Privacy Policy

Last Updated: June 1, 2026


1. Introduction and Identity of the Data Controller

This Privacy Policy is issued by Dantech Experts ("we," "our," or "us"), a premium branding and digital growth studio operating at https://dantechexp.com.

For the purposes of applicable data protection law — including the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) — Dantech Experts is the Data Controller in respect of personal data collected through our website, services, and communications.

Contact for all data protection matters:
Email: Support@dantechexp.com
Phone: +234 (0) 903 716 2194

By using our website or engaging our services, you confirm that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our website and services immediately.

2. Scope of This Policy

This Privacy Policy applies to:

  • All visitors to our website at https://dantechexp.com
  • Prospective clients who submit inquiries, contact forms, or consultation requests
  • Current and former clients who engage our branding, web design, SEO, and digital marketing services
  • Individuals who interact with us via email, phone, social media, or other communication channels
  • Newsletter subscribers and recipients of our marketing communications

This policy does not apply to third-party websites linked from our site. We encourage you to review the privacy policies of any external sites you visit.

3. Information We Collect (Article 13/14 GDPR & NDPR Disclosures)

In accordance with Article 13 of the GDPR and Section 2.1 of the NDPR, we provide the following mandatory disclosures at the point of data collection:

3.1 Data You Provide Directly

CategoryData TypesPurposeLegal Basis
Identity DataFull name, business name, job titleClient onboarding, service delivery, communicationsContract; Legitimate Interests
Contact DataEmail address, phone number, social media handlesProject communication, support, marketing (with consent)Contract; Consent
Financial DataInvoice details, payment method (not full card numbers — handled by processors)Billing, payment processing, tax complianceContract; Legal Obligation
Project DataBrand assets, business documents, creative briefs, contentService deliveryContract
CommunicationsEmails, messages, call notes, feedback, testimonialsProject management, dispute resolution, quality assuranceLegitimate Interests; Contract

3.2 Data We Collect Automatically

CategoryData TypesPurposeLegal Basis
Technical DataIP address, browser type, device type, OSWebsite security, analytics, fraud preventionLegitimate Interests
Usage DataPages visited, time on site, click paths, referral sourceWebsite improvement, UX optimizationLegitimate Interests; Consent (cookies)
Marketing DataAd interactions, campaign responses, email open/click dataMarketing performance measurementConsent
Location DataCountry/region (derived from IP)Regional service customization, legal complianceLegitimate Interests

3.3 Data from Third Parties

  • Social media platforms (LinkedIn, Instagram, Facebook, X/Twitter) when you interact with our profiles or ads
  • Referral partners and professional networks
  • Publicly available business directories and professional databases
  • Analytics providers (e.g., Google Analytics)
  • Payment processors (transaction status and fraud signals only)

3.4 Special Categories of Data

We do not intentionally collect any special categories of sensitive personal data (such as health data, racial or ethnic origin, religious beliefs, or biometric data). Please do not submit such information to us. If such data is inadvertently received, it will be deleted promptly.

4. Legal Bases for Processing

We only process your personal data where we have a valid legal basis to do so. The applicable legal bases under GDPR, UK GDPR, and NDPA 2023 are:

  • Performance of a Contract (Art. 6(1)(b) GDPR / S.25 NDPA): Processing necessary to deliver services you have contracted with us, or to take steps at your request prior to entering a contract
  • Legal Obligation (Art. 6(1)(c) GDPR / S.25 NDPA): Processing required to comply with Nigerian law, tax regulations, NDPR/NDPA obligations, or other applicable legal requirements
  • Legitimate Interests (Art. 6(1)(f) GDPR / S.25 NDPA): Processing necessary for our legitimate business interests, including fraud prevention, network and information security, service improvement, and business development — provided these interests are not overridden by your fundamental rights
  • Consent (Art. 6(1)(a) GDPR / S.25 NDPA): Where you have given explicit, freely given, specific, informed, and unambiguous consent — particularly for marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing

5. Purposes of Processing

5.1 Service Delivery and Contract Performance

  • Onboarding new clients and executing service agreements
  • Delivering branding, web design, development, SEO, and digital marketing services
  • Communicating project updates, deliverables, timelines, and revisions
  • Processing payments, issuing invoices, and managing financial records
  • Providing post-project support and maintenance

5.2 Legal and Regulatory Compliance

  • Compliance with Nigerian tax law, FIRS obligations, and CAMA requirements
  • Compliance with NDPR 2019 and NDPA 2023 audit and documentation requirements
  • Responding to lawful requests from Nigerian or international regulatory bodies
  • Maintaining records required under applicable law

