Privacy Policy

Overview

Sage Grey Technologies Limited (“Sage Grey Tech”, “we”, “our”, or “us”) operates the website https://sagegreytech.com and associated software solutions (collectively, “the Service”). This Privacy Policy (“the Policy”) describes the customer’s privacy rights regarding the collection, use, storage, sharing and disclosure of your personal information when you use our Service and the choices you have associated with that data. This policy is designed to comply with the Nigeria Data Protection Act (NDPA) 2023 and other applicable data protection laws.

This Policy applies across our website, payment platforms, APIs, software applications (“Platforms”), notifications, and tools when you access services offered by Sage Grey Tech or our affiliates. By using the Service, you agree to the collection and use of information in accordance with this Policy.

Definition of Terms

Cookies: A cookie is a small data file that is transferred to your computer or mobile device. It enables us to remember your account log-in information, IP addresses, web traffic, number of times you visit, browser type and version, device details, date and time of visits.

Sage Grey Tech: means Sage Grey Technologies Limited.

Data: Any information that can be used to identify a living person including email address, company name, password, payment card, financial information such as bank account number, and other banking details etc.), Government- issued Identity card, and/or taxpayer identification it may also include anonymous information that is linked to you, for example, your internet protocol (IP), log-in information, address, location, device or transaction data. Special categories of Data include about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data.

Site: means our Platform including but not limited to our mobile applications, websites and social media platforms.

User: means an individual who uses or accesses the Service.


Our Core Principles

This Policy focuses on the following core principles:

  • User Empowerment: We ensure that the User has autonomy to select what information is shared with us.
  • Secured Personal Information: We take full responsibility to ensuring that appropriate security measures are put in place and your personal information is protected.
  • Transparency of Use: We educate the User on how we collect personal information, for what purpose and how we secure personal information;
  • Compliance with Local Laws: Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. Specific privacy notices may apply to our product and services.
  • Collection and Storage of Data on a “need to collect” Basis: We may need to verify personal information before you can use or access the Service. We work to have measures in place to prevent collecting and storing personal information beyond what we need.
  1. Collection of Information

We collect several different types of information for various purposes to provide and improve our Service to you. The types of Data collected are provided below:

  1. Identity Data: Information such as, your full name(s), email address, phone number, government-issued identity number, and your date of birth. This data is to enable us to verify your identity in order to offer our Service to you;
  2. Contact Data: This is data that is needed to reach out to you, such as your contact address, email address, telephone number, details of the device you use and billing details;
  3. Identification documents :(such as your passport or any Government-issued identity card), a photograph (if applicable) and any other registration information you may provide to prove you are eligible to use our Service and in compliance with regulatory requirements on Know Your Customer (KYC);
  4. Log/Technical information: When you access our Service, our cloud-based servers automatically record information that your browser sends whenever you visit a website, links you have clicked on, length of visit on certain pages, unique device identifier, log-in information, location and other device details.
  5. Payment Data: Data necessary to process transactions, such as bank verification numbers (BVN) and account details. Application Data: If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
    • Geolocation Information: We may request that you verify location-based information from your mobile device, in order to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
    • Mobile Device Access. We may request access or permission to certain features from your mobile device’s camera, storage, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
    • Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.
  6. Marketing and Communications Data: This includes both a record of your decision to subscribe or to withdraw from receiving marketing materials from us or from our third parties.
  7. Records of your discussions with us, if we contact you and if you contact us.
  8. We may also collect, store, use and transfer non-personal information or anonymized data such as statistical or demographic data.

This information is primarily needed to maintain the security and operation of our application(s) for troubleshooting, and for our internal analytics and reporting purposes. This Policy applies to our Service only. We do not exercise control over the third-party websites displayed or linked from within our various services not directly affiliated to our Service. These third-party websites may place their cookies, plug-ins or other files on your computer, collect data or solicit personal information from you. We do not control these third-party websites and we are not responsible for their privacy statements.

  1. How Data is Obtained

While using our Service, we may obtain your Data via any of the following ways:

  1. Sign up for a Sage Grey Tech product account.
  2. Use any of our Service
  3. Contact our customer support team
  4. Fill our online forms
  5. Contact us

The lawful basis we rely on for processing your Personal Information are:

  1. Your Consent: Where you agree to us verifying your Personal Information by using our Service.
  2. A Contractual Obligation: Without your Data, we cannot provide our Service to you.
  3. A Legal Obligation: To ensure we are fully compliant with all applicable financial legislations such as Anti-Money Laundering and Counter Terrorist Financing Laws, we must collect and store your Data. We protect our Service against fraud by checking your identity with your Data.
  4. Use of Data

We may use your Personal Information to:

  1. Create and manage any accounts you may have with us, verify your identity, provide our services, and respond to your inquiries.
  2. Process your payment transactions (including authorization, clearing, chargebacks and other related dispute resolution activities)
  3. Protect against and prevent fraud, unauthorized transactions, claims and other liabilities.
  4. Provide, administer and communicate with you about products, services, offers, programs and promotions of Sage Grey tech, financial institutions, merchants and partners.
  5. Evaluate your interest in employment and contact you regarding possible employment with Sage Grey Tech.
  6. Evaluate and improve our business, including developing new products and services;
  7. To target advertisements, newsletter and service updates;
  8. As necessary to establish, exercise and defend legal rights;
  9. As may be required by applicable laws and regulations, including for compliance with Know Your Customers and risk assessment, Anti-Money Laundering, anti- corruption and sanctions screening requirements, or as requested by any judicial process, law enforcement or governmental agency having or claiming jurisdiction over Sage Grey Tech.
  10. Utilize data analytics to improve our website, products or services, user experiences and to optimize service.
  11. For other purposes for which we provide specific notice at the time of collection.
  12. Data Security and Retention

The security of your Data is important to us. We are committed to protecting the information we collect. We maintain administrative, technical, and physical controls designed to protect the Data you provide, or we collect against loss or theft, as well as against any unauthorized access, risk of loss, disclosure, copying, misuse or modification.

Other security measures include, but not limited to, secure servers, firewall, data encryption and granting access only to authorized personnel. Where you use a password for any of your accounts, please ensure you do not share this with anyone, and the password is kept confidential at all times.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of your Data is protected and maintained. Transmitting information online is not entirely secure. As such, we cannot guarantee that all information provided online is secure. We take all reasonable steps to ensure that your Data is secured and well protected.

We will only retain personal information on our servers for as long as is reasonably necessary to provide Services to you. Where you close your account on the Platform, your information is stored on our servers for a period of twelve (12) months to comply with regulatory obligations and for the purpose of fraud monitoring, detection, and prevention. Where we retain your Data, we do so in compliance with limitation periods under the applicable law.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we are committed to notifying the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, in accordance with the Nigeria Data Protection Act (NDPA) 2023. Where such a breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

We may disclose or share your Data with third parties with good faith that such action is necessary to:

  1. to comply with a legal obligation
  2. to protect and defend our rights or property
  3. to prevent or investigate possible wrongdoing in connection with the Service
  4. to protect the personal safety of users of the Service or the public
  5. to protect against legal liability
  6. if we become involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Note: At Sage Grey Tech, we will never ask for your login details. Your security is our priority

  1. Marketing

We may process your Data in order to contact you or send you marketing content and communication about our products, services or surveys. You may exercise your right to object to such contact from us or opt out from the marketing content. Please note however that if you opt- out of marketing content, we may still send you messages relating to transactions and our Service related to our ongoing business relationship.

We may ask you for permission to send notifications to you. Our Service will still work if you do not grant us consent to send you notifications.

