Data Subject Rights Notice

You have the right to request a copy of the personal data we hold about you and to receive information about how we process it. This is known as a "Subject Access Request" (SAR).

• Confirmation that we process your personal data (or that we do not).
• A copy of the personal data we hold about you.
• Information about the purposes for which we process your data.
• Information about who we share your data with.
• The retention period for your data.
• Your other rights in relation to your data.

We may redact information that relates to other individuals or information that is subject to legal professional privilege. Where we are required to maintain your data by law (e.g., AML records), we cannot delete it even following a SAR.

You have the right to ask us to correct personal data about you that is inaccurate or incomplete. For example, if your name, address, or date of birth is recorded incorrectly.

• For basic profile information (name, email, address): You can update most details directly in the NillarPay app under Settings → Profile.
• For KYC-verified data: Changes to BVN-linked information require verification. Contact us at privacy@nillar.com with supporting documentation.
• For transaction data: We can add clarifying notes but cannot alter transaction records for regulatory compliance reasons.

You have the right to ask us to delete your personal data in certain circumstances, including where:

• The data is no longer necessary for the purposes for which it was collected.
• You withdraw consent and there is no other legal basis for processing.
• You object to processing and there are no overriding legitimate grounds.
• The data has been unlawfully processed.

You have the right to object to processing of your personal data in certain circumstances:

Where we process your data based on our legitimate interests (e.g., fraud prevention, platform security improvements), you can object. We must stop the processing unless we can demonstrate compelling legitimate grounds that override your interests.

You have an absolute right to object to your data being used for direct marketing at any time. You can exercise this right by:

• Clicking 'Unsubscribe' in any marketing email we send.
• Adjusting notification preferences in the NillarPay app under Settings → Notifications.
• Contacting us at privacy@nillar.com.

You cannot object to processing that is required by law (e.g., AML monitoring, regulatory reporting) or necessary for the performance of your contract with us (e.g., processing your transactions).

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when:

• You contest the accuracy of the data — we restrict processing while we verify it.
• Processing is unlawful, but you prefer restriction over deletion.
• We no longer need the data, but you need it for a legal claim.
• You have objected to processing, and we are considering your objection.

Where we process your data by automated means, based on your consent or a contract with you, you have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format.

• Your account profile data in JSON or CSV format.
• Your transaction history in CSV or PDF format.
• Your KYC submission data (name, date of birth, address) in structured format.

Email your portability request to privacy@nillar.com specifying the data you require and your preferred format. We will respond within 30 days.

• Your full name as registered on NillarPay.
• Your registered phone number or email address.
• The specific right you wish to exercise.
• A clear description of your request.
• Any supporting documents if applicable (e.g., for rectification requests).