Privacy Policy

Last Updated: 1 August 2025

01 Our Commitment to Your Privacy

Fawtress Ltd is committed to protecting your personal data. This Privacy Policy explains what personal information we collect when you visit www.fawtress.com or submit an enquiry through our Contact Us page, how we use that information, how long we retain it, and what rights you have in relation to it. This policy is written in plain English and has been prepared in compliance with the Nigerian Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and applicable international data protection principles.

02 Who We Are

Fawtress Ltd is the data controller responsible for your personal data collected through this website. As data controller, we determine the purposes for which and the manner in which your personal data is processed. We are committed to handling your personal data responsibly, transparently, and in full compliance with applicable Nigerian data protection law. Data Controller: Fawtress Ltd | Registered Address: 5 Idowu Taylor Street, Victoria Island, Lagos, Nigeria | Data Protection Contact: privacy@fawtress.com | General Enquiries: info@fawtress.com | Telephone: +234 707 386 4557 | Website: www.fawtress.com | Applicable Law: Nigerian Data Protection Act 2023 (NDPA); NDPR 2019 | Supervisory Authority: Nigeria Data Protection Commission (NDPC) — www.ndpc.gov.ng

03 What Personal Data We Collect

We collect personal data only to the extent that is necessary and proportionate to the purposes for which it is collected. When you complete and submit our Contact Us form, we collect your full name, email address, telephone number (if provided), company or organisation name (if provided), your message or stated service interest, and technical data such as IP address, browser type, and operating system. We do not collect the following categories of data through our website:

Special category personal data, including data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, biometric data, genetic data, or sexual orientation.
Financial account data, including bank account details, payment card numbers, BVN, or other financial identifiers.
Government-issued identification numbers, including NIN, international passport numbers, or driver's licence numbers, unless voluntarily and expressly provided in the context of a formalised client engagement.
Personal data relating to individuals under the age of 18. Our website is not directed at children and we do not knowingly collect data from minors.

04 How We Collect Your Personal Data

We collect personal data through three means: (1) Direct submission by you — when you voluntarily complete and submit our Contact Us form. Submission is entirely voluntary; you are not required to provide any personal data to browse our website. (2) Automated collection via cookies and tracking technologies — when you visit our website, certain technical and usage data is collected through cookies and similar technologies. See Section 9 for full details. (3) Third-party and publicly available sources — in the context of developing or maintaining business relationships, we may occasionally receive information from professional referral partners or publicly available business directories, where we have a legitimate basis to do so.

05 How We Use Your Personal Data

We process your personal data only for the purposes for which it was collected and for purposes that are compatible with those original purposes. We do not use your data in ways that you would not reasonably expect. Our processing purposes and legal bases are:

Responding to your enquiry — to contact you, answer your questions, and provide information about our services (Legal basis: Legitimate Interests).
Service provision — to establish, set up, and manage a client engagement where your enquiry develops into a service relationship (Legal basis: Contract).
Client relationship management — to maintain accurate and current records of interactions with clients and prospective clients (Legal basis: Legitimate Interests).
Marketing communications — to send you relevant content, service updates, or insights, only where you have provided consent or we have a legitimate basis, with an easy opt-out in every communication (Legal basis: Consent / Legitimate Interests).
Website analytics and improvement — to analyse how users interact with our website and to improve its content, structure, and functionality (Legal basis: Legitimate Interests).
Security and fraud prevention — to detect, investigate, and prevent unauthorised access, security incidents, or fraudulent activity (Legal basis: Legitimate Interests / Legal Obligation).
Legal and regulatory compliance — to comply with applicable legal obligations, regulatory requirements, court orders, or requests from competent authorities (Legal basis: Legal Obligation).

06 Legal Basis for Processing Your Data

The Nigerian Data Protection Act 2023 (NDPA) requires us to have a valid legal basis for every instance of personal data processing. We rely on four bases: (1) Consent — where you have given clear, specific, and informed consent (e.g. direct marketing, optional analytics cookies). (2) Contract — where processing is necessary to fulfil a client service engagement. (3) Legitimate Interests — where processing serves our legitimate business interests and does not override your rights (e.g. responding to enquiries, security monitoring). (4) Legal Obligation — where processing is required to comply with a legal or regulatory obligation. Where we rely on legitimate interests, we conduct a balancing test to ensure our interests do not override your rights and freedoms. You have the right to object to such processing — see Section 8.

07 How We Share Your Personal Data

We treat your personal data with strict confidentiality. We do not sell, rent, trade, lease, or otherwise transfer your personal data to any third party for commercial or marketing purposes. We may share your personal data only in the following limited circumstances:

Authorised Service Providers — third-party suppliers who process data on our behalf under our instruction (e.g. website hosting, cloud storage, email delivery, CRM platforms), bound by data processing agreements requiring equivalent security standards.
Professional Advisors — our legal counsel, accountants, auditors, and other professional advisors, where necessary for professional advice, audit, compliance review, or dispute resolution. All such advisors are bound by professional confidentiality obligations.
Legal and Regulatory Authorities — where required by law, regulation, court order, or lawful request from a competent regulatory or governmental authority (including the NDPC). We will notify you of any such disclosure to the extent permitted by law.
Business Transfers — in the event of a merger, acquisition, business reorganisation, or sale of business assets, your personal data may be transferred to the relevant successor entity, subject to equivalent data protection commitments.

08 How Long We Retain Your Data

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, and to resolve any disputes or enforce our agreements. Retention periods: Contact Us enquiries with no subsequent engagement — 2 years from date of submission. Contact Us enquiries leading to a client engagement — 7 years from end of engagement. Active client engagement records — 7 years from conclusion of engagement. Marketing consent records — duration of consent plus 2 years. Website analytics and usage data — 13 months (rolling). Technical security and access logs — 12 months. When personal data is no longer required, we will securely and permanently delete or anonymise it. If you wish to request deletion before the applicable retention period expires, please refer to your right of erasure in Section 8.

09 Your Data Protection Rights

Under the Nigerian Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR), you have the following rights in relation to your personal data. We will respond to all valid, verifiable requests within 30 calendar days. To exercise any right, contact privacy@fawtress.com with your full name, the right you wish to exercise, and sufficient detail to locate your personal data.

Right of Access — request confirmation of whether we hold personal data about you and a copy of that data, including details of how and why it is being processed.
Right to Rectification — request correction of any personal data we hold that is inaccurate or incomplete.
Right to Erasure ("Right to be Forgotten") — request deletion of your personal data where it is no longer necessary, where you withdraw consent, where you object and we have no overriding legitimate grounds, or where data has been unlawfully processed.
Right to Restrict Processing — request that we suspend or restrict processing in certain circumstances, for example while we verify disputed data accuracy.
Right to Data Portability — where we process your data by automated means on the basis of consent or contract, receive your data in a structured, machine-readable format and request direct transfer to another organisation where technically feasible.
Right to Object — object to processing based on legitimate interests. You have an unconditional right to object to direct marketing, and we must stop immediately upon such an objection.
Right to Withdraw Consent — withdraw consent at any time by contacting privacy@fawtress.com. Withdrawal does not affect the lawfulness of prior processing.
Right to Lodge a Complaint — lodge a complaint with the Nigeria Data Protection Commission (NDPC) at any time at www.ndpc.gov.ng.

10 Cookies and Tracking Technologies

Cookies are small text files placed on your device when you visit a website. Our website uses cookies and similar tracking technologies to enable essential functions, analyse user behaviour, and improve the overall experience. We use four categories: (1) Strictly Necessary — enable essential website functions such as page navigation, form submission, and security. Cannot be disabled. (2) Performance/Analytics — help us understand how visitors use our website by collecting anonymous statistical data. Can be opted out via our cookie consent banner or browser settings. (3) Functional — remember your preferences to provide a more personalised experience. Can be opted out. (4) Marketing/Targeting — track visits to enable delivery of relevant content and measure the effectiveness of communications (up to 90 days). Can be opted out at any time. You can manage, disable, or delete cookies at any time through your browser settings or our website's cookie consent tool. For guidance on managing cookies, visit www.aboutcookies.org.

11 Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, disclosure, destruction, or alteration. Our security measures include:

Encryption of data in transit via SSL/TLS technology, ensuring all data transmitted between your browser and our website is encrypted.
Access controls and role-based permissions, limiting access to personal data to authorised Fawtress personnel and service providers who need it to fulfil their responsibilities.
Password-protected and access-controlled data storage systems, with regular access review procedures.
Ongoing monitoring and testing of our security systems, procedures, and infrastructure.
Staff training on data protection obligations, privacy best practices, and information security awareness.
Data processing agreements with all third-party service providers who process personal data on our behalf, requiring them to maintain equivalent security standards.

12 International Data Transfers

Fawtress is headquartered in Nigeria and your personal data is processed primarily within Nigeria. However, some of our third-party service providers — for example, cloud hosting providers, email service platforms, or analytics tools — may be based in or operate data centres in countries outside Nigeria. Where such international transfers occur, we take all reasonable steps to ensure that your personal data receives an equivalent level of protection, including: transferring data only to countries recognised by the NDPC as providing adequate protection; entering into Standard Contractual Clauses or equivalent contractual mechanisms with the recipient organisation; or obtaining your explicit consent where required. Contact privacy@fawtress.com for more information about safeguards applicable to any specific transfer.

13 Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our data processing practices, our services, applicable law, or regulatory requirements. The effective date shown at the top of this document will be updated each time the policy is revised. Where we make material changes — for example, changes that significantly affect how we use your data or your rights — we will take reasonable steps to notify you, such as displaying a prominent notice on our website or sending a direct communication to the email address we hold for you. Your continued use of the website after any revision constitutes your acknowledgement of the updated terms.

14 Contact Us — Privacy Enquiries

If you have any questions, concerns, or complaints about this Privacy Policy, the manner in which we handle your personal data, or the exercise of your data protection rights, please contact us. We take all privacy enquiries and complaints seriously and will respond promptly. Data Controller: Fawtress Ltd | Data Protection Contact: privacy@fawtress.com | General Enquiries: info@fawtress.com | Telephone: +234 707 386 4557 | Postal Address: 5 Idowu Taylor Street, Victoria Island, Lagos, Nigeria | Website: www.fawtress.com | Supervisory Authority: Nigeria Data Protection Commission (NDPC) — www.ndpc.gov.ng This Privacy Policy is effective from 1 August 2025. Governed by Nigerian law. Compliant with the NDPA 2023 and NDPR 2019.