NDPR Compliance Statement
Eventcape Commitment to Data Protection Standards in Nigeria
Last updated: June 29, 2026
Our commitment
Eventcape Technologies Limited is committed to protecting the personal data of all users of the Eventcape platform in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023, and all subsidiary legislation and guidelines issued by the Nigeria Data Protection Commission (NDPC).
Data controller
Eventcape Technologies Limited is the data controller for personal data collected through the Platform. Our Data Protection Officer can be reached at hello@eventcape.com.
Lawful basis for processing
We process personal data under the following lawful bases as defined by the NDPR:
Consent — for marketing communications and optional data collection. Consent is freely given, specific, informed, and unambiguous. Users may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Contract — for data processing necessary to provide the Platform's services, including account management, event coordination, contract generation, and payment facilitation.
Legal obligation — for identity verification (KYC/AML compliance), financial record retention, and regulatory reporting.
Legitimate interest — for Platform security, fraud detection, service improvement, and dispute resolution. We conduct legitimate interest assessments and document them. User rights override our legitimate interests where applicable.
Data protection impact assessment
We conduct Data Protection Impact Assessments (DPIAs) for any processing activity that presents a high risk to individuals' rights and freedoms, including: new features involving identity data, changes to payment processing workflows, and integration with new third-party data processors.
Third-party processors
All third-party processors engaged by Eventcape have executed data processing agreements that comply with NDPR requirements. Our key processors are:
- Paystack — payment processing (CBN-licensed)
- Dojah — identity verification (BVN/KYC)
- Standard cloud infrastructure providers
- Standard transactional email providers
Each processor is contractually bound to process data only on our instructions, implement appropriate technical and organisational security measures, and notify us of any data breach within 72 hours.
Data breach procedure
In the event of a personal data breach, Eventcape will:
1. Assess the breach within 24 hours of discovery
2. Notify the NDPC within 72 hours if the breach poses a risk to individuals
3. Notify affected users without undue delay if the breach is likely to result in high risk to their rights and freedoms
4. Document the breach, its effects, and remedial actions taken
5. Conduct a post-breach review and implement measures to prevent recurrence
Cross-border transfers
Where personal data is transferred outside Nigeria, we ensure that adequate safeguards are in place in compliance with the NDPR, including: the recipient country having adequate data protection laws, or the transfer being covered by appropriate contractual clauses approved by the NDPC.
Annual audit
Eventcape will conduct an annual data protection audit as required by the NDPR and file an annual compliance report with the NDPC. The audit will be conducted by a licensed Data Protection Compliance Organisation (DPCO).
Complaints
If you believe your data protection rights have been violated, you may: contact our Data Protection Officer at hello@eventcape.com, or lodge a complaint with the Nigeria Data Protection Commission (NDPC).