Privacy Policy

Abe & Asotie LP (“We”, “Us”, or the “Company”) is committed to protecting your (“Data Subject”) Personal Data. Among other things, this Privacy Policy will outline: how, when, and why we collect, use, store, and protect Personal Data of individuals; the types of data we collect; the legal basis for processing (including how we obtain consent); our purposes for using the data, retention periods, any third-party access, security measures in place (including oversight by our Data Protection Officer); and data subject rights over their data.

2.1. Data Subject or You means any identified or identifiable natural person whose Personal Data is collected, held, or processed by us. A Data Subject may include, but is not limited to, customers, prospective customers, employees, contractors, business partners, website visitors, or any individual who interacts with our Services or provides Personal Data to the Company. 2.2. GAID means General Application and Implementation Directive 2025. 2.3. NDPA means the Nigeria Data Protection Act 2023. 2.4. NDPC means National Data Protection Commission (NDPC). 2.5. Personal Data: Means any information about a living individual from which that person can be identified. Personal Data as used in this Policy does not include information from which no individual can reasonably be identified, meaning anonymous information or Personal Data rendered anonymous in such a manner that the individual is not, or no longer is, identifiable (de-identified or anonymized information). 2.6. Sensitive Personal Data: Means categories of Personal Data that, due to their nature, require a higher level of protection. This includes information relating to an individual’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (for the purpose of identifying a natural person), physical or mental health status, sexual orientation or sexual life, and records of criminal convictions or alleged offences. 2.7. Services: Means any product, platform, or functionality provided by us, including but not limited to our website, software, platforms, or applications in any form. This covers locally installed programs such as desktop and mobile applications, downloadable software, as well as web-based or cloud-hosted applications delivered as on-demand services. Services also extend to any related features, tools, updates, support, and content that we make available in connection with the foregoing.

3.1. This Policy applies to the data processing that takes place through or in connection with; a. your use of this mobile application/website; or b. your communication or interaction with us. 3.2. This Policy does not govern the practices of third parties, including their products, services, websites, applications, or activities. Where you access or interact with third-party platforms, content, or services through our Services, you are responsible for reviewing and understanding the applicable privacy policies and terms of those third parties before proceeding. We shall not be liable for how such third parties handle your Personal Data.

4.1. We only collect Personal Data that is necessary for the use of our Services. This may include: a. Identification Data: Full name, date of birth, gender, email address, telephone number, postal address, social media handles, and other similar details. Where required for verification or regulatory purposes, we may also collect identification numbers or copies of ID documents (e.g., national ID card, passport, driver’s licence). b. Demographic information & interests: Covers data that describes an individual’s demographic, social, or behavioural characteristics. Examples include date of birth, age or age range, gender, marital status, occupation, nationality, geographic location (e.g., postal/zip code), as well as personal needs and interests. This information may be used by us to better understand our users and improve the quality, personalization, and relevance of our service offerings. c. Payment and financial information: Includes all information required to facilitate financial transactions with or on behalf of an individual. This may cover banking details (such as bank name, branch, account holder name, account number, and international transfer details), payment card information, billing addresses, and records of payments made or received. d. Usage Information: Information automatically collected when you use our Services, such as IP addresses, login times, browser type, operating system, user agent strings, device identifiers, access logs, cookies, and similar technologies. Feedback and interaction data may also be collected to improve functionality and user experience. (See our Cookies Policy for more information.) e. Contact information: Refers to any details provided to us that enable direct communication with an individual. This includes, but is not limited to, name, residential or business address, email address, telephone or mobile number, and social media handles where applicable. f. Sensitive Personal Data: refers to any dataset listed in Clause 2.6. We may collect biometric data (for the purpose of identifying a natural person) for the purpose of facilitating seamless payments for our customers. g. Location Data: Refers to information that identifies or is capable of identifying the geographic location of your device or access point when you use certain features of our services. This may include precise or approximate geolocation data derived from GPS, Wi-Fi, Bluetooth signals, IP addresses, or other technologies. Location Data may be collected in real-time or stored for later use, subject to your device and account settings, and is used to enable location-based features, improve service functionality, or provide tailored content. 4.2. We do not collect more data than we need. All information is obtained directly from you or, where necessary, from third parties you authorize. We ensure you are informed at the point of collection what data is required versus optional.

