Afriqglobal

1. Introduction

Afriq Global Market Limited ("Afriq Global," "the Platform," "we," "us," or "our") is committed to protecting the privacy and personal data of all users of the Afriq Global Market platform. This Privacy Policy explains how we collect, use, process, store, share, and protect your personal information when you access or use our Platform, including the E-Commerce Marketplace, Auction Platform, and African Shop Locator services.

This Privacy Policy applies to all Vendors, Sellers, Buyers, Auction Participants, Shop Locator Business Owners, and all other users of the Platform worldwide. By accessing or using the Platform, you consent to the practices described in this Privacy Policy.

Applicable Legislation

This Privacy Policy has been drafted in compliance with the following data protection frameworks:

United States Privacy Laws, including Michigan state law, the California Consumer Privacy Act (CCPA), and the Children's Online Privacy Protection Act (COPPA).
Nigeria Data Protection Act (NDPA) 2023 of the Federal Republic of Nigeria.
UK General Data Protection Regulation (UK GDPR), retained under the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018, enforced by the Information Commissioner's Office (ICO).
General Data Protection Regulation (EU GDPR) for EU-based diaspora buyers.
Protection of Personal Information Act (POPIA) of the Republic of South Africa for expansion markets.

2. Data Controller

Afriq Global Market Limited, incorporated in the State of Michigan, United States of America, is the Data Controller responsible for the processing of personal data through the Platform.

Regulatory Framework	Role of Afriq Global Market Limited
Nigeria Data Protection Act (NDPA) 2023	Afriq Global Market Limited acts as a Data Controller as defined under the NDPA 2023 for the processing of personal data of Nigerian users.
EU General Data Protection Regulation (GDPR)	Afriq Global Market Limited acts as the Data Controller for personal data of EU-based users, within the meaning of Article 4(7) of the GDPR.
UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018	Afriq Global Market Limited acts as the Controller for personal data of UK-based users, supervised by the Information Commissioner's Office (ICO).
Protection of Personal Information Act (POPIA)	Afriq Global Market Limited acts as a Responsible Party for personal information of South African users.
US Privacy Laws	Afriq Global Market Limited is the business that collects and processes personal information of US-based users.

Data Controller Contact: davidsopekan@afriqglobal.org

3. Categories of Personal Data Collected

Afriq Global Market Limited collects and processes the following categories of personal data in connection with the operation of the Platform:

Category	Data Elements	Purpose
Identity Data	Full legal name, date of birth, nationality, gender, and government-issued photo ID for vendor verification under the Afriq Global Verification Model.	Account creation, vendor verification, and regulatory compliance.
Contact Data	Email address, phone number, residential or business address, and postal code.	Account communication, shipping, and customer support.
Financial Data	Bank account details, PayPal account information, and Paystack account information. Note: Financial data is processed by our payment partners and is not stored by Afriq Global.	Payment processing, commission disbursement, and escrow transactions.
Transaction Data	Purchase history, auction bids, payment amounts, commission records, and escrow transaction details.	Order fulfillment, dispute resolution, and financial reporting.
Verification Data	Government-issued ID documents, proof of address (utility bills, bank statements, or official correspondence issued within 3 months), and Premium Vendor Verification documentation.	Afriq Global Verification Model, Premium Vendor Verification, and fraud prevention.
Technical Data	IP address, browser type and version, device information, operating system, time zone, login data, and access times.	Platform security, fraud detection, and analytics.
Usage Data	Pages visited, products viewed, search queries, auction participation history, and Shop Locator usage data.	Platform improvement and user experience optimization.
Location Data	Approximate location data for Shop Locator functionality and shipping addresses.	African Shop Locator service and order delivery.
Communication Data	Messages between buyers and vendors, customer support correspondence, feedback, and reviews.	Dispute resolution, quality assurance, and customer support.
Marketing Data	Preferences for receiving marketing communications and referral link data for the Influencer/Creator revenue-share program.	Targeted communications and Influencer/Creator program management.

4. How We Collect Data

4.1 Directly from You

We collect personal data that you voluntarily provide to us, including when you:

Register for an account on the Platform as a Buyer, Vendor, or Auction Participant.
Complete the vendor verification process under the Afriq Global Verification Model.
Create product listings or shop listings.
Make purchases or process transactions.
Participate in auctions on the Auction Platform.
Use the African Shop Locator to search for or register a business.
Contact our customer support team.
Subscribe to marketing communications or participate in the Influencer/Creator program.

