Legally Logistics (“we,” “our”, or “us”) is a service offered under 247 Tech & Infrastructures Limited, a company duly incorporated under the laws of the Federal Republic of Nigeria. Our platform, accessible at https://logistics.legallyng.com (the “Website”) and through the Legally Logistics mobile application (the “App”), provides technology-enabled logistics solutions, including but not limited to parcel pickup, storage, last-mile delivery, return logistics, and integration with external e-commerce platforms via our API.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data of all categories of individuals interacting with our services, including Users, Drivers, Riders, Parcel Shops, Depots, and other Service Providers (collectively, the “Data Subjects”).

We are committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner in compliance with the Nigeria Data Protection Act, 2023 (NDPA), subsidiary regulations issued by the Nigeria Data Protection Commission (NDPC), and other applicable data protection and consumer protection laws.

By accessing or using our Website, App, or related services, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy. This Policy forms an integral part of the contractual relationship between you and Legally Logistics and should be read together with our Terms and Conditions for Users and Terms and Conditions for Service Providers.

1. DEFINITIONS
1.1. For the purpose of this Privacy Policy, the following terms shall have the meanings set out below:
1.1.1. “App” means the Legally Logistics mobile application, through which Users, Drivers, Riders, Parcel Shops, Depots, and other Service Providers can access and use the logistics services offered by Legally Logistics.
1.1.2. “Controller” means the natural or legal person who determines the purposes and means of processing personal data. For the purposes of this Policy, Legally Logistics, operating under 247 Tech & Infrastructures Limited, acts as the Controller of personal data collected through the Website and App.
1.1.3. “Processor” means any natural or legal person who processes personal data on behalf of the Controller. This may include technology vendors, payment processors, parcel shops, depots, and other service providers engaged by us.
1.1.4. “Data Subject” means any identified or identifiable natural person whose personal data is collected, stored, or processed by Legally Logistics, including Users, Recipients, Drivers, Riders, Parcel Shops, Depots, and other Service Providers.
1.1.5. “Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to name, contact details, address, government-issued identification, payment details, geolocation data, or any other information that can reasonably identify an individual.
1.1.6. “Sensitive Personal Data” means data relating to a Data Subject’s race, ethnic origin, religious or philosophical beliefs, political opinions, health status, genetic data, biometric data, sexual orientation, or any other category designated as sensitive under the NDPA. For the purposes of this Policy, Sensitive Personal Data may include government-issued identification numbers, financial account details, and biometric identifiers where applicable.
1.1.7. “Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.
1.1.8. “Services” means the logistics and related services provided by Legally Logistics, including parcel delivery, storage, last-mile delivery, return logistics, integration with e-commerce platforms, and any other services described in the Terms and Conditions or communicated to Users and Service Providers from time to time.
1.1.9. “Website” means https://logistics.legallyng.com, the official online platform of Legally Logistics.
1.1.10. “You” / “Your” refers to any Data Subject, including Users, Recipients, Drivers, Riders, Parcel Shops, Depots, or Service Providers, who access, use, or interact with the Website, App, or Services.
1.1.11. “NDPA” refers to the Nigeria Data Protection Act, 2023, and any subsidiary regulations or guidelines issued by the Nigeria Data Protection Commission (NDPC).

2. SCOPE AND APPLICABILITY
2.1. This Privacy Policy applies to all personal data collected, received, stored, processed, or otherwise handled by Legally Logistics, whether through the Website, the App, or any other digital, physical, or customer support channel operated by us.
2.2. The Policy applies to all categories of Data Subjects, including but not limited to:
2.2.1. Users who create accounts, place orders, or otherwise access our Services;
2.2.2. Recipients of parcels or deliveries facilitated through our platform;
2.2.3. Drivers and Riders engaged in pickup, delivery, or transportation activities;
2.2.4. Parcel Shops and Depots serving as drop-off and collection points;
2.2.5. Service Providers and Partners, including payment processors, insurance providers, and technology vendors who act on our behalf; and
2.2.6. Any other individuals whose personal data is collected in connection with our Services.
2.3. This Privacy Policy is intended to complement and operate alongside our Terms and Conditions for Users and Terms and Conditions for Service Providers. In the event of any inconsistency between this Privacy Policy and such Terms, this Privacy Policy shall govern matters relating to the collection, use, disclosure, and protection of personal data.
2.4. This Policy does not apply to the practices of third parties who are not owned or controlled by Legally Logistics, including but not limited to external websites, mobile applications, or service providers that may be accessed via links or integrations on our platform. We encourage you to review the privacy policies of such third parties before providing them with personal data.
2.5. By accessing or using the Website, the App, or our Services, you agree to the application of this Privacy Policy to your personal data and acknowledge that Legally Logistics is the Controller of such data, except in circumstances where we act as a Processor on behalf of third-party e-commerce platforms integrated via our API.

3. CATEGORIES OF PERSONAL DATA COLLECTED
3.1. Legally Logistics collects personal data directly from you through the Website, the App, parcel shops, depots, customer support channels, and through integrations with partner systems. We may also collect personal data indirectly from third parties such as payment processors, e-commerce platforms using our API, or law enforcement authorities where legally required.
3.2. The data collected from users and recipients include:
3.2.1. Full name, phone number, email address, and residential or business address;
3.2.2. Parcel pickup and delivery addresses;
3.2.3. Geolocation data (when using the App for tracking);
3.2.4. Payment and billing information (including bank account or card details);
3.2.5. Identity verification details (such as government-issued IDs when required for high-value or regulated deliveries);
3.2.6. Communication preferences and marketing opt-in/opt-out choices;
3.2.7. Technical data such as device identifiers, IP address, browser type, and app usage logs.
3.3. The data collected from drivers and riders include:
3.3.1. Full name, date of birth, contact information, and residential address;
3.3.2. Government-issued identification, driver’s license, and vehicle registration details;
3.3.3. Bank account or payment settlement information;
3.3.4. Live geolocation and route tracking data while performing deliveries;
3.3.5. Background verification data (where applicable);
3.3.6. Records of delivery performance, ratings, and compliance with service obligations.
3.4. The data collected from parcel shops and depots include:
3.4.1. Business name, registration details, and physical address;
3.4.2. Name and contact information of authorized representatives;
3.4.3. Government-issued identification of owners or managers (where applicable);
3.4.4. Banking or settlement details for transactions;
3.4.5. Operational data relating to parcels received, stored, and dispatched;
3.4.6. Surveillance or CCTV footage (if integrated with our security systems).
3.5. The data collected from service providers and partners include:
3.5.1. Name, designation, and contact information of representatives;
3.5.2. Contractual and payment details;
3.5.3. System integration logs (in case of API partners);
3.5.4. Any personal data required for compliance with regulatory, fraud-prevention, or insurance purposes.
3.6. In limited cases, we may collect Sensitive Personal Data, including government-issued identification numbers, financial account details, or biometric information (if required for verification). Such data will only be processed under strict necessity, with appropriate safeguards, and in compliance with the NDPA.
3.7. When you interact with our Website or App, we may automatically collect:
3.7.1. Device and browser information;
3.7.2. IP addresses and approximate geolocation;
3.7.3. Usage patterns and interaction logs; and
3.7.4. Cookies, SDKs, and similar tracking technologies (as detailed in our Clause 4).