5.1. The purposes for which we process Personal Data, and the corresponding legal bases for such processing, depend on the nature and context of the data. If Information is anonymous, de-identified, or aggregated in a way that no individual can reasonably be identified, we may collect, use, disclose, and otherwise process it for any legitimate business purpose. 5.2. Our processing of Personal Data is limited to the purposes set out in this Policy and shall be based on one or more of the lawful bases outlined in paragraph 6 below. 5.3. Among other things, we process Personal Data for the following purposes; a. To register, verify, authenticate, and manage user accounts for Clients and Lawyers on the Platform. b. To facilitate connections between Clients and Lawyers, including matching users based on legal needs, preferences, and practice areas. c. To enable and manage communications between Clients and Lawyers through the Platform, including messaging, consultations (audio/video), and document sharing. d. To process, facilitate, and verify payments, billing, subscriptions, escrow arrangements (where applicable), refunds, and financial reconciliations. e. To provide, operate, maintain, and improve the Platform, including troubleshooting, data analysis, testing, system maintenance, and feature development. f. To verify the identity, qualifications, and professional standing of Lawyers, including compliance with applicable legal and professional obligations. g. To provide customer support, respond to enquiries, resolve disputes, and manage complaints between users. h. To monitor usage of the Platform for security purposes, fraud prevention, risk assessment, and enforcement of our Terms of Service. i. To conduct analytics, research, and service optimisation to improve user experience, platform performance, and service delivery. j. To send service-related communications, including account notifications, updates, security alerts, and administrative messages. k. To carry out marketing, promotions, and targeted communications (including emails, SMS, and in-app notifications), in compliance with applicable law or based on your consent. l. To facilitate surveys, feedback programmes, and user research to improve the quality and relevance of our Services. m. To comply with legal and regulatory obligations, including responding to lawful requests from courts, regulators, or law enforcement authorities. n. To detect, investigate, and prevent unlawful activities, misuse of the Platform, or violations of applicable laws or our Terms. o. To create, maintain, and retain records of transactions, communications, and engagements conducted through the Platform for legal, audit, and business purposes. p. To process Personal Data for short-term, contextual use during a single interaction (e.g., real-time matching, recommendations, or assistance), provided such processing does not materially affect your rights. q. To process sensitive or legal information strictly for the purpose of enabling legal services between Clients and Lawyers, subject to appropriate safeguards and confidentiality measures. 5.4. We only process Sensitive Personal Data where it is necessary for specific lawful purposes, including providing requested services, complying with legal obligations, or with your explicit consent. 5.5. We do not knowingly collect Personal Data from persons under the age of 18. If we become aware that we have collected such data without parental consent, we will take steps to delete it promptly.

To the extent permissible under applicable law, the Company or any third party acting on its behalf shall only process your Personal Data if at least one of these conditions is met: 6.1. Consent: which is a freely given, specific, informed, and unambiguous indication (via statement or clear affirmative action) of your agreement to the processing of your Personal Data. For example, opting in to receive newsletters or promotional offers from us and our affiliates, consenting to participate in product pilots, or agreeing to the use of certain cookies/analytics on our websites and apps. By proceeding to use any of our Services, you acknowledge and consent to the processing of your Personal Data to the extent necessary for the provision, support, and improvement of those Services. 6.2. Contractual and Business Purposes: We process Personal Data where necessary to enter into or perform a contract with you (or the organisation you represent), and for related legitimate business operations, including but not limited to: a. processing registrations for user accounts, onboarding of Clients and Lawyers, verification processes, and requests for information or support; b. providing and facilitating access to the Platform, including enabling Clients to connect with Lawyers for legal consultations, advice, and related services; c. managing communications between Clients and Lawyers, including messaging, consultations (audio/video), document exchange, and follow-ups; d. facilitating and processing payments, subscriptions, service fees, escrow arrangements (where applicable), billing, collections, and refunds; e. maintaining records of user activity, transactions, engagements, and communications conducted through the Platform; f. conducting internal research, product development, feature enhancements, testing, and service improvement initiatives; g. performing audits, compliance checks, and reporting relating to user interactions, transactions, and Platform usage; h. sending service-related communications, including account notifications, updates, confirmations, and, where permitted, marketing communications (emails, calls, or in-app notifications), subject to your consent; i. conducting user surveys, feedback collection, analytics, and providing personalised or customised content within the Platform; j. operating, maintaining, improving, and analysing the performance, functionality, and security of our Platform, applications, and systems; k. protecting against fraud, abuse, unauthorized access, and economic loss, and ensuring the safety and integrity of the Platform and its users; l. detecting, investigating, and preventing security incidents, unlawful activities, or violations of our Terms of Service; m. identifying, troubleshooting, and correcting errors, bugs, or technical issues affecting the Platform or user experience. 6.3. Legal Obligations: We may process or share Personal Data to comply with applicable laws and regulations or in response to investigations, court orders, or other lawful processes; to investigate, prevent, or take action regarding illegal activities, suspected fraud, or threats to safety; or to enforce our terms and agreements. Where legally permissible, we will notify you of compulsory disclosures so you may seek protective measures. 6.4. Legitimate Interests: We may process Personal Data where necessary for our legitimate interests (or those of a third party) and such interests are not overridden by your interests or fundamental rights (e.g., ensuring network and information security; preventing fraud; managing and improving operations; protecting personnel, customers, and property; and pursuing/defending legal claims). 6.5. Vital Interests: Processing of Personal Data may be necessary to protect the vital interests of you or another individual, including situations that involve life, health, or safety. This basis is typically relied upon in urgent or emergency circumstances where consent cannot reasonably be obtained, and immediate action is required to prevent serious harm or preserve life.

