Legal

Privacy Policy

Last updated: June 3, 2026

1. Information We Collect

We collect information that you provide directly to us, as well as information collected automatically when you use our Services. For users of our educational technology platform Tannok, we may also collect student academic records, class performance data, and institutional information as provided by the subscribing school or institution.

Information you provide:

  • Name, email address, phone number, and organisation name when you subscribe to our newsletter, contact us, or submit inquiries
  • Information you provide through contact forms, career applications, or research submissions
  • Any other information you choose to share with us directly

Information collected automatically:

  • Usage data, including pages visited, time spent, and interaction patterns
  • Device information, including browser type, operating system, and IP address
  • Cookies and similar tracking technologies as described in Section 8

2. How We Collect Information

We collect information through the following means:

  • Direct interactions: When you fill out forms, subscribe to communications, or correspond with us via email
  • Automated technologies: As you navigate our Services, we use analytics tools and cookies to collect usage data
  • Third-party sources: We may receive information from third-party service providers who assist us in operating our Services, subject to their own privacy policies

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our Services
  • To respond to your inquiries, comments, or requests
  • To send newsletters, updates, and marketing communications (with your consent where required)
  • To analyse usage patterns and improve our Services
  • To detect, prevent, and address technical issues or fraudulent activity
  • To comply with legal obligations and enforce our Terms of Service

We process your personal data based on one or more of the following lawful bases: your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests in operating and improving our Services.

4. Data Sharing & Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information only in the following circumstances:

  • Service providers: We engage trusted third-party providers who assist us in hosting, analytics, communication, and infrastructure operations. These providers are contractually bound to protect your data and may only process it for specified purposes
  • Legal compliance: We may disclose information if required to do so by law, regulation, or legal process
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
  • With your consent: We may share your information for other purposes with your explicit consent

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using industry-standard protocols
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure data storage practices

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. When data is no longer needed, we securely delete or anonymise it.

Specific retention periods vary based on the type of data and the purpose of processing. For example:

  • Newsletter subscriber data is retained until you unsubscribe or request deletion
  • Contact form submissions are retained for up to 24 months after the last communication
  • Usage analytics data is retained in aggregated, anonymised form for service improvement

7. Your Rights

Under applicable data protection laws, including the Nigeria Data Protection Act 2023 and the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data, subject to certain exceptions
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request transfer of your data to another service provider
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within the timeframe required by applicable law.

8. Cookies Policy

Our Services use cookies and similar tracking technologies to enhance functionality, analyse usage, and improve your experience. Cookies are small text files stored on your device by your web browser.

Types of cookies we use:

  • Essential cookies: Required for the basic operation of our Services. These cannot be disabled
  • Analytics cookies: Help us understand how users interact with our Services by collecting anonymous usage data
  • Preference cookies: Remember your settings and preferences, such as theme selection

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services. We do not use cookies for targeted advertising purposes.

9. Third-Party Services

We engage selected third-party providers to support our operations, including infrastructure hosting, content delivery, email communications, and usage analytics. These providers are bound by contractual obligations to process data only in accordance with our instructions and to maintain appropriate security measures.

We do not publicly disclose the identities of our specific service providers as a matter of operational security. All providers we engage are reputable organisations that comply with applicable data protection laws. Where required, we have Data Processing Agreements in place with these providers.

Our Services may contain links to external websites or platforms. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal data.

10. Children's Privacy

Our Services are not directed at children under the age of 13 (or 16, where applicable under local law). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

In the context of our educational technology services, we work with schools and institutions that are responsible for obtaining appropriate parental or guardian consent where required.

11. International Data Transfers

Your personal data may be transferred to and processed in countries other than your own, including Nigeria where our company is registered and other jurisdictions where our service providers operate. We ensure that such transfers are subject to appropriate safeguards in accordance with applicable data protection laws.

For data subjects in the European Economic Area (EEA), we ensure that transfers of personal data to countries outside the EEA are protected by appropriate safeguards, such as Standard Contractual Clauses adopted by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will update the "Last updated" date at the top of this policy and notify you through appropriate channels, such as a notice on our website.

We encourage you to review this policy periodically. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us:

  • Data Protection Officer: dpo@obiexpeditions.com
  • General inquiries: privacy@obiexpeditions.com
  • Address: Obi Expeditions Limited, Asaba, Delta State, Nigeria

If you are in the European Economic Area, you also have the right to lodge a complaint with your local data protection supervisory authority.

If you are in Nigeria, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).