Data Protection, Data Handling & Privacy Policy

At Space in Africa Consulting Limited (hereinafter referred to as “SIA”, the “Organisation”, “we”, “us”, or “our”), we are committed to protecting your personal information and respecting your privacy. This Data Handling & Privacy Policy (the “Policy”) explains how we collect, use, disclose, and safeguard your data when you interact with our services, whether through our website, applications, or other platforms. We are dedicated to ensuring that your personal information remains confidential and secure, and we encourage you to read this policy carefully to understand our practices regarding your data.

This Policy applies to all products, services, and websites owned and operated by us, including our space consultancy platforms, research and advisory services, API Services, mobile-optimized versions of these sites, and mobile applications (all collectively referred to as the “Platform”).

This Policy ensures that We:

• Comply with all applicable data protection laws and uphold industry’s best practices in handling personal data.
• Process personal data lawfully, fairly, and transparently, ensuring purposes are clearly defined and legitimate.
• Collect and process only the data that is necessary to fulfill the specific intended.
• Store and secure your personal data with appropriate technical and organizational measures to protect against unauthorized access, loss, or misuse.
• Respect your rights to access, correct, delete, or object to the processing of your personal data, and provide clear procedures to exercise these rights.
• Maintain transparency about how we collect, use, store, and share personal data, informing individuals about our practices and safeguards.
• Take proactive steps to prevent, detect, and respond to data breaches, continuously improving our security and incident management processes.

Data we collect.

When you sign up to use or services or products or on any of our Platforms, we collect information about you. This information may include:

1. Personal data, such as your Full name, e-mail address, mailing address, location, age, and phone number;
2. Technical information, such as the type of mobile device and internet browser you use, your computer IP address, data about the pages you access, mobile device ID or unique identifier, statistics on page views, standard Web log data, still and moving images, etc;
3. Marketing data, such as users’ feedback; 
4. Usage data such as time spent on our platforms (web, or mobile), when the application was opened, device data, and learning engagement metrics such as (time spent learning, lessons viewed, test scores, etc.)
5. device type and settings, such as hardware model and operating system version;
6. log information, including details of how our service is used, device event information, and the device’s Internet protocol (IP) address;
7. unique application numbers, such as application version number; and
8. unique identifiers, which are used to collect and store information about an app or device, such as preferred language, app activity, and other settings.
9. User’s online activity and digital footprint on the Application including videos, search terms, and other interactions with content on the app. 

Data Collection and Handling

Prior to any data collection, you will be informed through a clear and accessible privacy notice. The notice will specify the types of personal data collected, the purpose for which the data is collected, the lawful basis underpinning the processing, and any recipients or categories of recipients with whom data may be shared, including external entities and authorized subcontractors.

Your personal data will be processed solely with your informed, freely given, and explicit consent, unless alternative legal grounds for processing apply as permitted by law. You will be given a straightforward mechanism to grant, withhold, or withdraw consent at any time.

We collect and process only the personal data that is strictly necessary for the specified and legitimate purposes disclosed in the privacy notice. We will not further process your personal data in a manner that is incompatible with those purposes.

​ Legal Basis for Processing your Data

We process your personal data based on the following legal grounds:

1. Consent: When you give explicit consent to receive communications or use certain features.
2. Contractual Obligation: To fulfill a contract or provide requested services.
3. Legal Compliance: To comply with applicable laws and regulations.
4. Legitimate Interests: To improve our services, maintain security, and prevent fraud.

How we use Your Data

We will only use the personal data provided for the purpose for the following:

1. to register you as a new user.
2. to manage your relationship with us;
3. to tailor our service offerings to your interest;
4. to provide personalized support
5. to make the Platform easier for you to use by not having to enter information more than once;
6. to manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities; and
7. to send periodic emails and marketing materials regarding your interest in Our products and services.

We use the information we collect for internal operational purposes such as spam and abuse prevention and enforcing our content license restrictions and providing and improving the service.

We do not allow you to share personal information with third parties or make it publicly available.

