Privacy Policy

1. Introduction

ParkNCharge Limited ("ParkNCharge," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, store, share, and protect the personal information of users ("you," "your") when you interact with our Platform — including our website, mobile application(s), APIs, and related services (collectively, the "Platform").

We are the data controller in respect of the personal data you provide in connection with your use of the Platform, unless otherwise stated.

2. Legal Framework and Compliance

• We process personal data in compliance with the Nigeria Data Protection Act, 2023 (NDPA) and applicable directives from the Nigeria Data Protection Commission (NDPC).
• Our privacy practices reflect the principles of data protection as defined in the NDPA: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.
• For entities classified as Data Controllers / Processors of Major Importance (DCPMI) under the NDPA, we recognize obligations like registration with the NDPC, appointing a Data Protection Officer (DPO), conducting data protection impact assessments, and submitting compliance reports.

3. Personal Data We Collect

We may collect and process different categories of personal data, including but not limited to:

• Identity Data: Full name, date of birth, profile picture, image (through CCTV footages and liveliness checks, where necessary), vehicle information (license plate), driver's license or ID.
• Contact Data: Email address, phone number, postal address.
• Account Data: Username, password, account preferences.
• Booking & Transaction Data: Reservation details, check-in/check-out times, location of booked parking or charging station, payment history.
• Payment Data: Payment method details (card, mobile money, etc.), billing address.
• Usage & Technical Data: Device type, operating system, IP address, app usage logs.
• Location Data: GPS/location data (if you enable location services), charging station usage.
• Communications Data: Messages between you and us (including customer support), feedback, reviews.
• Security Data: Information collected for fraud prevention, identity verification, and account security.

We only collect "sensitive personal data" (special categories) where strictly necessary, e.g., for identity verification, and only with appropriate safeguards.

5. Lawful Basis for Processing

We rely on one or more of the following lawful bases under the NDPA to process your data:

• Consent: When you provide explicit consent (e.g., for marketing communications or optional features).
• Contractual Necessity: To perform our obligations under your agreement with us (for example, to complete a booking or payment).
• Legal Obligation: When we must process data to meet regulatory or legal requirements.
• Legitimate Interests: For purposes such as improving our services, fraud prevention, analytics, and platform maintenance — provided these interests do not override your rights.

6. How We Use Your Personal Data

We use your information for the following purposes:

• Provision of Services: To allow you to register, make bookings, check in/out, pay for services, and manage your account.
• Customer Support: To respond to inquiries, complaints, and support requests.
• Platform Improvement: To analyze how you use the Platform, develop new features, improve user experience, and conduct analytics.
• Safety, Fraud Prevention & Verification: To detect and prevent fraud, verify identity, and secure our services.
• Communications: To send transactional communications, notifications (e.g., booking confirmations, reminders), and, where you consent, marketing messages.
• Legal and Regulatory Compliance: To comply with legal obligations, enforce our Terms of Use, and defend our rights.
• Security: To ensure data integrity and confidentiality, including securing data, preventing unauthorized access, and responding to data breaches.

7. Sharing and Disclosure of Personal Data

We may disclose your data to the following categories of recipients:

• Service Providers / Data Processors: Third parties who provide services on our behalf (e.g., payment processors, cloud hosting providers, analytics vendors).
• Parking / Charging Providers: Operators who manage the parking lots or EV charging stations you book through our Platform.
• Regulatory or Legal Authorities: When required by law, regulation, or a valid legal process (e.g., law enforcement, tax authorities).
• Business Partners / Affiliates: Entities within our group or strategic partners (subject to contractual obligations to protect your data).
• In Connection with Business Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity, subject to confidentiality and data protection obligations.

8. International Data Transfers

If we transfer your data outside Nigeria, we will ensure appropriate safeguards are in place as required by law (e.g., NDPA). Such safeguards may include contractual agreements, standard clauses, or other measures to protect the confidentiality, integrity, and security of your data in transit and at rest.

9. Data Retention

• We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected (service provision, legal compliance, dispute resolution).
• When data is no longer required, we securely delete it or anonymize it so it cannot be associated with you as an individual.
• We also retain data where required for compliance with regulatory obligations or to establish, exercise, or defend legal claims.

10. Data Security

We implement robust technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest;
• Access controls, role-based access, and authentication;
• Security testing, regular vulnerability assessments;
• Incident response and breach-management procedures;
• Staff training on data protection and privacy best practices.

11. Data Breach Notification

In the event of a data breach (unauthorized access, loss, alteration, or disclosure of personal data), we will:

• Assess the risk and scope of the breach;
• Where required by law or regulation, notify the Nigeria Data Protection Commission (NDPC) within the prescribed timeframe;
• Inform affected Users and data subjects if the breach poses a high risk to their rights and freedoms;
• Take reasonable steps to mitigate harm and prevent similar incidents in the future.

12. Your Data Subject Rights

Under the NDP Act / NDPA and applicable guidance, you have the following rights (subject to certain conditions):

• Right to be Informed: You have the right to know how and why we process your personal data.
• Right of Access: You can request access to your personal data ("data subject access request").
• Right to Rectification: You can ask us to correct or update your data if it is inaccurate or incomplete.
• Right to Erasure ("Right to be Forgotten"): Under certain circumstances, you can ask for deletion of your personal data.
• Right to Restrict Processing: You can request that we limit how we process your data.
• Right to Object: You may object to certain types of processing, for instance when processing is based on "legitimate interests."
• Right to Data Portability: You may request that we provide you with your personal data in a structured, commonly used, machine-readable format.
• Right Not to Be Subject to Automated Decision-Making: Where relevant, you can request human review of automated decisions.
• Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing prior to withdrawal.
• Right to Lodge a Complaint: You have the right to contact the NDPC if you believe your data protection rights have been violated.

To exercise any of these rights, please contact our DPO / privacy team using the contact details provided below.

13. Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to improve your experience, understand usage patterns, and analyze Platform performance. When required, we will display a cookie notice and obtain your consent before placing non-essential cookies on your device, in line with regulatory requirements. You may control or disable cookies through your browser settings, but this may affect some functionality of the Platform.

14. Children's Data

Our Platform is not intended for children under the age of 18. We do not knowingly collect personal data from minors. If we discover that we have collected data from a child under 18 without proper consent, we will take steps to delete that information.

15. Changes to This Privacy Policy

We may update this Policy from time to time (for example, when our data practices change, or to reflect changes in law). When we make material changes, we will notify you via email, in-app notification, or a prominent notice on our Platform. Your continued use of the Platform after changes are made will constitute your acceptance of those changes.

16. Third-Party Links

Our Platform may contain links to third-party websites or services that are not operated or controlled by us. This Privacy Policy does not apply to third parties. We encourage you to review the privacy notices or policies of any linked or third-party service before providing them with personal data.

17. Accountability & Governance

• We maintain a Register of Processing Activities (ROPA) to document what personal data we process, for what purpose, and with whom we share it.
• We conduct periodic Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
• We provide regular training to our staff on data protection and privacy.
• We maintain data processing agreements (contracts) with third-party processors to ensure they process data in accordance with the NDPA.

18. Contact & Complaints

If you have any questions, complaints, or requests relating to this Privacy Policy or our handling of your personal data, you can contact us at:

If you are not satisfied with our response, you may escalate your concern to the Nigeria Data Protection Commission (NDPC).

19. Enforcement & Sanctions

• Non-compliance with the NDPA may attract penalties, including administrative fines, as prescribed by the NDPC.
• We are committed to cooperating fully with the NDPC in the event of investigations or compliance assessments.
• We will also maintain internal mechanisms (e.g., a privacy complaints process) to address data subject concerns promptly.