What are you Looking for?
SHOPPING CART

Free shipping on all orders above ₦40000

You are only ₦5000 away from qualifying for free shipping.

Congratulations! You now qualify for free shipping!

No Products in the Cart
TOTAL:
₦0
VIEW CART
img

title

  • details
qty X
price

Privacy Policy

INTRODUCTION 

At Godrej Nigeria Limited, we believe strongly in fundamental privacy rights as embedded in Section 37 of the 1999 Constitution (as amended) (the Constitution). That is why we treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by us as “personal data”. This means that data that directly identifies you, such as your name is personal data, and data that does not directly identify you, but that can reasonably be used to identify you, such as the serial number of your device is personal data.  

This Privacy Policy covers how Godrej Nigeria or its affiliates handles personal data whether you interact with us on our websites (https://thedivashop.ng/), through our App (The Diva Shop) or in person. This Privacy Policy is in accordance with the Nigerian Data Protection Act 2023 (NDPA), regulations, guidelines and directives made pursuant to the NDPA (“Applicable Laws”) and is binding on all data subjects whose Personal Data we process.  

Where required under the Nigeria Data Protection Act, 2023 (NDPA), we rely on your consent to process your Personal Data. In other circumstances, we rely on alternative lawful bases permitted under the NDPA, such as contractual necessity, legal obligation, or legitimate interest. You have the right to withdraw your consent at any time if we do not have another lawful basis to keep processing your Personal Data.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and we may provide you with additional notice (such as by adding a statement to the homepages of our website or by sending you an email notification. 

We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy.  

1. LAWFUL BASIS FOR PROCESSING YOUR INFORMATION 

We process Personal Data only where one or more lawful bases under Section 25 of the NDPA applies, including consent (where appropriate), contractual necessity, legal obligation, protection of vital interests, performance of a task carried out in the public interest, or legitimate interests that do not override your rights and freedoms.

All Personal Data that we collect, and process is justified by at least one of the lawful processing that:

  • You have given consent to the processing.
  • Processing is necessary for the performance of a contract to which you are a party or to take steps to enter a contract.
  • Processing is necessary for compliance with legal and regulatory obligations to which we are subject.
  • Processing is necessary to protect your vital interests or another natural person; and
  • Processing is necessary for the performance of a task carried out in the public interest.
  • Processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and freedoms, are not compatible with any of the above lawful bases, or beyond your reasonable processing expectations.

2. TYPES OF PERSONAL DATA WE PROCESS

We may collect and process the following categories of Personal Data, depending on your interaction with us and subject to data minimization principles under the NDPA:

  • Information that you provide to us, for example, when you fill out a contact or web form, or if you register to receive alerts or updates.
  • When you provide your Personal Data while signing up for a service or purchasing a product.
  • Personal Data that we obtain or learn, such as information about the browser or device you use to access this site, how you use this site and the pages you visit, traffic and location data
  • When you contact our customer support, whether by phone, email, or chat
  • [We may also ask you for information if you experience problems when using this site. We may also ask you to complete surveys for research purposes, although you don’t have to respond to these].

3. USE OF YOUR PERSONAL DATA

We may use your Personal Data as follows:

  • Provide, maintain, and improve our services.
  • Provide and deliver the products and services you request, process transactions, and send you related information, including confirmations.
  • Verify your identity and prevent fraud.
  • Send you technical notices, updates, security alerts and support, and administrative messages in line with our transaction with you.
  • Respond to your comments, questions, and requests and provide customer service.
  • Communicate with you about products, services, offers, promotions, rewards, and events offered by Godrej Nigeria Limited and others, and provide news and information we think will be of interest to you.
  • Monitor and analyze trends, usage and activities in connection with our services.
  • Personalize and improve the services and provide advertisements, content or features that match user profiles or interests.
  • Process and deliver contest or promotion entries and rewards.
  • Link or combine with information we get from others to help understand your needs and provide you with better service.
  • Carry out any other purpose for which the Personal Data was collected.

You have the right to object to direct marketing at any time, and we will honour such objections promptly, in accordance with Section 36 of the NDPA

4. DISCLOSURE OF YOUR PERSONAL DATA

Godrej Nigeria Limited will disclose your Personal Data to third parties in the following circumstances:

  • With your consent or based on our contract with you, we may provide such Personal Data with affiliated companies or third‑party service providers acting as Data Processors or independent Data Controllers, subject to contractual data protection safeguards in accordance with the NDPA, such as email service providers that perform marketing services on Godrej Nigeria Limited behalf for the purpose of processing Personal Data. We require that these parties agree to process such Personal Data based on our instructions and in compliance with the Applicable Laws and any other appropriate confidentiality and security measures. Where they no longer need your Personal Data to fulfil this service, they will dispose of the details in line with Applicable Laws.
  • In response to a request for Personal Data, if we are required by, or we believe disclosure is in accordance with, any Applicable Law.
  • With relevant regulatory authorities, law enforcement officials, a court order, and investigators, in line with our legal obligation.
  • In connection with, or during negotiations of, any merger, sale of Godrej Nigeria Limited assets, financing or acquisition of all or a portion of our business to another company based on your existing contract with us or consent; and
  • With your consent or with your direction, including if we notify you that the Personal Data you provide will be shared in a particular manner and you provide such Personal Data.

