Privacy policy

At MEGASTORE, we care about personal data. It is very important to us to be transparent about the data we collect, how we use such data and with whom we share it. This is why we advise you to read the following Privacy Policy, as well as our Terms of Service and Cookie Policy, to be fully informed about processing of personal data. We believe that the responsible use of data supports business growth and builds strong relationships between partners, consumers, and brands. We are committed to respecting and protecting personal data and privacy of all individuals with whom we interact. We set a high bar for security and privacy and we follow holistically intelligent approach to manage the risks to maintain the trust of our clients and business partners. As we move into our second decade in digital monetisation, we are as vigilant as ever about trust – a multifaceted virtue in need of constant attention from all parts of our organization.

The term "MEGASTORE" or "us" or "we" refers to the company VAS ACQUICO LIMITED, with its registered office at 22A Guinness Road, Ogba-Ikeja, Lagos, Lagos State, Federal Republic of Nigeria. The term "personal data" means any information by which a natural person can be identified, directly or indirectly. The term "data controller" means natural or legal person which, alone or jointly with others, determines the purposes and means of the data processing and is responsible for processing such data in a manner consistent with the applicable legislation.

The term "data processor" means the natural or legal person which processes personal data on behalf of a data controller. When we processes personal data by the means and for the purposes determined by our business partners, we act as a data processor. For more information on cases in which we act as data processor, please read our Terms of service.

2. WHAT DATA WE COLLECT AND HOW WE COLLECT IT MEGASTORE processes, as a data controller, personal data in the following situations: Business cooperation - when you use our services, ask us for a support, send us enquiry, and do business with us; Sales activities - when you register in order to get information for a specific service, and/or ask to communicate with us; Marketing activities - when you subscribe to our newsletter or our event, visit our website or social network profile, send us information through a contact form, or you are a part of our marketing campaign; Recruiting and selection processes - when we try to find best employees and you apply for a job to some of the published open positions; Security reasons - we make sure that our information systems are following principles of confidentiality, integrity, and availability. For that reason we keep track of business activities and keep track of log files and other digital traces. Legal, financial and compliance obligations – we make sure to respect all relevant legal and compliance obligations and for that reason we ask you to provide us with necessary data.

We collect and process personal data connected with usage of our services, e.g. if you create an MEGASTORE account, ask for a support and become a client or a business associate. For that purpose, we will collect personal data of our clients and contact persons of our clients, such as name, contact information (e-mail, phone number, address, job title, log files, registered client name, log-in details, information on incidents and reports, and User-Agent), and billing information (name, address, VAT number) connected with the client/business associate.

Processing these types of personal data is necessary to us in order to enter into a business relationship or to fulfil our obligations arising from an existing contract/business relationship. If you are our client as an individual, we obtain this data directly from you. If your organisation is our client, we may obtain your personal data either directly from you or via your organisation.

When we process personal data on behalf of our clients for the purposes of providing our services to clients, in accordance with the Terms of Service, and/or the agreement for the Services and Data Processing Agreement concluded with our clients, the client is data controller and MEGASTORE is data processor regarding such personal data processing activities.

Based on our legitimate interest, we also collect the data you generate during your activity on our platform for improving our products and services (e.g. your behaviour records, such as time spent, pages visited, history of your visits and features used, IP address, browser type, device type, demographic category, language). We obtain this data directly from you. When you browse our website and use our services, we automatically collect data by placing necessary cookies and trusted tracking technologies on your browser. For more information on how we collect you data through cookies, please visit our Cookie Policy.

We process personal data about visitors of our website and people who contact us through e-mail, phone call, social networks or website contact forms or some other way of communication. Based on our legitimate interest for doing business and sell our products and services, we will collect only basic contact information (such as name, surname, phone number, email address, company, job title, position, address) as well as any other information you choose to send us, depending on a nature of your contact. For this purpose, please do not send any sensitive data to us.

We process personal data when people subscribe to our newsletter, webinar, event, blog, case study or our other services through which we provide the information about our business and services. For this purpose, we process data based on your consent, such as, name, surname, employer/company, country, mobile phone, email address and for this we use Mailchimp services. We also process data regarding opening e-mails, bounce rate, clicks, subscription, news segments.

We publish our online events and recordings from our offline events on our Youtube channel (owned by Google). We publish our guest speakers and our employees but we do not publish personal data of participants to our events. We also process personal data based on our legitimate interest for performing direct marketing activities. If you are our current client or you were in contact with us, we will send you some news on our products, services and events, and for this we use Mailchimp services.

If you contact us through webforms on our website, through an e-mail, phone, or social network profile we will process data from contact form and a message based on our legitimate interest to connect and communicate with potential clients/business associates. In any case you may unsubscribe from our news by clicking the link in our email or responding to us with your request. In such case we will stop with marketing activities and store your data in unsubscribed list for 6 years from the day of unsubscribing, based on our legitimate interest to prove facts on compliance steps we need to take within the period of statutory limitations.

When you visit our website, we use third-party services such as Ahrefs for SEO optimization, Google Analytics in order to collect internet log information and details on visitor behaviour patterns (browser, cookie ID, language, device, page visited) and we also perform Google Ads campaigns and use Youtube Ads services. We connect Google Ads services with Zoho CRM system. Google Ads provides unique GCLID (Google Click ID) for every click that comes to our website from an Google Ads ad. The GCLID gives as information such as the ad campaign, ad group, keyword. This information is combined with Zoho CRM account along with the lead information that we collect from the visitor who fills up the web form on our website.

