Privacy Policy

1. Identity of Data Controller

Omavon LTD is the Data Controller in respect of the personal data collected via the Platform and Services. Where Merchants collect personal data from their end-users using Omavon's infrastructure, Omavon processes such data as a Data Processor on behalf of the Merchant (as Data Controller).

The Merchant remains responsible for obtaining valid consent and complying with applicable personal data legislation in relation to their customers.

2. Personal Data We Collect

2.1 Data Provided by You

When you register for an account or use our Services, we may collect:

• Full name and business name
• Email address and phone number
• Business registration number and type
• Country of residence and business address
• Login credentials (stored in encrypted form)
• Payment and billing information
• API usage data and integration preferences

2.2 KYC/KYB Data (Where Applicable)

Where identity verification is required under our AML/KYC framework, we or our designated third-party intermediaries may collect:

• Government-issued identification documents (passport, national ID, driver's licence)
• Business incorporation documents and beneficial ownership information
• Biometric data including liveness checks and facial recognition data
• AML screening results and politically exposed person (PEP) status

2.3 Automatically Collected Data

When you access the Platform, we automatically collect:

• IP address and device identifiers
• Browser type, version, and operating system
• Pages visited, time on site, and clickstream data
• API call logs, timestamps, and request/response metadata
• Cookies and similar tracking technologies (see Section 10)

2.4 Blockchain Transaction Data

3. Lawful Basis for Processing

In accordance with the NDPR and NDPA, Omavon processes personal data on the following legal bases:

• Contractual Necessity: Processing required to provide the Services you have contracted for, including account management, API access, and payment processing.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including marketing communications and certain analytics.
• Legal Obligation: Processing required to comply with applicable Nigerian law, including AML/CFT obligations, tax regulations, and regulatory reporting requirements.
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, security monitoring, product improvement, and customer support, provided such interests do not override your fundamental rights.

4. Purposes of Processing

We process your personal data for the following purposes:

• Account creation, verification, and management
• Provision and improvement of our Services and Platform features
• Processing and facilitating blockchain-based transactions and payments
• Conducting KYC/KYB verification where required under our compliance framework
• Fraud detection, risk assessment, and security monitoring
• AML/CFT compliance, sanctions screening, and regulatory reporting
• Customer support and dispute resolution
• Sending service-related communications, updates, and notifications
• Sending promotional and marketing communications (where you have consented)
• Analytics and product development
• Complying with our legal and regulatory obligations

5. Sharing and Disclosure of Personal Data

• Third-Party Wallet Providers: Our licensed third-party wallet infrastructure providers who manage wallet services on the Platform, strictly to the extent necessary to deliver those services.
• KYC/AML Intermediaries: Licensed identity verification and AML screening providers engaged to conduct KYC/KYB checks where required.
• Payment Processors and Financial Intermediaries: For fiat conversion and settlement services.
• Cloud and Infrastructure Providers: Hosting, storage, and technical infrastructure providers bound by data processing agreements.
• Law Enforcement and Regulators: Where required by applicable Nigerian law, court order, regulatory directive, or to respond to requests from competent authorities including the EFCC, NFIU, or SEC Nigeria.
• Legal and Professional Advisors: Lawyers, auditors, and consultants subject to professional confidentiality obligations.
• Business Transferees: In connection with a merger, acquisition, restructuring, or sale of assets, subject to the receiving party maintaining equivalent data protection standards.

All third parties with whom we share personal data are required to process such data in accordance with applicable data protection law and our contractual requirements.

6. Cross-Border Data Transfers

Omavon LTD may transfer your personal data outside of Nigeria where necessary for the provision of our Services, including to our technology and infrastructure providers. Any such cross-border transfer shall be conducted in accordance with the requirements of the NDPR and NDPA, including ensuring that the receiving jurisdiction provides an adequate level of data protection or that appropriate safeguards (such as contractual data protection clauses) are in place.

By using our Services, you expressly consent to the transfer of your personal data outside Nigeria for the purposes described in this Policy, subject to the safeguards outlined above.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• For the duration of your account and the period necessary to provide our Services
• For a minimum of five (5) years after account closure, in compliance with Nigerian AML/CFT laws, the Financial Reporting Council of Nigeria requirements, and international money laundering laws
• For such longer periods as required by applicable law, regulatory guidance, or for the purpose of resolving disputes or enforcing our agreements

8. Your Data Subject Rights

In accordance with the NDPR and NDPA, you have the following rights with respect to your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that inaccurate or incomplete personal data be corrected.
• Right to Erasure: You may request deletion of your personal data, subject to legal and regulatory retention obligations.
• Right to Object: You may object to processing of your personal data based on legitimate interests, including for direct marketing purposes.
• Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may request that your personal data be provided to you in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at privacy@withomavon.com. We will respond to all verified requests within twenty-one (21) days in accordance with the NDPR. We reserve the right to verify your identity before processing any such request.

9. Data Security

Omavon LTD implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• Encryption of data in transit using industry-standard TLS protocols
• Encryption of sensitive data at rest
• Access controls, multi-factor authentication, and role-based access management
• Regular internal security reviews and monitoring
• Staff training on data protection and security practices

Notwithstanding these measures, no method of electronic storage or internet transmission is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission (NDPC) and affected data subjects in accordance with the NDPA 2023.

10. Cookies and Tracking Technologies

Our Platform uses cookies and similar tracking technologies to enhance user experience, analyze platform performance, and support security features. Types of cookies we use include:

• Strictly Necessary Cookies: Required for the Platform to function and cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Platform. Used with your consent.
• Preference Cookies: Enable the Platform to remember your settings and preferences.

You may manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform. For more detailed information, please contact privacy@withomavon.com.

11. Merchant Data Protection Obligations

Where Merchants use Omavon's Services to collect, transmit, or process personal data of their end-users or customers, the Merchant acts as a Data Controller in respect of such data, and Omavon acts as a Data Processor.

Merchant Obligations

• Determine and comply with all applicable personal data legislation governing each customer
• Obtain valid, informed consent or establish another lawful basis for processing customer personal data
• Inform customers that their personal data may be transferred to Omavon LTD for processing
• Implement appropriate technical and organizational security measures
• Enter into a Data Processing Agreement (DPA) with Omavon LTD where required by applicable law

Merchants are fully responsible to their customers for the protection of their personal data. In the event that a Merchant violates applicable data protection law and causes loss to Omavon LTD, the Merchant shall indemnify Omavon for all resulting losses.

12. Data Protection Officer

In accordance with the NDPA 2023, Omavon LTD has designated a Data Protection Officer (DPO) responsible for overseeing our data protection compliance program.

You may contact the DPO with any questions, concerns, or complaints relating to our processing of your personal data.

13. Complaints and Regulatory Authority

If you believe that Omavon LTD has not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC), the supervisory authority for data protection in Nigeria.

We encourage you to contact us at privacy@withomavon.com before lodging a regulatory complaint so that we may address your concern directly.

14. Children's Data

Our Services are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such data.

If you believe a minor has provided us with personal data, please contact us at privacy@withomavon.com.

15. Updates to This Privacy Policy

Omavon LTD reserves the right to update or amend this Privacy Policy at any time to reflect changes in our practices, the Services, or applicable law. Where material changes are made, we will provide prominent notice via the Platform or by email to the address associated with your account.

Your continued use of the Services following the effective date of any update constitutes your acceptance of the revised Privacy Policy. We recommend that you review this Privacy Policy periodically.

16. How to Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data protection practices, please contact: