NDPR Compliance
Nigeria Data Protection Regulation · Last updated: April 2026
1. Overview
Fixit Hub Limited (“Fixit Hub”) is committed to complying with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR), and all subsidiary regulations issued by the Nigeria Data Protection Commission (NDPC).
This page outlines how Fixit Hub implements data protection principles, safeguards your personal information, and upholds your rights as a data subject under Nigerian law.
2. Legal Basis for Processing
We process personal data based on one or more of the following lawful bases as defined by the NDPA:
- Consent — You have given clear consent for us to process your personal data for a specific purpose.
- Contract — Processing is necessary for the performance of a contract with you (e.g., providing maintenance services).
- Legal Obligation — Processing is necessary to comply with Nigerian law.
- Legitimate Interest — Processing is necessary for our legitimate business interests, provided your rights are not overridden.
- Vital Interest — Processing is necessary to protect someone's life.
3. Data Protection Principles
In accordance with the NDPA, Fixit Hub adheres to the following principles when processing personal data:
Lawfulness, Fairness & Transparency
Data is processed lawfully, fairly, and in a transparent manner.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes only.
Data Minimisation
Only data that is necessary and adequate for the intended purpose is collected.
Accuracy
Personal data is kept accurate and up to date.
Storage Limitation
Data is not kept longer than necessary for the processing purpose.
Integrity & Confidentiality
Appropriate security measures protect data against unauthorised processing, loss, or damage.
4. Your Rights as a Data Subject
Under the NDPA and NDPR, you have the following rights regarding your personal data:
Right to Access
You may request a copy of the personal data we hold about you.
Right to Rectification
You may request correction of inaccurate or incomplete personal data.
Right to Erasure
You may request deletion of your personal data, subject to legal retention requirements.
Right to Restrict Processing
You may request that we limit the processing of your data in certain circumstances.
Right to Data Portability
You may request to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object
You may object to the processing of your personal data for direct marketing or other purposes.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time.
To exercise any of these rights, please contact our Data Protection Officer at fixithubng@gmail.com. We will respond to your request within 30 days.
5. Technical and Organisational Measures
Fixit Hub implements the following measures to protect personal data:
Data Encryption
All personal data is encrypted in transit (TLS/SSL) and at rest using industry-standard encryption protocols.
Access Controls
Strict role-based access controls ensure only authorised personnel can access personal data, on a need-to-know basis.
Regular Audits
Annual data protection audits are conducted by licensed Data Protection Compliance Organisations (DPCOs) as required by the NDPA.
Data Minimisation
We only collect personal data that is necessary and adequate for the purposes for which it is processed.
Incident Response
We maintain a data breach response plan and will notify the NDPC and affected data subjects within 72 hours of becoming aware of a qualifying breach.
Staff Training
All employees handling personal data undergo regular data protection training in line with NDPA requirements.
6. Data Protection Officer
In compliance with the NDPA, Fixit Hub has appointed a Data Protection Officer (DPO) responsible for overseeing data protection strategy, implementation, and ensuring ongoing compliance. The DPO is knowledgeable on data privacy principles and is familiar with the provisions of the NDPA and all related regulations.
7. Data Protection Impact Assessment
Fixit Hub conducts Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to the rights and freedoms of data subjects. This includes large-scale processing of personal data, automated decision-making, and processing of sensitive categories of data.
8. Annual Data Protection Audit
Fixit Hub conducts an annual data protection audit through a licensed Data Protection Compliance Organisation (DPCO) to verify compliance with the NDPA and other applicable data protection laws. The audit report is certified and filed by the DPCO to the Nigeria Data Protection Commission (NDPC) as required.
9. Cross-Border Data Transfer
Where personal data is transferred outside Nigeria (for example, to cloud hosting providers), Fixit Hub ensures that adequate data protection safeguards are in place. This includes ensuring that the recipient country provides an adequate level of data protection or that appropriate contractual clauses are in place, in compliance with the NDPA requirements for cross-border data transfers.
10. Data Breach Notification
In the event of a personal data breach that is likely to result in risk to the rights and freedoms of data subjects, Fixit Hub will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach. Where the breach is likely to result in high risk, affected data subjects will also be notified without undue delay.
11. Filing a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC). You may also contact Fixit Hub directly, and we will investigate and work to resolve your complaint within 30 days.
12. Contact
For data protection inquiries, to exercise your rights, or to file a complaint, contact our Data Protection Officer at fixithubng@gmail.com.
Fixit Hub Limited · 36 Grace Anjous Drive, Off Adebayo Doherty Street, Lekki Phase 1, Lagos, Nigeria.