img

Call Us: +000 0000 0000

NGN
0
Wishlist 0 items
0
Your Cart ₦ 0.00
0
0
0
Shopping Cart
empty-box

Your Cart List Is Empty

Cart is empty. Please go to your home page for listing it.

Total

₦ 0.00

Proceed To Checkout
View Cart

Privacy Policy

  • Home
  • Privacy Policy

DATA PROCESSING AGREEMENT


This Data Processing Agreement (‘The Agreement’) is made this 25th Day of January 2026 

Between:


Afriqmarkethub LIMITED, a company registered under the laws of Nigeria, with its registered office in Lagos Nigeria (‘Afriqmarkethub’ or ‘The Company’ or ‘Data Controller’)


And


[VENDOR’S NAME], a company registered under the laws of Nigeria with its registered office in Nigeria (‘The Vendor’ or ‘Data Processor’)


WHEREAS:


  1. The Company is an e-commerce company registered by the Corporate Affairs Commission (CAC) and offering products and services through its website and other digital and social media handles.


  1. In offering its wide and diverse array of products and services, the Company allows manufacturers, importers, sellers, and service providers to offer products and services through its website and other platforms.


  1. As the owner of an e-commerce platform, the Company acts as a Data Controller and the manufacturers, importers, sellers and service providers (Vendors and Contractors) allowed to offer products and services through its platforms and with whom data collected from customers are shared for the purpose of fulfilling products and services, are data processors. 


  1. The Parties to this Agreement have agreed in compliance with the relevant provisions of the Constitution and applicable Data Protection Act and Regulations, to establish guiding terms and conditions for compliance.


IT IS HEREBY AGREED AS FOLLOWS:


  1. DEFINITIONS AND INTERPRETATION


  1. In this Agreement, unless the context otherwise requires:


‘Applicable Data Protection Laws’ means the Nigeria Data Protection Act 2023 (NDPA 2023), Nigeria Data Protection Regulation 2019, and any other applicable data protection laws and regulations applicable to the transactions under this Agreement.

 

‘Personal Data’ means any information relating to an identified or identifiable natural person as defined in Section 65 of the NDPA 2023.


‘Processing’ means any operation performed on Personal Data as defined in Section 65, the Interpretation Section of the NDPA 2023.


‘Data Subject’ means an identifiable person whose Personal Data is being processed

‘Data Protection Officer’ means the designated person responsible for overseeing data protection strategy and implementation


  1. PURPOSE AND SCOPE


  1. This Agreement sets out the framework for the sharing and processing of Personal Data between the parties as required for the provision of e-commerce services through the Platform.


  1. The Vendor acknowledges that the Company acts as a Data Controller and the Vendor acts as a Data Processor under this Agreement.


  1. DATA PROTECTION PRINCIPLES


  1. Both parties agree to comply with the following principles when processing Personal Data:


  1. Process Personal Data lawfully, fairly, and transparently.

  2. Collect Personal Data only for the specified, explicit, and legitimate purposes required to fulfil the transactions for which the data is collected.

  3. Ensure collected Personal Data is adequate, relevant, and limited to what is necessary.

  4. Maintain accuracy and keep Personal Data up to date.

  5. Retain Personal Data only for as long as necessary to carry out the purpose for which it was collected.

  6. Develop and agree on a framework for ensuring the existence of appropriate security and protection against unauthorized processing.


  1. VENDOR OBLIGATIONS


  1. The Vendor shall:


  1. Process Personal Data only on documented instructions from the Company.

  2. Ensure persons authorized to process Personal Data are committed to confidentiality of the information and use it only for the purposes authorized.

  3. Implement agreed and appropriate technical and organizational security measures.

  4. Engage another processor only with prior authorization from the Company.

  5. Assist the Company in responding to Data Subject requests pertaining to their products or services.

  6. Assist the Company in ensuring compliance with security obligations imposed by relevant Laws and Regulations.

  7. Delete or return all Personal Data to the Company after service completion.

  8. Make available all information necessary to demonstrate compliance.


  1. CROSS-BORDER DATA TRANSFERS


  1. The Vendor shall not transfer Personal Data to any country outside Nigeria without:

  1. Prior written consent from the Company.

  2. Ensuring adequate levels of protection as required by Section 41 of the NDPA 2023

  3. Implementing appropriate safeguards as approved by the Nigeria Data Protection Commission


  1. DATA SECURITY


  1. Both parties shall implement agreed and appropriate technical and organizational measures to ensure security of Personal Data, including as appropriate:

  1. Encryption of Personal Data.

  2. Regular testing and evaluation of security measures.

  3. Access controls and authentication measures.

  4. Data backup and recovery procedures.

  5. Regular security awareness training for staff.


  1. PERSONAL DATA BREACH


7.1. The Vendor shall:

  1. Notify the Company within 48 hours of becoming aware of a Personal Data breach.

  2. Provide full details of the breach and measures taken to address it.

  3. Cooperate with any investigation by the Company or regulatory authorities.

  4. Document all breaches and remedial actions taken.


  1. AUDIT RIGHTS


8.1.  The Company shall have the right to audit the Vendor's data protection practices:

  1. Where it has given the Vendor reasonable notice.

  2. During regular business hours.

  3. No more than once per year except where such audit is required by law or following a security incident.


  1. LIABILITY AND INDEMNITY

    1. The Vendor shall indemnify the Company against all claims, liabilities, costs, expenses, damages and losses resulting from the Vendor's breach of this Agreement.


  1. DURATION AND TERMINATION

    1. This Agreement shall commence upon the execution of this Agreement and continue until terminated by either party with 30 days written notice.

    2. Upon termination, the Vendor shall:


  1. Cease all processing of Personal Data

  2. Return or securely delete all Personal Data obtained by virtue of this Agreement as instructed by the Company

  3. Provide written confirmation of data deletion.


  1. GOVERNING LAW


  1. This Agreement shall be governed by and construed in accordance with the laws of Nigeria.


12. DISPUTE RESOLUTION

12.1 Any disputes shall be resolved through:


(a) In the first instance, amicable negotiation between parties.

(b) Where negotiation fails, Parties shall submit to mediation.

(c) As a last resort, Parties shall submit to and be bound by decision of an Arbitrator.


IN WITNESS OF WHICH THE PARTIES HAVE AFFIXED THEIR SEALS ON THE DAY AND YEAR FIRST ABOVE WRITTEN

 

SIGNED SEALED AND DELIVERED