4.2 Automatically

We automatically collect certain technical and usage data when you access or use the Platform, including through the use of:

Cookies: Small data files stored on your device to enable Platform functionality and analytics.
Web beacons: Tracking technologies embedded in web pages and emails.
Analytics tools: Third-party and proprietary analytics services that monitor Platform usage patterns.

4.3 From Third Parties

We may receive personal data about you from the following third-party partners:

Terminal Africa: Shipping status, logistics tracking data, and delivery confirmation information.
PayPal: Payment confirmation data, transaction status, and payer verification information.
Paystack: Payment confirmation data, transaction status, and payer verification information for African market transactions.

5. Legal Basis for Processing

In compliance with the GDPR (Article 6), the UK GDPR, and the NDPA 2023, Afriq Global Market Limited processes personal data only where a valid legal basis exists.

Legal Basis	GDPR Article	Processing Activities
Contract Performance	Art. 6(1)(b)	Processing necessary to fulfill transactions between Buyers and Vendors; managing vendor accounts; processing escrow payments through PayPal and Paystack; facilitating auction bids; delivering products via Terminal Africa; managing the 48-hour auto-confirmation delivery process; and processing returns within the 48-hour return window.
Legal Obligation	Art. 6(1)(c)	Tax reporting and record-keeping; anti-money laundering (AML) compliance; fraud prevention obligations; compliance with court orders, subpoenas, or regulatory investigations; and record retention required by applicable law.
Legitimate Interest	Art. 6(1)(f)	Platform security and integrity; fraud detection and prevention; improving user experience and Platform functionality; analytics and performance monitoring; and protecting the rights and safety of users and Afriq Global Market Limited.
Consent	Art. 6(1)(a)	Marketing communications and promotional offers; placement of non-essential cookies and tracking technologies; sharing data with third parties beyond what is necessary for service delivery; and participation in the Influencer/Creator revenue-share program.

Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal. You may withdraw consent by contacting us at davidsopekan@afriqglobal.org.

6. How We Use Your Data

Afriq Global Market Limited uses the personal data we collect for the following purposes:

6.1 Account and Service Administration

To create and manage your account on the Platform.
To verify vendor identity through the Afriq Global Verification Model.
To manage Premium Vendor Verification ($50/year subscriptions).

6.2 Transaction Processing

To process and facilitate transactions, including escrow payments via PayPal and Paystack.
To facilitate the 48-hour auto-confirmation delivery process.
To process returns within the 48-hour return window.
To calculate and process commission payments (20% e-commerce, 15% auction).

6.3 Platform Features

To facilitate auction bidding within segmented time frames on the Auction Platform.
To power the African Shop Locator functionality.
To manage the Influencer/Creator revenue-share program.

6.4 Logistics and Fulfillment

To coordinate shipping and logistics through Terminal Africa.

6.5 Security, Compliance, and Communication

To prevent fraud, detect unauthorized transactions, and protect platform security.
To comply with applicable laws and regulations across all operating jurisdictions.
To communicate with you about your account, transactions, and platform updates.
To improve and optimize the Platform's performance, features, and user experience.

7. Data Sharing and Third Parties

Afriq Global Market Limited may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes described in this Privacy Policy:

7.1 Logistics Partner

Terminal Africa: We share shipping addresses, package details, and delivery information with Terminal Africa as necessary for logistics fulfillment. Terminal Africa processes this data as an independent controller for shipping purposes and is subject to its own privacy policy and data protection obligations.

7.2 Payment Partners

PayPal: We share transaction amounts, buyer/vendor identification, and payment details with PayPal as necessary for escrow services and international payment processing. PayPal processes this data under its own privacy policy.

Paystack: We share transaction amounts, buyer/vendor identification, and payment details with Paystack as necessary for payment processing in African markets. Paystack processes this data under its own privacy policy.

7.3 Other Users

Vendors and Buyers: We share necessary transaction information between vendors and buyers to facilitate and fulfill purchases. This includes sharing the buyer's shipping address with the relevant vendor for the purpose of order fulfillment.

