Skip to main content

Busha Legal

Privacy Policy

Nigeria

Last updated: September 25, 2025

Table of Content

Content

Content

Introduction

At Busha, we take your privacy seriously, regardless of the capacity in which you are engaging with us.
We collect and process different types of personal data in line with the provisions of the Nigeria Data Protection Act (NDP Act) 2023 and the General Application and Implementation Directive (GAID) 2025, depending on the nature of our relationship with you, which may fall into any of the following categories;

  • merchants using Busha Business to accept crypto asset payments from customers;
  • individuals using our website, platform, wallet, and Savings products; or
  • Potential employees and job applicants using our recruitment portal.

We ensure that we manage your personal data in a manner that is compliant with applicable laws and regulations.

Busha Digital Limited is the data controller and is responsible for your Personal Data (collectively referred to as “Busha”, "we", "us" or "our" in this privacy policy).

This Privacy Notice set out how we collect your data, the types of data we collect, why we collect your data, your rights as a data subject, and other important information relating to your personal data.

At certain intervals, we may make some changes to these notices to meet changing circumstances, law, or any other triggering factor. Where any significant changes are made, we will notify you of such changes via the Busha website and mobile applications (Platform) or via your email address available on our Platform. Otherwise, you may track the changes we make from the headers of the notices, which disclose the version of the notice and the recent updates.

If you have any questions or concerns about the privacy notice or how we collect, process, or manage your personal data at Busha, you may contact us at dpo@busha.co.

Types of personal data and other information collected

We collect different types of Personal Data and other Information from the visitors to our website and users of our mobile applications voluntarily. The collection of Personal Data and other Information is to provide and improve our Service to you, and such Personal Data and other Information includes but is not limited to:

  1. Personal Identification Data: This includes your full name, date of birth, nationality, gender, mobile number, email address, physical address (including proof of residence), employment status and sector, and national identification number, passport number or similar identifiers, in accordance with Section 31 of the Data Protection Act.
  2. Usage Data: Information on how you access and use our platform, such as your device’s Internet Protocol (IP) address, browser type and version, pages visited, date and time of visit, time spent on pages, and diagnostic data used to analyze service functionality.
  3. Publicly Available Information: We may collect and process information about you that is publicly available, including data obtained from online searches, social media platforms, and other public sources, particularly for the purposes of due diligence, risk assessment, and compliance with AML and regulatory requirements.
  4. Tracking & Cookies Data: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data including a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and improve and analyze our Service. You can instruct your browser to accept or refuse all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not experience and use some portions of our Service. Examples of Cookies we use:

    1. Session Cookies. We use Session Cookies to operate our Service.
    2. Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
    3. Security Cookies. We use Security Cookies for security purposes.
    4. Necessary Cookies.

For more details on how we use cookies on our platform and the types of cookies we use, please see our Cookie Notice.

  • Information for purposes of biometric identification, such as the selfie you provide to us when creating your Busha account;
  • National identity documentation, such as a copy of your national identity card, driver’s license or passport, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws;
  • Transaction information such as your transaction data on your Busha account and information on the recipient of any transaction(s), bank account details, Bank Verification Number (BVN), and other account activities. It may also include information obtained from fraud prevention agencies, anti-money laundering (AML) and due diligence screening tools, as well as relevant government or regulatory authorities;
  • Correspondence such as information provided to us when engaging with our customer support and/or responses to our surveys;
  • Device and location information such as, geolocation information, browser name and version information, IP address information, device fingerprint data, authentication data and/or clickstream data, including full Uniform Resource Locators (URLs), and timestamps of access and activity.

How we collect your data

We collect your Personal Data and other Information from public and non-public sources through;

  • your direct disclosures to us when you onboard on our platform, use our Services or access our platform;
  • your communication to us through our customers support channels, email, chat, telephone, or any other means;
  • your reading of our emails or notices, online research on social media and websites which may not be publicly available;
  • investigations on publicly available databases in furtherance of our compliance obligations;
  • your participation in surveys which we make available to you, competitions and promotions;
  • your usage of the Busha platform (we collect Information on your transactions and usage of your Busha account); and
  • third parties such as identity verification services, credit reference agencies, regulatory and enforcement agencies, and public sources.

The Personal Data and other Information collected is internally reviewed, used to improve the content of our website, notify our visitors of updates, and respond to visitor inquiries. Once your Personal Data and other Information is reviewed, it is discarded or stored in our files for the period it is reasonably needed.

If we make material changes in collecting Personal Data or other Information highlighted above, we will inform you by placing a notice on our website or application. Personal Data received from any visitor will be used only for internal purposes and will not be sold or provided to third parties (except necessary under an Agreement between Busha and a Service Provider).

Use/Processing of Personal Data

We will only process your Personal Data to carry out our lawful business activities. In doing so, we rely on one or more of the following lawful grounds for processing your Personal Data.

Consent: The primary lawful basis upon which we process your personal information is your consent. At the point of account creation and registration for our Services, this Privacy Notice is clearly presented to you, with an accessible link for review. You are required to actively indicate your consent, typically by selecting a confirmation checkbox, before your account can be created, thereby acknowledging and agreeing to the collection and use of your personal data in accordance with this Notice.

You retain the right to withdraw your consent at any time by contacting us through the designated channels. However, such withdrawal will not affect the lawfulness of any processing carried out prior to the withdrawal. Please note that where processing is necessary for the provision of our Services, withdrawal of consent may limit or prevent your continued access to certain features or the Services as a whole.

In addition to the above, we rely on your consent to send you direct marketing communications relating to our products, services, and those of our affiliates. You may opt out of receiving such communications at any time by using the unsubscribe option provided or by contacting us directly.

In certain circumstances, we may also request your explicit consent for specific processing activities, particularly where required by applicable law

Legal obligation: In certain circumstances, we process your Personal Data to comply with legal and regulatory obligations to which we are subject. This includes our duty to comply with applicable laws and regulations, such as Anti-Money Laundering, Counter-Terrorist Financing, and other financial crime prevention requirements. In fulfilling these obligations, we may collect, verify, and retain certain financial and identity-related information, and conduct ongoing monitoring of transactions to detect and prevent fraud, suspicious activities, and unauthorized access.

We may also process your Personal Data where necessary to respond to lawful requests or directives from law enforcement agencies, regulatory authorities, or other competent bodies. Additionally, such processing may be required to establish, exercise, or defend legal claims, or to investigate, prevent, or take action in relation to illegal activities, suspected fraud, violations of our terms, or situations involving potential threats to the safety and security of individuals or our Services.

Contractual Necessity: We may process your Personal Data where such processing is necessary to provide our products and services in accordance with Busha’s Terms of Use. This includes processing information required to create and manage your account, facilitate transactions, provide customer support, and ensure the proper functioning and delivery of our Services.

In the course of providing these Services, we may share your Personal Data with third parties engaged by us, whether within or outside your jurisdiction, where such disclosure is necessary for the effective performance of contractual obligations. This may include service providers, partners, and other entities involved in supporting our operations, provided that such processing is carried out in accordance with applicable laws, contractual safeguards, and appropriate data protection standards.

Purpose of Processing: We may process your personal data for one or more of the following purposes.

  • to verify your identity, following Know Your Customer (KYC), Anti-Money Laundering, Combating the Financing of Terrorism (AML/CFT/CPF) requirements;
  • to manage and maintain your account with us;
  • to detect and prevent fraudulent or unauthorised use of our products and services;
  • to better manage our business and your relationship with us, including for purposes of quality control and staff training to make sure we continue to provide you with accurate information, products, and services;
  • to improve our products and services, and to develop new products and services;
  • to notify you about benefits and changes to the features of our products and services;
  • to provide you with personalised advertising and marketing;
  • to respond to your enquiries and to resolve disputes; and
  • concerning legal claims, compliance, audit, risk management, law enforcement processes and regulatory functions; in connection with the acquisition, merger or sale of a business.