  1. User Data Protection Rights and Choices

Based on your location and applicable laws, below are the rights you have as a user in relation to your personal data:

  1. right to be informed.
  2. right to request access or copies to your Data by signing into your Account or contacting us.
  3. right to request that we erase your Data from the Platform. Please note that this is a limited right which applies where the Data is no longer required, or the processing has no legal justification. The exceptions to this right is where the applicable law requires us to retain a historical archive or where we retain a core set of your Data to ensure we do not inadvertently contact you in future where you object to your Data being used for marketing purposes.
  4. right to correct or rectify any Data that you provide which may be incorrect, out of date or inaccurate. You also have the right to ask us to complete information you think is incomplete.
  5. right to object to the processing of your Data for marketing purposes. You have a right to ask us not to contact you for marketing purposes by adjusting your notification preference on the settings page or by opting out via the unsubscribe link in marketing emails we send you.
  6. right to object to processing: You have the right to object to the processing of your Data in certain circumstances. Please note that where you object to us processing your Data, we might be unable to provide the services to you.

If you wish to exercise any of the rights set above, please contact us using the contact information provided in the Contact Us segment below. Where we are unsure of your identity, we might ask you for proof of your identity for security reasons before dealing your request.

  1. Cookies

We use cookies to distinguish you from other users and to customize and improve our Service. Some browsers may automatically accept cookies while some can be modified to decline cookies or alert you when a website wants to place a cookie on your computer. If you choose to disable cookies, it may limit your ability to use our Platform. For detailed information on the cookies and how we use them refer to our Cookie Policy.

  1. Minor

Our Platform is not directed at persons under the age of eighteen (18) and we do not collect any Data knowingly or directly from minors who fall within this category. Where you have any belief that we have mistakenly or unknowingly collected information from a minor, please contact us using the information provided under the ‘Contact Us’ section to enable us investigate and restrict such Data.

  1. International Data Transfers

Where Data is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such Data and to ensure same is done securely and in accordance with the Nigerian Data Protection Regulation.

  1. Data Protection Officer

We shall appoint a Data Protection Officer(s) (DPO) responsible for overseeing our data protection strategy and its implementation to ensure compliance with the Nigerian Data Protection Regulation (NDPR) requirements. The DPO shall be a knowledgeable person on data privacy and protection principles and shall be familiar with the provisions of the NDPR.

The main tasks of the DPO include:

  1. Administering our data protection policies and practices;
  2. monitoring compliance with the NDPR and other data protection laws, data protection policies, awareness-raising, training, and audits;
  3. advise the business, management, employees and third parties who carry on processing activities of their obligations under the NDPR;
  4. acts as our contact point for Data privacy compliance;
  5. monitor and update the implementation of our data protection policies and practices;
  6. ensure that we undertake a Data Protection Impact Assessment and curb potential risk in our data processing operations
  7. maintain a database of all our Data collection and processing operations.
  8. Training

We shall ensure that employees who collect, access and process Data receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this Policy and the NDPR with regard to the protection of Data. On an annual basis, we shall develop a capacity building plan for our employees on data privacy and protection in line with the NDPR.

  1. Data Protection Audit

We shall conduct an annual data protection audit through a licensed Data Protection Compliance Organization (DPCOs), and the resulting audit report shall be certified and filed with the Nigeria Data Protection Commission in compliance with the Nigeria Data Protection Act (NDPA) and other applicable data protection regulations.

  1. Dispute Resolutions and Filing a Compliant

If you have any complaints regarding this Policy, please contact us at tech@sage-grey.com We will investigate and work on resolutions for complaints and disputes regarding use and disclosure of personal information within thirty (30) days in accordance with this Policy and in accordance with the Nigerian Data Protection Regulation.

  1. Updates to our Privacy Policy

From time to time, we may change, amend or review this Policy from time to time to reflect new services or changes in our Policy and place any updates on our Platform. All changes made will be posted on this page and where changes will materially affect you, we will notify you of this change by placing a notice online or via mail. If you keep using our Service, you consent to all amendments of this Policy.

  1. Contact Us

All access requests, questions, comments, complaints and other requests regarding the privacy policy should be sent to tech@sage-grey.com (DPO’s Email)

We may request additional details from you regarding your complaints and keep records of your requests and resolution.

If you do not agree with our policies and practices, kindly refrain from using our services. If you still have any questions or concerns, please contact us at tech@sage-grey.com

Scroll to Top