Data we share

We will not disclose any user information provided to us to any third party except in the following circumstances:

• Upon Consent: We will first obtain your explicit consent, or, if you are a minor, your parent’s or legal guardian’s consent, before disclosing your information to any third party.
• Legal reasons: We may share individual user information with a third party (companies, organizations, or individuals) if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
• for the performance of a contract to which You are a party or to take steps at your request before entering into a contract
• comply with any legal obligation provided by any applicable law, regulation, legal process, or enforceable governmental request.
• To protect Your vital interest or of another person
• enforce applicable Terms of Service, including investigation of potential violations.
• detect, prevent, or otherwise address fraud, security or technical issues.
• protect against harm to the rights, property or safety of Happy Woman Solutions Limited, our users or the public as required or permitted by law.
• External Processing: We may provide individual user information to our affiliates or other trusted businesses or persons to process it on our behalf, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
• Public Interest: We may disclose Your information to a Third Party for the performance of tasks carried out in the Public Interest or in the exercise of an official authority vested in Us
• Legitimate Interest: We may disclose Your information to a Third Party for purposes of legitimate interests, which may include:
• To improve our services and user experience
• To prevent fraud or criminal activity
• To protect our rights and interests, or those of our users or third parties
• To comply with industry standards or best practices
• To conduct research and analysis for internal business purposes

We will ensure that our legitimate interests do not override your rights and freedoms, and we will implement appropriate safeguards to protect your information.

We may share aggregate information about the use of the Platform with third parties to, for example, show trends about the use of the Platform or meet our reporting obligations with partners.

Third Party Links

Occasionally, we may include or offer third party products or services on our Platform. As such, our Platform may contain links to mobile applications owned and operated by third parties. These third-party mobile applications may have their own separate and independent privacy policies, which may govern the collection and processing of your personal data. We urge you to review these privacy policies – because this Policy will not apply. We therefore have no responsibility or liability for the content, activities and privacy practices of such third-party mobile applications.

Cookies

Our Platforms may use cookies (small files containing a string of characters), which we place on your computer, if you agree. These cookies allow us to uniquely identify your browser and to distinguish you from other users of our Platforms. This enables us to track your preferences and provide you with a personalized and smooth experience when you browse our Platforms. The cookies we use are “analytical” cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the Platforms when they are using it. This helps us to improve the way our Platforms works, for example by ensuring that users are finding what they are looking for easily. We do not share the information the cookies collect with any third parties.

User Profiles

Every registered user has a unique personal profile. Each profile is assigned a unique personal identification number, which helps us ensure that only you can access your profile.

When you register, we create your profile, assign a personal identification number, (your User ID) then send this personal identification number back your email address with an activation link for the activation of your profile. This code is uniquely yours. It is your passport to seamless travel across our Platforms, allowing you to use our Platforms without having to fill out registration forms with information you’ve already provided. Even if you switch devices, you won’t have to re-register – just use your User ID to identify yourself.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal, tax, accounting, and regulatory obligations, and to resolve disputes or enforce our agreements.

Your personal data will be kept for a period that allows us to manage or respond to any complaints, queries, or concerns related to our relationship with you. Where relevant, we may retain your data for a longer period if we reasonably believe there is a prospect of litigation or in the event of a complaint.

If you inform us that you no longer wish to be contacted, we will retain only the minimum information necessary to ensure no further contact is made.

We will regularly review the personal data we hold and will securely delete or anonymize it when it is no longer required for any legal, business, or user-related purpose.

Your Legal Rights

You have the right to:

1. request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information We hold about you and check that we are lawfully processing it. You can request to know (i) the purpose of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organisations; (iv) where possible, the period for which the personal data will be store, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from Us rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject or to object to such processing; (vi)  the right to lodge a complaint with the Nigeria Data Protection Commission; (vii) where the personal data is not collected from You, any available information as to their source; and (viii) the existence of automated decision making, including profiling the significance and envisaged consequences for the data subject. Please note that a data subject access request may attract an administrative fee;
2. request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though We may sneed to verify the accuracy of the new data you provide to us;
3. request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
4. object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where We are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms; request the transfer of your personal data to you or to a third party. We will provide you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Please note that this request may also attract an administrative fee; withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent. We may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
5. Restriction of data processing pending (i) the resolution of a request; (ii) objection by  You; and (iii) the establishment, exercise, or defense of legal claims

Data Governance

At SIA, we are committed to maintaining robust data governance practices to ensure the integrity, security, and lawful handling of all personal data.

We maintain and regularly review a comprehensive Data Protection Policy, which is fully aligned with the Nigerian Data Protection Act, 2023 and all other data protection frameworks in Nigeria. This governs all our data processing activities and is reviewed periodically to adapt to regulatory changes and evolving best practices.

All our personnel receive regular, documented training on data protection principles, internal policies, and procedures relevant to their roles. This consistent education ensures that all staff members understand their responsibilities and are equipped to handle personal data in a secure, compliant, and ethical manner.

Data Security

At SIA, we implement a variety of reasonable security measures to protect the security and integrity of your personal information.

