Privacy Policy

1. INTRODUCTION: DATA PRIVACY NOTICE
Oxygen X Finance Company Limited (“we,” “our,” “us,” or “the company”) is a financial institution licensed by the Central Bank of Nigeria (CBN). Our mission is to provide quick and responsive financial services to:

Safeguarding your information using advanced security measures.
Ensuring transparency in how we collect, use, and share your data.
Empowering you with control over your personal data.

2. ABOUT THIS PRIVACY POLICY
This Privacy Policy outlines:

What data we collect.
Why we collect it.
How we store, process, and protect your data.
How you can access, manage, and delete your information.

We ensure that all our data processing activities comply with the Nigeria Data Protection Act (NDPA) 2023 and other relevant data protection laws. For any inquiries, please contact our Data Protection Officer (DPO) at:dpo@oxygenx.africa

3. WHEREOF
This Privacy Policy is established in compliance with:
3.1 Legal Framework

Section 37 of the Constitution of the Federal Republic of Nigeria (CFRN) 1999 (as amended) - Protecting the right to privacy.
The Nigeria Data Protection Act (NDPA) 2023 - Governing the collection, processing, and storage of personal data.
General Data Protection Regulation (GDPR) - For Nigerian data subjects residing in the European Union (EU), we ensure compliance with GDPR requirements, including data minimization, lawful processing, and data subject rights.
Other applicable data privacy laws and regulations that guide our data processing practices.

3.2 Scope of This Policy
This policy outlines Oxygen X Finance Company Limited's approach to data privacy principles when processing the personal data of:
i. Clients - Individuals and businesses using our financial services.
ii. Staff - Employees, contractors, and service providers.
iii. Vendors - Third-party partners or service providers.
iv. Visitors – Individuals visiting our physical locations or website.
v.Any Third Party – Anyone interacting with Oxygen Finance in any capacity.
3.3 Applicability to Data Subjects
This Privacy Policy applies to all individuals whose personal data we collect and process. It is designed to:

Emphasize your rights under the NDPA 2023.
Explain how we handle and protect your personal data.
Ensure compliance with regulatory requirements.

For further inquiries about this policy, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

4. WHAT WE DO
Oxygen X Finance Company Limited is a specialized financial institution dedicated to providing financial services to individuals, small, and medium-scale enterprises (SMEs).
Below is a breakdown of our services and why we require your personal data to serve you effectively:
4.1 Loan Services
We offer customized loan solutions designed to meet your personal and business financial needs. Our credit and loans team are skilled in crafting flexible financing options to support:

Personal financial needs.
Business expansion and working capital.
Short-term and long-term credit facilities.

Why We Need Your Data:

To assess your creditworthiness.
To comply with regulatory lending requirements.
To monitor and manage loan repayment.

4.2 Treasury & Investment Products
Our Treasury and Investment products are structured to provide premium-yielding investment opportunities for our clients. These products help you maximize returns on your funds through secure and profitable investments.
Why We Need Your Data:

To process your investment applications.
To provide accurate financial reporting.
To ensure compliance with investment regulations.

4.3 Our Core Operations
In summary, Oxygen X Finance Company Limited operates as a specialized financial institution focused on:

Credit Services - Providing structured loan solutions.
Funds Management - Helping clients optimize their investments.

By engaging with our financial services, you entrust us with your personal data, which we handle securely and in compliance with the Nigeria Data Protection Act (NDPA) 2023.
For any inquiries regarding data processing and privacy, contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

5. DATA PROTECTION OFFICER AND EMPLOYEE RESPONSIBILITIES
At Oxygen X Finance Company Limited, we are committed to ensuring the protection, accuracy, and security of personal data in compliance with the Nigeria Data Protection Act (NDPA) 2023.
5.1 Role of the Data Protection Officer (DPO)
The designated Data Protection Officer (DPO) is responsible for:

Ensuring Policy Accuracy & Compliance: Maintaining timely updates and ensuring that this Privacy Policy remains accurate and compliant with the NDPA 2023 and other relevant data protection laws.
Supervising Data Collection & Processing: Overseeing the proper notification of data subjects before data collection and processing. Ensuring that all data collected via our website, mobile applications, and other sources is handled transparently.
Handling Data Subject Requests & Complaints: Responding to data access requests, deletion requests, and other data privacy inquiries. Serving as the point of contact for regulatory authorities regarding data privacy compliance.
Ensuring Data Security Measures: Implementing organizational and technical security measures to prevent unauthorized access, breaches, or misuse of personal data.

5.2 Employee Responsibilities
All employees handling personal data must:

Comply with this Privacy Policy and all data protection regulations.
Ensure confidentiality when accessing, processing, or storing personal data.
Use personal data only for authorized purposes related to their job functions.
Report any suspected data breaches or security risks immediately to the DPO.
Participate in ongoing data protection training to stay informed about best practices and legal obligations.

6. ARTICLE 1: OUR COMMITMENT TO DATA PROCESSING PRINCIPLES
At Oxygen X Finance Company Limited, we are committed to processing your personal data in strict compliance with the Nigeria Data Protection Act (NDPA) 2023, GDPR (where applicable), and other relevant data protection laws.
In accordance with Section 24 of the NDPA and Article 5 of the GDPR, we adhere to the following core data processing principles:
6.1 Fair, Lawful, and Transparent Processing

We will always obtain your consent or rely on another lawful basis for processing your data.
We ensure transparency by clearly informing you about how your data is collected, used, and shared.

6.2 Processing for Specified, Explicit, and Legitimate Purposes

We will only collect and process your personal data for predefined purposes that we have clearly communicated to you.
Your data will never be used for any other purpose without your explicit consent.

6.3 Adequate, Relevant, and Limited Data Collection
We will only collect the minimum amount of personal data necessary to fulfil a specific purpose. This is in line with the Data Minimization Principle, which ensures that we do not collect excessive or irrelevant data, especially as we expand our operations globally.

For Nigerian customers: We collect only data necessary for compliance with Nigerian laws and regulatory requirements.
For Nigerian data subjects in the EU: We ensure that data collection aligns with GDPR requirements, including the principle of data minimization.

6.4 Accuracy and Data Updates

We will take reasonable steps to ensure that your personal data is accurate and up to date.
If you believe any of your data is inaccurate, you can request corrections through our Data Protection Officer (DPO):dpo@oxygenx.africa

6.5 Ensuring Data Security and Confidentiality
We implement robust security measures to protect your data from:

Unauthorized access.
Unauthorized disclosure.
Alteration or destruction.

We ensure that all data security protocols align with global best practices and NDPA 2023 requirements.
6.6 Commitment to Your Privacy Rights
At Oxygen X Finance Company Limited, we are dedicated to ensuring your data privacy, security, and control at all times.
For any inquiries regarding data processing principles, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa
6.7 Beyond Compliance: Accountability and the Data Protection Triad
At Oxygen X Finance Company Limited, we are committed to demonstrating accountability in our data processing practices.
We adhere to the Data Protection Triad:

Confidentiality - Ensuring that your personal data is only accessible to authorized personnel and protected from unauthorized disclosure.
Integrity - Maintaining the accuracy, completeness, and reliability of your personal data throughout its lifecycle.
Availability - Guaranteeing that your data is accessible when needed, without compromising security or privacy.

6.7.1 GDPR Compliance for Nigerian Data Subjects in the EU:
For Nigerian data subjects residing in the EU, we ensure that our data processing practices comply with the GDPR, including:

Lawful Basis for Processing: We rely on lawful bases such as consent, contractual necessity, or legitimate interests as defined under the GDPR.
Data Subject Rights: We respect and facilitate the exercise of GDPR rights, including the right to access, rectification, erasure, and data portability.

6.8 Our Commitment to Accountability
To uphold accountability and transparency, we:

Implement strict access controls to prevent unauthorized use of personal data.
Maintain accurate data records and regularly update them to reflect any changes.
Ensure that your data remains available for lawful and legitimate purposes.
Conduct internal and external audits to monitor compliance with privacy laws.

By prioritizing accountability, confidentiality, integrity, and availability, we protect your privacy rights while ensuring secure and responsible data management. For further inquiries, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

7. ARTICLE 2: CONSENT OF DATA SUBJECT
At Oxygen X Finance Company Limited, we respect your right to control your personal data. We recognize that your consent is the primary legal basis for processing your data, except where legal or regulatory obligations require otherwise.
7.1 Your Right to Consent
You have the right to:

Grant consent for the collection, processing, and use of your data.
Withhold consent if you do not agree to a specific data processing activity.
Withdraw consent at any time, subject to legal or contractual obligations.

Withdrawing your consent will not affect the lawfulness of prior data processing, but it may impact certain services that rely on your data.
7.2 When We Rely on Your Consent
We seek your explicit consent before processing your data in cases such as:

Legal obligations – Compliance with relevant banking regulations and financial reporting.
Contractual obligations – When processing is necessary to fulfil an agreement.
Legitimate interest – When processing is essential for business operations while ensuring no harm to your rights.

7.4 Understanding Your Rights
For a detailed explanation of consent in data processing, please refer to: Sections 26, 34, 36, and 38 of the Nigeria Data Protection Act (NDPA) 2023. For inquiries or to exercise your data rights, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

8. ARTICLE 3: OUR SCOPE OF DATA PROCESSING
8.1 Overview
At Oxygen X Finance Company Limited, we collect and process a range of personal data from our:

Customers.
Business partners.
Suppliers.
Service providers.

The table below outlines:

The categories of personal data we collect.
The purposes for which we collect it.
The lawful basis for processing the data.

Note: This list is not exhaustive. We ensure compliance with the Nigeria Data Protection Act (NDPA) 2023 while respecting your data privacy rights.
8.2 Categories of Personal Data We Collect

Table 1.0

S/N	Purpose of Collection	Type of Data Collected	Lawful Basis for Processing
1	Identification	Full name, title, marital status, phone number, email address, contact address, social media handles, gender, date of birth, national identification management card, and next of kin.	Legal Obligation. Some instances may involve public interest or require consent, as prescribed by the NDPA.
2	Notifications/Contact	Contact details (phone number, email, address).	Consent.
3	Financial Data/Records and Credit History	Bank account details, Bank Verification Number (BVN), biometrics, financial history, and Tax Identification Number (TIN).	Consent (May also involve Legitimate Interest or Legal Obligation for security analytics).
4	Employment	Name, phone number, email address, contact address, sex, and date of birth.	Contract (May also involve Consent, Vital Interest, or Legal Obligation in some instances).
5	Contract Processing	Name, phone number, email address, contact address, sex, and title documents.	Contract (May also involve Legitimate Interest or Public Interest, particularly in due diligence).
6	Transaction Processing	Details about payments to and from you, as well as details of the products and services you have subscribed to.	Legal Obligation (May also involve Legitimate Interest or Public Interest for security analytics).
7	Technical Use	Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and other technologies on the devices you use to access our website.	Legitimate Interest (To enhance security and improve user experience).
8	Profile Data	Username, password, interests, preferences, feedback, and survey responses.	Consent.
9	Usage Data	Information about how you use our website, products, and services.	Legitimate Interest (To improve customer experience and service delivery).
10	Marketing & Communications	Your preferences in receiving marketing materials from us and third parties, as well as communication preferences.	Consent.

We ensure that the data collected is relevant, adequate, and limited to what is necessary for the specified purposes. This principle is particularly important as we expand our operations outside Nigeria and interact with Nigerian data subjects in the EU, where GDPR compliance is required.
8.3 Our Commitment to Data Protection
At Oxygen X Finance Company Limited, we ensure that:

We only collect and process data necessary for our business and legal obligations.
We do not collect excessive data beyond what is required for each purpose.
We prioritize security and confidentiality in handling personal data.
We comply with the Nigeria Data Protection Act (NDPA) 2023 in all data processing activities.

If you have any concerns regarding how we collect or process your personal data, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa
8.4 SENSITIVE INFORMATION
At Oxygen X Finance Company Limited, we may collect and process sensitive information in specific cases where it is necessary for the provision of our financial services. We handle sensitive data with extra care and security, in strict compliance with the Nigeria Data Protection Act (NDPA) 2023.
8.4.1 When We Collect Sensitive Information
Sensitive data may be required when:

You provide biometric data for enhanced security verification.

8.4.2 What Constitutes Sensitive Information?
Sensitive personal data includes, but is not limited to:

Health Information – Medical history, fitness activities, and factors affecting your health.
Racial or Ethnic Origin – Data related to ethnicity or cultural background.
Political Inclinations – Membership in a political association or involvement in political activities.
Religious or Philosophical Beliefs – Data about your religious affiliations or philosophical views.
Memberships – Registration with a trade association or professional body.
Criminal Records – Information about past criminal convictions or legal proceedings.
Genetic or Biometric Data – Fingerprints, facial recognition, or voiceprint for authentication purposes.

8.4.3 Our Legal Basis for Collecting Sensitive Information
We only collect, hold, and process sensitive personal data if:

You have given explicit consent.
It is legally required to fulfil a contract or regulatory obligation.
It is necessary for security purposes, such as fraud prevention and risk assessment.
It is mandated by law for reasons of public interest, including regulatory compliance.

8.4.4 Our Commitment to Your Privacy
We recognize the sensitivity of this information and take extra precautions to:

Limit access to authorized personnel only.
Use advanced encryption for storing and transmitting sensitive data.
Ensure compliance with the NDPA 2023 and global data protection best practices.

For further inquiries about how we collect and process sensitive data, contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

9. ARTICLE 4: HOW OXYGEN FINANCE COLLECTS YOUR INFORMATION
At Oxygen X Finance Company Limited, we collect personal data from various sources to provide efficient financial services and comply with regulatory requirements.
9.1 Direct Collection from You
We often collect personal information directly from you when you:

Fill out a form (physical or online).
Call us for inquiries or support.
Meet with our representatives or agents.
Use our website or online services (See Section 4.4: Social Media Platforms for more information).

9.2 Collection from Third Parties or Agents
We may receive your personal data from:

Agents – If you interact with our authorized agents for financial services.
Regulators & statutory bodies – To ensure compliance with financial laws.
Service providers – Investigators, lawyers, financial advisors, and credit bureaus.
Credit reporting agencies – For risk assessment before issuing credit products.
Your employer or corporate partners – If you are using our financial services through an employment or corporate scheme.

9.3 Collection from Public & Third-Party Sources
We may obtain technical, contact, financial, and transaction data from:

Analytics providers, advertising networks, and search information providers – For website optimization.
Payment processors, credit bureaus, and anti-fraud services – To verify financial transactions.
Financial crime prevention agencies – To check for fraud, sanctions, and Politically Exposed Persons (PEPs).

9.4 Social Media Platforms
Oxygen X Finance Company Limited may provide access to various blogs, forums, and other social media platforms for customer engagement.
Important Notice:

Social Media Platforms allow users to share content openly.
Oxygen X Finance is not responsible if you share personal data that is subsequently used, misused, or appropriated by another user.
Before sharing personal information, consult the privacy statements of these platforms to understand the risks.

9.5 Our Commitment to Your Privacy
We take all necessary measures to ensure that your personal data is collected lawfully, processed securely, and handled in compliance with the Nigeria Data Protection Act (NDPA) 2023.
For data protection inquiries, contact our Data Protection Officer (DPO) at:dpo@oxygenx.africa

10. ARTICLE 5: DATA SUBJECT RIGHTS
At Oxygen X Finance Company Limited, we take your data privacy rights seriously. In compliance with Sections 34 and 35 of the Nigeria Data Protection Act (NDPA) 2023 and Articles 15-22 of the GDPR, you have the following rights regarding your personal data:
10.1 Your Rights Under the NDPA
i. Right to Access – You can request a copy of the personal data we hold about you.
i. Right to Rectification – You have the right to correct or update any inaccurate or incomplete personal data in our records.
iii. Right to Object – You can object to how we process your data, particularly in cases where processing is based on legitimate interest. You can also request that we limit the way we use your data.
iv. Right to Data Portability – You have the right to request a copy of your data in a structured, machine-readable format to transfer it to another service provider.
v. Right to Erasure (''Right to be Forgotten'') – You can request that we delete your data from our systems, subject to legal and regulatory obligations.
vi. Right to Restrict Processing – You can request that we limit or restrict how we process your personal data in certain situations.
vii. Right to Object to Automated Decision-Making – You can object to automated decisions made about you, particularly those affecting your creditworthiness or financial services access. You can request human intervention in any automated decision-making process.
viii. Right to Withdraw Consent – You can withdraw your consent at any time, without affecting prior lawful processing. To opt-out or unsubscribe from marketing emails, click on the unsubscribe link in our emails or contact us at the details provided in Article 22.
GDPR Compliance for Nigerian Data Subjects in the EU:
For Nigerian data subjects residing in the EU, we ensure that all GDPR rights are respected and facilitated, including the right to data portability and the right to object to automated decision-making.
10.2 Exercising Your Data Rights
To exercise any of your rights or make inquiries about your data, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa
For detailed information on these rights and the complaint process, refer to Part VI of the NDPA 2023.

11. ARTICLE 6: DATA RETENTION AND SECURITY
11.1 Commitment to Data Protection
At Oxygen X Finance Company Limited, we are committed to protecting your personal data in full compliance with the Nigeria Data Protection Act (NDPA) 2023.
We implement appropriate technical and organizational measures to ensure:

Security – Protection against unauthorized access and breaches.
Integrity – Prevention of data corruption or unauthorized modification.
Confidentiality – Access to your data is restricted to authorized personnel only.
Availability – Your data remains accessible for lawful and legitimate purposes.
Resilience – Data backup and recovery measures are in place to protect against accidental loss.

11.2 Data Retention Periods
The retention period for your personal data is determined by the purpose for which it was collected. We only collect and store data that is:

Necessary – We limit data collection to what is reasonably required by law or business needs.
Legitimate – We process data only for lawful and justified purposes.

