Data handled with intent.

This Privacy Policy describes how WS Tech Venture Studio ("we," "our," or "us"), a venture studio registered in the Federal Republic of Nigeria, collects, uses, processes, and shares your personal information when you use our website (ws-tech-studio.web.app), mobile applications, and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the Nigeria Data Protection Regulation (NDPR) 2019, the General Data Protection Regulation (GDPR) where applicable, and other relevant privacy laws.

This policy applies to all users of our Service, including visitors to our website, venture partners, investors, job applicants, and users of our portfolio company services.

Our portfolio ventures (Harmoniq, Cognito, Acauide) may have separate privacy policies governing their specific services.

By using our Service, you consent to the collection and use of information in accordance with this policy.

We may update this policy from time to time, and we will notify users of material changes through our website or email.

If you do not agree with this policy, please do not use our Service.

WS Tech Venture Studio acts as the data controller for personal information collected through our Service.

Our registered address is: Nile University of Nigeria, Jabi, Abuja 900108, Nigeria.

Our Data Protection Officer is Fatima Bello Jallo (Legal Advisor).

For privacy-related inquiries, please contact us at: contact.wstech.studio@gmail.com

You may also contact our legal department directly for privacy concerns.

We are registered with the National Information Technology Development Agency (NITDA) for NDPR compliance.

Our data protection registration number will be provided upon request.

Personal Identification Information: Name, email address, phone number, job title, company name, and address when you voluntarily provide it through contact forms, newsletter subscriptions, or account registration.

Professional Information: Business information, company details, job applications, resumes, portfolio information, and professional references when you apply for positions or partnerships.

Technical Data: IP address, browser type and version, operating system, device information, screen resolution, referring website, pages visited, time spent on pages, click-through data, and access times automatically collected when you use our Service.

Usage Information: Information about how you navigate and interact with our Service, features used, search queries, and preferences.

Communication Data: Records of your communications with us, including emails, support tickets, and feedback.

Business Proposal Information: If you submit venture proposals or partnership applications, we collect business plans, financial information, team details, market analysis, and proprietary business information.

Cookies and Tracking Data: Information collected through cookies, web beacons, and similar tracking technologies as detailed in our Cookie Policy.

Location Data: General geographic location based on IP address and more precise location if you grant permission through device settings.

Social Media Information: If you connect your social media accounts or interact with our social media content, we may receive information from those platforms.

Third-Party Information: Information received from business partners, investors, or other third parties with whom we have legitimate business relationships.

Under NDPR and GDPR, we process your personal data based on the following legal grounds:

Consent: When you have given explicit consent for specific processing activities, such as newsletter subscriptions or marketing communications. You may withdraw consent at any time.

Contract Performance: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, such as partnership agreements or service delivery.

Legal Obligation: When we must process your data to comply with legal or regulatory requirements, such as tax obligations, employment law, or regulatory reporting.

Legitimate Interests: When processing is necessary for our legitimate business interests or those of a third party, provided your rights and interests do not override these interests. This includes business development, fraud prevention, and service improvement.

Vital Interests: When processing is necessary to protect your life or the life of another person, such as in emergency situations.

Public Task: When processing is necessary for the performance of a task carried out in the public interest, such as research or academic collaborations.

Employment: When processing is necessary for employment purposes, including recruitment, performance management, and compliance with employment laws.

We will always inform you of the legal basis for processing your data and any legitimate interests we rely upon.

Service Provision: To provide, operate, and maintain our Service, including website functionality, account management, and technical support.

Communication: To respond to your inquiries, provide customer support, send service-related notifications, and maintain our relationship with you.

Business Development: To evaluate partnership opportunities, venture proposals, investment possibilities, and other business relationships.

Marketing and Outreach: With your consent, to send newsletters, promotional materials, event invitations, and other marketing communications that may interest you.

Personalization: To customize your experience, provide relevant content, and improve our Service based on your preferences and usage patterns.

Analytics and Improvement: To analyze usage patterns, monitor Service performance, identify technical issues, and improve our offerings.

Security and Fraud Prevention: To detect, prevent, and address technical issues, security threats, fraud, and other harmful or illegal activities.

Legal Compliance: To comply with applicable laws, regulations, court orders, and other legal obligations.

Research and Development: To conduct research, develop new features and services, and advance our understanding of technology and business models.

Recruitment: To process job applications, conduct interviews, perform background checks, and manage employment relationships.

Financial Management: To process payments, manage billing, conduct financial analysis, and maintain financial records.

Quality Assurance: To monitor and improve the quality of our services, conduct user satisfaction surveys, and gather feedback.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Service Providers: We may share your information with trusted third-party service providers who assist us in operating our Service, conducting business, or serving you. These providers are bound by confidentiality agreements and may only use your information for the purposes we specify.

Business Partners: We may share information with venture partners, co-investors, and collaboration partners as necessary for legitimate business purposes and with appropriate safeguards.

Portfolio Companies: Information may be shared with our portfolio ventures (Harmoniq, Cognito, Acauide) when relevant to their services or when you interact with their platforms.

Legal Requirements: We may disclose your information when required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests.

Business Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Aggregated Data: We may share aggregated, de-identified statistical information that cannot be used to identify you personally.

Emergency Situations: We may share information when necessary to prevent immediate physical harm to any person.

Professional Advisors: We may share information with lawyers, accountants, auditors, and other professional advisors as necessary for business operations.

Investors and Stakeholders: Limited information may be shared with current or potential investors for due diligence and reporting purposes.

Your information may be transferred to and processed in countries other than Nigeria, including the United States, European Union, and other jurisdictions where our service providers operate.

When transferring data internationally, we implement appropriate safeguards to ensure your data remains protected:

Adequacy Decisions: We may transfer data to countries that have been determined by NITDA or other relevant authorities to provide adequate protection for personal data.

Standard Contractual Clauses: We use standard contractual clauses approved by relevant data protection authorities to ensure appropriate safeguards for data transfers.

Binding Corporate Rules: Where applicable, we implement binding corporate rules to govern international transfers within our organization.

Consent: We may obtain your explicit consent for specific international transfers after informing you of the potential risks.

Necessity: Transfers may be necessary for contract performance, legal claims, or other legitimate purposes recognized by law.

We regularly review our international transfer practices to ensure compliance with evolving regulations.

You have the right to request information about the safeguards we use for international transfers.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

Account Data: Information associated with active accounts is retained until account closure plus any legally required retention period.

Business Communications: Email correspondence and business communications are typically retained for 7 years for business record-keeping purposes.

Financial Records: Payment and financial information is retained in accordance with tax and accounting laws, typically 7 years.

Marketing Data: Marketing communications and consent records are retained until consent is withdrawn plus 3 years for legal compliance.

Technical Logs: Server logs and technical data are typically retained for 12-24 months unless required for security investigations.

Recruitment Data: Job application materials are retained for 2 years after the recruitment process concludes.

Legal Hold: Data may be retained longer when subject to legal holds, litigation, or regulatory investigations.

Anonymized Data: We may retain anonymized, aggregated data indefinitely for research and business intelligence purposes.

We regularly review and delete data that is no longer necessary in accordance with our data retention schedule.

You may request information about how long we retain your specific data types.

We implement comprehensive technical, administrative, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Encryption: We use industry-standard encryption for data transmission (TLS/SSL) and storage of sensitive information.

Access Controls: We implement strict access controls, ensuring that only authorized personnel can access personal data on a need-to-know basis.

Authentication: Multi-factor authentication is required for access to systems containing personal data.

Regular Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities.

Employee Training: All employees receive regular training on data protection, security practices, and privacy obligations.

Incident Response: We maintain an incident response plan to quickly address any security breaches or data protection incidents.

Vendor Management: Third-party service providers are carefully vetted and contractually required to implement appropriate security measures.

Data Minimization: We collect and process only the minimum amount of data necessary for our business purposes.

Secure Development: Our software development practices include security by design principles and regular security testing.

Physical Security: Our facilities and servers are protected by appropriate physical security measures.

While we strive to protect your information, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Under NDPR, GDPR, and other applicable privacy laws, you have the following rights regarding your personal data:

Right to Information: You have the right to be informed about how your personal data is being collected and used.

Right of Access: You can request a copy of the personal data we hold about you, along with information about how it is being processed.

Right to Rectification: You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten): You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the original purpose.

Right to Restrict Processing: You can request that we limit how we use your personal data in certain situations.

Right to Data Portability: You can request your personal data in a structured, machine-readable format and have it transferred to another organization.

Right to Object: You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making: You have rights regarding automated decision-making and profiling that affects you legally or significantly.

Right to Withdraw Consent: You can withdraw your consent at any time where processing is based on consent.

Right to Lodge a Complaint: You can file a complaint with NITDA or other relevant data protection authorities if you believe your rights have been violated.

