Quick help

• Email (Support): [email protected]
• Data Protection Officer (DPO): [email protected] · Tel/WhatsApp: +234 8123456789
• Data Subject Requests (DSR): Email [email protected] with subject “DSR – [Right]” and a valid ID.
• Regulator: Nigeria Data Protection Commission (NDPC)

1) Who we are

StudentJara (“we”, “us”, “our”) is a student verification and discount platform in Nigeria that helps eligible students access exclusive offers. This policy explains how we collect, use, disclose, and protect personal data when you use our websites, apps, and related services (“Services”).

2) Scope

This policy applies to students, parents/guardians, merchants/brands, educational institutions, and other users in Nigeria, and to Nigerian residents who access our Services from abroad.

3) Controller & contacts

Data Controller & DPO: StudentJara: [email protected], Tel: +234 8123456789.

4) What we collect

• Identity data (name, gender, date of birth, photo if provided, NIN, Student Identification Number, StudentJara ID.)
• Contact data (email, phone number, address).
• Education/verification data (institution, enrolment status, matric/JAMB number, programme, graduation year).
• Account & usage data (login history, device identifiers, settings, actions on the app/website).
• Merchant & offer interactions (redeemed offers, timestamps, location metadata if you enable it).
• Support & communications (messages, call recordings where permitted, feedback).
• Cookies and similar technologies (see “Cookies & tracking”).

5) How we obtain data

• Directly from you when you register, verify, or contact support.
• From your institution or authorised databases (e.g., JAMB, NIMC) where legally permitted and with appropriate safeguards/consent.
• Automatically from your device and browser (analytics, crash logs, basic telemetry).
• From merchants where you redeem offers (transaction metadata, not your payment card details unless we state otherwise).

6) Purposes & lawful bases (NDPA 2023)

• Verify student status & provide discounts – performance of a contract; consent.
• Operate, secure & improve Services – legitimate interests; legal obligation (security, fraud prevention).
• Customer support & communications – legitimate interests; contract; consent for marketing.
• Compliance & record keeping – legal obligation.
• Analytics & service quality – legitimate interests; consent where required (e.g., cookies).

7) Children and teens

Under the Nigeria Data Protection Act 2023 (NDPA), a child is anyone under 18. Where required, we will obtain verifiable consent from a parent or legal guardian before processing a child’s personal data and apply enhanced safeguards appropriate to the risks involved.

8) Marketing

We may send you platform updates and offers. You can opt out at any time via the email footer or in-app settings. Transactional and service messages will still be sent when necessary.

9) Sharing your data

• With verification partners (e.g., your institution/JAMB) strictly to confirm enrolment.
• With service providers under written Data Processing Agreements (hosting, analytics, communications, fraud prevention).
• With merchants to validate eligibility/redemption, limited to what is necessary.
• With authorities or third parties where required by law or to protect rights, safety, or the integrity of our Services.
• With your consent or at your direction.

10) International transfers

If we transfer personal data outside Nigeria, we will ensure appropriate safeguards consistent with the NDPA (e.g., contractual clauses, codes of conduct, certification mechanisms, or other lawful bases) and keep a record of the legal basis and adequacy of protection.

11) Security

We use organizational and technical measures designed to protect personal data, including access controls, encryption in transit and at rest (where appropriate), logging/monitoring, and staff training. No system is perfectly secure; we maintain incident response procedures and vendor due‑diligence.

12) Data retention

We keep personal data only as long as necessary for the purposes stated or as required by law. When it is no longer needed, we will delete or anonymize it according to our retention schedule. You may ask us for specific retention periods for your data categories.

13) Your rights

Subject to Nigerian law, you can request: access, rectification, erasure, restriction, objection to processing (including direct marketing), and portability of data you provided to us where processing is based on consent or contract. We will respond within one month (30 days) or provide reasons for any permitted extension.

How to make a Data Subject Request (DSR)

1. Send an email to [email protected] with subject “DSR – [Right]”.
2. Describe your request and include a valid ID (or proof of authority for a child or another person).
3. We’ll acknowledge receipt and respond within 30 days, unless an extension is permitted by law.

14) Breach notification

Where a personal data breach is likely to result in a risk to rights and freedoms, we will notify the NDPC within 72 hours of becoming aware, and affected individuals without undue delay where required.

15) Cookies & tracking

We use essential cookies to operate the Service and, with your consent, analytics/advertising cookies to understand usage and improve offers. You can manage preferences in our cookie banner or your browser settings.

16) Third‑party links & merchants

Our Services may link to third‑party sites or offers. Their privacy practices are governed by their own policies. Please review them before sharing data.

17) Changes to this policy

We will post updates on this page and revise the “Effective date”. If changes materially affect your rights, we will provide additional notice (e.g., email or in‑app).

18) Contact & complaints

Questions or concerns? Contact our DPO at [email protected] . If you are not satisfied with our response, you may complain to the Nigeria Data Protection Commission.

This policy is tailored for compliance with the Nigeria Data Protection Act 2023 and related guidance.