Data Protection and Privacy Policy

1. Introduction

Picadailys Services Nigeria Limited (“Picadailys” or “the Company”) recognizes that privacy and data protection are fundamental rights of individuals.

As a digital fintech and lifestyle platform that processes customer information, financial transactions, and user engagement data, Picadailys is committed to ensuring that personal information is handled responsibly, securely, and transparently.

This Data Protection and Privacy Policy establishes the principles and procedures governing the collection, use, storage, sharing, and protection of personal data processed by Picadailys.

This Policy is designed in compliance with:

• Nigeria Data Protection Act 2023
• CBN Consumer Protection Framework 2019
• Applicable global privacy and data protection best practices.

Picadailys acknowledges the importance of maintaining a comprehensive and evolving privacy framework that protects users while enabling innovation and service delivery.

2. Purpose of this Policy

This policy seeks to ensure that Picadailys:

• Processes personal data lawfully, fairly, and transparently.
• Collects data only for specific and clearly defined purposes.
• Protects personal data against unauthorized access, misuse, alteration, or disclosure.
• Establishes internal governance and accountability mechanisms for data protection.
• Provides clear rights and protections for data subjects.
• Maintains a comprehensive privacy framework that adapts to regulatory and technological changes.

The Company recognizes the need for continuous improvement of privacy practices in order to protect users and maintain trust in digital financial platforms.

3. Scope

This policy applies to:

• All personal and sensitive information collected or processed by Picadailys.
• All employees, contractors, consultants, and third-party partners handling personal data.
• All digital platforms, mobile applications, databases, servers, and systems operated or integrated with Picadailys.

4. Categories of Personal Data Collected

Picadailys collects only the information necessary to deliver services and meet regulatory obligations.

4.1 Personal Identification Data

• Full name
• Date of birth
• Residential address
• Phone number
• Email address

4.2 Financial and Transactional Data

• Wallet information
• Transaction history
• Payment account details

4.3 Usage and Technical Data

• App usage activity
• Device information
• IP address
• Login times
• Engagement metrics

4.4 Know Your Customer (KYC) Data

• Government-issued identification documents
• Photographs or biometric verification
• Verification information obtained from licensed partners

5. Lawful Basis for Processing Personal Data

Personal data processed by Picadailys is based on one or more of the following lawful bases:

• Consent: Users provide explicit consent when creating accounts or agreeing to specific services.
• Contractual Necessity: Processing required to provide core services such as wallet management, task rewards, and transactions.
• Legal Obligation: Compliance with applicable financial and data protection regulations including AML/CFT requirements.
• Legitimate Interest: Activities necessary to improve platform functionality, detect fraud, prevent abuse, and enhance user experience.

6. Purpose and Justification for Data Collection

Picadailys collects personal data only for legitimate, defined, and transparent purposes, including:

• Creating and managing user wallet.
• Conducting identity verification and KYC processes.
• Processing transactions, rewards, and withdrawals.
• Providing customer service and account support.
• Improving platform functionality, personalization, and user engagement.
• Detecting and preventing fraud or security threats.
• Meeting regulatory, audit, and legal obligations.

Personal data is not collected for vague or undefined purposes, and users are informed about the reasons for data processing.

Picadailys does not sell, rent, or trade personal data to third parties.

7. Data Security and Protection Measures

Picadailys implements strong technical and organizational safeguards to protect personal data.

Security measures include:

• AES-256 encryption for stored data.
• TLS/SSL encryption for data transmission.
• Access control and role-based authorization.
• Regular security monitoring and vulnerability assessments.
• Secure cloud infrastructure with redundancy and fail-over systems.

8. Data Retention Policy

Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected or to meet regulatory requirements.

Retention considerations include:

• Legal and financial compliance requirements
• Fraud prevention and dispute resolution
• Service delivery obligations

When data is no longer required, it will be securely deleted, anonymized, or archived in accordance with applicable regulations.

9. Data Sharing and Third-Party Processing

Picadailys may share limited personal data with trusted entities where necessary to deliver services.

These may include:

• Licensed partner banks and financial institutions.
• Regulatory authorities and law enforcement agencies where required by law.
• Verified service providers offering:

• Identity verification services
• Analytics tools
• Marketing or communication services
• Cloud infrastructure

10. Data Subject Rights

Picadailys recognizes and supports enhanced rights for individuals whose data is processed.

Users have the right to:

• Right of Access – Request access to personal data held by Picadailys.
• Right to Rectification – Correct inaccurate or incomplete personal information.
• Right to Erasure – Request deletion of personal data where it is no longer necessary.
• Right to Restrict Processing – Limit how personal data is processed in certain situations.
• Right to Data Portability – Request transfer of personal data in a structured format.
• Right to Object – Object to processing for direct marketing or profiling.
• Right to Withdraw Consent – Withdraw consent previously given for data processing.
• Right to Complaint – Lodge complaints with relevant data protection authorities if privacy rights are violated.

Requests should be submitted to compliance@picadailys.com and will be addressed within 7 working days.

11. Protection of Children’s Data

Picadailys recognizes that children require enhanced protection when their personal data is processed.

• Picadailys services are not primarily intended for children under 18 years of age.
• Personal data from minors will not be knowingly collected without parental or guardian consent.
• Where children’s data is processed, additional safeguards will be applied.

12. Transparency and Accountability

Picadailys maintains internal processes to ensure compliance with data protection laws and ethical data practices.

These include:

• Internal data governance frameworks.
• Employee training on privacy and security practices.
• Compliance monitoring and audits.
• Incident response procedures for data breaches.

The Company remains committed to maintaining a comprehensive and continuously improving privacy program.

13. Policy Review and Updates

This policy will be reviewed:

• Annually, or
• Whenever there are changes in regulations, technology, or business operations.

Updates will be approved by management and communicated through official company channels.

14. Contact Information

For privacy inquiries, complaints, or requests regarding personal data:

Email: compliance@picadailys.com