5.3 Legitimate Business Operations

  • Fraud prevention, risk management, and credit checks where applicable
  • Enforcing contractual agreements and protecting our legal rights
  • Internal reporting, analytics, and business planning
  • Staff and contractor management

5.4 Marketing and Business Development (Consent-Based)

  • Sending newsletters, case studies, and educational content to opted-in subscribers
  • Retargeting website visitors with relevant advertising on Google, Meta, and LinkedIn
  • Informing existing clients of new services, promotions, or updates (soft opt-in where permitted)

You may opt out of marketing communications at any time by clicking "unsubscribe" in any email, or by contacting us at Support@dantechexp.com.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

6.1 Sub-Processors and Service Providers

We use the following categories of sub-processors who may process your personal data on our behalf. All are bound by Data Processing Agreements (DPAs) or equivalent contractual obligations:

CategoryExamplesPurposeLocation
Payment ProcessingStripe, PayPal, Flutterwave, PaystackInvoice payment, refundsUS / Nigeria
Cloud HostingAWS, SiteGround, WP Engine, CloudflareWebsite hosting, CDN, securityUS / EU / Global
Email & CRMMailchimp, ConvertKit, HubSpot, Gmail (Google Workspace)Client communication, marketingUS
AnalyticsGoogle Analytics, HotjarWebsite performance analysisUS
Project ManagementNotion, Trello, Asana, SlackProject collaboration and deliveryUS
Advertising PlatformsGoogle Ads, Meta Ads, LinkedIn AdsTargeted advertising and retargetingUS / Global
Video ConferencingZoom, Google MeetClient consultationsUS

You may request a full and current list of our sub-processors at any time by emailing Support@dantechexp.com.

6.2 Legal and Regulatory Disclosures

We may disclose your information to regulatory bodies, law enforcement agencies, courts, or government authorities where required by applicable law, including the Nigeria Data Protection Commission (NDPC), the UK Information Commissioner's Office (ICO), or EU supervisory authorities. We will notify you of such disclosures where legally permitted to do so.

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of business assets, your personal data may be transferred to the acquiring entity. We will notify you at least 30 days in advance via email and prominent website notice, and you will retain all data rights described in this policy.

6.4 Professional Advisors

We may share data with our lawyers, accountants, auditors, and insurers where necessary for the conduct of our business, subject to binding confidentiality obligations.

6.5 With Your Explicit Consent

We will not share your data for any other purpose without your prior written consent.

7. International Data Transfers

As a Nigerian business serving international clients, your data may be transferred to and processed in countries outside Nigeria, the EEA, or the UK. We ensure all international transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (for transfers from EEA)
  • UK International Data Transfer Agreements (IDTAs) (for transfers from the UK)
  • Data Processing Agreements (DPAs) with all sub-processors
  • NDPR-compliant cross-border transfer mechanisms as required by the Nigeria Data Protection Commission
  • Adequacy decisions by relevant supervisory authorities where applicable

By engaging our services, you acknowledge that your data may be transferred internationally in accordance with these safeguards.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. We also use similar technologies such as web beacons, pixels, and local storage.

8.2 Cookies We Use

TypePurposeLegal BasisDuration
Strictly NecessaryCore website functionality, security, session managementLegitimate Interests (cannot be disabled)Session / up to 1 year
AnalyticsUnderstanding how visitors use the site (e.g., Google Analytics)ConsentUp to 26 months
Marketing/TrackingDelivering targeted ads, retargeting, ad performance (Meta Pixel, Google Tag)ConsentUp to 90 days
PreferenceRemembering your language, region, and display preferencesConsentUp to 1 year

8.3 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner where you can accept, reject, or customize non-essential cookies. You can update your preferences at any time. You may also manage cookies directly through your browser settings or via opt-out tools provided by the Digital Advertising Alliance (DAA), Network Advertising Initiative (NAI), or your country's equivalent mechanism.

9. Data Retention

We retain personal data only as long as necessary for the stated purpose or as required by law. Our retention schedule is as follows:

Data CategoryRetention PeriodReason
Client project files and communications7 years from project completionLegal/contractual obligation, dispute resolution
Financial records and invoices7 yearsNigerian tax law (FIRS), CAMA requirements
Contracts and service agreements10 yearsStatutory limitation periods
Marketing subscribers (opted-in)Until unsubscribe or consent withdrawalConsent-based
Inquiry / contact form data (no engagement)2 yearsLegitimate Interests
Website analytics data26 monthsGoogle Analytics default / industry standard
CCTV / Security logs (if applicable)30 daysSecurity purposes

After the applicable retention period, data is securely deleted or irreversibly anonymized. We conduct annual data audits to ensure compliance with this schedule.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, alteration, disclosure, or destruction. Our measures include:

  • SSL/TLS encryption for all data transmitted via our website
  • Encrypted storage of sensitive client data
  • Role-based access controls limiting data access to authorized personnel on a strict need-to-know basis
  • Strong password policies and multi-factor authentication (MFA) for all internal systems
  • Regular software updates, patching, and vulnerability assessments
  • Secure, reputable cloud hosting infrastructure with physical and logical security controls
  • Confidentiality agreements with all staff and contractors
  • Annual internal data protection reviews

No method of electronic transmission or storage is 100% secure. We take reasonable precautions but cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any passwords or access credentials you use in connection with our services.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, in accordance with the NDPA 2023
  • Notify the relevant EU/UK supervisory authority within 72 hours where the breach affects EEA or UK data subjects under GDPR / UK GDPR
  • Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms
  • Maintain an internal Data Breach Register documenting all breaches, their nature, impact, and remedial actions taken

Breach notifications will include: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach.

12. Your Data Rights

12.1 Rights Under GDPR and UK GDPR (EEA and UK Residents)

  • Right of Access (Art. 15): Obtain a copy of your personal data and information about how it is processed
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to Erasure / Right to be Forgotten (Art. 17): Request deletion of your data where there is no legitimate reason for continued processing
  • Right to Restriction of Processing (Art. 18): Request that we limit processing of your data in certain circumstances
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing at any time
  • Rights Related to Automated Decision-Making (Art. 22): Not be subject to solely automated decisions that have a significant effect on you
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to Lodge a Complaint: File a complaint with your national supervisory authority (e.g., ICO in the UK, your national DPA in the EU)

12.2 Rights Under NDPR 2019 and NDPA 2023 (Nigerian Data Subjects)

  • Right to be informed about collection and processing of your personal data
  • Right of access to your personal data held by us
  • Right to rectification of inaccurate personal data
  • Right to deletion / right to be forgotten
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng

12.3 Rights Under CCPA (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, disclosed, or sold in the past 12 months
  • Right to Delete: Request deletion of personal information, subject to certain legal exceptions
  • Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell personal data)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: Restrict use of sensitive data to necessary service delivery
  • Right to Non-Discrimination: We will not deny services, charge different prices, or provide lower quality service for exercising your CCPA rights

12.4 Rights for Other Jurisdictions

Residents of Canada (PIPEDA/provincial laws), Australia (Privacy Act 1988), South Africa (POPIA), and other countries with applicable data protection laws may exercise equivalent rights as required under their local law. Please contact us to discuss your specific jurisdiction.

12.5 How to Exercise Your Rights

Submit all data rights requests to: Support@dantechexp.com with the subject line "Data Rights Request — [Your Name]."

We will acknowledge your request within 5 business days and respond substantively within 30 days (extendable to 90 days for complex requests, with notice). We may need to verify your identity before processing your request. There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.

13. Children's Privacy

Our website and services are directed exclusively at business professionals aged 18 and over. We do not knowingly collect, process, or retain personal data from individuals under the age of 18. If we become aware that personal data has been collected from a minor without verified parental consent, we will delete it without undue delay. If you believe a minor has submitted information to us, please contact Support@dantechexp.com immediately.

14. NDPR Compliance Statement

As a data controller operating in Nigeria, Dantech Experts is committed to full compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. Our compliance measures include:

  • Maintaining a Data Processing Register documenting all processing activities
  • Conducting annual Data Protection Impact Assessments (DPIAs) for high-risk processing activities
  • Ensuring all third-party data processors sign NDPR-compliant Data Processing Agreements
  • Filing annual data protection compliance reports with the NDPC where required
  • Implementing appropriate security measures as prescribed under the NDPR
  • Training staff and contractors on data protection obligations

For NDPR-related complaints or inquiries, you may also contact the Nigeria Data Protection Commission (NDPC) directly at ndpc.gov.ng.

15. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, and external tools. This Privacy Policy applies solely to data collected by Dantech Experts. We exercise no control over and accept no responsibility for the privacy practices, content, or security of third-party sites. We encourage you to review the privacy policy of every website you visit before sharing personal information.

16. Changes to This Privacy Policy

We review and update this Privacy Policy at least annually, or whenever there is a material change to our data processing activities, legal obligations, or regulatory requirements. Material changes will be communicated by:

  • Posting the updated policy on our website with a clearly visible revised effective date
  • Sending email notification to active clients and opted-in subscribers at least 14 days before changes take effect
  • Where required by law, obtaining fresh consent before processing data under new terms

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy, except where applicable law requires explicit re-consent.

17. Contact and Complaints

Email: Support@dantechexp.com

Social: @dantechexpert (Instagram) | Dantech Experts (LinkedIn, Facebook)