Effective Date: October 25, 2025 | Last Updated: October 25, 2025
Controller: Gbero Mobility Ltd. (“Gbero”, “we”, “our”).
Regulatory compliance: This Policy is aligned with the NDPA 2023 and relevant FCCPC consumer-protection requirements for digital services.
1) Scope & Applicability
This Policy applies to all personal data we process in Nigeria and, where applicable, outside Nigeria in relation to users of our website, mobile app, and related services (“Services”). If you are based outside Nigeria but use our Services to engage with Nigerian users, your data may be processed under this Policy.
2) Registration & NDPC Compliance
Gbero Mobility Ltd. acts as a Data Controller. Where applicable, if designated a Data Controller of Major Importance, we will register with the Nigeria Data Protection Commission (NDPC).
NDPC Registration No.: [Insert number, if applicable].
3) Data We Collect
- Identity: name, gender, date of birth, driver’s licence number, NIN (drivers).
- Contact: email, phone number, address, emergency contact.
- Location: real-time GPS during trips for matching, navigation, and safety.
- Account & Auth: login credentials, OTP logs, wallet metadata.
- Transaction: trip bookings, payments, refunds, wallet top-ups/withdrawals.
- Device/Usage: IP, device/browser type, OS version, app telemetry, cookies.
- Communications: in-app chat, support tickets, feedback.
4) Purposes & Legal Bases
We process personal data for the following purposes and legal bases under the NDPA:
- Provide Services & fulfil contracts (ride matching, navigation, receipts) — Contract.
- Payments & wallet operations — Contract/Legal Obligation.
- Identity verification, trust & safety, fraud prevention — Legitimate Interest/Legal Obligation.
- Service communications & product updates — Legitimate Interest; Consent where required for marketing.
- Compliance with law/regulators — Legal Obligation.
5) Automated Decision-Making & Profiling
We may use automated processes (e.g., route matching, safety signals, dynamic pricing). You may object to automated decisions that significantly affect you or request human review by contacting us (see “Your Rights”).
6) Cookies & Similar Technologies
We use cookies and similar tools for core functionality, analytics, and improving user experience. You can manage cookies in your browser. Some features may not function if cookies are disabled.
7) Data Sharing & International Transfers
- Trip fulfilment: limited data shared with drivers/passengers as needed.
- Payments: third-party processors (e.g., Paystack, Flutterwave).
- Vendors: hosting, analytics, communications — under data-processing agreements.
- Compliance: NDPC, law-enforcement or courts where legally required.
If personal data is transferred outside Nigeria, we implement adequate safeguards (e.g., contractual clauses, risk assessments) to ensure protection consistent with the NDPA.
8) Data Retention
We keep personal data only as long as necessary for the purposes above or as required by law. Illustratively:
- Account data: for the life of your account and up to [X years] after closure.
- Trip & transaction records: minimum [X years] for audit/tax/safety.
- Support tickets: [X months/years] after resolution.
After retention periods, data is securely deleted or anonymised.
9) Security
We apply technical and organisational measures such as encryption in transit, access controls, least-privilege administration, and monitoring. No system is 100% secure; protect your credentials and report suspicious activity promptly.
10) Your Rights (NDPA)
- Access your data and obtain a copy.
- Rectify inaccurate or incomplete data.
- Erase data, subject to legal/contractual limits.
- Restrict or object to processing, including automated decisions.
- Withdraw consent (where processing relies on consent).
- Data portability (if/when enabled under applicable NDPC directives).
To exercise any right, contact our DPO below. We will respond within applicable statutory timelines.
11) Data Breach Notification
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the NDPC and affected users as required by law.
12) Children’s Data
Our Services are not intended for persons under 18. We do not knowingly collect children’s data. If you believe a child has provided data, contact us for prompt deletion.
13) Complaints & Redress
If you have concerns, contact us first so we can help. If you are not satisfied, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC).
14) Contact – Data Protection Officer (DPO)
Name/Role: [Insert DPO name or role]
Email: privacy@gbero.io
Phone: [Insert phone]
Address: [Insert office address]
15) Changes to this Policy
We may update this Policy periodically. We’ll post changes here and revise the “Last Updated” date. Where required by law, we will also notify you in-app or via email.