NDPR Compliance
How we protect personal data of Nigerian data subjects under the Nigeria Data Protection Regulation and the Nigeria Data Protection Act.
Last updated: April 21, 2026
Who This Applies To
The Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA) govern the processing of personal data of Nigerian residents. They apply to ShommyX Technologies Inc. whenever we process personal data of Nigerian data subjects, including members of Nigerian churches using our platform.
Lawful Basis for Processing
We process personal data on one or more of the following lawful bases:
- Consent — you voluntarily register an account or join a church on our platform.
- Contract — processing is necessary to provide the Service you or your church subscribed to.
- Legal obligation — where we must process data to comply with applicable law.
- Legitimate interest — for fraud prevention, service improvement, and security, where this does not override your rights.
Your Rights as a Data Subject
Under the NDPR and NDPA, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your personal data (right to be forgotten), subject to legal retention requirements
- Restrict or object to our processing of your data
- Data portability — receive your data in a structured, commonly used format
- Withdraw consent at any time, without affecting prior lawful processing
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
You can exercise most of these rights directly from your account settings (profile edit, data export, account deletion) or by contacting our Data Protection Officer.
Data Protection Officer
- Company: ShommyX Technologies Inc.
- Email: [email protected]
- Website: shommyxchurch.com
Direct all NDPR-related questions, access requests, and complaints to the email above, with "Data Protection Officer" in the subject line.
Cross-Border Transfers
Personal data of Nigerian users may be transferred to, and processed on, servers located outside Nigeria, including in the United States and other jurisdictions where our cloud providers operate. Where required, we rely on adequacy mechanisms or safeguards recognised under the NDPR and NDPA. We apply the same technical and organisational safeguards regardless of where data is stored.
Breach Notification
Where a personal data breach is likely to result in a risk to the rights and freedoms of affected data subjects, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, and we will notify affected individuals without undue delay where required.
Children's Data
Children's information (for example, entries in a church's kids check-in system) is provided by parents or guardians and is used only for the safety and operational purposes for which it was collected. We do not knowingly collect personal data directly from children under 13 without parental consent.
Retention
We retain personal data only for as long as necessary to provide the Service or to comply with legal obligations. Retention periods are described in our Privacy Policy.
Security Safeguards
We protect personal data with encryption in transit (TLS), strict access controls, multi-tenant data isolation, and regular security reviews. See our Security page for details.
Complaints
If you have an NDPR concern that we cannot resolve, you can lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
This summary is provided for transparency and is not legal advice. For the complete picture of our data practices, see our Privacy Policy.