4. COOKIES AND TRACKING TECHNOLOGIES
4.1. Our Website and App use cookies and similar tracking technologies (such as SDKs, pixels, and beacons) to enhance user experience, enable essential functions, and collect information about your interactions with our Services.
4.2. We may use the following categories of cookies:
4.2.1. Strictly Necessary Cookies: Essential for the operation of the Website or App, such as enabling login, secure sessions, and parcel tracking.
4.2.2. Performance Cookies: Collect anonymous information on how users interact with the Website and App, allowing us to monitor system performance and improve reliability.
4.2.3. Analytics Cookies: Used to analyze usage patterns, measure traffic, and generate statistical reports (e.g., Google Analytics).
4.2.4. Advertising and Targeting Cookies: Track browsing behavior to deliver relevant advertisements, retarget users, and measure ad campaign performance.
4.3. Cookies may collect information such as:
4.3.1. Device identifiers, operating system, and browser type;
4.3.2. IP address and approximate geolocation;
4.3.3. Browsing behavior, search queries, and time spent on pages;
4.3.4. Interactions with in-app notifications, features, and advertisements.
4.4. Some cookies are placed by third parties, such as analytics providers and advertising networks. These third parties may collect data across different websites and applications to provide aggregated insights or deliver targeted advertising.
4.5. Upon your first visit to our Website or App, a cookie banner or in-app notice will inform you of our use of cookies. You will have the option to:
4.5.1. Accept all cookies;
4.5.2. Reject non-essential cookies; or
4.5.3. Manage preferences by enabling or disabling specific cookie categories.
4.6. Cookie data is retained for as long as necessary to fulfill the purposes described above. Session cookies expire once you close your browser, while persistent cookies may remain on your device for a limited period (generally not exceeding 24 months) unless you delete them earlier.
4.7. Cookie and tracking preferences may differ between the Website and the App due to technical implementation. Users will be able to manage their cookie settings separately on each platform.

5. PURPOSE OF PROCESSING AND LAWFUL BASES
5.1. We will only process personal data where such processing is lawful, necessary, and proportionate to the purposes for which it was collected. Under the Nigeria Data Protection Act, 2023 (NDPA), the primary lawful bases for our processing include: consent, performance of a contract, compliance with legal obligations, legitimate interests, and, in limited cases, protection of vital interests or public interest.
5.2. We process personal data for the following purposes:
5.2.1. Service Delivery and Performance of Contract
5.2.1.1. To register Users, Drivers, Riders, Parcel Shops, Depots, and Service Providers on the platform;
5.2.1.2. To facilitate parcel pickup, storage, transportation, and delivery;
5.2.1.3. To provide parcel tracking, real-time updates, and proof of delivery;
5.2.1.4. To manage payments, settlements, refunds, and billing;
5.2.1.5. Lawful basis and performance of a contract.
5.2.2. Identity Verification and Fraud Prevention
5.2.2.1. To verify the identity of Users, Drivers, and Service Providers using government-issued IDs or other credentials;
5.2.2.2. To prevent fraudulent activities, misrepresentation, or misuse of the platform;
5.2.2.3. Lawful basis and legal obligation and legitimate interests.
5.2.3. Customer Support and Dispute Resolution
5.2.3.1. To provide customer care through in-app support, call centers, or parcel shop staff;
5.2.3.2. To investigate and resolve complaints, claims, or disputes, including insurance claims for lost or damaged parcels;
5.2.3.3. Lawful basis and performance of a contract and legitimate interests.
5.2.4. Compliance with Legal and Regulatory Requirements
5.2.4.1. To comply with Nigerian tax laws, anti-money laundering regulations, and law enforcement requests;
5.2.4.2. To maintain records for audit, accountability, and regulatory reporting;
5.2.4.3. Lawful basis and legal obligation.
5.2.5. Service Improvement and Analytics
5.2.5.1. To analyze service usage patterns for system optimization;
5.2.5.2. To develop new features and improve platform performance;
5.2.5.3. To monitor logistics efficiency and reduce delivery times;
5.2.5.4. Lawful basis and legitimate interests and, where applicable, consent.
5.2.6. Marketing and Communications
5.2.6.1. To send service-related notifications, updates, and promotional offers via SMS, email, or app notifications;
5.2.6.2. To conduct targeted advertising and retargeting using cookies or third-party platforms;
5.2.6.3. Lawful basis and consent (for direct marketing) and legitimate interests (for service notifications).
5.2.7. Security and Safety
5.2.7.1. To monitor platform access for suspicious activities;
5.2.7.2. To protect the safety of Drivers, Riders, Users, and parcels;
5.2.7.3. To detect, investigate, and respond to security incidents or breaches;
5.2.7.4. Lawful basis and legitimate interests, legal obligation, and protection of vital interests.

