Paylo

GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law — a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. Although Paylo is based in Nigeria, we respect the privacy rights of all our users, including those in the EU, and have implemented GDPR-compliant practices across our platform.

Your Rights Under GDPR

GDPR grants you specific rights regarding your personal data.

1. Right to be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.

2. Right of Access

You have the right to request access to your personal data and information about how we process it. You can request a copy of your data by contacting our support team.

3. Right to Rectification

You have the right to have inaccurate personal data corrected. You can update most of your information through your account settings or by contacting us.

4. Right to Erasure ("Right to be Forgotten")

You have the right to have your personal data deleted in certain circumstances, such as when the data is no longer necessary for the original purpose.

5. Right to Restrict Processing

You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another organisation.

7. Right to Object

You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.

8. Rights Related to Automated Decision Making

You have the right not to be subject to automated decision-making, including profiling, that has legal or similarly significant effects.

How to Exercise Your Rights

You can exercise your GDPR rights by contacting us or using your account settings.

Self-Service Options

  • Update your profile information in account settings
  • Download your data from the account dashboard
  • Manage communication preferences
  • Delete your account (with confirmation process)

Contact Our Data Protection Team

For more complex requests or if you need assistance, contact our data protection team at:

Email: privacy@usepaylo.com

Subject line: “GDPR Request - [Type of Request]”

Data Processing Lawful Basis

We process your personal data based on the following lawful bases under GDPR.

Consent

For marketing communications, cookies (non-essential), and optional features where you have given explicit consent.

Contract

For processing necessary to provide our services, process payments, and fulfil our contractual obligations to you.

Legal Obligation

For compliance with legal requirements, such as tax obligations, anti-money laundering laws, and regulatory requirements.

Legitimate Interest

For fraud prevention, security monitoring, service improvement, and analytics (where not overridden by your interests or rights).

Data Retention Periods

We retain your personal data for as long as necessary for the stated purposes.

Category

Account Data

Retained while your account is active and for up to 7 years after account closure for legal and regulatory compliance.

Up to 7 years after closure

Transaction Data

Retained for 7 years after the transaction for financial record-keeping and regulatory compliance.

7 years

Marketing Data

Retained until you withdraw consent or for up to 3 years of inactivity, whichever comes first.

Up to 3 years of inactivity

Support Data

Retained for up to 3 years after the support case is resolved for quality assurance and legal purposes.

Up to 3 years after resolution

International Data Transfers

As a Nigerian company, some of your data may be processed outside the EU. When we transfer personal data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Appropriate technical and organisational security measures
  • Regular assessment of transfer mechanisms

Data Security Measures

Technical Measures

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments and penetration testing
  • Secure development practices

Organisational Measures

  • Staff training on data protection
  • Data processing agreements with third parties
  • Privacy by design and by default
  • Incident response procedures

Data Breach Notification

In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach. We will also report qualifying breaches to relevant supervisory authorities as required by law.

Children's Data

Our services are not intended for children under 16 years of age (or the minimum age specified by local law). We do not knowingly collect personal data from children under this age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

Complaints and Supervisory Authorities

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact:

  • Your local EU data protection authority
  • The Irish Data Protection Commission (our lead supervisory authority in the EU)
  • Any other competent supervisory authority

However, we encourage you to contact us first so we can address your concerns directly.

Contact Our Data Protection Officer

Data Protection Officer

Email: privacy@usepaylo.com

Address: Paylo Data Protection Office, Abuja, Nigeria