Privacy Policy of Trolleva Limited
1. Introduction
TROLLEVA LIMITED operates the e-commerce website trolleva.com. We are committed to protecting the personal data of our users and customers and processing it transparently and securely, in compliance with the relevant Nigeria Data Protection Laws.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website, use our services, or make a purchases.
2. Personal Data We Collect
We collect various types of personal data to provide our services and manage our business operations.
- Identity Data: Name, username, gender, date of birth, and other identifiers.
- Contact Data: Billing address, shipping address, email address, and phone number.
- Financial Data: Payment card details and other payment information (handled securely via our payment processors).
- Transaction Data: Details about your purchases, orders, and payment history.
- Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our website.
- Usage Data: Information about how you use our website, products, and services (e.g., product page views, add-to-cart actions, session duration).
- Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.
3. How We Collect Your Data
We use different methods to collect data, including:
- Direct Interactions: You provide data when you create an account, place an order, subscribe to a newsletter, or contact customer support.
- Automated Technologies or Interactions: As you interact with our website, we automatically collect Technical and Usage Data using cookies, server logs, and other similar technologies.
- Third Parties: We may receive personal data from third parties such as analytics providers, advertising networks, and payment service providers.
4. Legal Basis and Purpose for Processing
We will only process your personal data when we have a lawful basis to do so under the relevant Data Protection Laws.
| Purpose of Processing | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a new customer | Identity, Contact | Performance of a contract with you |
| To process and deliver your orders, manage payments, fees, and charges | Identity, Contact, Financial, Transaction | Performance of a contract with you, Legal obligation |
| To manage our relationship with you, including notifications about policy changes or requesting reviews | Identity, Contact, Usage | Performance of a contract with you, Legitimate interests (to keep our records updated) |
| To administer and protect our business and website (including troubleshooting, data analysis, security, and system testing) | Technical, Usage | Legitimate interests (for running our business, security, and preventing fraud) |
| To deliver relevant website content and advertisements to you and measure the effectiveness of the advertising we serve you | Identity, Contact, Technical, Usage, Marketing | Consent, Legitimate interests (to study how customers use products, grow our business) |
| To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences | Technical, Usage | Legitimate interests (to define customer types for our products/services) |
5. Cookies
We use cookies and similar tracking technologies to track the activity on our service and store certain information. Necessary cookies do not require explicit consent, but all other types of cookies (e.g., marketing or analytics) require your active "Accept" or "Reject" option. A clear and visible cookie banner is displayed on our site for this purpose. You can withdraw your consent at any time.
6. Disclosure of Your Personal Data
We may share your personal data with internal staff, third-party service providers, and partners when necessary for the purposes outlined in this policy. These may include payment processors, delivery companies, and IT support.
We require all third parties to respect the security of your personal data and treat it in accordance with the law and written contracts.
We may also disclose personal data if required by law or in response to valid requests by public authorities (e.g., a court or government agency).
7. International Data Transfers
Your data may be transferred to and stored in countries outside of Nigeria. We will only transfer your personal data to a foreign country or international organization if we are satisfied that there are adequate controls and an adequate level of data protection in place, or if we have obtained your explicit consent after informing you of the potential risks.
8. Data Security and Retention
We have implemented appropriate technical and organizational security measures (such as encryption, firewalls, and access controls) to prevent your personal data from being lost, used, accessed, altered, or disclosed in an unauthorized way.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it. This is typically:
- 6 years after the last transaction in a contractual agreement.
- 3 years after the last active use of a digital platform.
- Immediately upon request by the Data Subject where there is no statutory obligation otherwise.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes.