3.1 Categories of Information Collected

We collect and process information necessary to provide our courier and logistics services efficiently, securely, and in compliance with applicable law. The information we collect includes:

1. Personal information
   We collect personal details of individuals sending or recieving parcels such as full names, phone numbers, email addresses, legal identification, and other relevant personally identifiable information required to facilitate parcel delivery and communication.
2. Business information
   For our corporate clients, we may collect limited legal and operational information about the business, including registration details, contact persons, and location address(es).
3. Parcel information
   We collect information about parcels handled through our service, including parcel descriptions, declared value, weight, dimensions, and any special handling instructions (e.g., fragile).
   We also record information about the origin, transit points, and destination locations to ensure accurate and timely delivery.

3.2 Purpose of Data Processing

We collect and process personal and operational data strictly for legitimate and lawful purposes related to the provision of courier services. Specifically, the information collected is used to:

1. Identify and verify our customers
   To accurately identify senders and recipients of parcels, confirm their contact details, and ensure proper delivery and communication throughout the delivery process.
2. Determine and manage service pricing
   To calculate delivery charges based on selected service type (i.e., Standard or Express), parcel size, weight, declared value, and destination, in accordance with our tariff guide and terms of service.
3. Maintain communication and service updates
   To send necessary notifications such as booking confirmations, delivery status updates, service disruptions, or other messages related to active transactions.
4. Enhance service quality and effeciency
   To analyze service performance, optimize route planning and asset utilization, and improve customer experience while maintaining data protection principles.
5. Ensure compliance with legal and regulatory obligations
   To meet recordkeeping and reporting requirements prescribed by regulatory authorities and to prevent misuse of our services in violation of applicable law.
6. Handle customer support and dispute resolution
   To verify transaction details and assist clients in resolving delivery, billing, or service-related inquiries or compliants in an informed and timely manner.

3.3 Disclosure and Distribution of Data

Access to personal and operational data is strictly controlled and granted on a need-to-know basis to ensure confidentiality, integrity, and proper management of information. Specifically:

1. Internal access
   1. Management
      Members of our management team have access to customer and parcel data at all levels necessary to oversee operations, ensure targeted service quality, and fulfill regulatory obligations.
   2. Other staff
      Employees have access only to the data required to perform their assigned duties, such as; receiving, storing, dispatching, or delivering parcels. Staff do not have unrestricted access to all data across the organization.
2. Third-party service providers
   We may engage trusted third-party service providers to assist with storage, processing, and transmission of operational data. Any such service providers are bound by contractual obligations requiring strict confidentiality, data security, and compliance with applicable laws and regulations.
3. Regulatory reporting
   In compliance with applicable law and regulations, we provide anonymized, aggregated data to TCRA regarding quantities, categories, and other operational metrics of parcels delivered. This reporting does not disclose personally identifiable information of customers or recipients.
4. Handle customer support and dispute resolution
   To verify transaction details and assist clients in resolving delivery, billing, or service-related inquiries or complaints in an informed and timely manner.

3.4 Data Retention

We retain personal and operational data for as long as we continue to provide courier services to a client, and for a period of five (5) years following the termination of such services. In addition, we may retain data for longer periods where necessary to comply with legal or regulatory obligations, resolve disputes, or enforce contractual rights.

3.5 Data Security and Protection Measures

We implement a multi-layered data protection strategy to protect personal and operational data from unauthorized access, distribution, alteration, or destruction. Our security measures include:

1. Access controls
   Access to data is restricted on a need-to-know basis. Management has broader oversight, while operational staff only access data necessary to perform their specific duties.
2. Technical safeguards
   Our systems are protected through firewalls, secure passwords, and multi-factor authentication. All softwares used are updated on a regular basis to mitigate vulnerabilities.
3. Physical safeguards
   Access to storage spaces within offices, and storage facilities, is strictly controlled using biometric authentication systems to prevent unauthorized entry. CCTV cameras monitor movement within these areas to enhance security and deter unauthorized access and activity. Physical records and documents are securely stored in lockable cabinets with access limited to authorized personnel only.
4. Staff training and education
   Staff are trained on proper data handling, confidentiality, and security policies.
5. Third-party compliance
   Any service providers that process data on our behalf are contractually required to maintain strict confidentiality and data security standards.
6. Data backup
   All operational data is maintained in two secure copies: one stored on a cloud-based database management system and the other kept in a secure offline location. This dual-storage approach ensures data availability, integrity, and business continuity in the event of system failures, security incidents, or other disruptions.

3.6 Data Subject Rights

In accordance with applicable law, data subjects have the following rights with respect to their personal data:

1. Right to Access
   Individuals may request confirmation as to whether their personal data is being processed and, if so, obtain access to that data.
2. Right to Rectification
   Data subjects may request correction of inaccurate or incomplete personal data.
3. Right to Erasure ("Right to be Forgotten")
   Where applicable, individuals may request deletion of their personal data, subject to legal or regulatory obligations that require retention.
4. Right to Restrict Processing
   Data subjects may request restriction of processing under certain circumstances, such as contesting accuracy or lawfulness of processing.
5. Right to Object
   Individuals may object to the processing of their personal data on legitimate grounds, including for marketing purposes.

4.1 The Company

1. Roles
   

   The Company serves as the data controller and custodian of personal and operational data. It is responsible for defining data protection objectives, governance structures, and ensuring that data processing aligns with statutory and regulatory requirements.

2. Responsibilities
   

   Implement and enforce the privacy policy; ensure compliance with the Personal Data Protection Act, 2023, the Electronic and Postal Communications Act, 2022, and other relevant laws; allocate resources to safeguard personal and operational data; monitor and audit data handling practices to identify and mitigate risks.

4.2 The Customer

1. Roles
   

   The Customer is the data subject whose personal and operational information is collected and processed by the Company for the provision of courier services.

2. Responsibilities
   

   Provide accurate, complete, and up-to-date personal and business information; comply with the Company's Terms of Service; notify the Company promptly of any changes to personal and operational data; exercise their statutory rights under applicable laws and regulations.

5.1 Data Collection

The Company collects personal and transactional data primarily through its official website when users create accounts, request courier services, or track parcels. Data may also be collected directly from customers through phone calls, emails, and other written or electronic correspondence.

Consent is obtained when a customer agrees to create a user account online or when they use the Company's courier services in person at any of its offices. By engaging the Company's services, customers acknowledge and consent to the collection and processing of their personal information.

5.2 Data Processing

During the delivery lifecycle, the Company processes data related to parcels, senders, and recipients to enable route planning, fleet management, and staff allocation.

Following the end of the delivery lifecycle, the Company may perform analytical processing on collected data to improve business performance and customer experience. Such analysis may include; categorical analysis of data (e.g., grouping and summarizing parcel data to identify trends); demand forecasting; and customer behavior analysis.

All analytical activities are performed using aggregated or anonymized datasets where possible, ensuring that individual customer identities are not disclosed.