Data Protection and Privacy Policy

1. Introduction

Picadailys Services Nigeria Limited (“Picadailys” or “the Company”) values the privacy and data protection rights of all users, partners, and stakeholders. As a digital fintech and lifestyle platform that processes customer information and financial transactions, Picadailys is committed to collecting, storing, and managing personal data responsibly, lawfully, and transparently.
This Data Protection and Privacy Policy defines how Picadailys handles personal information in compliance with the Nigeria Data Protection Regulation (NDPR 2019), CBN Consumer Protection Framework (2019), and applicable international best practices.

2. Purpose

This policy ensures that Picadailys:

• Processes personal data lawfully, fairly, and transparently.
• Protects users’ information against unauthorized access, alteration, disclosure, or loss.
• Establishes accountability and compliance structures for data protection.
• Builds and maintains user trust through responsible information management.

3. Scope

This policy applies to:

• All personal and sensitive information collected or processed by Picadailys.
• All employees and third-party partners who handle user data.
• All digital systems, databases, and third-party services integrated with Picadailys’ platform.

4. Data Collection

Picadailys collects only data that is necessary for service delivery, user experience, and compliance. The categories of data include:

• Personal Identification Data: Full name, date of birth, address, phone number, and email.
• Financial Data: Wallet details, transaction history, payment account information.
• Usage Data: App activity, device information, login times, and engagement metrics.
• KYC Data: ID documents, photographs, and verification data (via approved partners).

5. Lawful Basis for Processing

Personal data is processed based on one or more lawful bases:

• Consent: Explicit user consent for account registration and marketing activities.
• Contractual Necessity: Processing required to deliver core app functions.
• Legal Obligation: Compliance with CBN, NDPR, AML/CFT.
• Legitimate Interest: Fraud prevention, platform improvement, and analytics.

6. Data Use and Purpose Limitation

Picadailys uses collected data strictly for legitimate business purposes, including:

• Account creation and user verification (KYC).
• Processing financial transactions, rewards, and withdrawals.
• Providing customer support and notifications.
• Enhancing app performance, personalization, and security.
• Fulfilling legal, audit, and compliance requirements.

Picadailys does not sell, trade, or lease personal data to third parties.

7. Data Storage and Retention

• All data is stored in secure cloud environments with AES-256 encryption and TLS/SSL security.
• Backups are maintained in geo-redundant locations to ensure business continuity.
• Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected or as required by law.
• After expiration of retention periods, data is securely deleted or anonymized.

8. Data Sharing and Third-Party Processors

Picadailys may share limited data with:

• Licensed partner banks and regulators (for compliance).
• Verified third-party vendors offering KYC verification, analytics, or marketing services.

9. User Rights

• Correction: Update or rectify inaccurate information.
• Deletion: Request deletion of data no longer needed.

All requests can be submitted to compliance@picadailys.com and are addressed within 7 working days.

10. Review and Updates

This policy is reviewed annually or when there are changes in regulations, operations, or technology. Revisions are approved by management and communicated.

Email: compliance@picadailys.com | 02012271894
02012271895