Privacy Policy

Taja Shop Technologies Limited (“Taja.Shop”, “we”, “us” or “our”) is the data controller responsible for personal data processed through the Taja.Shop marketplace. We comply with the Nigerian Data Protection Regulation 2019 (NDPR), the Nigeria Data Protection Act 2023, and—where applicable—the EU General Data Protection Regulation (GDPR).

We collect personal data directly from you, automatically via your device, and from trusted partners (payment processors, identity verification vendors, logistics providers). This includes:

• Identity & Contact Data: name, phone number, email, shipping/billing address, government-issued ID, BVN/NIN (for sellers), CAC filings (for corporate sellers).
• Account & Profile Data: username, password hash, avatar, biography, saved preferences, notification settings.
• Financial & Transaction Data: masked payment card, bank account, wallet balance, orders, refunds, payouts, taxes, dispute history.
• Usage & Device Data: IP address, browser type, device identifiers, location (approximate), access logs, clickstream, crash reports.
• Communications: messages exchanged via in-app chat, reviews, customer support tickets, recorded calls (where permitted), survey responses.

• Contractual necessity – to create your account, process orders, run escrow, settle payouts, provide support.
• Legitimate interests – to secure the Platform, prevent fraud, personalise content, gain insights and improve services (balanced with your rights).
• Consent – for marketing, optional cookies, biometric verification, and sharing with strategic partners when expressly authorised.
• Legal obligation – to comply with AML/CFT, tax, regulatory and consumer protection requirements, respond to lawful requests and enforce policies.

We do not sell personal data. We share limited information with trusted third parties under robust data processing agreements:

• Payment gateways (Paystack, Flutterwave) to authenticate payments, manage escrow and mitigate fraud.
• Logistics partners to arrange pickup, delivery and returns.
• Identity & compliance vendors for KYC/KYB, sanctions, PEP, credit or fraud checks.
• Customer support and communications tools (CRM, email, chat, telephony) to respond to enquiries.
• Professional advisors & regulators (auditors, lawyers, tax authorities, law enforcement) where disclosure is required by law.
• Corporate transactions (merger, acquisition, investment) subject to confidentiality safeguards.

Data is hosted in secure facilities in Nigeria and the European Union. When data is transferred outside Nigeria or the EU, we implement safeguards such as Standard Contractual Clauses, encryption in transit and at rest, strict RBAC, and continuous monitoring to ensure privacy standards equivalent to NDPR/GDPR.

We retain personal data only as long as necessary for the purposes described in this Policy, subject to legal, tax and regulatory requirements:

• Account data – while your account is active and up to 7 years after closure.
• Transaction records – minimum 7 years for statutory accounting and AML obligations.
• Support logs – up to 3 years after resolution, unless extended for disputes.
• Marketing consents – until you withdraw consent or opt out.
• Aggregated analytics – retained indefinitely in anonymised form.

We implement administrative, technical and physical controls to safeguard personal data, including:

You may exercise the rights below by emailing privacy@taja.shop. We will respond within 30 days (or within statutory timelines):

You may lodge complaints with the Nigeria Data Protection Commission via https://ndpc.gov.ng or your local supervisory authority.

We use first-party and third-party cookies, SDKs and pixels to remember preferences, keep you signed in, measure performance and deliver personalised advertising.

You can manage cookie preferences through browser settings or our on-site cookie banner. Essential cookies are required for core services (e.g. authentication, cart); disabling them may impair your experience.

We may send promotional emails, SMS or push notifications about products, offers and updates. You may opt out via the unsubscribe link, notification centre or by contacting us. You will continue to receive essential service messages (order updates, policy changes, security alerts).

The Platform is intended for users aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has provided data, notify us immediately so we can delete it and close the account.

We may revise this Privacy Policy to reflect regulatory changes, new features or operational needs. Material changes will be communicated via email, dashboard alerts or prominent notices at least 14 days before taking effect. The “Last updated” date will always indicate the latest version.

If you have privacy questions, access requests or complaints, contact our Data Protection Officer. We will investigate and respond within statutory timelines.