Privacy Policy
for Domtrade Digital
Electronics Solution Limited

Effective Date: [Insert Date] Last Updated: [Insert Date]

This Privacy Policy explains how Domtrade Digital Electronics Solution Limited (“DomTrade”, “we”, “our”, or “us”) collects, uses, stores, discloses, and protects the personal data of individuals who interact with our digital products and services, including our crypto exchange platform, bill-payment features, virtual card services, and flight-booking capabilities. Our commitment is guided by the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), as well as applicable privacy requirements in the United Kingdom, South Africa, Kenya and Ghana, where our services operate. We process your data lawfully, fairly, transparently, and only for purposes that are clear, legitimate, and consistent with your expectations. By accessing or using our services, you acknowledge that you have read, understood, and agreed to the practices described in this Policy.

Domtrade Digital Electronics Solution Limited is a multi-jurisdictional digital services provider offering financial, crypto, and lifestyle solutions. We operate under the trading name DomTrade PLC, with business activities and/or user reach across Nigeria, Kenya, Ghana, South Africa, and the United Kingdom. We act as a Data Controller when determining the purpose and means of processing your personal data. Where we rely on external service providers, they act as Data Processors on our behalf. For all privacy-related enquiries, requests, or complaints, you may contact our Data Protection representative at: Compliance@domtrade.net

DomTrade processes personal data based on internationally recognized privacy principles, which include: ●Lawfulness, Fairness, and Transparency: We only process personal data when the law permits us and do so transparently. ●Purpose Limitation: Data is collected for specific, clear, lawful, and legitimate purposes and not further processed in incompatible ways. ●Data Minimization: We limit data collection to what is strictly necessary to provide our services and meet regulatory requirements. ●Accuracy: We take reasonable steps to ensure personal data is accurate and up to date. ●Storage Limitation: Data is retained only for as long as necessary, after which it is securely deleted or anonymized. ●Integrity and Confidentiality: We apply appropriate technical and organizational security measures to protect personal data. ●Accountability: We maintain policies, logs, processes, and contracts to demonstrate compliance. These principles govern all aspects of our handling of your information.

DomTrade collects personal data necessary for identity verification, regulatory compliance, transaction processing, security, fraud prevention, and delivery of our services. The personal data we process may include: Identity Information This includes full name, date of birth, nationality, gender, residential address, government identification numbers (such as BVN and NIN), passport information, and facial biometric data obtained through selfie verification. These identifiers are essential to comply with Know-Your-Customer (KYC) and Anti-Money Laundering (AML) obligations. Contact Information This includes your mobile number, email address, and related communication preferences. These details enable us to contact you about your account, verify your identity, send security alerts, and deliver official communications. Financial and Transaction Information This includes records of deposits, withdrawals, crypto trades, bill payments, virtual card transactions, flight bookings, card-linked activities, wallet identifiers, payment confirmations, bank/payment references, and other transaction metadata. Technical and Device Information We collect data generated automatically during your use of our platform, such as IP addresses, device type, operating system, device identifiers, browser information, log files, access times, time zones, page interactions, and location data derived from IP or app permissions. Cookies and Tracking Technologies Our websites and applications rely on cookies, pixels, and analytics tools to authenticate sessions, optimize platform performance, understand user behaviour, and personalize the service experience. Support and Interaction Data When you contact us, we collect information from your communications, including transcripts, call logs, emails, complaint records, feedback submissions, and survey responses for quality assurance and service improvement.

We collect data through: ●Information you provide directly during onboarding or service use ●Identity verification processes during KYC/AML checks ●Automatically through devices, browsers, and cookies ●Third-party partners who assist with transactions or identity verification ●Public sources or regulatory databases (strictly where permitted) We ensure all collection methods comply with relevant laws and regulations.

DomTrade processes your personal data only for lawful and legitimate purposes, which may include the following: Providing and Managing Your Account We use your identity, contact, and financial information to register your account, authenticate your identity, and enable platform access. Regulatory Compliance (KYC/AML/CFT) We process BVN, NIN, passport details, biometrics, and transaction histories to comply with anti-fraud, anti-money-laundering, counter-terrorist financing, and other statutory obligations. Facilitating Transactions and Product Delivery Your information enables cryptocurrency trades, virtual card transactions, payment operations, and flight-booking confirmations. Enhancing Security and Preventing Fraud We rely on device data, usage patterns, and identity data to detect unusual activity, enforce account protections, investigate breaches, and safeguard our ecosystem. Customer Support and Service Quality Your communications with us help us resolve issues, respond to inquiries, and improve product quality. Service Improvement and Analytics Technical and behavioural data help us measure system performance, optimize user experience, and develop new features. Marketing and Communications (where permitted) With your consent, we may contact you with updates, promotions, or announcements relating to DomTrade services. You always retain the right to opt out. Each processing activity is supported by a lawful basis such as contractual necessity, statutory obligations, legitimate interests, or your consent.