7.1. From time to time, we may collect data from: a. Customers: Individuals or entities who use the Platform to seek, engage, or communicate. b. Service Providers/Partners: Licensed legal practitioners or law firms who register on the Platform to offer legal services, as well as third-party vendors and partners who support the operation of the Platform, including payment processors, cloud service providers, identity verification providers, customer support tools, and analytics services, who may provide limited Personal Data necessary for contractual and operational purposes. c. Platform Users/Visitors: Individuals who visit, browse, or interact with our website or mobile applications without necessarily registering for an account. d. Other Data Subjects: Individuals who may indirectly provide data to us, such as representatives of corporate Clients, referees, emergency contacts, or individuals referenced in legal enquiries, feedback submissions, or dispute resolution processes. 7.2. We ensure that all Personal Data collected is relevant, necessary, and processed in accordance with this Policy and applicable data protection laws.

8.1. We may disclose Personal Data to third-party service providers and partners who support our business operations. This includes, but is not limited to, cloud hosting providers, cybersecurity vendors, IT and software services, communications platforms, logistics and delivery partners, payment processors, customer support providers, installers, and data analytics companies. To protect you, we have written data processing agreements with processors covering confidentiality, security, sub-processing, and return/deletion. 8.2. In the event of a merger, acquisition, corporate restructuring, sale of assets or equity, or any similar transaction involving the Company, Personal Data may be transferred to the acquiring or successor entity. We will notify affected individuals via email and/or a prominent notice on our website regarding any change in ownership or processing of Personal Data, as well as any options available to you. We will take reasonable steps to ensure that the acquiring or successor entity continues to handle your Personal Data consistently with this Policy. 8.3. We may share Personal Data when required to comply with applicable laws, regulations, or court orders, or to respond to lawful requests by regulatory authorities or government agencies. This includes obligations to report suspicious transactions, comply with tax or financial regulations, or prevent fraud, security breaches, or unlawful activity.

9.1. You have rights when it comes to our handling of your Personal Data. Those rights include: a. The right to request access to your Personal Data where those requests are reasonable and permitted by law or regulation. We shall provide reasonable and accessible means for Individuals to submit their requests, which do not have to take any specific form and can be submitted by any method. This process is handled and managed by our Data Protection Office. b. The right to request that we erase your Personal Data if it is no longer valid or necessary for the purposes for which it was collected or if it is incomplete or inaccurate. c. The right to rectify or amend inaccurate or incomplete Personal Data. d. The right to restriction of processing. e. The right to withdraw your Consent at any time. This can be initiated by contacting our Data Protection Office. f. The right to object to our processing of your Personal Data if there are compelling legitimate grounds to do so (for instance, for direct marketing purposes and automated processing which may adversely impact your rights) and to the extent permitted by law or regulation. g. The right to receive your Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract. h. The right to lodge a complaint with the NDPC where you believe our processing of your data violates the requirements of the Nigeria Data Protection Act 2023 (NDPA). Please note that in the event of any complaint, we encourage you to first contact our DPO for a resolution. Failing a resolution, you reserve your rights to contact the NDPC via their official website or contact channels as provided by the government. 9.2. Please note that your exercise of these rights may be subject to applicable legal or regulatory exemptions. If we are unable to comply with a specific request, we will provide you with a clear explanation of the reasons for our decision.

10.1. Electronic Messages: We keep records of your interactions with us via electronic media (such as email, text message, complaint forms, etc.) in a secure manner while maintaining accuracy. When necessitated by legal or vital obligations, we archive these communications. 10.2. Hard Copy Forms: We maintain accurate records of the information that you provide to us via hard copy forms in a secure manner. When necessitated by legal or vital obligations, we archive these communications. 10.3. Web/Platform Forms: We keep records of your personal details provided via our website or mobile application. Typically, such details are processed for contact, partnerships and/or onboarding purposes and are kept in a secure manner. 10.4. Telephonic Communications: Information collected through phone calls with our staff, partners, call centres, or support lines may be recorded or logged to ensure service quality, maintain records of agreements, and comply with legal obligations. 10.5. Device and Application Data: Personal and technical information may be collected automatically through the use of our software, mobile applications, or connected devices. This may include device identifiers, IP addresses, operating system information, usage patterns, and location data. 10.6. Third-Party Sources: We may also obtain Personal Data from authorized third parties, such as business partners, contractors, or public records, where you have consented or where legally permitted.

