changes are material, we will take reasonable steps to bring them to your attention. We encourage you to review this Policy periodically.

17. Complaints

If you have a concern about how we handle your personal data, we would like the opportunity to resolve it. Please contact us first using the details below. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or, if you are located in the European Union or United Kingdom, with your local data protection supervisory authority.

18. Contact Us

If you have any questions, requests or complaints regarding this Privacy Policy or our data practices, please contact us:

• Dafe Software (RC165234)
• Golf Estate, 43 Ikalile Road, Trans Amadi, Port Harcourt, Rivers State, Nigeria
• Email: contact@dafesoftware.com
• Telephone: +234 901 129 5748