7.4 Legal and Regulatory Disclosures

Law Enforcement and Regulatory Authorities: We may disclose personal data when required by law, court order, subpoena, or a valid request from a regulatory authority in any jurisdiction in which we operate.

7.5 Professional Advisors

Lawyers, Auditors, and Consultants: We may share personal data with professional advisors who are bound by contractual confidentiality obligations and who require access to such data in order to provide legal, audit, or consulting services to Afriq Global Market Limited.

Important: No Sale of Personal Data

Afriq Global Market Limited does not sell personal data to third parties. We do not share personal data for third-party advertising purposes. This commitment applies to users in all jurisdictions, including under the California Consumer Privacy Act (CCPA) "Do Not Sell" provision.

8. International Data Transfers

Afriq Global Market Limited operates across multiple jurisdictions. As a result, personal data may be transferred between the United States, Nigeria, the United Kingdom, and other countries where we operate or expand our services.

We implement the following safeguards for cross-border data transfers:

Transfer Origin	Legal Framework	Safeguards Applied
European Union / European Economic Area (EU/EEA)	GDPR Chapter V	We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms under GDPR Chapter V, to ensure adequate protection for personal data transferred outside the EU/EEA.
United Kingdom	UK GDPR and Data Protection Act 2018	We rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses, as approved by the ICO, or other lawful transfer mechanisms under the UK GDPR.
Nigeria	NDPA 2023	We comply with the NDPA 2023 requirements for cross-border data transfers, including adequate protection assessments and, where required, approval from the Nigeria Data Protection Commission (NDPC).
South Africa	POPIA Section 72	We comply with POPIA Section 72 requirements for cross-border transfers, ensuring that the recipient country provides an adequate level of protection or that binding contractual obligations provide adequate protection.
United States	Federal and Michigan State Law	Data processed within the United States is subject to applicable federal and Michigan state data protection and consumer privacy requirements.

9. Data Retention

Afriq Global Market Limited retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

Data Category	Retention Period	Justification
Active Account Data	Duration of account plus 3 years after closure	Legitimate interest in maintaining records for dispute resolution and regulatory compliance following account closure.
Transaction Records	7 years from transaction date	Tax reporting obligations and legal compliance requirements under US, Nigerian, and international law.
Verification Documents	Duration of account plus 5 years	Anti-money laundering (AML) and know-your-customer (KYC) regulatory obligations.
Marketing Consent Records	3 years after last interaction	Demonstrating valid consent under GDPR, UK GDPR, NDPA, and POPIA requirements.
Dispute Records	6 years after resolution	Limitation periods for legal claims and contractual disputes.
Analytics Data	Anonymized and retained indefinitely	Platform improvement and aggregate trend analysis with no personally identifiable information retained.

Upon expiration of the applicable retention period, personal data will be securely deleted or anonymized in accordance with our data destruction procedures.

10. Data Security

Afriq Global Market Limited implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Security Measure	Description
Encryption in Transit	All data transmitted between your device and the Platform is protected using TLS/SSL encryption protocols.
Encryption at Rest	Stored personal data is encrypted using AES-256 encryption standards.
Access Controls	Role-based access controls and multi-factor authentication are implemented to restrict access to personal data to authorized personnel only.
Security Audits	Regular security audits, penetration testing, and vulnerability assessments are conducted to identify and remediate potential threats.
Secure Infrastructure	The Platform is hosted on secure server infrastructure with industry-standard physical and logical security controls.
Employee Obligations	All employees and contractors with access to personal data are bound by contractual confidentiality obligations and receive data protection training.
Incident Response	Documented incident response procedures are maintained to ensure rapid detection, containment, and remediation of security incidents.
Payment Security	All payment data is processed exclusively by our PCI-DSS compliant payment partners (PayPal and Paystack). Afriq Global Market Limited does not store credit card or sensitive payment instrument data.

11. Your Rights

Depending on your location and the applicable data protection legislation, you may have the following rights with respect to your personal data. Afriq Global Market Limited is committed to honoring these rights in accordance with applicable law.

11.1 Rights Under the EU General Data Protection Regulation (GDPR)

Applicable to users located in the European Union or European Economic Area.