11.1. Unless storage is required by law, we shall return, delete or destroy Personal Data in accordance with our Data Retention Schedule. This schedule is reviewed periodically to ensure ongoing compliance with applicable laws, regulatory guidance, and best practices. 11.2. If you have consented to join a mailing list but do not become a customer, your contact information will be retained solely for that purpose until you unsubscribe or withdraw consent. Similarly, data collected for specific events will be retained until the event concludes and any necessary follow-up is completed, after which the data will be securely deleted or anonymized for analytical purposes.

12.1. We maintain technical and organizational measures (TOMs) to prevent Personal Data breaches and have a documented incident-response procedure covering accidental or unlawful destruction, loss, alteration, disclosure, or access to Personal Data. 12.2. If you become aware of a breach or compromised credentials, contact our Data Protection Officer (DPO) immediately at privacy@abeasotielp.com. 12.3. Upon becoming aware of a Personal Data breach, we will: a. Notify affected individuals and the NDPC without undue delay, and where required, within 72 hours of discovery (unless exceptional circumstances prevent this). b. Provide clear notice describing: (i) the nature of the breach and categories of Personal Data involved, (ii) likely consequences, and (iii) measures taken or proposed to mitigate the breach. c. Record all breaches and make such records available to the NDPC upon request. Notification will depend on the likelihood of high risk to individuals, since not every breach may trigger notification obligations.

13.1. We take the security of your Personal Data very seriously. The Company has implemented a comprehensive set of technical, administrative, and organizational measures designed to protect Personal Data from unauthorized access, disclosure, alteration, loss, or misuse. Our security processes and policies are maintained in line with NDPA and GAID requirements and are regularly reviewed to address emerging risks and ensure continued compliance. 13.2. These security measures may include (as may be required): a. Access Controls: Restricting access to Personal Data to authorized personnel only, using role-based permissions. b. Encryption: Protecting data in transit and at rest through industry-standard encryption protocols. c. Network Security: Implementing firewalls, intrusion detection systems, and regular vulnerability assessments. d. Data Backup: Regularly backing up critical data to ensure availability and integrity in case of system failure. e. Staff Training: Providing ongoing training and awareness programs for employees on data protection and cybersecurity best practices. f. Physical Security: Securing facilities, servers, and storage areas where Personal Data is kept. g. Incident Response: Maintaining procedures to detect, investigate, and respond promptly to data breaches or security incidents.

14.1. We may transfer Personal Data outside Nigeria to third-party service providers/partners as part of our service delivery. All transfers are conducted in accordance with the NDPA and GAID, ensuring that your data receives adequate protection. For example, we may use cloud storage providers with servers located in other countries, such as the United States. In such cases, we take steps to ensure that Personal Data is processed and protected in line with this Privacy Policy and applicable law. 14.2. When transferring data to countries without equivalent data protection laws, we rely on appropriate safeguards (e.g., standard contractual clauses, binding corporate rules, or other NDPC-approved mechanisms) to ensure your Personal Data remains secure.

15.1. To further strengthen our commitment to data privacy, the Company has appointed a Data Protection Officer (DPO) whose role is to oversee our data protection strategy and ensure that we comply with NDPA and other applicable data privacy laws. The DPO is involved in reviewing how we collect and use data, advising on privacy impact assessments for new projects, and training staff on best practices. They also serve as the primary point of contact for any data protection inquiries or issues. 15.2. If you, as a data subject, have questions, concerns, or requests regarding your Personal Data, you may contact the DPO for assistance. The DPO will address issues such as clarifying this Policy, providing more details on how your data is used, handling any data access or correction requests, and guiding you on how to exercise your rights. 15.3. The DPO’s contact information is as follows: Email: privacy@abeasotielp.com Office Address: Abe & Asotie LP, Lagos, Nigeria Telephone: +234 1 234 5678 (only accessible during business hours) 15.4. Please note that the DPO contact is provided for data protection and privacy-related matters only.

If we change the way we handle your Personal Data, we will update this policy. We reserve the right to make changes to our practices and this Notice at any time. Please check back frequently to see any updates or changes to our Notice.

If you have any questions about this Policy or our data processing practices, or if you wish to exercise any of your data subject rights concerning the Personal Data we hold, please contact us using any of the contact details below. Email: info@abeasotielp.com Phone: +234 1 234 5678 Physical Address: Abe & Asotie LP, Lagos, Nigeria This Privacy Policy is provided to ensure you, as a user, understand how your Personal Data is handled by Abe & Asotie LP . By submitting your personal information to us, you acknowledge that you have been informed of our data practices. We encourage you to read this Policy carefully. If anything is unclear, please reach out to our Data Protection Officer for clarification.