For insights and advertising purposes we use as joint controllers Linkedin Ads, Linkeding Page Insights, Twitter Ads. We also use Facebook Ads for advertising purposes for which Facebook Ireland is a joint controller of the Joint Processing and further information on how Facebook Ireland processes Personal Data, including the legal basis Facebook Ireland relies on and the ways to exercise Data Subject rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy. MEGASTORE and Facebook Ireland have entered into the Controller Addendum to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing, according to which MEGASTORE is responsible for providing data subjects with the information on data processing, and Facebook Ireland is responsible for enabling data subjects rights under Articles 15-20 of the GDPR with regard to the personal data stored by Facebook Ireland.

When you browse our website, we automatically place certain cookies on your browser. The information we collect helps us maintain and improve our website, business, as well as marketing and sales activities. It usually includes your IP address, browser type, the pages you’ve visited, as well as whether you’re a new or returning visitor. For more information please read our Cookie Policy.

MEGASTORE information security management system is established by the security and management board, and governed by information security policy and procedures. MEGASTORE adheres to the ISO 27001, and GDPR and NDPR standards. These include topics such as asset management, identity and access management regulations, IT operations and administrations, incident response management.

Communications to external entities uses HTTPS (TLS 1.2 or above), APIs are authenticated and secured through the use of industry standard OAUTH2 protocol. Fraud management firewall examines the source and behaviour of the traffic to identify rogue traffic and filters it before it is processed. Fraud management technology includes both rules-based protection as well as machine-learning. MEGASTORE has also established procedures for system backups and disaster recovery. Security and data protection training sessions are organized periodically for all employees to ensure that they know what is expected of them and how to maintain compliance within their role.

Based on our legitimate interest to protect our employees, associates and our property we process personal data, such as, log files, IP address, traffic data, metadata, clicks, views, incident reports, data form data breaches. In case of personal data breach, we must perform risk assessment and based on this assessment we will inform supervisory authority, data controller and data subjects, in accordance with the NDPR and relevant laws on cybersecurity.

As a company registered in the Federal Republic of Nigeria, we have to comply with legal obligations in the Nigerian law. Regarding data protection laws, we also comply with necessary laws with regards to certain data subject. We process and store all the necessary financial records, invoices, reports, transaction, agreements and statements. We also process data based on our legitimate interest to defend our claims in court proceeding or similar proceeding.

We keep personal data for the period of time that is prescribed by law. For the general business activities we keep the data for 5 years, and we keep accounting and financial records for 5 years from the end of the last company financial year for which data relates to.

In some cases, where the law does not define maximum data retention period, we keep some personal data based on legitimate interest, in case, we need to defend our claim at court or some other public authority, in accordance with statutory limitations periods.

In case of providing a consent for processing personal data, your personal data will be retained in our database for a period specified in such consent. Data used for analytics purposes is retained for 2 years. If you wish to withdraw your consent for processing of your personal data for any purpose and to delete your data from our database, you can do that at any time by sending an email to info@vasqcquico.ng. Regarding processing of your personal data that is not subject to your consent, we will process such data for a period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer period for the processing of such personal data is required or permitted by law. After expiration of such period, we may keep your data for archival, statistical and/or other legitimate purposes, in a non-identifiable form.

Data processors - we share personal data with authorised data processor for providing IT support, accounting, legal, HR, marketing, and sales services. For these type of activities we also engage affiliated MEGASTORE and Infobip companies.

Network operators and/or other communications service providers - when necessary for the set-up of proper connectivity. Third-party service providers - to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal information with our trusted and verified third-party service providers for example in order to enable them to process payments for us or to prevent fraud.

Relevant legislation - in case we are presented with a legal obligation, we will share the data from users with such third parties that are legally entitled and authorized to request the same, such as within criminal procedures or threats to the public security.

Online marketing - we use Google Ads, Facebook Ads, Linkedin Ads, Youtube ads, Twitter ads as online marketing tools and for this reason we share some personal data of our website visitors or people who clicked on our online ads. We and our authorized partners use cookies and other information gathering technologies for a variety of purposes. These technologies may provide us with some identifiers, information about devices you utilize to access our website, and other information regarding your interactions with our website. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy. For avoiding ads you can adjust setting in your browser on install certain plug-ins.

Mergers and acquisitions - personal data may be transferred to data recipients who are in the process of buying our company or part of our company (for example, in case of due diligence process), or personal data can be transferred to a company which merged with our company or to company who bought partially or in whole our company in case of business acquisitions or resolution/bankruptcy proceeding. Re-captcha – for security reasons and avoiding spam and bots making enquiry, we use Google Re-captcha. More information is available in Google’s Privacy Policy.

For providing our services, unless otherwise agreed with a client, we use data centre located within European Union (Frankfurt, Germany). We transfer data to USA in cases in which we use services of our data processors. We use Zoho for processing contact details of contact persons from our sales and marketing leads, and we use Microsoft Office 365, Atlassian, andGoogle Re-captcha services for performing business activities and communication.

We also transfer data regarding activities on our website and social networks for online marketing activities, which is explained in our Cookie Policy. In cases in which personal data has been transferred to third countries, we take all the appropriate and necessary steps to ensure that such data is processed in accordance with the applicable data protection laws, including signing standard contractual clauses

We generally do not process data about minors. In case we need to process personal data of a person under age of 18, we ask for guardian’s or parent’s permission. Please do not use our website and our company profiles on social networks if you are under age of 18.

In accordance with the Nigeria Data Protection Regulation (NDPR), in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

We reserve the right to update and/or amend this Privacy Policy. The most current version of the Privacy Policy will be published on our website with the indication of the date from which it applies.