Privacy Policy

1. Introduction

Stransact Chartered Accountants acts as the data controller for all personal data collected through this website and professional activities. This means that we are legally responsible for deciding how your data is used and protected. This policy outlines our practices for collecting, storing, and sharing your data in connection with your use of our website and other interactions with us, while also detailing your rights and how to contact us with any inquiries & complaints.

2. Legal Basis & Age Requirement

We process your data in compliance with the Nigeria Data Protection Act 2023 and NDPA -General Application & Implementation Directive 2025. In view of this, Stransact does not knowingly collect, process or store personal data from individuals under the age of 18. Our services are designed for business and professional users and not directed at minors. If we discover that we have inadvertently received personal data from a child without verified parental consent, we will take immediate steps to delete such information from our systems. Upon verification, we will take all necessary steps to remove the information and terminate any associated accounts. This policy reflects our commitment to protecting the privacy and safety of all users, particularly minors.

3. Scope of This Privacy Policy

This policy applies to:

• Users of our website and online contact channels
• Clients engaging our consulting, accounting, tax and regulatory advisory services
• Prospective clients and business contact who interact with us during business development
• Third parties whose personal data is shared with us in the course of client engagements
• Any automated data processing activities conducted by our systems in support of service delivery

Our website may contain links to third party websites managed by our trusted partners. Please review and read the privacy policy of those websites to understand how your personal data is being managed by those third parties.

4. Personal Data We Collect

The personal data we collect depends on the services and interactions you may have with us. The data we may collect includes but is not limited to:

We may collect the following types of personal information from individuals or organizations:

• Identity Data: Name, job title, professional designations, and government -issued identification details
• Contact Data: Email address, phone number, business address and postal address.
• Financial & Tax Data: Bank account details, tax identification number (TIN), financial statements and transaction records necessary for audit, accounting or advisory engagements
• Professional Data: Employment history, business registration details, shareholding information and corporate structure data
• Technical Information: IP address, device information, browsing history, and other data collected through cookies or similar technologies
• Communication Data: Records of correspondence, meeting notes, and engagement-related communications
• Compliance & Due Diligence: AML/KYC documentation, beneficial ownership information and regulatory filings collected in line with applicable Nigerian law

5. How we collect Your Personal Data

We collect personal data from you through the following channels:

• Directly from individuals or their authorized representatives, through forms, emails, or other communication channels.
• From our clients or partners, who provide personal information to facilitate software development projects.
• Indirectly through your browsing behavior on our website, facilitated by technologies such as cookies and tracking tools

6. How and Why, We Use Your Personal Data

We will only process your personal data only where we have a lawful basis for doing so. Depending on the nature of the processing activity, the applicable basis may include:

• Consent: Where you have freely given us specific, informed and unambiguous permission to process your data for a stated purpose.
• Legal Compliance: Where processing is necessary for us to meet our obligations under applicable laws and regulations
• Contractual Performance: Where processing is necessary to provide our services to you, or take steps you have requested prior to entering into an agreement with us
• Legitimate Interests: where we have a genuine business or operational interest in processing your data, provided that interest does not override your rights as a data subject.
• Legitimate Interest Assessment: Where we intend to rely on legitimate interest as a lawful basis, we will first conduct an assessment to ensure that our interests are proportionate and do not unfairly prejudice your privacy rights. You may request details of any such assessment by contacting our Data Protection Officer.

7. We will use personal data for the following purposes:

• Providing and improving our services, including software development, maintenance, and support.
• Communicating with you regarding your inquiries, requests, or support needs.
• Send you updates, newsletters, and promotional materials related to our services, subject to your consent where required.
• Conducting research and analysis to enhance and optimize our services.
• Protecting our legal rights and interests, resolving disputes, and enforcing our policies.

We will not use personal data for any purpose incompatible with those outlined in this policy without obtaining your consent or as required by law.

8. Sharing Your Personal Data

We may share your personal data with third parties in the following circumstances:

• Service Providers: Vendors and sub processors who support the delivery of our platform and services. All third-party processors are contractually bound to process data only on our instructions and in accordance with applicable data protection laws. These include but are not limited to cloud hosting providers, payment processors and analytics tools.
• Professional Advisors and Auditors: External legal counsel, auditors, accountants, and other professional advisors engaged under strict confidentiality obligations, including where such engagement is necessary for regulatory filings, dispute resolution and compliance reviews.
• Legal and Regulatory Authorities: Law enforcement agencies, courts, regulators and government bodies where disclosure is required or permitted by applicable law, court order or regulatory directive including Nigeria Data Protection Commission and Central Bank of Nigeria.
• Corporate Transactions: In connection with a merger, acquisition, business combination, asset sale, financing, or insolvency proceeding, personal data may be transferred to relevant parties. In such cases, data will be anonymized or pseudonymized where practicable, and any recipient will be bound by confidentiality and data protection obligations no less protective than this policy.

9. Data Security

We implement appropriate technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. These measures include but are not limited to:

• Regular security assessments and audits.
• Secure data storage and transmission.
• Access controls and authentication mechanisms.
• Vulnerability Assessment Penetration Testing.
• Employee training on data privacy and security.

We restrict access to personal data to authorized employees, contractors, and agents who need to know the information to provide our services and are subject to strict confidentiality obligations.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

When personal data is no longer needed, we will securely delete or anonymize it.

11. Cookies and Other Tracking Technologies

When you interact with our platform or website, we may deploy cookies and similar tracking technologies including pixel tags, session tokens and device fingerprinting tools to authenticate users, preserve session preferences, optimize platform performance and generate usage analytics. You may configure your browser or device settings to manage or decline cookies at any time. Note that disabling certain cookies may affect the functionality of our platform. For a full breakdown of the tracking technologies we use, the basis for their deployment, and how to manage your preferences, please refer to our Cookie Policy.

12. Your Rights

Under the Nigeria Data Protection Act 2023 and other applicable data protection legislation, you have the following rights with respect to your personal data:

• Access: The right to request a copy of the personal data we hold about you.
• Rectification: The right to have inaccurate or incomplete personal data corrected without undue delay
• Erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent
• Restriction: The right to request that we suspend or limit our processing of your personal data in certain circumstances
• Data Portability: The right to receive your personal data in a structured, machine-readable format and to transmit it to another controller where technically feasible.
• Objection: The right to object to processing carried out on the basis of legitimate interests or for direct marketing, including profiling linked to such marketing.
• Automated Decision making: The right not to be subject to decisions made solely by automated systems including profiling that produce legal or similarly significant effects on you.
• Withdrawal of Consent: Where our processing is consent based, you may withdraw that consent at any time via your account settings or by contacting us directly. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

13. International Data Transfers

If we transfer personal data to countries outside Nigeria or other jurisdictions with data protection laws that differ from those of your country, we will ensure appropriate safeguards are in place to protect the data, such as the use of standard contractual clauses or relying on the recipient's Privacy Shield certification (if applicable).

14. Updates to the Privacy Policy

We may update this Data Privacy Policy from time to time to reflect changes in our practices or legal obligations. We encourage individuals to review this policy periodically for any updates. The effective date of the policy will be indicated at the beginning of the document

15. Contact Us

If you have any questions, concerns, or requests regarding this Data Privacy Policy or our data privacy practices, please contact us at:

Stransact Chartered Accountants
11B, Oko Awo Street, Victoria Island, Lagos
Email: [email protected]
Data Protection Officer: Misturah Mebude
Phone Number: 07000223322

This Data Privacy Policy was last updated on 28th April 2026