Privacy Policy

Welcome to Afefe. Afefe is an AI-powered Learning Management System (LMS) designed to develop Africa's energy workforce through accredited courses, certifications, and professional development programmes.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use the Afefe platform (afefe.com), our mobile applications, APIs, and related services (collectively, the "Platform").

By registering on or using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.

This Policy applies to:

• Individual learners (B2C users) registered on the Platform
• Instructors and content creators who publish courses on Afefe
• Corporate clients and their nominated employees (B2B)
• Government agencies and parastatal bodies (B2G) onboarded to the Platform
• Visitors to afefe.com who have not registered

Afefe operates primarily in Nigeria and serves users across Africa and globally. Accordingly, this Policy is designed to comply with:

• The Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR)
• The EU General Data Protection Regulation (GDPR) to the extent applicable to users in the European Economic Area
• Other applicable African data protection frameworks where Afefe operates

3.1 Information You Provide

• Account registration details: full name, email address, phone number, job title, company/organisation
• Professional information: years of experience, industry sector (e.g. upstream, downstream, midstream), certifications held
• Payment information: card details, billing address (processed securely via our payment processor; Afefe does not store raw card data)
• Profile photo and professional biography (optional)
• Course enrolment data, assignment submissions, quiz responses, and assessment scores
• Communications you send to our support team

3.2 Information Collected Automatically

• Device and browser information (IP address, browser type, operating system)
• Usage data: pages visited, course progress, time spent, click patterns, video watch durations
• Location data (country/region level, derived from IP address)
• Cookies and similar tracking technologies (see Section 8)

3.3 Information from Third Parties

• Corporate clients who onboard their employees may provide us with employee data on their behalf
• Government agencies may share nominee information for sponsored training programmes
• Single Sign-On (SSO) providers if you choose to register via LinkedIn, Google, or similar services

We process your personal data for the following purposes and on the following legal bases:

Provision of the Platform (Contractual Necessity):

• Creating and managing your account
• Delivering courses, certifications, and learning materials
• Processing payments and issuing invoices
• Tracking course progress and issuing certificates of completion

Legitimate Interests:

• Improving and personalising the Platform using AI-driven recommendations
• Analytics and reporting to enhance the learning experience
• Fraud prevention and platform security
• Internal research and product development

Consent:

• Sending you marketing communications, newsletters, and course recommendations (you may withdraw consent at any time)
• Using non-essential cookies and tracking technologies

Legal Obligation:

• Complying with applicable laws, regulations, court orders, and requests from regulatory bodies such as NITDA and the Nigeria Data Protection Commission (NDPC)

We do not sell your personal data. We may share your data with:

• Service providers who process data on our behalf (e.g. cloud hosting providers, payment processors, email delivery platforms, analytics tools), under strict data processing agreements
• Corporate clients who have sponsored your enrolment; limited to your enrolment status, completion records, and certification data
• Government agencies or regulatory bodies where required by law or pursuant to a sponsored training agreement
• Professional certification bodies (e.g. COREN, NSE, NCDMB) for the purpose of issuing or verifying accreditations
• Law enforcement or regulatory authorities where required by applicable law

We retain your personal data for as long as your account is active, or as needed to provide services. Specific retention periods include:

• Account data: retained for the life of the account plus 5 years after closure
• Certificate and completion records: retained for 10 years to support professional verification
• Payment records: retained for 7 years in compliance with Nigerian tax and financial regulations
• Marketing data: retained until you withdraw consent or unsubscribe

When data is no longer required, we securely delete or anonymise it.

Subject to applicable law, you have the following rights regarding your personal data:

• Right of Access: request a copy of the personal data we hold about you
• Right to Rectification: request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): request deletion of your data, subject to legal retention obligations
• Right to Restriction: request that we limit how we process your data
• Right to Data Portability: receive your data in a structured, machine-readable format
• Right to Object: object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact our Data Protection Officer at legal@afefe.com. We will respond within 30 days as required by the NDPA.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng, or your local supervisory authority if you are located in the EU.

We use cookies and similar technologies to operate and improve the Platform. These include:

• Essential cookies: required for the Platform to function (e.g. session management, authentication)
• Analytics cookies: used to understand how users interact with the Platform (e.g. Google Analytics)
• Personalisation cookies: used to remember your preferences and tailor course recommendations
• Marketing cookies: used to serve relevant advertisements (only with your consent)

You can manage cookie preferences through your browser settings or our cookie consent manager on the Platform. Disabling essential cookies may affect Platform functionality.

We implement appropriate technical and organisational security measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and role-based permissions
• Regular security audits and vulnerability assessments
• Staff data protection training

While we take all reasonable steps to protect your data, no system is entirely secure. In the event of a data breach that poses a risk to your rights, we will notify you and the NDPC within 72 hours as required by law.

The Afefe Platform is intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe that a child has provided us with personal data, please contact us immediately and we will delete that data.

Your data may be transferred to and processed in countries outside Nigeria, including countries in the EU, USA, and other regions where our service providers operate. We ensure such transfers are protected by appropriate safeguards including standard contractual clauses and adequacy decisions.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Platform at least 14 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

For questions, concerns, or requests relating to this Privacy Policy, please contact: