NDPA Data Protection Notice

Issued under the Nigeria Data Protection Act 2023 · Last updated: May 12, 2026

1. About This Notice

LuxyRide ("we", "our", or "us") is committed to protecting the personal data of our riders, driver-partners, employees, and visitors. This Data Protection Notice is issued in accordance with the Nigeria Data Protection Act 2023 ("NDPA") and the regulations and directives issued by the Nigeria Data Protection Commission ("NDPC"). It supplements our Privacy Policy and explains, in NDPA terms, how we lawfully process your personal data.

2. Data Controller

LuxyRide is the data controller responsible for the personal data processed through the Service. Our contact details for data protection matters are provided at the end of this Notice.

NDPC Registration: Our registration with the Nigeria Data Protection Commission as a Data Controller of Major Importance is currently in progress. This Notice will be updated with our registration number once issued.

3. Personal Data We Process

Depending on whether you use the Service as a rider, driver-partner, or visitor, we may process the following categories of personal data:

  • Identity data: name, date of birth, profile photo, government-issued identification (for driver-partners)
  • Contact data: phone number, email address, residential address
  • Driver-partner data: driver's licence, vehicle particulars, insurance documents, background-check results
  • Location data: real-time GPS location while using the app
  • Transactional data: trip history, fares, payments, payouts
  • Financial data: bank account or payment-card details processed by licensed payment service providers
  • Device and technical data: IP address, device identifiers, operating system, app version, log data
  • Communications data: in-app messages, support tickets, call recordings where applicable

4. Lawful Basis for Processing

Under Section 25 of the NDPA, we only process personal data where one of the following lawful bases applies:

  • Consent: where you have given clear, freely given, specific, and informed consent (e.g., marketing communications)
  • Performance of a contract: to deliver the Service you have requested, including connecting riders and driver-partners, processing payments, and providing support
  • Legal obligation: to comply with applicable law, including tax, anti-money-laundering, and transport regulations
  • Vital interests: to protect the safety of a rider, driver-partner, or any other person
  • Public interest: to cooperate with lawful requests from regulators, law enforcement, or courts
  • Legitimate interests: to operate, secure, and improve the Service, prevent fraud, and protect our platform, provided your rights and freedoms are not overridden

5. Purposes of Processing

We process your personal data for the following purposes:

  • To create and manage your rider or driver-partner account
  • To match riders with available driver-partners and facilitate trips
  • To calculate fares, process payments, and remit payouts
  • To verify driver-partner identity, eligibility, and vehicle compliance
  • To provide customer support and respond to enquiries
  • To send service-related notifications and, with consent, marketing
  • To monitor safety, investigate incidents, and prevent fraud or abuse
  • To comply with legal, regulatory, and tax obligations
  • To analyse and improve the Service

6. Disclosures and Recipients

We share personal data only as necessary and with appropriate safeguards. Recipients may include:

  • Riders and driver-partners involved in the same trip, limited to the information needed to complete it
  • Payment service providers licensed by the Central Bank of Nigeria
  • Identity-verification and background-check providers for driver-partner onboarding
  • Cloud hosting, mapping, and analytics providers acting as data processors on our behalf
  • Insurance providers, regulators, courts, and law-enforcement agencies where permitted or required by law
  • Professional advisers such as auditors, lawyers, and accountants

We do not sell your personal data.

7. Cross-Border Transfers

Where personal data is transferred outside Nigeria, we ensure that the transfer complies with Sections 41 to 43 of the NDPA. Transfers are made only to jurisdictions that provide an adequate level of protection, or under appropriate safeguards such as standard contractual clauses, binding corporate rules, or with your explicit consent.

8. Your Rights as a Data Subject

Under Sections 34 to 40 of the NDPA, you have the following rights, which you may exercise free of charge by contacting our Data Protection Officer:

  • Right to be informed about how your data is processed
  • Right of access to a copy of the personal data we hold about you
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") where the legal grounds in the NDPA apply
  • Right to restrict processing in certain circumstances
  • Right to data portability in a structured, commonly used, machine-readable format
  • Right to object to processing based on legitimate interests or direct marketing
  • Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing
  • Right to lodge a complaint with the Nigeria Data Protection Commission

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Trip and payment records are generally retained for the period mandated by tax and financial-services regulations. When personal data is no longer required, we securely delete or anonymise it.

10. Security Measures

We implement appropriate technical and organisational measures to safeguard personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls, logging and monitoring, regular security reviews, and staff training. No system is completely secure, but we work to maintain a high standard of protection.

11. Personal Data Breach

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission within 72 hours of becoming aware of the breach and, where required, notify affected data subjects without undue delay, in accordance with Section 40 of the NDPA.

12. Children

The Service is not directed to children under the age of 18. We do not knowingly process the personal data of children. If we become aware that we have processed a child's data without verified parental consent, we will delete it promptly.

13. Automated Decision-Making

We may use automated processing for fraud detection, fare estimation, driver-rider matching, and quality assurance. Where such processing produces legal or similarly significant effects on you, we will inform you of the logic involved and provide a meaningful opportunity for human review on request.

14. Changes to This Notice

We may update this Notice to reflect changes in our practices or in applicable law. The latest version will always be available at this URL, with the "Last updated" date amended accordingly.

15. Contact and Complaints

To exercise your rights or raise a data protection concern, contact our Data Protection Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission at ndpc.gov.ng.

About LuxyRide

LuxyRide is Nigeria's first luxury ride-hailing service. Premium vehicles, vetted professional drivers, and a seamless booking experience.

Where We Operate

  • Lagos
  • Abuja
  • Port Harcourt

Contact us

  • Location IconAbuja, Nigeria
  • Phone Icon07044679812, 08039507754
  • Email Iconinfo@myluxyride.com
  • Website Iconwww.myluxyride.com

Copyright © 2025 LuxyRide. All rights reserved.