5. STORAGE AND TRANSFER OF YOUR PERSONAL DATA

We process Personal Data in both digital and physical formats. Physical records are secured in a fireproof safe, while digital data is stored on cloud platforms with data centres located both within and outside Nigeria.

Cross‑border transfers of Personal Data are conducted only where lawful mechanisms under the NDPA and NDPC directives apply, including adequacy decisions, contractual safeguards, or other permitted grounds. Consent is relied upon only where required by law. Where data is transferred outside Nigeria, we ensure that the recipient country has data protection laws that are adequate and comparable to those in Nigeria.

Note that where your data is transferred to other countries there might be an increased risk that your personal information, particularly where such jurisdiction is not subject to the same level of protection as in Nigeria. These risks may include:

  • Increased exposure to unauthorized access or misuse due to weaker enforcement mechanisms.
  • Lack of enforceable data subject rights, such as the right to access, rectify, or delete personal data.
  • Limited recourse for data breaches, meaning individuals may find it difficult to seek legal remedies.
  • Potential government surveillance without adequate safeguards or oversight.
  • Inadequate technical and organizational measures by recipients to secure data.

We take reasonable steps to mitigate these risks, including using contractual safeguards (such as Standard Contractual Clauses), security measures, and by ensuring that third parties processing data on our behalf adhere to high data protection standards.

6. SECURITY

Godrej Nigeria Limited takes reasonable measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Additionally, Godrej Nigeria Limited implements policies designed to protect the confidentiality and security of your Personal Data.

We have also taken measures to comply with the provision of security facilities for the protection of your Personal Data through the set-up of firewalls, limited access to specified authorized individuals, encryption and continuous capacity building for relevant personnel. We therefore have digital and physical security measures to limit and eliminate possibilities of data privacy breach incidents.

We implement appropriate technical and organizational measures, as required by Applicable Laws, to protect Personal Data. These include encryption of data in transit and at rest, role-based access control, multi-factor authentication, regular security testing, audit logging, employee training on data protection, and clearly defined data retention policies.

These measures are implemented in compliance with Section 39 of the NDPA, which requires appropriate technical and organizational safeguards for Personal Data.

7. PERSONAL DATA RETENTION PERIOD

We retain Personal Data only for as long as necessary for the purposes for which it was collected, in accordance with the storage limitation principle under the NDPA and our Data Retention Policy. In some circumstances, we may retain your Personal Data for longer periods if it is in accordance with regulatory, legal, tax or accounting obligations. In all cases, where your Personal Data is no longer required or you request for deletion, we will ensure it is disposed of in a secure manner, subject to applicable law.

8. YOUR RIGHTS AS A DATA SUBJECT

Your rights as a data subject are provided under Sections 34–38 of the Nigeria Data Protection Act, 2023.

At any point while we are in possession of or processing your Personal Data, you, the data subject, have the following rights, including the right to:

  • Withdraw your consent at any time of our processing of your data
  • Request access to a copy of the information that we hold about you in a commonly structured format.
  • Lodge a complaint with the Nigeria Data Protection Commission if you have a reason to believe that your rights have been violated at (https://ndpc.gov.ng/)
  • Correct data that we hold about You that is inaccurate or incomplete.
  • Request for the data we hold about you to be erased from our records.
  • Restrict our processing activities on your data
  • Request that the data We hold about you be transferred to another organization
  • Object to certain types of processing such as direct marketing
  • Object to automated processing, including profiling.

9. BREACH/PRIVACY VIOLATION

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, Godrej Nigeria Limited shall, without undue delay and where feasible within seventy‑two (72) hours, notify the Nigeria Data Protection Commission, in accordance with Section 40 of the NDPA. Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we as soon as reasonably practicable upon knowing the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting therefrom and any course of action to remedy said breach.

10. FILING A COMPLAINT

In the event you are dissatisfied with how we process your data, we advise that you submit your complaint through our Data Protection Officer (DPO), whose details are provided below:

Name: Maureen Obuks-Edenya
Email: maureen.obuks-edenya@godrejcp.com
Phone Number: +234 (0) 802 355 5160
Office Address: Plot 2A Ayodele Diyan Street, Off Ladipo Oluwole Avenue Adeniyi Jones, Ikeja
Name: Ololade Subair
Email: ololade.subair@godrejcp.com
Phone Number: +234 (0) 805 865 7123
Office Address: Plot 2A Ayodele Diyan Street, Off Ladipo Oluwole Avenue Adeniyi Jones, Ikeja

If you have reasons to believe that your Personal Data has not been handled correctly or are unhappy with our response to any requests you have made to us regarding the use of your Personal Data, you have the right to lodge a complaint with the Commission. The contact details are:

Nigeria Data Protection Commission
Tel: +234 (0) 916 061 5551
Email: info@ndpc.gov.ng
Website: https://ndpc.gov.ng/ Where you remain dissatisfied, you reserve the right to explore other appropriate legal remedies as guaranteed under Nigerian law.

11. QUESTIONS OR CONCERNS

All enquiries will be handled in accordance with the Nigeria Data Protection Act, 2023.

If you have any questions or concerns about this Privacy Policy or would like to contact us for any reason, you can contact us at divashopsupport.ng@godrejcp.com

BACK TO TOP