To exercise these rights, please contact us using the information provided in this policy. We will respond to your request within the timeframes required by applicable law.

We use cookies, web beacons, and other tracking technologies to enhance your experience and analyze usage of our Service.

Essential Cookies: These cookies are necessary for our Service to function properly and cannot be disabled. They include session cookies and security cookies.

Analytics Cookies: We use these cookies to understand how visitors interact with our Service, helping us improve functionality and user experience. We may use Google Analytics and similar services.

Functional Cookies: These cookies enable enhanced features and personalization, such as remembering your preferences and settings.

Marketing Cookies: With your consent, we may use cookies for advertising and marketing purposes, including retargeting and conversion tracking.

Third-Party Cookies: Some cookies are set by third-party services that appear on our pages, such as social media widgets and embedded content.

Cookie Management: You can control cookies through your browser settings, but disabling certain cookies may affect Service functionality.

Cookie Consent: We obtain your consent for non-essential cookies in accordance with applicable laws.

Local Storage: We may use local storage technologies to enhance performance and remember your preferences.

Do Not Track: We may not respond to Do Not Track signals due to the lack of industry standards.

For detailed information about the cookies we use, please see our separate Cookie Policy.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Our Service may contain links to third-party websites, applications, or services that are not operated by us.

Third-Party Privacy Policies: These third parties have their own privacy policies, and we encourage you to review them before providing any personal information.

No Responsibility: We are not responsible for the privacy practices or content of third-party services.

Integration Services: We may integrate with third-party services such as payment processors, email services, analytics providers, and social media platforms.

Data Sharing: Information shared with integrated services is subject to their privacy policies and terms of service.

Social Media: If you interact with our social media accounts or use social login features, information may be shared with social media platforms.

Portfolio Company Services: Our portfolio companies (Harmoniq, Cognito, Acauide) may have separate data collection practices when you use their services.

Business Partners: Partners and collaborators may have access to certain information in connection with joint activities or services.

We carefully select third-party service providers and require them to implement appropriate data protection measures through contractual arrangements.

Our Service is not intended for children under 16 years of age (or the applicable age of digital consent in your jurisdiction).

We do not knowingly collect personal information from children under the applicable age without parental consent.

If you are under the applicable age, please do not use our Service or provide any personal information to us.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to remove that information from our servers.

Parents and guardians can contact us if they believe their child has provided personal information to us.

Our educational technology venture (Acauide) may serve university-age students, who are typically above the age of digital consent.

We comply with applicable laws regarding children's privacy, including COPPA where applicable to our operations.

We may send you marketing communications about our services, ventures, events, and opportunities if you have given consent or where permitted by law.

Newsletter: You can subscribe to our newsletter to receive updates about our ventures and industry insights.

Event Invitations: We may invite you to relevant conferences, workshops, and networking events.

Partnership Opportunities: We may share information about potential collaboration and partnership opportunities.

Venture Updates: You may receive updates about our portfolio companies and new venture launches.

Opt-Out: You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in emails or contacting us directly.

Preferences: You can update your communication preferences through your account settings or by contacting us.

Transactional Communications: Even if you opt out of marketing communications, we may still send you important service-related messages.

Third-Party Marketing: We do not share your information with third parties for their direct marketing purposes without your explicit consent.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

Authority Notification: We will notify NITDA and other relevant authorities within 72 hours of becoming aware of the breach, where required.

Individual Notification: We will notify affected individuals without undue delay when the breach is likely to result in high risk to their rights and freedoms.

Breach Information: Notifications will include information about the nature of the breach, categories of data affected, likely consequences, and measures we are taking to address it.

Remedial Actions: We will take immediate steps to contain the breach, assess the damage, and prevent future occurrences.

Documentation: We maintain records of all data breaches, including their effects and remedial actions taken.

Communication: We will communicate transparently about breaches while balancing the need to protect ongoing investigations and security measures.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

Notification: We will notify you of any material changes by posting the new policy on our website and, where required by law, by email or other means.

Effective Date: Changes become effective on the date specified in the updated policy.

Review: We encourage you to review this policy periodically to stay informed about how we protect your information.

Continued Use: Your continued use of our Service after changes become effective constitutes acceptance of the updated policy.

Significant Changes: For significant changes that may affect your rights, we will provide more prominent notice and may require your explicit consent.

Version History: We maintain a record of previous policy versions for reference purposes.