Privacy Notice
Last updated: 01 December 2025
1. Introduction
SAAIR Energy Limited("we", "us", "our", or "SAAIR") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice explains how we collect, use, disclose, retain, and protect personal data when you interact with our website, products, and related services (together, the "Services").
This Privacy Notice is issued in compliance with the Nigeria Data Protection Act 2023 ("NDPA"), the Nigeria Data Protection Commission's General Application and Implementation Directive ("GAID"), and other applicable data protection laws and regulations.
By using our Services, you acknowledge that you have read and understood this Privacy Notice. If you do not agree with the practices described herein, please discontinue use of our Services.
2. Data Controller Information
For the purposes of this Privacy Notice, SAAIR acts as the Data Controller responsible for processing your personal data. Our contact details are as follows:
| Data Controller | SAAIR Energy Limited |
|---|---|
| Registered Address | 20 Awudu Ekpebeka Blvd, Lekki Phase 1, Lagos, Nigeria |
| Email Address | info@saairenergy.com |
| Phone Number | +234 913 866 7927 |
| Data Protection Officer | Contact via info@saairenergy.com |
3. Categories of Data Subjects
We process personal data belonging to the categories of individuals below. This Privacy Notice applies to you if you are:
a. An individual visiting our official website to learn about our services, access resources, or contact us.
b. A business contact, customer representative, or partner engaging with us in relation to our energy infrastructure, products, or technology services.
c. An individual who submits enquiries, quote requests, or support tickets through our website or other channels we provide.
d. An individual whose information is provided to us by an organization you represent (for example, as part of a commercial relationship), where that organization is responsible for informing you under applicable law.
e. An individual who interacts with payment or invoicing flows we operate, where applicable.
4. Categories of Personal Data Collected
We may collect and process the following categories of personal data based on your interaction with our Services:
Personal Identification Information
- Full name
- Job title / role (where relevant)
- Photograph or profile image (if you choose to provide one)
- Government-issued identification (only where required for compliance or verification)
Contact Information
- Phone number(s)
- Email address
- Business or residential address (as applicable)
Financial and Transaction Data
- Bank or payment details (where required for invoicing or refunds)
- Payment card information processed via licensed third-party payment providers (we do not store full card data on our servers)
- Transaction history related to our Services
Technical and Usage Data
- IP address
- Device and browser information
- Login timestamps and session data (where accounts exist)
- Cookies and similar technologies
5. Purposes of Processing
We process your personal data for purposes including:
- Service delivery and account management: to respond to enquiries, provide quotes, deliver services, and manage our relationship with you.
- Identity verification and compliance: to meet legal and regulatory requirements where applicable (including AML/CFT where relevant to a transaction).
- Payment processing: to process payments, refunds, and related administration.
- Security and fraud prevention: to protect our systems, investigate incidents, and prevent unauthorized access.
- Communication: to send service-related notices and respond to support requests; and, where permitted, promotional communications with your consent.
- Legal and regulatory compliance: to comply with law, regulatory requests, and to establish, exercise, or defend legal claims.
6. Legal Basis for Processing
| Legal Basis | Description | Scope (examples) |
|---|---|---|
| Consent | Where you have given clear consent for specific processing. | Non-essential cookies; certain marketing communications. |
| Contract | Processing necessary to perform a contract or steps before entering a contract. | Delivering services; billing; account administration. |
| Legal obligation | Processing necessary to comply with legal duties. | Regulatory reporting; lawful requests from authorities. |
| Legitimate interests | Processing necessary for our legitimate interests, where not overridden by your rights. | Security, fraud prevention, service improvement, analytics (where permitted). |
7. Third-Party Data Sharing and Disclosure
We may share personal data with:
- Payment service providers — licensed providers used to process payments, subject to their privacy policies and applicable regulation.
- Cloud hosting and infrastructure providers — to host and operate our website and related systems securely.
- Professional advisors — lawyers, auditors, and consultants where necessary.
- Regulatory and law enforcement authorities — where required by law or valid legal process.
Where we use processors, we seek appropriate contractual safeguards requiring them to protect personal data and process it only on our instructions, where applicable.
8. Data Retention
We retain personal data only as long as necessary for the purposes collected, legal obligations, and dispute resolution. Retention periods vary by category; examples include:
| Data category | Indicative period | Basis |
|---|---|---|
| Account / customer records | Duration of relationship + statutory period | Contract; legal compliance |
| Marketing consent records | Duration of consent + evidence period | Consent; accountability |
| Technical / usage logs | Typically up to 24 months (unless longer required) | Security; legitimate interests |
When retention ends, we delete or anonymize data in line with internal procedures, unless a longer period is required by law.
9. Your Rights as a Data Subject
Under the NDPA 2023, you may have rights including:
- Right to request confirmation of processing and access
- Right to rectification of inaccurate data
- Right to erasure in applicable circumstances
- Right to restrict processing in applicable circumstances
- Right to data portability where applicable
- Right to object to certain processing (including direct marketing)
- Right to withdraw consent where processing is consent-based
- Rights relating to solely automated decision-making with legal or similarly significant effects, where applicable
To exercise your rights, contact us at info@saairenergy.com. We will respond within thirty (30) days where required by law, subject to any permitted extension and notice to you.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data. No method of transmission or storage is completely secure; we commit to addressing incidents in line with applicable law.
11. International Data Transfers
Where personal data is transferred outside Nigeria, we take steps to ensure appropriate safeguards are applied in line with the NDPA 2023 and regulatory guidance (including, where relevant, adequacy decisions, standard contractual clauses, or your explicit consent).
12. Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal data from children without appropriate authority. If you believe we have collected such data, please contact us.
13. Updates to This Privacy Notice
We may update this Notice from time to time. We will update the "Last updated" date and, where appropriate, provide additional notice (for example, on our website or by email).
14. Complaints
If you have concerns about our processing, please contact us first. You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at https://ndpc.gov.ng.
15. Contact Us
General enquiries: info@saairenergy.com
Data Protection Officer: contact via info@saairenergy.com