6. DATA SHARING AND DISCLOSURE
6.1. We do not sell or rent personal data. Personal data will only be disclosed to third parties in accordance with the Nigeria Data Protection Act, 2023 (NDPA), and only where such disclosure is necessary, lawful, and subject to appropriate safeguards.
6.2. We may share personal data with the following categories of recipients strictly for the purposes of providing our Services:
6.2.1. Drivers and Riders: To enable parcel pickup, delivery, and recipient verification;
6.2.2. Parcel Shops and Depots: To facilitate drop-off, storage, and dispatch operations;
6.2.3. E-commerce Platforms and API Partners: To process logistics orders originating from third-party websites or applications;
6.2.4. Payment Processors and Financial Institutions: To process payments, settlements, refunds, and fraud checks;
6.2.5. Insurance Providers: To handle claims relating to loss or damage of parcels;
6.2.6. Technology Vendors: To provide hosting, mapping, analytics, communications, and security services.
6.3. We may disclose personal data when required to:
6.3.1. Comply with legal obligations under Nigerian law, including tax, anti-money laundering, and regulatory reporting;
6.3.2. Respond to lawful requests from government authorities, regulators, law enforcement, or courts;
6.3.3. Protect our rights, safety, property, or those of our Users, Drivers, Riders, and Service Providers.
6.4. In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the acquiring entity, provided that such entity agrees to be bound by this Privacy Policy or one that offers equivalent protection.
6.5. Where personal data is shared with third-party service providers, we ensure that such providers act as Processors under written contracts that impose confidentiality, security, and compliance obligations consistent with the NDPA.
6.6. We may share anonymized or aggregated data that does not directly identify individuals with research partners, advertisers, or the public for statistical analysis, service improvement, or marketing purposes. Such data falls outside the scope of “Personal Data” under the NDPA.

7. DATA RETENTION AND DELETION
7.1. We will only retain personal data for as long as is reasonably necessary to fulfill the purposes for which it was collected, including for the purposes of providing our Services, meeting legal, regulatory, tax, accounting, or reporting obligations, and resolving disputes.
7.2. Unless a longer retention period is required or permitted by law, we apply the following retention schedules:
7.2.1. User, Recipient, Driver, and Rider Accounts: Retained for the duration of the contractual relationship and up to five (5) years after account closure to address legal or regulatory obligations.
7.2.2. Transaction and Delivery Records: Retained for seven (7) years from the date of transaction, in line with Nigerian tax and financial reporting requirements.
7.2.3. Government-Issued IDs and Verification Records: Retained for two (2) years after the last use, unless otherwise required by law enforcement or anti-fraud regulations.
7.2.4. Payment and Settlement Data: Retained for seven (7) years to comply with financial and anti-money laundering obligations.
7.2.5. Cookies and Tracking Data: Retained in accordance with Clause 4, typically for no longer than 24 months unless earlier deletion is requested.
7.3. Once the applicable retention period has expired, personal data will either be securely deleted, destroyed, or anonymized so that it can no longer be linked to an identifiable individual.
7.4. Data Subjects may request the deletion of their personal data at any time through the in-app privacy settings or by contacting our support team. Upon receipt of a verified request, we will delete or anonymize personal data within thirty (30) days, unless retention is necessary for compliance with legal obligations, fraud prevention, or dispute resolution.
7.5. Please note that residual copies of personal data may remain in system backups or archival storage for a limited period before being overwritten or purged in accordance with our data retention policy. Such data will not be actively processed during this period.