To deliver functional services, DomTrade may share personal data with carefully selected third-party partners who operate under strict confidentiality and data-protection terms. These include: ●Rebiller (Nigeria) – supporting payment processing and settlement ●TravelStart (South Africa) – processing flight bookings We share only the minimum information necessary for each partner to perform their function. We do not sell personal data. We do not allow partners to process your data beyond agreed purposes. We require all processors to implement adequate privacy and security controls.

DomTrade primarily stores data in Nigeria. However, certain processing activities involving international partners, such as card issuance and flight booking, may require limited data transfers to jurisdictions such as the United States and South Africa. Where such transfers occur, DomTrade ensures that appropriate safeguards are in place, such as: ●Contractual data-protection obligations ●Encryption and access controls ●Vendor compliance with international standards ●Transfer mechanisms aligned with NDPA and global privacy guidelines Your data is never transferred without necessity and adequate protection.

DomTrade retains personal data only for as long as required to fulfil the purposes for which it was collected or as mandated by applicable financial-service, accounting, or regulatory laws. ●Identity and KYC data are typically retained for five to seven years after account closure to meet AML and regulatory audit requirements. ●Transaction and financial data may be retained for up to seven years for statutory and audit obligations. ●Customer support and communication records are retained for one to three years, depending on the context. ●Device, usage, and cookie-related data may be retained for six to twenty-four months, depending on operational needs. ●Marketing preferences and consent records are retained for up to two years after the last recorded engagement. After retention periods expire, personal data is securely deleted, anonymized, or archived in compliance with legal requirements.

DomTrade uses cookies and similar technologies to improve platform stability, secure sessions, measure performance, and personalize content. Cookies may be essential (necessary for login and navigation) or non-essential (used for analytics, optimization, or marketing). Where required, we obtain your consent before placing non-essential cookies. You may adjust cookie settings directly in your browser or through our app or web cookie controls.

DomTrade employs a layered security framework that includes encryption, access-control mechanisms, secure cloud environments, intrusion detection systems, vulnerability assessments, multi-factor authentication, and continuous monitoring. We restrict access to personal data to authorized personnel only and maintain logs, audit trails, and internal controls to prevent misuse. All processors are required to adhere to equivalent or stronger security standards. While we strive to protect your data, no system is entirely immune from risks. Should a breach occur, we take immediate action as described below.

If DomTrade becomes aware of a data breach or an incident that compromises personal data, we will: ●Investigate and contain the incident promptly ●Notify affected users when there is a risk of harm ●Report the breach to the Nigeria Data Protection Commission (NDPC) where legally required ●Document all actions taken and implement measures to prevent recurrence ●Implement a quick fix to safeguard unaffected data. We believe in transparency and will always communicate breach-related risks responsibly.

You have the right to exercise full control over your personal data. These rights include: ●Right of Access: You may request a copy of the personal data we hold about you. ●Right to Correction: You may request updates or rectification of inaccurate or incomplete data. ●Right to Deletion: You may request deletion of your data where legally permissible. ●Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time. ●Right to Object to Processing: You may object to certain forms of processing, including direct marketing. ●Right to Restrict Processing: You may request temporary suspension of processing under certain circumstances. ●Right to Data Portability: You may request transfer of your data to another provider where applicable. ●Right to Lodge a Complaint: You may contact the NDPC or relevant privacy authority if you believe your rights have been violated. You can exercise these rights by contacting our DPO at Compliance@domtrade.net. We will respond within the timelines required under applicable data-protection laws.

DomTrade does not knowingly collect data from individuals below 18 years of age. If we discover that a minor has provided personal data, we will take reasonable steps to delete such data promptly.

We may update this Privacy Policy periodically to reflect operational or regulatory changes. When updates occur, we will revise the “Last Updated” date and notify users through email, in-app alerts, or prominent notices on our platform.

If you have questions, requests, or concerns about this Privacy Policy, you may reach us at: Domtrade Digital Electronics Solution Limited Email: Compliance@domtrade.net.