Our commitment to protecting your data rights under the General Data Protection Regulation (GDPR)
Afristores.co is fully committed to complying with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. The GDPR is a comprehensive data protection law that applies to organizations processing the personal data of individuals in the European Union (EU).
Although Afristores is based in Africa, we recognize the global nature of data protection and extend GDPR-level protections to all our users worldwide, regardless of their location.
This page outlines our approach to GDPR compliance, the steps we've taken to protect your data, and your rights as a data subject under the regulation.
We adhere to the core principles of GDPR in all our data processing activities:
We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate how we use your data through our Privacy Policy and this GDPR compliance statement.
We only collect personal data for specified, explicit, and legitimate purposes. We do not process data in ways that are incompatible with these purposes.
We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
We take reasonable steps to ensure personal data is accurate and kept up to date. We have processes in place to allow you to correct inaccurate data.
We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which the data is processed.
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Under GDPR, we must have a lawful basis for processing personal data. The table below outlines our primary lawful bases for different processing activities:
| Processing Activity | Lawful Basis | Explanation |
|---|---|---|
| Account Creation & Management | Contract | Processing is necessary for the performance of a contract with the data subject |
| Payment Processing | Contract & Legal Obligation | Necessary for contract performance and compliance with financial regulations |
| Marketing Communications | Consent or Legitimate Interests | Based on explicit consent or our legitimate interest in promoting our services |
| Customer Support | Contract & Legitimate Interests | Necessary for contract performance and our legitimate interest in providing quality service |
| Security & Fraud Prevention | Legitimate Interests & Legal Obligation | Our legitimate interest in protecting our platform and users, and legal obligations |
Where we rely on consent as our lawful basis for processing, we ensure that consent is freely given, specific, informed, and unambiguous. You have the right to withdraw consent at any time.
Under GDPR, you have specific rights regarding your personal data. We respect these rights and have established processes to help you exercise them:
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to that personal data.
You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
You have the right to have your personal data erased in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
You have the right to restrict processing in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, and to processing for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
We regularly review and update our security measures to address new threats and vulnerabilities.
We have established procedures to handle data breaches in compliance with GDPR requirements:
We monitor our systems for potential breaches and have processes to quickly detect and assess any incidents.
In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
When a data breach is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the breach to affected data subjects without undue delay.
We maintain documentation of all data breaches, regardless of whether notification was required.
As a global platform, we may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place:
Where possible, we transfer data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission.
For intra-organizational transfers, we implement Binding Corporate Rules where appropriate.
In limited circumstances, we may rely on derogations for specific situations, such as explicit consent or the necessity for the performance of a contract.
We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with GDPR:
Data Protection Officer
Email: dpo@afristores.co
Address: 32, Zone E, Apo, Abuja, Nigeria
Our DPO is responsible for:
If you have any questions about our GDPR compliance or wish to exercise your data rights, please contact us:
Afristores Data Protection Team
Email: privacy@afristores.co
Address: 32, Zone E, Apo, Abuja, Nigeria
You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes the GDPR.
The foundation of our data protection approach
We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
We collect personal data for specified, explicit, and legitimate purposes and do not process it incompatibly with those purposes.
We only collect personal data that is adequate, relevant, and limited to what is necessary for our purposes.
We take every reasonable step to ensure personal data is accurate and, where necessary, kept up to date.
We keep personal data in a form which permits identification of data subjects for no longer than necessary.
We process personal data in a manner that ensures appropriate security, including protection against unauthorized processing.
Under GDPR, you have specific rights regarding your personal data
You can request access to the personal data we hold about you and information about how we use it.
You can request correction of inaccurate or incomplete personal data we hold about you.
You can request deletion of your personal data in certain circumstances ("right to be forgotten").
You can request limitation of how we use your personal data in certain situations.
You can request transfer of your data to another organization in a machine-readable format.
You can object to processing of your personal data in certain circumstances, including direct marketing.
The steps we've taken to ensure GDPR compliance
Implemented processes to ensure compliance with all GDPR data protection principles.
Documented the lawful basis for all data processing activities.
Updated our privacy notices to be clear, transparent, and easily accessible.
Established processes to handle data subject rights requests within GDPR timeframes.
Implemented procedures for conducting DPIAs for high-risk processing activities.
Established procedures for detecting, reporting, and investigating personal data breaches.
Implemented appropriate safeguards for international data transfers.
Provided GDPR training to all relevant staff members.
If you have any questions about our GDPR compliance or wish to exercise your data rights, please contact our Data Protection Team.
Contact Data Protection TeamStart building your store
