Privacy Policy

Last updated: March 5, 2025

This Privacy Policy describes what personal information Pristine3D LTD collects, how we use it, and your rights regarding your data. This policy applies to our QR code and venue management services and complies with Nigerian Data Protection Regulation (NDPR) requirements.

By using our services, you consent to the data practices described in this policy.

1. Data Controller and Contact Information

Pristine3D LTD is the data controller for personal information collected through our services. Contact us at [email protected] for privacy-related inquiries.

2. Information We Collect

Personal Information You Provide:

Account information: Name, email address, password (encrypted)
Profile information: Phone number, business details
Venue information: Business name, address, contact details, menu data
Payment information: Billing address, payment method details (processed by third parties)
Communication data: Messages, feedback, support requests

Automatically Collected Information:

Usage data: QR code scans, page views, feature usage, session duration
Technical data: IP address, browser type, device information, operating system
Analytics data: User behavior patterns, performance metrics
Cookies and tracking technologies: Session cookies, preference cookies
Location data: Approximate location from IP address (not GPS tracking)

QR Code and Venue Data:

QR code scan data: Timestamp, location, device type
Venue analytics: Visitor patterns, popular menu items, engagement metrics
Team access logs: Member activity, permission changes

3. Legal Basis for Processing (NDPR/GDPR Compliance)

We process your personal data based on:

Consent:
When you create an account and agree to our terms
Contract Performance:
To provide our QR code and venue management services
Legitimate Interests:
For analytics, security, and service improvement
Legal Obligations:
To comply with Nigerian laws and regulations

4. How We Use Your Information

Service Provision:

Create and manage your account and QR codes
Process payments and manage subscriptions
Provide customer support and technical assistance
Enable team collaboration features

Analytics and Improvement:

Analyze QR code usage and venue performance
Improve our services and develop new features
Generate anonymized usage statistics
Conduct research and data analysis

Communications:

Send service notifications and updates
Provide marketing communications (with consent)
Respond to inquiries and support requests

Security and Legal:

Detect fraud, ensure security, comply with legal obligations

5. Data Sharing and Third-Party Services

We do not sell personal data. We share information only with service providers necessary for our operations:

Payment Processors:
Paystack for payment processing (PCI-DSS compliant)
Cloud Services:
AWS/Azure for hosting and data storage (encrypted)
Analytics Services:
Google Analytics (anonymized data)
Email Services:
For transactional and marketing emails
Legal Requirements:
When required by Nigerian law or court orders

All third-party processors are bound by data processing agreements and security requirements.

6. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria for service provision. We ensure adequate protection through contractual safeguards, standard contractual clauses, and working only with providers that maintain appropriate security standards.

7. Data Retention

Account Data:

Retained while your account is active plus 2 years after closure

QR Code Data:

Maintained for the lifetime of QR codes plus 1 year

Analytics Data:

Aggregated data retained indefinitely; personal identifiers removed after 3 years

Legal Data:

Retained as required by Nigerian law (typically 7 years for business records)

8. Data Security Measures

We implement comprehensive security measures including:

Encryption in transit and at rest (AES-256 standard)
Regular security audits and vulnerability assessments
Access controls and authentication (2FA available)
Employee training on data protection practices
Incident response procedures

No online system is completely secure. While we implement industry-standard security measures, we cannot guarantee absolute security against all potential threats.

9. Your Privacy Rights (NDPR/GDPR)

Under Nigerian and international data protection laws, you have the right to:

Access:
Request a copy of your personal data we hold
Rectification:
Correct inaccurate or incomplete data
Erasure:
Request deletion of your data (subject to legal requirements)
Restriction:
Limit how we process your data
Portability:
Receive your data in a structured format
Objection:
Object to processing based on legitimate interests
Withdraw Consent:
Withdraw consent where processing is consent-based

To exercise these rights, email us at [email protected]. We will respond within 30 days.

10. Cookies and Tracking Technologies

Essential Cookies:

Required for service functionality (authentication, preferences)

Analytics Cookies:

Help us understand service usage (can be disabled)

Marketing Cookies:

Used for targeted advertising (opt-in only)

11. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children. If we learn we have collected a child's information, we will delete it immediately.

12. Marketing Communications

We may send marketing emails about our services. You can unsubscribe anytime by clicking the unsubscribe link in emails or contacting us. Transactional emails (account notifications, security alerts) cannot be disabled but are essential for service operation.

13. Data Breach Response

In the event of a data breach that poses risk to your rights and freedoms, we will notify affected users within 72 hours via email and/or service notifications. We will also report to relevant Nigerian data protection authorities as required by law.

14. Third-Party Links

Our service may contain links to external websites. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any external sites you visit.

15. Business Transfers

If Pristine3D LTD is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to different privacy practices.

16. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be notified via email and service announcements. The updated policy will be effective immediately upon posting.

17. Complaints and Regulatory Authority

If you have concerns about our data practices that we cannot resolve, you may file a complaint with the Nigerian Data Protection Commission (NDPC) or other relevant supervisory authority in your jurisdiction.

18. Contact Information

For any privacy-related questions, data requests, or concerns about this Privacy Policy, please contact us at:

Data Controller:
Pristine3D LTD
Privacy Email:
[email protected]
Website:
https://venues.pristine3d.com/
Jurisdiction:
Nigeria (NDPR Compliance)
Response Time:
Within 30 days for data requests

This Privacy Policy was last updated on March 5, 2025. It complies with the Nigeria Data Protection Regulation (NDPR), GDPR principles, and international privacy standards. By using our services, you acknowledge that you have read and understood this Privacy Policy.