This commitment aligns with your right to privacy under the 1999 Constitution of the Federal Republic of Nigeria and international human rights law.
11.3 Retention Timelines for Different Data Categories

Table 2.0

S/N	Type of Data	Retention Timeline	Justification
1	Customer Records	Subject to Article 3 and Article 16; we will retain your data only as long as necessary to fulfil its purpose and comply with legal obligations. Typically, this means for the duration of your use of our services. After that, it will be securely deleted or anonymized, unless legal retention requirements mandate otherwise (up to 10 years).	To fulfil contractual obligations and provide ongoing services. Data may be retained longer for legal or regulatory compliance.
2	Notifications and Communications	Retained for the duration of the service or until you unsubscribe or opt-out.	Necessary for customer communication and service updates.
3	Employment Records	Retained for the duration of employment and up to 5 years post-employment.	Required for contractual, legal, and regulatory compliance.
4	Contract Records	Retained for up to 7 years after contract termination.	Necessary for audit, dispute resolution, and legal compliance.
5	Transaction / Usage / Profile Data	Subject to Article 3 and Article 16; retained for the duration of service use. After that, data is securely deleted or anonymized, unless required by law.	To fulfil contractual obligations, serve legitimate/public interests, and enhance national security. Data may be retained longer for legal or regulatory compliance.
6	Technical Data	Retained for as long as necessary to ensure cybersecurity and fraud prevention.	Essential for security analytics and IT infrastructure monitoring.
7	Security Data (CCTV, Access Logs, etc.)	Retained for a minimum of 6 months and up to 3 years, subject to security policies.	Necessary for safety, fraud prevention, and compliance with security regulations.

11.4 Secure Deletion and Data Archiving
When your personal data is no longer needed, has exceeded its retention period, or where no legal requirement mandates continued storage, Oxygen Finance will:

Permanently delete or destroy the data from its systems and records.
Securely archive data that must be retained for legal purposes, ensuring privacy protections remain in place.

12. ARTICLE 7: MANDATORY DATA COLLECTION
At Oxygen X Finance Company Limited, certain types of personal data are mandatory for us to fulfil:

Contractual obligations – Ensuring seamless financial services.
Legal and regulatory requirements – Compliance with financial laws.
Security and fraud prevention – Protecting your transactions and identity.

Without providing this mandatory information, we may be unable to offer you certain services or meet legal obligations.
12.1 Why We Collect Mandatory Data

Identity Verification – Required for account opening, loans, and financial services.
Transaction Processing – Needed for loan repayments and investments.
Regulatory Compliance – To meet CBN, NDPC, and financial reporting requirements.
Security & Fraud Prevention – For risk assessment, fraud detection, and compliance with anti-money laundering (AML) laws.

12.2 Examples of Mandatory Data
Mandatory data may include, but is not limited to:

dentification details (e.g., full name, date of birth, BVN, and NIN).
Contact details (e.g., phone number, email address, and residential address).
Financial details (e.g., bank account details, tax identification number, and transaction history).
Employment or business details (e.g., employer information, income details, and source of funds).
Security data (e.g., biometric verification, CCTV recordings for safety).

12.3 Your Responsibility
When required, you must provide accurate and up-to-date mandatory information. Failure to do so may result in:

Service limitations or denial.
Delays in transaction processing.
Non-compliance with legal obligations, which may prevent us from serving you.

12.4 Contact for Further Clarification
For more details on our data processing practices, please contact our Data Protection Officer (DPO): dpo@oxygenx.africa
For an overview of how we collect, store, and use your data, refer to Article 16 (Data Protection Help Desk).

13. ARTICLE 8: TRANSFER OF DATA TO A THIRD PARTY
In today’s interconnected financial ecosystem, Oxygen X Finance Company Limited may need to share personal data with trusted third parties to:

Facilitate loan disbursements and repayments.
Comply with legal and regulatory requirements.
Ensure operational efficiency and fraud prevention.

This includes various financial intermediaries such as:

Switching Companies & Payment Processors – To process card transactions.
Acquirers & Merchants – To facilitate transactions.
Regulatory Bodies & Law Enforcement – For compliance with financial laws.

Your personal data will only be shared where necessary and will always be protected with adequate security measures to ensure confidentiality and integrity.
13.1 Third-Party Services Offered Through Our Platform
To enhance our financial services, Oxygen X Finance Company Limited may partner with third-party service providers who offer valuable services to you.

These service providers operate independently and may rely on their own lawful basis for processing your personal data.
The types of data shared may include your contact details, transaction details, or other relevant information required for service delivery.

Examples of third-party services may include:

Payment Gateways – For seamless online transactions.
Loan & Credit Scoring Agencies – To assess creditworthiness.
Cloud Service Providers – To securely store and process financial data.
Insurance & Investment Partners – If you opt for financial products through us.

13.2 Your Right to Control Your Data
At Oxygen X Finance Company Limited, we value your right to privacy and ensure you remain in control of your personal data.
If any service requires your consent, you have the right to:

Decline participation and restrict processing of your personal data.
 Opt-out of promotional communications related to optional services by unsubscribing.

We ensure that all third-party engagements comply with the Nigeria Data Protection Act (NDPA) 2023 and international data protection standards.
For further inquiries about third-party data transfers, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

14. ARTICLE 9: TECHNICAL INFORMATION AND COOKIES
At Oxygen X Finance Company Limited, we use technical tools and cookies to improve our website performance, security, and user experience. Our data collection practices comply with the Nigeria Data Protection Act (NDPA) 2023, ensuring your privacy and security.
14.1 Website Data Collection and Cookies
When you visit our website, we automatically collect certain technical data such as:

IP Address – To identify geographical access points for security and fraud prevention.
Device Information – Browser type, operating system, and version.
Browsing Data – Pages visited, time spent on the website, and interaction patterns.
Referrer Information – The website you visited before landing on our page.

This data helps us:

Understand user behaviour to enhance website functionality.
Detect and prevent fraud or security threats.
Improve website performance and personalize your experience.

14.2 Cookies and Your Preferences
Cookies are small text files stored on your computer or mobile device when you visit our website. They help:

Remember your preferences (e.g., login details, language settings).
Enhance website functionality (e.g., faster page loading, better navigation).
Personalize content based on your previous interactions.

However, we understand that not all websites use cookies responsibly. You have full control over your cookie preferences and can:

Disable or delete cookies via your browser settings.
Opt-out of tracking cookies for personalized marketing.

14.3 Our Commitment to Privacy
We ensure that all automatic data collection methods on our website:

Do not compromise your privacy rights.
Comply with the NDPA 2023 and global data security standards.
Use robust security protocols to prevent misuse or unauthorized access.

For any concerns regarding technical data collection or cookie usage, please contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa

15. ARTICLE 10: PERSONAL DATA SECURITY AND INTEGRITY
At Oxygen X Finance Company Limited, we prioritize the security, integrity, and confidentiality of your personal data. We employ advanced security technologies and strict protocols to prevent:

Cyberattacks.
Unauthorized access.
Data loss or corruption.

Our multi-layered security approach aligns with the Nigeria Data Protection Act (NDPA) 2023, GDPR (where applicable), and global best practices.
15.1 Data Security and Regulatory Compliance
We ensure robust data protection by:

Implementing industry-standard encryption and security protocols.
Conducting regular security assessments to prevent threats.
Ensuring access control mechanisms to limit unauthorized data usage

15.2 Meeting Legal Requirements
We actively fulfil our legal obligations under the NDPA 2023 and GDPR through:
i. Compliance with the Nigeria Data Protection Act 2023 – Ensuring all data processing activities align with NDPA standards.
ii. Compliance with GDPR – For Nigerian data subjects in the EU, we ensure that our data processing practices comply with GDPR requirements, including data minimization, lawful processing, and data subject rights
iii. Conducting Data Privacy Assessments – Identifying risks and enhancing data protection strategies.
iv. Employee Training on Data Protection – Ensuring staff understand data security responsibilities.
v. Vendor Data Security Agreements – Requiring strict data security warranties from third-party service providers.
15.3 Measures to Ensure Data Integrity & Confidentiality
To protect the reliability and security of your personal data, Oxygen X Finance Company Limited follows these strict security measures:
i. Access Controls – Only authorized personnel can access or modify personal data.
ii. Unauthorized Access Prevention – Data is protected from unauthorized viewing, processing, or sharing.
iii. Employee Data Privacy Responsibilities – Employees are strictly prohibited from using personal data for:

Private or commercial purposes.
Disclosure to unauthorized individuals.

iv. Ongoing Compliance Training – Employees are informed at the start of their employment about data privacy obligations, which remain in effect even after employment ends.
15.4 Data Breach Notification
In the event of a data breach that poses a high risk to your rights and freedoms, Oxygen X Finance Company Limited is legally required to:

Report the breach to the Nigerian Data Protection Commission (NDPC) within 72 hours of becoming aware of the data breach.
Take immediate action to investigate, contain, and rectify the breach.
Notify affected data subjects if their rights are significantly impacted.

For more details on data breach requirements, refer to Sections 28, 39, and 40 of the NDPA 2023.
For questions or concerns about data security, contact our Data Protection Officer (DPO): dpo@oxygenx.africa

16. ARTICLE 11: JOB APPLICANTS
At Oxygen X Finance Company Limited, we collect and process personal data from job applicants to facilitate recruitment and hiring processes. This ensures that all applications are properly assessed while maintaining data protection compliance under the Nigeria Data Protection Act (NDPA) 2023.
16.1 Application Information
When you apply for a position at Oxygen X Finance Company Limited, you will be required to provide:

Personal details – Name, contact details, date of birth.
Educational background & work history – Academic qualifications, past employment records.
Referees, next of kin, and guarantor details – Information required for background checks.
Other relevant information – Certifications, professional memberships, and additional supporting documents.

Providing this information is essential for us to process your application.
16.2 Data Usage for Recruitment
We collect your personal data for legitimate recruitment purposes, including:
i. Candidate Assessment – Evaluating your skills and experience against job requirements.
ii. Interview & Feedback Tracking – Managing interactions throughout the hiring process.
iii. Recruitment Process Optimization – Improving our recruitment models through data analysis.
We may also use your anonymized data to:

Identify effective recruitment sources.
Enhance training and onboarding programs.
Refine our interview models for better hiring decisions.

16.3 Optional Communications and Data Sharing
With your explicit consent, we may:

Send you relevant job opportunities, recruitment updates, and career events hosted by Oxygen Finance.

Share your application data with:

Affiliated companies (for group-wide recruitment opportunities).
Third-party service providers such as:

i. Recruitment agencies.
ii. Background check providers.
iii. IT system providers (for digital recruitment platforms).
Your data may be transferred outside Nigeria, but we will ensure appropriate safeguards are in place, as required under the NDPA 2023.
16.4 Data Retention
We retain your application data for a maximum period of six (6) months, unless:

Your application is successful – Your data will be retained as part of your employment records.
You request early deletion – Subject to legal and regulatory obligations.

16.5 Data Subject Rights and Contact
If you wish to:

Access, update, or correct your recruitment data.
Withdraw consent for data processing.
Request deletion of your personal information.

You may contact our Data Protection Officer (DPO) at: dpo@oxygenx.africa
For further details on your rights under NDPA 2023, refer to Article 5 (Data Subject Rights).

17. ARTICLE 12: MAINTAINING ACCURATE INFORMATION
At Oxygen X Finance Company Limited, we are committed to ensuring that your personal data remains accurate, complete, and up to date. Maintaining correct records is essential for providing efficient financial services and complying with regulatory requirements.
17.1 Your Responsibility to Update Information
To help us maintain data accuracy, please notify us promptly if any of the following personal details change:

Contact information – Phone number, email address, or residential address.
Employment details – Job position, employer, or income status.
Financial details – Bank account or tax identification number (TIN).
Identification documents – Updates to your BVN, NIN, etc.

Providing up-to-date information helps us:

Deliver personalized financial services without disruptions.
Ensure compliance with regulatory and security requirements.
Prevent issues related to identity verification or fraud prevention.

17.2 How to Update Your Information
You can update your personal data by:

Contacting our customer support team via email or phone.
Sending an update request to our Data Protection Officer (DPO). Email: dpo@oxygenx.africa

17.3 Your Right to Rectification
Under the Nigeria Data Protection Act (NDPA) 2023, you have the right to request corrections if your personal data is inaccurate or incomplete. To exercise your right to rectification, contact our Data Protection Officer (DPO) at: Email: dpo@oxygenx.africa
For further details on data subject rights, refer to Article 5 (Your Data Subject Rights).

18. ARTICLE 13: CHILDREN'S PRIVACY
At Oxygen X Finance Company Limited, we are committed to protecting children's privacy and personal data. We recognize the importance of safeguarding minors' information; therefore, our platforms are not designed for or directed at individuals under the age of 18. In line with our policy, we do not knowingly collect or retain any personal information from children under 18, and our services are strictly intended for adults.