8. DATA SECURITY MEASURES
8.1. We implement appropriate technical, organizational, and physical measures to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction, in accordance with the Nigeria Data Protection Act, 2023 (NDPA) and recognized international standards.
8.2. Our technical safeguards include, but are not limited to:
8.2.1. Encryption: Personal data is encrypted in transit (using TLS/SSL protocols) and at rest where applicable.
8.2.2. Access Controls: Personal data is accessible only to authorized personnel based on role-based access permissions.
8.2.3. Firewalls and Intrusion Detection: We deploy advanced firewall protections and monitoring tools to detect and block unauthorized access.
8.2.4. Secure Authentication: Multi-factor authentication and strong password policies are enforced for accounts with administrative or sensitive privileges.
8.2.5. Data Minimization: Only data strictly necessary for service delivery is processed, reducing exposure risks.
8.3. We apply organizational measures such as:
8.3.1. Regular staff training on data protection, cybersecurity, and confidentiality;
8.3.2. Clear internal policies governing data handling and incident response;
8.3.3. Non-disclosure and confidentiality obligations for employees and contractors;
8.3.4. Periodic risk assessments and compliance audits to ensure adherence to NDPA principles.
8.4. Where data is processed in physical environments (e.g., depots, parcel shops, or offices), we adopt measures including CCTV monitoring, restricted access zones, secure storage of physical documents, and controlled entry systems.
8.5. In the event of a data breach or security incident that compromises personal data, we will:
8.5.1. Promptly investigate and mitigate the breach;
8.5.2. Notify affected Data Subjects without undue delay, where required;
8.5.3. Report the breach to the Nigeria Data Protection Commission (NDPC) within the timelines mandated by the NDPA.
8.6. While we take all reasonable steps to safeguard your data, Users and Service Providers are also responsible for maintaining the security of their accounts by safeguarding login credentials, updating passwords regularly, and avoiding unauthorized disclosure of access details.

9. DATA SUBJECT RIGHTS
9.1. As a Data Subject, you have specific rights under the Nigeria Data Protection Act, 2023 (NDPA). We respect and facilitate the exercise of these rights in a transparent, accessible, and timely manner.
9.2. Subject to applicable law, you have the following rights:
9.2.1. Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of such data.
9.2.2. Right to Rectification: You may request correction or update of inaccurate, incomplete, or outdated personal data.
9.2.3. Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data where it is no longer necessary for the purposes collected, where consent has been withdrawn, or where processing is unlawful.
9.2.4. Right to Restriction of Processing: You may request that we temporarily suspend the processing of your personal data under certain circumstances (e.g., contesting accuracy, pending legal claims).
9.2.5. Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format, and request that we transmit such data to another Controller, where technically feasible.
9.2.6. Right to Object: You may object to the processing of your personal data based on legitimate interests, or to direct marketing, including profiling for marketing purposes.
9.2.7. Right to Withdraw Consent: Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of prior processing.
9.2.8. Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, where such decision significantly affects you, unless necessary for contract performance or permitted by law.
9.3. You may exercise any of your rights by:
9.3.1. Accessing the privacy settings available in the App; or
9.3.2. Contacting our support team at the details provided in Clause 13 of this Privacy Policy.
9.4. We will acknowledge all verified requests within seven (7) business days and provide a substantive response within thirty (30) days, unless an extension is required by law due to complexity or volume of requests.
9.5. To protect your data from unauthorized access, we may require you to verify your identity before processing any rights request.
9.6. Certain rights may be restricted where necessary to comply with legal obligations, protect the rights of others, or for the establishment, exercise, or defense of legal claims.

10. CHILDREN’S DATA
10.1. Our Services are not intended for children under the age of 13. We do not knowingly collect personal data from children below this age. If we become aware that personal data has been collected from a child under 13 without verifiable parental consent, we will promptly delete such data.
10.2. Where a Data Subject is between the ages of 13 and 18, we may collect and process personal data only with the knowledge and verifiable consent of a parent or legal guardian. Such consent will be required at the point of registration or service use.
10.3. Parents and legal guardians have the right to review, correct, or request deletion of their child’s personal data at any time. They may also withdraw consent for further processing, in which case the child’s account and related services may be suspended or terminated.
10.4. Where personal data of minors is processed (e.g., delivery information when the recipient is under 18), we will apply heightened security measures to protect such data from unauthorized use or disclosure.
10.5. We will cooperate with regulators, child protection authorities, and educational institutions where required, to ensure that the processing of children’s personal data is in strict compliance with the NDPA and other applicable Nigerian laws.

