About This Policy

This Privacy Policy describes how The Tech Forge Ltd ("TechForge", "we", "us", or "our") collects, uses, stores, and protects personal data when you visit our website at thetechforge.dev, use our services, attend our events, or otherwise interact with us.

This Policy is issued in compliance with:

• The Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR)
• The Nigeria Data Protection Commission (NDPC) guidelines
• The EU General Data Protection Regulation (GDPR) — where we process data of persons located in the European Economic Area
• The NITDA Framework for Artificial Intelligence in Nigeria — where applicable to our AI-related services

By using our website or services, you acknowledge you have read and understood this Policy. If you do not agree, please discontinue use of our services.

Who We Are (Data Controller)

The data controller responsible for your personal data is:

For data protection enquiries, contact our designated Data Protection Officer (DPO) at: privacy@thetechforge.dev

Data We Collect

We collect personal data in the following categories depending on how you interact with us:

3.1 Data You Provide Directly

• Identity data: Full name, job title, organisation name
• Contact data: Email address, phone number, physical address
• Account data: Username and password (hashed), profile information
• Communications: Messages sent via contact forms, emails, or support requests
• Event registration data: Conference registration details, dietary or accessibility preferences
• Payment data: Billing details (processed by our third-party payment processors — we do not store full card details)
• Employment data: CV/résumé data submitted for job applications

3.2 Data Collected Automatically

• Technical data: IP address, browser type, device type, operating system
• Usage data: Pages visited, links clicked, time spent on pages, referring URLs
• Cookie data: Session identifiers and preference data (see Section 10)

3.3 Data from Third Parties

• Publicly available professional information (e.g. LinkedIn) where relevant to a business relationship
• Referral data from partners or event co-organisers

How We Use Your Data

Purpose	Data Used	Legal Basis
Provide and manage our services	Identity, contact, account data	Contract performance
Process payments	Payment and billing data	Contract performance
Respond to enquiries and support requests	Identity, contact, communications	Legitimate interest / Contract
Send service notifications and updates	Contact data	Contract performance
Send marketing communications	Contact, usage data	Consent (opt-in)
Manage event registrations	Identity, contact, event data	Contract performance
Process job applications	Identity, employment data	Consent / Pre-contractual steps
Improve our website and services	Technical, usage, cookie data	Legitimate interest
Comply with legal obligations	As required by law	Legal obligation
Prevent fraud and ensure security	Technical, identity data	Legitimate interest / Legal obligation

Legal Basis for Processing

Under the NDPA 2023 and GDPR, we process your personal data only where we have a valid lawful basis. The bases we rely on are:

• Consent (NDPA s.25 / GDPR Art.6(1)(a)): Where you have freely given, specific, informed and unambiguous consent — for example, subscribing to our newsletter. You may withdraw consent at any time.
• Contract (NDPA s.25 / GDPR Art.6(1)(b)): Where processing is necessary to fulfil a contract with you or to take steps at your request before entering a contract.
• Legal Obligation (NDPA s.25 / GDPR Art.6(1)(c)): Where we must comply with Nigerian law, including tax, corporate, and regulatory obligations.
• Legitimate Interests (NDPA s.25 / GDPR Art.6(1)(f)): Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests — such as improving our services, preventing fraud, and managing our business relationships.

Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

6.1 Service Providers (Data Processors)

We engage trusted third-party processors who act under our instruction and are bound by data processing agreements:

• Hosting & Infrastructure: Namecheap (web hosting)
• Email Services: Zoho Mail, Resend
• Payment Processing: Third-party PCI-DSS compliant payment gateways
• Analytics: Web analytics providers (anonymised data only)
• Communication Tools: Collaboration and CRM platforms used internally

6.2 Legal & Regulatory Disclosure

We may disclose your data where required by law, court order, or regulation, including to the Nigeria Data Protection Commission (NDPC), law enforcement agencies, or regulatory bodies.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your data with third parties where you have given explicit consent, such as event co-sponsors or partner organisations at TechForge Conference.

International Data Transfers

TechForge is headquartered in Nigeria. Some of our service providers may process your data outside Nigeria. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the NDPC or European Commission
• Transfer only to countries with adequate data protection laws
• Binding corporate rules or other approved transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

Data Category	Retention Period
Account & service data	Duration of account + 2 years after closure
Transaction & payment records	7 years (Nigerian tax law requirement)
Marketing consent records	Until consent is withdrawn + 1 year
Event registration data	2 years post-event
Job application data (unsuccessful)	6 months unless you consent to longer
Website analytics data	26 months (anonymised thereafter)
Security logs	12 months

After the applicable retention period, data is securely deleted or anonymised.

Your Rights

Under the NDPA 2023 and, where applicable, the GDPR, you have the following rights regarding your personal data:

• Right of Access (NDPA s.34): Request a copy of the personal data we hold about you.
• Right to Rectification (NDPA s.35): Request correction of inaccurate or incomplete data.
• Right to Erasure (NDPA s.36): Request deletion of your data where there is no compelling reason for its continued processing.
• Right to Restrict Processing (NDPA s.37): Request that we limit the processing of your data in certain circumstances.
• Right to Data Portability (NDPA s.38): Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (NDPA s.39): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
• Right Not to Be Subject to Automated Decisions: Not be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, submit a written request to: privacy@thetechforge.dev

We will respond within 30 days of receiving your request (extendable to 60 days for complex requests, with notice). We may need to verify your identity before processing your request. There is no fee for making a request unless requests are manifestly unfounded or excessive.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse site usage.

Types of Cookies We Use

Cookie Type	Purpose	Basis
Strictly Necessary	Essential for the website to function (e.g. session management)	Legitimate interest
Analytics	Understanding how visitors use our site (anonymised)	Consent
Preference	Remembering your settings and preferences	Consent
Marketing	Tracking effectiveness of our communications	Consent

You may manage or withdraw cookie consent at any time through your browser settings. Note that disabling certain cookies may affect website functionality.

Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@thetechforge.dev and we will promptly delete such data.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication requirements
• Regular security assessments and vulnerability testing
• Staff training on data protection obligations
• Incident response procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware, and affected individuals without undue delay, in accordance with NDPA 2023 requirements.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify registered users by email (for significant changes)
• Post a prominent notice on our website

We encourage you to review this Policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated Policy.

Contact Us & How to Complain

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

How to Lodge a Complaint

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

If you are located in the EU/EEA, you may also contact your local Data Protection Authority (DPA).