Onyx Marketplace Privacy Policy

1. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to all individuals and entities that access or interact with the Onyx Marketplace platform, including:

• Buyers who purchase or intend to purchase products or services listed on Onyx
• Vendors and business partners who list, promote, or sell products on the platform
• Users who browse, search, or interact with the website, mobile application, or any other digital interface
• Buy Now Pay Later (BNPL) or installment financing users
• Third-party service providers and partners, such as logistics providers, lenders, identity verification partners, payment processors, and fraud-prevention partners

This Policy governs all categories of personal and business data collected through Onyx' digital infrastructure, including account registration, payment transactions, vendor verification, product transactions, customer support, and automated data collection technologies.

2. WHAT DATA WE COLLECT

Onyx collects and processes personal and business information necessary to operate the marketplace, verify user identities, fulfill transactions, and comply with legal obligations:

3. HOW WE USE PERSONAL DATA

Onyx processes personal data for lawful, specific, and legitimate purposes:

4. LEGAL BASIS FOR PROCESSING DATA

Onyx processes personal data in accordance with the Nigeria Data Protection Act (NDPA), the Nigeria Data Protection Regulation (NDPR), and applicable laws:

5. HOW WE SHARE PERSONAL DATA

Onyx does not sell or trade personal data. Data may only be shared with trusted third parties where necessary, with all parties bound by strict confidentiality obligations and NDPA-compliant processing terms:

6. COOKIE & TRACKING TECHNOLOGIES

Onyx uses cookies, pixels, tags, and similar tracking technologies to enhance user experience and optimize platform performance:

7. DATA RETENTION POLICY

Personal data is stored only as long as necessary to meet legitimate business, legal, and regulatory purposes in compliance with NDPR, Money Laundering (Prohibition) Act, FCCPA, and applicable laws:

Upon reaching the end of retention periods, data is securely deleted, anonymized, or archived with restricted access.

8. DATA SECURITY MEASURES

Onyx adopts a multi-layered security framework aligned with global best practices, NDPR requirements, and industry standards:

9. INTERNATIONAL DATA TRANSFERS

Onyx may transfer personal data outside Nigeria for cloud hosting, analytics, payment processing, and BNPL financing. All transfers are governed by NDPR 2023 and include:

• Transfer Impact Assessments (TIAs) before international transfers
• Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs)
• Data minimization and purpose limitation
• Strong encryption for international transfers
• Users maintain all NDPR rights even if data is processed outside Nigeria

10. USER RIGHTS UNDER NDPA 2023

Under the Nigeria Data Protection Act (NDPA 2023), all users are entitled to:

• Right of Access: Request to view personal data held by Onyx
• Right to Rectification: Request corrections to inaccurate or incomplete data
• Right to Withdraw Consent: Withdraw consent for specific processing activities
• Right to Deletion: Request permanent deletion of personal data where legally permissible
• Right to Restrict or Object to Processing: Request temporary restriction or object to processing
• Right to Data Portability: Request data transfer in machine-readable format
• Right to Opt-Out of Direct Marketing: Opt out of promotional messages and advertisements
• Right to Report Violations: Report data protection concerns to the Nigeria Data Protection Commission (NDPC)

11. CHILDREN'S PRIVACY

Onyx is committed to protecting the privacy and safety of minors:

• Onyx does not knowingly collect personal data from individuals under 18 years of age
• If data from a minor is inadvertently collected, it will be immediately deleted
• Parents or guardians may contact Onyx to request deletion of child data
• Vendors are prohibited from marketing to or collecting data from minors
• Age verification is implemented during registration and checkout

12. DATA BREACH MANAGEMENT

In the event of a data breach, Onyx will:

• Promptly assess the nature, scope, and potential impact
• Implement immediate containment measures
• Conduct thorough investigation and root cause analysis
• Notify affected individuals and the Nigeria Data Protection Commission (NDPC) as required
• Take corrective and remedial measures to prevent recurrence
• Document all actions and maintain records for audit purposes

13. THIRD-PARTY LINKS & EXTERNAL SITES

Onyx may provide links to external websites or third-party services. Key points:

• Onyx does not own, operate, or manage third-party sites
• We are not responsible for the content, security practices, or privacy policies of external sites
• Users should review the terms and privacy policies of third-party sites
• Onyx shall not be liable for losses resulting from use of third-party sites

14. CHANGES TO THIS PRIVACY POLICY

Onyx reserves the right to revise, amend, or update this Privacy Policy at any time:

• Updated versions will be published with a revised "Last Updated" date
• Material changes will be communicated via email, in-app notifications, or dashboard alerts
• Continued use of the platform after updates constitutes acceptance of the revised terms
• Material changes may require explicit acknowledgment via the platform

15. CONTACT INFORMATION

For questions, concerns, or requests related to this Privacy Policy or data protection matters, contact us through:

Onyx is committed to acknowledging all privacy-related inquiries promptly. Data rights requests will be processed in accordance with NDPA timelines and regulatory requirements.