11. DIRECT MARKETING AND COMMUNICATIONS
11.1. We may use your personal data to send you service-related communications, such as booking confirmations, parcel tracking updates, security alerts, changes to our Terms or Privacy Policy, and other essential notifications. These communications are necessary for the performance of our contract with you and cannot generally be opted out of.
11.2. With your prior consent, we may send you promotional messages, offers, and updates about our Services via SMS, email, push notifications, or in-app messages. Marketing communications may include special offers, new features, discounts, or updates about partnerships with third parties.
11.3. We may use cookies, SDKs, and third-party tools to deliver targeted advertisements and retargeting campaigns. This may include personalized ads based on your browsing history, service usage, and interaction with our Website or App.
11.4. You have the right to opt out of receiving marketing communications at any time by:
11.4.1. Clicking the “unsubscribe” link in promotional emails;
11.4.2. Adjusting your in-app notification preferences; or
11.4.3. Contacting our support team through the details provided in Clause 13.
11.5. We do not sell, rent, or otherwise share your personal data with third parties for their independent marketing purposes. Any marketing conducted on behalf of third-party partners will be carried out under our direct control and in compliance with the NDPA.
11.6. Withdrawal of consent to marketing communications will not affect your ability to continue using our Services, except that you will no longer receive promotional updates and offers.

12. AUTOMATED DECISION MAKING AND PROFILING
12.1. We may use automated tools, algorithms, and decision-making systems to improve the efficiency and reliability of our Services. Such processing may include:
12.1.1. Delivery Routing and Assignment: Automatically assigning parcels to Drivers or Riders based on proximity, capacity, or historical performance.
12.1.2. Fraud Detection: Automatically flagging suspicious transactions, accounts, or unusual delivery patterns for further review.
12.1.3. Service Optimization: Analyzing service usage data to recommend parcel shops, preferred delivery slots, or cost-efficient options.
12.2. We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you (such as denial of service or account suspension) without human intervention.
12.3. Where automated processing is applied, we implement the following safeguards:
12.3.1. Transparency: Informing Data Subjects when automated systems are in use;
12.3.2. Right to Human Review: Allowing you to request human intervention in any decision that significantly affects your rights;
12.3.3. Error Correction: Ensuring that automated decisions can be corrected or reversed where errors are identified.
12.4. We may use limited profiling to segment Users for marketing campaigns (e.g., frequent senders, business users, or high-volume parcel shops). Such profiling will only be conducted with your prior consent and will not involve Sensitive Personal Data unless strictly necessary and lawfully permitted.
12.5. Before implementing new automated decision-making or profiling systems, we will conduct a DPIA in line with NDPA requirements to evaluate risks and apply mitigation measures.

13. CONTACT
13.1. If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, you may contact us through the following channels:
Support Team – Legally Logistics
Email: support@legallyng.com
Website: https://logistics.legallyng.com
In-App: Use the “Help” or “Support” section available within the App.
13.2. We will acknowledge your query within seven (7) business days and provide a substantive response within thirty (30) days, unless a longer timeframe is permitted under applicable law.

14. CHANGES TO THIS PRIVACY POLICY
14.1. We may amend or update this Privacy Policy from time to time in order to reflect changes in our Services, business operations, legal obligations, or regulatory requirements.
14.2. Where material changes are made, we will notify you by:
14.2.1. Posting the updated version on our Website and App;
14.2.2. Sending in-app notifications or service emails where appropriate; or
14.2.3. Updating the “last updated” date at the top of this Policy.
14.3. By continuing to use our Website, App, or Services after changes to this Privacy Policy have been posted, you acknowledge and agree to the revised terms. If you do not agree to the updated Policy, you must discontinue use of the Services and request deletion of your personal data in accordance with Clause 7.