Right	Description
Right of Access (Art. 15)	You have the right to obtain confirmation of whether your personal data is being processed and, if so, to receive a copy of such data.
Right to Rectification (Art. 16)	You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17)	You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
Right to Restriction (Art. 18)	You have the right to request restriction of processing in certain circumstances, such as when the accuracy of data is contested.
Right to Data Portability (Art. 20)	You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object (Art. 21)	You have the right to object to processing based on legitimate interest, including profiling, and to processing for direct marketing purposes.
Right to Withdraw Consent (Art. 7(3))	Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint	You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

11.2 Rights Under the UK General Data Protection Regulation (UK GDPR)

Applicable to users located in the United Kingdom. These rights mirror EU GDPR rights but are enforced independently by the Information Commissioner's Office (ICO) under the UK GDPR and the Data Protection Act 2018.

Right	Description
Right of Access	You have the right to obtain confirmation of whether your personal data is being processed and, if so, to receive a copy of such data.
Right to Rectification	You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure	You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
Right to Restriction of Processing	You have the right to request restriction of processing in certain circumstances, such as when the accuracy of data is contested.
Right to Data Portability	You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object	You have the right to object to processing based on legitimate interest, including profiling, and to processing for direct marketing purposes.
Right to Withdraw Consent	Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint	You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection.

UK GDPR Notice

Fines for non-compliance under the UK GDPR may reach up to £17.5 million or 4% of global annual turnover, whichever is higher.

11.3 Rights Under the Nigeria Data Protection Act (NDPA) 2023

Applicable to users located in the Federal Republic of Nigeria.

Right	Description
Right of Access	You have the right to request access to your personal data held by Afriq Global Market Limited and to obtain information about how it is processed.
Right to Rectification	You have the right to request correction of inaccurate personal data or completion of incomplete personal data.
Right to Erasure	You have the right to request deletion of your personal data, subject to legal and regulatory retention requirements.
Right to Object	You have the right to object to the processing of your personal data in certain circumstances.
Right to Data Portability	You have the right to receive your personal data in a commonly used format and to request transfer to another data controller.
Right to Withdraw Consent	Where processing is based on your consent, you may withdraw that consent at any time.
Right to Lodge a Complaint	You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

11.4 Rights Under the Protection of Personal Information Act (POPIA)

Applicable to users located in the Republic of South Africa.

Right	Description
Right of Access	You have the right to request access to your personal information processed by Afriq Global Market Limited.
Right to Correction	You have the right to request correction or deletion of inaccurate, irrelevant, excessive, out-of-date, or misleading personal information.
Right to Deletion	You have the right to request destruction or deletion of personal information that is no longer necessary for the purpose for which it was collected.
Right to Object	You have the right to object, on reasonable grounds, to the processing of your personal information.
Right to Submit a Complaint	You have the right to submit a complaint to the Information Regulator (South Africa) regarding an alleged interference with the protection of your personal information.

11.5 Rights Under US Privacy Laws

Applicable to users located in the United States of America.

Right	Description
Right of Access	You have the right to request access to the categories and specific pieces of personal information we have collected about you.
Right to Deletion	You have the right to request deletion of your personal information, subject to applicable legal exceptions and retention requirements.
Right to Opt-Out of Sale	You have the right to opt out of the sale of your personal information. Note: Afriq Global Market Limited does not sell personal data.
Right to Non-Discrimination	You have the right not to be discriminated against for exercising any of your privacy rights. We will not deny services, charge different prices, or provide a different quality of service based on your exercise of these rights.

To exercise any of the rights described above, please submit a verifiable request by contacting us at davidsopekan@afriqglobal.org. We will respond to all valid requests within the timeframes required by applicable law, typically 30 days under GDPR/UK GDPR/NDPA and 45 days under CCPA. We may request additional information to verify your identity before processing your request.

12. Cookies and Tracking Technologies

Afriq Global Market Limited uses cookies and similar tracking technologies to enhance your experience on the Platform. The following types of cookies are used:

Cookie Type	Purpose	Consent Required
Essential Cookies	Required for core Platform functionality, including session management, security tokens, shopping cart persistence, and authentication.	No. These cookies are strictly necessary and cannot be disabled without impairing Platform functionality.
Analytics Cookies	Used to understand user behavior patterns, monitor Platform performance, and identify areas for improvement.	Yes. Consent is required under GDPR, UK GDPR, and NDPA. Users may opt out at any time.
Marketing Cookies	Used for targeted advertising and promotional communications based on user browsing patterns and preferences.	Yes. Explicit consent is required. These cookies are only placed after affirmative user action.