19. ARTICLE 14: CAVEAT ON WEBSITE LINKS
At Oxygen X Finance Company Limited, we may provide links to third-party websites for your convenience and informational purposes. However, it is important to understand that:

These links do not constitute an endorsement of the content, products, or services offered by third-party sites.
We do not control and are not responsible for how third-party websites collect, process, or use your personal data.
Our privacy policy applies exclusively to our website and does not cover external websites.

19.1 Your Responsibility as a User
Before interacting with any third-party website, we strongly recommend that you:

Review their privacy policies to understand how they handle your personal data.
Exercise caution when sharing personal or financial information on external platforms.
Be aware that third-party sites may have different data security measures than ours.

19.2 No Liability for Third-Party Practices
Oxygen X Finance Company Limited will not be liable for:

Data breaches, unauthorized use, or privacy violations that occur on external websites.
Misinformation or deceptive content found on third-party links.
Financial or reputational losses incurred from interactions with linked sites.

19.3 Protecting Your Data Online
To enhance your online security, we recommend that you:

Use strong passwords and enable two-factor authentication where possible.
Avoid entering sensitive information on websites that do not have HTTPS encryption.
Regularly update your passwords and monitor financial transactions for any unauthorized activity.

For any concerns regarding website security and privacy, please contact our Data Protection Officer (DPO): dpo@oxygenx.africa

20. ARTICLE 15: TRANSFER TO THIRD PARTIES AND COUNTRIES (CROSSBORDER TRANSFERS)
At Oxygen X Finance Company Limited, we may engage third-party service providers to support our financial operations and technology infrastructure. Some of these providers may be located outside Nigeria.
To ensure your personal data remains secure, we implement strict data transfer safeguards in compliance with the Nigeria Data Protection Act (NDPA) 2023, GDPR (where applicable), and other relevant data protection laws.
20.1 Conditions for Transferring Data to Third Parties
Before transferring your personal data to any third party, we ensure:

A Data Processing Agreement (DPA) is in place to enforce data protection measures.
Your explicit consent is obtained if the purpose of processing was not initially stated at data collection.
The third party meets international data protection standards, preventing unauthorized access, use, disclosure, loss, or destruction.

20.2 Cross-Border Data Transfers
When transferring data outside Nigeria, Oxygen X Finance Company Limited ensures that:
i. The recipient country has adequate data protection laws – We transfer data only to countries with established data protection regulations (or where a legal framework exists for data security)
ii. A legally binding contract is in place – If the recipient country lacks an NDPC adequacy decision, we enter an approved contract containing strong data protection clauses.
iii. Binding Corporate Rules (BCRs) apply – If a third party operates under BCRs, we ensure compliance with the NDPA and GDPR requirements for global data transfers.
iv. GDPR Compliance for Nigerian Data Subjects in the EU: For Nigerian data subjects residing in the EU, we ensure that cross-border data transfers comply with Chapter V of the GDPR, which governs international data transfers.
20.3 Examples of Third-Party Services Involving Data Transfers
Your personal data may be securely transferred to third-party providers for:

Internet Connectivity – Ensuring seamless access to financial services.
Cloud Storage – Secure data storage and management.
Data Analytics – Enhancing service efficiency and fraud detection.
Data Security Services – Protecting against cyber threats and data breaches.
Software Development & IT Support – Maintaining digital banking and financial platforms.

20.4 Compliance with the NDPA 2023
We strictly follow Part VIII of the Nigeria Data Protection Act (NDPA) 2023, ensuring:

Legal oversight of all data transfers.
Regulatory approval for high-risk cross-border transactions.
Secure encryption protocols for transmitted data.

For more details on how we handle international data transfers, or to request information about a specific third-party transfer, please contact our Data Protection Officer (DPO): dpo@oxygenx.africa

21. ARTICLE 16: DATA PROTECTION HELP DESK
At Oxygen X Finance Company Limited, we have established a dedicated Data Protection Help Desk to promptly address inquiries, complaints, and requests regarding your personal data.
Our Data Protection Officer (DPO) is responsible for ensuring data privacy compliance and protecting your rights under the Nigeria Data Protection Act (NDPA) 2023.
21.1 How to Contact the Data Protection Help Desk
Email: dpo@oxygenx.africa
Office Hours: Monday – Friday, [08:00 am – 05:00 pm]
Location: 4th Floor, Plot 1665, Oyin Jolayemi Street, Victoria Island, Lagos, Nigeria
21.2 Services Offered by Our Data Protection Help Desk
Our DPO and support team are responsible for:
i. Compliance with Data Protection Regulations & Breach Handling – Ensuring full compliance with NDPA 2023 and addressing any data breaches.
ii. Data Protection & Privacy Advisory Services – Providing guidance on how we handle your personal data and explaining your privacy rights.
iii. Data Protection Capacity Building – Training employees, vendors, and partners on data security best practices.
iv. Data Protection Regulations & Contract Advisory – Assisting with contract drafting and compliance assessments for third-party data processing.
v. Privacy Breach Remediation & Support – Responding to data breaches, identifying risks, and mitigating any privacy violations.
vi. Information Privacy Audits – Regularly auditing our internal data processes to ensure compliance with global best practices.
vii. Data Privacy Breach Impact Assessment – Assessing risks associated with privacy breaches and implementing corrective measures.
viii. Data Protection & Due Diligence Investigations – Conducting background checks and ensuring legal compliance in all data-related activities.
21.3 Your Rights & Assistance
If you need assistance or clarification regarding your data privacy rights, you can:

Request access to your personal data (See Article 5: Your Data Subject Rights).
Report concerns about a data breach or misuse of your personal data.
Request corrections, deletions, or updates to your personal data.

For all inquiries or complaints, please contact our Data Protection Officer (DPO) at:dpo@oxygenx.africa

22. ARTICLE 17: DATA DELETION
At Oxygen X Finance Company Limited, we respect your right to request the deletion of your personal data. We follow a secure and transparent data deletion process while complying with legal and regulatory requirements under the Nigeria Data Protection Act (NDPA) 2023.
22.1 When Can You Request Data Deletion?
You can request the deletion of your personal data if:

It exceeds its designated retention period.
It is no longer necessary for business or legal purposes.
You withdraw consent where processing was based on your consent.
You exercise your right to be forgotten, as outlined in Article 5.

We will take all reasonable steps to delete your data upon request, except where legal or regulatory obligations require retention.22.2 Secure Data Deletion Process
We have established procedures to ensure complete and irreversible destruction of personal data while maintaining data security.
i. Identification – Regularly reviewing data storage systems to identify data that has reached its retention limit or is no longer needed.
ii. Scheduling – Placing identified data on a scheduled deletion list, ensuring compliance with legal requirements and risk assessments.
iii. Overwriting – Applying data sanitization techniques, replacing original data with randomized characters to make it unrecoverable.
iv. Verification – Confirming that deleted data cannot be retrieved or restored.
v. Audit Trail – Maintaining a detailed log of all data deletion activities, including:

Type of data deleted.
Date of deletion.
Responsible personnel handling the deletion.

22.3 Exceptions: When Data Cannot Be Deleted
In certain circumstances, Oxygen X Finance Company Limited may be unable to delete your data if:
i. Legal or Regulatory Obligations Apply – We are required by law to retain certain data for a specified period.
ii. Data is Needed for Legal Disputes – If the data is relevant to an ongoing OFCL_R&C_DPPP_POL_2024-02-27_V1.0 dispute, enforcement of terms, or legal claim.
iii. Data Has Been Anonymized – If your data has been permanently anonymized, making it no longer personally identifiable.
In such cases, we will limit processing and ensure your data is not used for unintended purposes.
22.4 Requesting Data Deletion
To request deletion of your personal data, submit a Data Subject Access Request (DSAR) by:

Filling out the DSAR form (available upon request).
Emailing our Data Protection Officer (DPO): dpo@oxygenx.africa

We will respond to your request within a commercially reasonable timeframe, typically within 30 days, unless a legal obligation prevents immediate deletion. For further details on your data rights, see Article 5 (Your Data Subject Rights).

23. ARTICLE 18: DATA SUBJECT ACCESS REQUEST (DSAR)
Under the Nigeria Data Protection Act (NDPA) 2023, you have the right to request access to your personal data held by Oxygen X Finance Company Limited. A Data Subject Access Request (DSAR) allows you to obtain information about how we process your personal data and to verify its accuracy and lawfulness.
23.1 What You Can Request in a DSAR
A Data Subject Access Request (DSAR) allows you to access personal data such as:

Basic Information – Your name, contact details, and demographic information.
Account Information – Your financial transactions, service history, and usage data.
Marketing Preferences – Data about your communication and marketing preferences.
Third-Party Sharing Details – Information on whether your data has been shared with third parties.

23.2 How to Submit a DSAR
You can request access to your personal data in two ways:
i. Email Submission – Send an email to our Data Protection Officer (DPO) clearly specifying:

The type of data you want access to

Any specific concerns regarding data processing.
Email: dpo@oxygenx.africa
ii. DSAR Form Submission – Request, complete, and submit the DSAR form to our DPO via email.23.3 Verification Process
To protect your privacy and ensure we provide data only to the correct person; we may request additional information for identity verification.
i. Verification Methods
We may ask you to provide:

A valid identification document (e.g., driver’s license, passport, or National Identity Number (NIN) slip).
Additional security checks to match details associated with your account.

ii. Response Timeline
We strive to respond within 30 days of confirming your identity.
Our response will include:

Confirmation of your request.
The requested personal data in a clear, concise, and electronic format.
Explanation of any withheld data, if applicable.

23.4 Reasons for Denial
In rare cases, we may be unable to fulfil your request due to:

Legal restrictions – If your data is subject to ongoing legal or regulatory requirements.
Excessive or repetitive requests – If requests are unreasonably frequent.
Security concerns – If disclosure may compromise someone else’s privacy rights.

If we deny a request, we will provide a clear explanation of the reason for refusal.
23.5 Fees for DSARs
Submitting a DSAR is free of charge. However, a reasonable fee may apply if:
The request is manifestly excessive, repetitive, or unreasonable.
Multiple requests for the same information are made within a short period.
23.6 Contact for DSAR Requests
To submit a Data Subject Access Request (DSAR) or for further inquiries, contact our Data Protection Officer (DPO): dpo@oxygenx.africa
For more details on your privacy rights, refer to Article 5 (Your Data Subject Rights).

24. ARTICLE 19: REMEDIATION
At Oxygen X Finance Company Limited, we are committed to promptly addressing and resolving any concerns regarding your data privacy. Our goal is to ensure that your rights under the Nigeria Data Protection Act (NDPA) 2023 are protected at all times.
24.1 Reporting a Data Privacy Concern
If you have any complaints, inquiries, or concerns about how your personal data is collected, used, or stored, please report them to our Data Protection Officer (DPO).
You can file a complaint via:
Email: Send a detailed description of your concern.DSAR Request: Use our Data Subject Access Request (DSAR) Form.
24.2 Resolution Timeline

Upon receiving your complaint, we will:
Acknowledge receipt within 48 hours.
Investigate the concern and provide a resolution within 7 business days.
Notify you promptly if the issue is complex and requires additional time.
If further investigation is needed, we will take all necessary steps to protect your privacy rights and keep you informed throughout the process.

24.3 Escalation of Complaints
If you are not satisfied with our response, you may:

Request an internal review of the decision.
Escalate your complaint to the Nigeria Data Protection Commission (NDPC), the regulatory authority overseeing data protection compliance in Nigeria via the NDPC Contact Details: info@ndpc.gov.ng

24.4 Our Commitment to You
We will always strive to resolve your privacy concerns promptly while ensuring:

Transparency in our remediation process.
Fairness in investigating and addressing complaints.
Strict compliance with the NDPA 2023 and global data protection best practices.

For further inquiries, please contact our Data Protection Officer (DPO):dpo@oxygenx.africa

25. ARTICLE 20: ALTERATION OF PRIVACY POLICY
At Oxygen X Finance Company Limited, we reserve the right to update, amend, or modify this Privacy Policy periodically to reflect:

Enhanced data privacy rights for our users.
Evolving regulatory and compliance requirements.
Public interest considerations and industry best practices.
New directives from the Federal Government of Nigeria.

25.1 Compliance with Legal Safeguards
All revisions to this Privacy Policy will be made in accordance with:

The Nigeria Data Protection Act (NDPA) 2023.
The 1999 Constitution of the Federal Republic of Nigeria (as amended).
Regulations and Guidance Notices from the Nigeria Data Protection Commission (NDPC).

We will ensure that any changes:

Do not weaken user privacy rights.
Maintain transparency and fairness in data processing.
Reflect our commitment to responsible data handling.

25.2 Notification of Changes
Whenever we update this policy, we will:

Publish the updated version on our official website.
Notify users through email or platform notifications, where applicable.
Provide a summary of key changes and their impact on your data.

Your continued use of our services after an update constitutes acceptance of the revised Privacy Policy.25.3 Your Right to Review Updates
You have the right to review and understand any changes to this Privacy Policy. If you disagree with any modifications, you may:

Contact our Data Protection Officer (DPO) for clarification.
Exercise your rights under the NDPA, including data deletion or processing restrictions.

For further inquiries, please contact our DPO: dpo@oxygenx.africa

26. ARTICLE 21: DEFINITIONS AND KEY TERMS
To ensure clarity and consistency throughout this Privacy Policy, the following key terms are defined:
26.1 General Terms
i. Cookie: A small piece of data stored by your web browser when you visit a website. It helps websites remember your preferences, login information, and browsing activity.
ii. Consent: The freely given, specific, informed, and unambiguous indication of a Data Subject's wishes, expressed through a clear affirmative action, signifying agreement to the processing of personal data.
iii. Oxygen X Finance Company Limited (''we'', ''our'', ''OXYGEN FINANCE'', ''The Company'') – A licensed financial institution located at: 4th Floor, Plot 1665, Oyin Jolayemi Street, Victoria Island, Lagos, Nigeria. We are your Data Controller, responsible for collecting, processing, and securing your personal data under this Privacy Policy.
iv. Country: Nigeria, where Oxygen X Finance and its founders/owners operate.v. Customer: Any individual, organization, or company that uses our services to manage their financial transactions, investments, or business relationships.
vi. Data Protection Officer (DPO): The appointed officer responsible for:

Advising Oxygen X Finance employees on their data protection responsibilities.
Monitoring compliance with NDPA 2023 and global data protection laws.
Handling data protection inquiries, complaints, and access requests.

vii. Device: Any internet-connected gadget (e.g., smartphone, tablet, computer) used to access our website or digital services.
viii. Internet Protocol (IP) Address: A unique identifier assigned to every device connected to the internet. It can sometimes reveal the general geographic location of a device.
ix. Closed-Circuit Television (CCTV): Oxygen Finance uses CCTV cameras at its physical locations to enhance security and deter fraud.
x. Personnel: Employees, contractors, or third-party service providers authorized to perform tasks on behalf of Oxygen Finance.
26.2 Data & Privacy-Related Terms
xi. Data: Any characters, symbols, numbers, or digital information that can be stored, processed, or transmitted electronically.
xii. Personal Data: Any information relating to an identified or identifiable natural person (Data Subject). This includes:

Name, address, phone number, email address.
Bank account details, financial history, and biometric data.
Online identifiers (IP address, MAC address, IMEI number, IMSI number, SIM number).
Sensitive data (medical records, national identity number, tax information).

xiii. Service: The financial products and services provided by Oxygen X Finance Company Limited, as outlined in our terms and conditions.
xiv. Third-Party Service: Any external entity that provides:

Marketing and advertising services.
Fraud prevention and data analytics.
Payment processing and financial technology solutions.

xv. Data Subject (''You''): An individual or entity registered with Oxygen X Finance Company Limited to use our financial services.
26.3 Your Rights Under This Policy
For more details on your privacy rights, refer to:

Article 5: Your Data Subject Rights.
Article 18: Data Subject Access Requests (DSARs).

For inquiries, contact our Data Protection Officer (DPO): dpo@oxygenx.africa

27. ARTICLE 22: CONTACT
If you have any questions, comments, or requests regarding your privacy rights, data security, or this Privacy Policy, please contact us using the details below.
27.1 Data Controller
Oxygen X Finance Company Limited
4th Floor, Plot 1665, Oyin Jolayemi Street, Victoria Island, Lagos, Nigeria.
General Inquiries: info@oxygenx.africa
We are responsible for determining the purposes and methods of personal data processing in compliance with the Nigeria Data Protection Act (NDPA) 2023.
27.2 Contacting the Data Protection Officer (DPO)
For privacy-related inquiries, data access requests, or complaints, please reach out to our Data Protection Officer (DPO):
DPO Contact:
Email: info@oxygenx.africa
Phone: 0812-855-2432
Our DPO is available to assist you with:

Data protection regulations compliance.
Data access, corrections, and deletion requests.
Privacy complaints and security breach reporting.
General inquiries about how we handle your data.

28. Policy Review & Updates
At Oxygen X Finance Company Limited, we are committed to maintaining a robust and up-to-date Data Privacy Policy that reflects current legal requirements, industry best practices, and our business operations.
28.1 Frequency of Policy Review
This Privacy Policy will be reviewed annually or as needed in response to:

Changes in applicable laws and regulations, including the Nigeria Data Protection Act (NDPA) 2023, General Data Protection Regulation (GDPR), and other relevant data protection laws.
Changes in our business operations, such as expansion into new jurisdictions or the introduction of new products and services.
Feedback from stakeholders, including customers, employees, and regulatory authorities.

28.2 Process for Policy Updates
When updates to this Privacy Policy are required, the following process will be followed:
1. Assessment: The Data Protection Officer (DPO) will assess the need for updates based on changes in laws, regulations, or business operations.
2. Drafting: The DPO, in collaboration with relevant departments (e.g., Legal, Compliance, and IT), will draft the updated policy.
3. Approval: The updated policy will be reviewed and approved by the Executive Management Team and the Board of Directors.
4. Communication: Once approved, the updated policy will be communicated to all stakeholders, including employees, customers, and third-party partners.
5. Implementation: The updated policy will be implemented across all business operations, and employees will receive training on any significant changes.
28.3 Notification of Changes
Whenever this Privacy Policy is updated, we will:

Publish the updated version on our official website.
Notify users through email or platform notifications, where applicable.
Provide a summary of key changes and their impact on your data.

Your continued use of our services after an update constitutes acceptance of the revised Privacy Policy.