What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law.
GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. Although Paylo is based in Nigeria, we respect the privacy rights of all our users, including those in the EU, and have implemented GDPR-compliant practices across our platform.
Your Rights Under GDPR
GDPR grants you specific rights regarding your personal data.
1. Right to be Informed
You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.
2. Right of Access
You have the right to request access to your personal data and information about how we process it. You can request a copy of your data by contacting our support team.
3. Right to Rectification
You have the right to have inaccurate personal data corrected. You can update most of your information through your account settings or by contacting us.
4. Right to Erasure ("Right to be Forgotten")
You have the right to have your personal data deleted in certain circumstances, such as when the data is no longer necessary for the original purpose.
5. Right to Restrict Processing
You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another organization.
7. Right to Object
You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.
8. Rights Related to Automated Decision Making
You have the right not to be subject to automated decision-making, including profiling, that has legal or similarly significant effects.
How to Exercise Your Rights
You can exercise your GDPR rights by contacting us or using your account settings.
Self-Service Options
- Update your profile information in account settings
- Download your data from the account dashboard
- Manage communication preferences
- Delete your account (with confirmation process)
Contact Our Data Protection Team
For more complex requests or if you need assistance, contact our data protection team at:
Email: privacy@usepaylo.com
Subject line: "GDPR Request - [Type of Request]"
Data Processing Lawful Basis
We process your personal data based on the following lawful bases under GDPR.
Consent
For marketing communications, cookies (non-essential), and optional features where you have given explicit consent.
Contract
For processing necessary to provide our services, process payments, and fulfill our contractual obligations to you.
Legal Obligation
For compliance with legal requirements, such as tax obligations, anti-money laundering laws, and regulatory requirements.
Legitimate Interest
For fraud prevention, security monitoring, service improvement, and analytics (where not overridden by your interests or rights).
Data Retention Periods
We retain your personal data for as long as necessary for the stated purposes.
Account Data
Retained while your account is active and for up to 7 years after account closure for legal and regulatory compliance.
Transaction Data
Retained for 7 years after the transaction for financial record-keeping and regulatory compliance.
Marketing Data
Retained until you withdraw consent or for up to 3 years of inactivity, whichever comes first.
Support Data
Retained for up to 3 years after the support case is resolved for quality assurance and legal purposes.
International Data Transfers
Information about how we handle data transfers outside the EU.
As a Nigerian company, some of your data may be processed outside the EU. When we transfer personal data internationally, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Appropriate technical and organizational security measures
- Regular assessment of transfer mechanisms
Data Security Measures
We implement appropriate technical and organizational measures to protect your data.
Technical Measures
- Encryption in transit and at rest
- Access controls and authentication
- Regular security assessments and penetration testing
- Secure development practices
Organizational Measures
- Staff training on data protection
- Data processing agreements with third parties
- Privacy by design and by default
- Incident response procedures
Data Breach Notification
Our procedures for handling and reporting data breaches.
In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach. We will also report qualifying breaches to relevant supervisory authorities as required by law.
Children's Data
Special protections for children's personal data under GDPR.
Our services are not intended for children under 16 years of age (or the minimum age specified by local law). We do not knowingly collect personal data from children under this age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
Complaints and Supervisory Authorities
Your right to lodge a complaint with a supervisory authority.
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact:
- Your local EU data protection authority
- The Irish Data Protection Commission (our lead supervisory authority in the EU)
- Any other competent supervisory authority
However, we encourage you to contact us first so we can address your concerns directly.
Contact Our Data Protection Officer
How to reach our Data Protection Officer for GDPR-related matters.
Data Protection Officer
Email: privacy@usepaylo.com
Address: Paylo Data Protection Office, Lagos, Nigeria
Phone: +234 XXX XXX XXXX