You can manage your cookie preferences at any time through your browser settings. Please note that disabling essential cookies may impair your ability to use certain features of the Platform. For detailed instructions on managing cookies, please refer to your browser's help documentation.

13. Children's Privacy

Afriq Global Market Limited is committed to protecting the privacy of children. The Platform is not directed at and is not intended for use by children under the age of sixteen (16), or the applicable age of majority in the user's jurisdiction, whichever is higher.

Children's Privacy Warning

We do not knowingly collect, solicit, or process personal data from children under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such data from our records.

Parents or guardians who believe that their child may have provided personal data to the Platform are encouraged to contact us immediately at davidsopekan@afriqglobal.org.

Applicable Regulations

Children's Online Privacy Protection Act (COPPA) for children under 13 in the United States.
GDPR Article 8 for children under 16, or the age set by individual EU Member States, not lower than 13.
NDPA 2023 provisions governing the processing of children's personal data in Nigeria.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, Afriq Global Market Limited will take the following actions:

Obligation	Timeframe	Regulatory Basis
Notify Affected Users	Without undue delay; within 72 hours for GDPR-covered data	GDPR Articles 33-34, NDPA 2023, and POPIA Section 22
Notify the Nigeria Data Protection Commission (NDPC)	Within 72 hours of becoming aware of the breach	NDPA 2023
Notify the Information Regulator (South Africa)	As soon as reasonably possible	POPIA Section 22
Notify EU Supervisory Authority	Within 72 hours of becoming aware of the breach	GDPR Article 33
Notify the Information Commissioner's Office (ICO)	Within 72 hours of becoming aware of the breach	UK GDPR Article 33 for breaches involving UK users' personal data

In Addition, We Will

Take immediate steps to contain and mitigate the breach and prevent further unauthorized access to personal data.
Conduct a thorough internal investigation to determine the scope, cause, and impact of the breach.
Maintain comprehensive records of all data breaches, including facts, effects, and remedial actions taken, in compliance with GDPR Article 33(5) and UK GDPR Article 33(5).
Provide affected users with clear guidance on steps they can take to protect themselves from potential adverse effects.

15. Changes to This Policy

Afriq Global Market Limited reserves the right to update or modify this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or Platform features.

Material changes to this Privacy Policy will be communicated to you via email notification and a prominent notice on the Platform at least thirty (30) days before the changes take effect. Non-material changes, such as formatting or typographical corrections, may be made without prior notice.

Continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. The Effective Date at the top of this document indicates when this Privacy Policy was last substantively updated.

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Michigan, United States of America, without regard to its conflict of law principles.

Notwithstanding the foregoing:

For users located in Nigeria, the provisions of the Nigeria Data Protection Act (NDPA) 2023 shall apply in addition to this Privacy Policy, and in the event of any conflict, the NDPA 2023 shall prevail to the extent of such conflict.
For users located in the European Union or European Economic Area, the provisions of the General Data Protection Regulation (GDPR) shall apply in addition to this Privacy Policy, and in the event of any conflict, the GDPR shall prevail to the extent of such conflict.
For users located in South Africa, the provisions of the Protection of Personal Information Act (POPIA) shall apply in addition to this Privacy Policy, and in the event of any conflict, POPIA shall prevail to the extent of such conflict.
For users located in the United Kingdom, the provisions of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 shall apply in addition to this Privacy Policy, and in the event of any conflict, the UK GDPR and Data Protection Act 2018 shall prevail to the extent of such conflict.

As Afriq Global Market Limited expands its operations into additional countries, this Privacy Policy will be updated to reflect compliance with applicable data protection laws in those jurisdictions. Vendors and users will receive thirty (30) days' written notice of any material changes to jurisdictional coverage.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us using the information below:

Contact Detail	Information
Data Protection Officer	David Sopekan
Email Address	davidsopekan@afriqglobal.org
Website	www.afriqglobal.org
Mailing Address	Afriq Global Market Limited, Michigan, United States of America

We are committed to addressing all inquiries and requests in a timely and transparent manner. We will endeavor to respond to all communications within thirty (30) days of receipt.