We have put in place appropriate security measures including but not limited to access controls, firewalls, data encryption, and physical security to prevent your personal data from being lost, altered, disclosed, or otherwise used in an unauthorized way. 

We store and process your personal information on our server logs in Nigeria. Where We need to transfer your data to another country, we will ensure that such country is subject to a law, binding corporate rules, contractual clause, code of conduct or certification mechanism that affords an adequate level of protection with respect to your personal information in accordance with the Nigeria Data Protection Act, 2023. 

In addition, we limit access to your personal data to employees, agents and contractors on a need-to-know basis. These employees, agents, and contractors have a duty to maintain confidentiality at all times and will only process your personal data according to Our instructions.

Also note that We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so.

We maintain strict protocols to ensure that your personal data is properly segregated throughout all phases of processing and storage. 

To prevent unauthorized access to your data, we have implemented strong controls and security safeguards at the technical and operational levels. All personal data are transmitted using secure, encrypted channels that meet industry standards.  Our Platforms use Transport Layer Security (SSL/TLS) to ensure secure transmission of your personal data. You should see the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also start with https:// depicting a secure Webpage.

Please note that you also have a significant role in protecting your information. No one can see or edit your personal information without knowing your username and password, so do not share these with others. 

However, as the internet is not a secure medium, we cannot guarantee that security breaches will never occur. Accordingly, we are not responsible for the matters, which include actions of hackers and other unauthorized third parties that breach our reasonable security procedure.

Data Incident Management

Data incident refers to a breach of SIA’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, customer data on systems managed by or otherwise controlled by SIA. While we take steps to address foreseeable threats to data and systems, data incidents do not include unsuccessful attempts or activities that don’t compromise the security of customer data. For example, unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems do not qualify as data incidents.

Every data incident is unique, and the goal of the data incident response process is to protect customer data, restore normal service as quickly as possible, and meet both regulatory and contractual compliance requirements. The following table describes the main steps in our incident response plan.

 

Incident step	Goal	Description
Identification	Detection	Automated and manual processes detect potential vulnerabilities and incidents.
	Reporting	Automated and manual processes report the issue to the IT incident response team.
Coordination	Triage	Evaluation of the nature of the incident report. Assessment of the severity of the incident. Assignment of an incident commander.
	Response team engagement	Incident commander completes assessment of known facts. Incident commander designates leads from relevant teams and forms incident response team. Incident response team evaluates incident and response effort.
Resolution	Investigation	Incident response team gathers key facts about the incident. Additional resources are integrated as needed to allow for expedient resolution.
	Containment and recovery	Limitation of ongoing damage. Fixing underlying issue. Restoration of affected systems and services to normal operations.
	Communication	Key facts are evaluated to determine whether notification is appropriate. Communications lead develops a communication plan with appropriate leads.
Closure	Lessons learned	Incident response team retrospects on incident and response effort. Incident command designates owners for long-term improvements.
Continuous improvement	Program development	Necessary teams, training, processes, resources, and tools are maintained.
	Prevention	Teams improve the incident response program based on lessons learned.

Nigerian Data Protection Act 2023 Compliance

This Privacy Policy is in compliance with the Nigerian Data Protection Act 2023 (NDPA 2023). We commit to protecting the personal data of our users. We have implemented appropriate technical and organizational measures to ensure that we process Your personal data in accordance with the NDPA 2023 and other applicable data protection laws. By using our platform, you acknowledge that we process your personal data in accordance with this Privacy Policy and the NDPA 2023. 

Changes to Our Privacy Policy

We reserve the right to amend or modify this Privacy Policy and if we do so, we will post the changes on this page. It is your responsibility to check the Privacy Policy every time you submit information to us or use our services. Your use will signify that you agree to any such changes. In the event the purpose is for processing change, or if a revision is material, Space in Africa Consulting Limited will notify you via electronic mail or via a pop-up or redirection when you log in to our Platform.

Disclaimer

By this Policy we do not represent or warrant the condition or functionality of our platform(s), its suitability for use, nor guarantee that our service will be free from interruption or any error. No liability or responsibility shall lie for risks associated with the use of our Platforms, including but not limited to any risk to your computer, software or data being damaged by any virus, software, or any other file that might be transmitted or activated via our Platforms or your access to it. Neither do we guarantee the reliability of information contained on our Platforms particularly those shared by third party users.

Contact Us

Users may contact us directly with any questions or concerns at: info@spaceinafrica.com

Last updated: 21st November, 2025