Plenti
Call for Deals+234 902 074 3530

Privacy Policy

1. Purpose and Scope

This Privacy Policy describes how Plenti (“we”, “our”, or “us”) collects, uses, discloses, and safeguards personal data in connection with the use of our digital platforms, including our website, mobile applications, physical locations, and related services (collectively, the “Platform”).

This Policy applies to all users, customers, partners, and visitors who interact with the Platform.

We are committed to ensuring that personal data is processed in accordance with applicable data protection laws and principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

2. Data Controller

Plenti Trading Services Limited (a subsidiary of Sujimoto Holdings Limited) acts as the Data Controller for the purposes of applicable data protection laws.

Where specific services are provided by affiliated entities, such entities may act as joint or independent data controllers depending on the nature of the processing.

3. Categories of Personal Data

We may collect and process the following categories of personal data:

3.1 Information Provided Directly by You

  • Identification data (e.g., full name, date of birth)
  • Contact data (e.g., phone number, email address, delivery address)
  • Account credentials (e.g., username, password, authentication details)
  • Financial data (e.g., payment details, billing information)
  • Communications (e.g., customer support interactions, feedback, survey responses)
  • Marketing preferences and consents

3.2 Information Collected Automatically

  • Device and technical data (e.g., IP address, browser type, operating system)
  • Usage data (e.g., pages visited, session duration, clicks, interactions)
  • Transaction data (e.g., purchase history, cart activity)
  • Location data (where enabled)

3.3 Information from Third Parties

We may receive personal data from:

  • Payment service providers
  • Logistics and delivery partners
  • Merchants and vendors
  • Identity verification and credit assessment providers
  • Advertising and analytics partners

All third-party data is processed in accordance with applicable laws and contractual safeguards.

4. Legal Basis for Processing

We process personal data only where we have a valid legal basis, including:

Consent

Where you have explicitly agreed (e.g., marketing communications)

Contractual Necessity

To perform obligations related to your orders or account

Legal Obligation

To comply with applicable laws and regulatory requirements

Legitimate Interests

To operate, improve, and secure our Platform, provided such interests do not override your fundamental rights

Where processing is based on consent, you may withdraw such consent at any time without affecting prior lawful processing.

5. Purposes of Processing

We use personal data for the following purposes:

  • Account creation and management
  • Order processing, fulfillment, and delivery
  • Payment processing and financial reconciliation
  • Customer support and dispute resolution
  • Personalization of user experience
  • Marketing communications and promotions (subject to consent)
  • Fraud detection, prevention, and risk management
  • Compliance with legal and regulatory obligations
  • Internal analytics, reporting, and service improvement

6. Data Sharing and Disclosure

6.1 Permitted Disclosures

We may disclose personal data to:

  • Service providers (e.g., payment processors, logistics providers, cloud services)
  • Business partners and merchants involved in fulfilling transactions
  • Professional advisers (e.g., legal, financial, audit)
  • Regulatory authorities and law enforcement agencies where required by law
  • Successors in the event of a merger, acquisition, or business transfer

6.2 Safeguards

All third parties are required to:

  • Process data only on documented instructions
  • Maintain confidentiality and appropriate security measures
  • Comply with applicable data protection laws

7. International Data Transfers

Where personal data is transferred outside Nigeria or the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:

  • Data transfer agreements incorporating standard contractual clauses
  • Transfers to jurisdictions with adequate data protection laws
  • Additional technical and organizational safeguards where necessary

8. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Duration of the customer relationship
  • Compliance with legal, tax, and regulatory obligations
  • Resolution of disputes and enforcement of agreements

Upon expiration of the retention period, data will be securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption and secure data storage
  • Access controls and authentication mechanisms
  • Continuous monitoring and vulnerability management
  • Incident response and breach notification procedures

Access to personal data is restricted to authorized personnel on a need-to-know basis.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core platform functionality
  • Enhance user experience
  • Analyze usage patterns
  • Deliver relevant content and advertising

You may manage cookie preferences through your browser settings or our cookie management tools.

11. Data Subject Rights

Subject to applicable law, you have the following rights:

  • Right of Access – to obtain confirmation and access to your personal data
  • Right to Rectification – to correct inaccurate or incomplete data
  • Right to Erasure – to request deletion of your data under certain conditions
  • Right to Restrict Processing – to limit how your data is processed
  • Right to Data Portability – to receive your data in a structured format
  • Right to Object – to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent – at any time where processing is based on consent

Requests may be subject to identity verification and legal limitations.

12. Automated Decision-Making and Profiling

Where applicable, we may use automated systems to assess risk, detect fraud, or personalize user experience. Such processing will not produce legal or similarly significant effects without appropriate safeguards, including the right to request human intervention.

13. Children’s Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors without verifiable parental or guardian consent.

14. CCTV and Event Media

We may operate surveillance systems (CCTV) at physical locations for security and safety purposes.

During events, photographs or video recordings may be taken for documentation, marketing, or promotional use. Attendance at such events constitutes acknowledgment of potential capture.

15. Data Breach Notification

In the event of a personal data breach, we will:

  • Assess the risk to affected individuals
  • Notify relevant regulatory authorities where required
  • Inform affected individuals where there is a high risk to their rights and freedoms

16. Complaints and Regulatory Authority

If you believe your data protection rights have been violated, you may lodge a complaint with the Nigeria Data Protection Commission or any other relevant supervisory authority.

17. Contact Information

For all data protection inquiries, requests, or complaints, please contact:

Data Protection Officer (DPO)

Email:evictor@sujimotonig.com

18. Updates to This Policy

We reserve the right to update this Privacy Policy periodically to reflect legal, technical, or operational changes. Updated versions will be published on the Platform with an effective date.