Transfer of Data

Your Information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
Your consent to this Privacy Notice and your submission of such Information represents your agreement to that transfer. Busha will take all steps reasonably necessary to ensure that your Information is treated securely and in accordance with this Privacy Notice. Any Personal Data you provide to us, including and similar to your name, address, telephone number and e-mail address, will not be released, sold, or rented to any entities or individuals except in accordance with this Privacy Notice, and applicable law.

Your rights over your data

You have certain rights/control over the Personal Data or other Information you submit to us and those that we collect from third-party sources. This includes the right:

  • to access and confirm your Personal Data held by Busha;
  • to withdraw consent from or object to the processing of your Personal Data (this does not affect already processed Information);
  • to rectify or update any inaccurate or outdated Personal Data;
  • to know the purpose for processing your Personal Data;
  • to restrict the processing of your Personal Data;
  • to request for erasure of any Personal Data Busha holds about you, if any, subject to the provisions of applicable law;
  • to request a copy of the Personal Data Busha keeps about you;
  • to object/refuse access to your Personal Data for direct marketing; and
  • to contest the accuracy of your Personal Data or other Information. Where this is done, Busha shall have the right to a specified period to verify the accuracy of the Personal Data or other Information.

At your request, Busha will provide your Personal Data or other Information, in a structured manner, commonly used and machine-readable format to you. To carry out this request, please refer to our Data Subject Access Request page or send the request via email to dpo@busha.co.

We will not hinder you from transmitting your Personal Data or other Information in our database to another company where the processing is based on consent, on a contract, and processing is carried out by automated means in compliance with applicable laws.
We will execute your requests on the transmission of your Personal Data or other Information to another company, where technically feasible.

How to exercise your rights

When you make a request to exercise any of the above rights, we will provide you with your Personal Data and other necessary Information you request. However, we reserve the right to charge you or refuse your request where we notice that the request is repetitive or excessive. For the purpose of this notice, four consecutive requests would be deemed repetitive and excessive.

Your right to the erasure of your Personal Data does not apply to legal necessaries like invoices, audit logs, subscription information, and the Personal Data archived on Busha’s backup systems which we shall securely isolate and protect from any further processing to the extent required by applicable law.

Where any of your rights as provided for under this Privacy Notice is breached, resolution shall be in accordance with the provision of our Terms of Service, provided that you can only apply for a remedy within a period of 2 years within which the breach occurred.

Complaints

You have the right to make a complaint at any time to the Nigerian Data Protection Commission (NDPC). We would, however, appreciate the chance to deal with your concerns before you approach the NDPC so please contact us in the first instance.

How Long Do We Keep Your Personal Data

We keep your Personal Data only so long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. This is also the case for anyone that we share your Personal Data with and who carries out services on our behalf.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your Personal Data: see [How to exercise your rights?] above for further information.
In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we either remove it from our systems or depersonalize it so that we cannot identify you.

Security of personal data

We take the security of the Personal Data we collect very seriously. We take reasonable security measures to protect your Personal Data and reduce the risk of accidental destruction, loss, or unauthorised access to such Personal Data However, please note that no system involving the transmission of Information via electronic storage systems or the internet is entirely secure.

Disclosure of Personal Data

We may share your personal data with:

  • Any person that works for Busha;
  • Financial and other institutions we partner with to provide our products and services;
  • Companies and organisations that provide third-party services to us, including technical infrastructure, marketing and analytics, and web and app development;
  • Companies and organisations that assist us with identity verification, background screening and due diligence.
  • Our professional advisers, consultants and other similar services.

We will otherwise treat your personal data as private and confidential and will not share it with other parties except:

  • Where you have permitted us to do so;
  • Where we believe it is reasonably necessary to comply with any law, regulation, legal process or governmental request, to enforce our Terms of use or other agreements, or to protect the rights, property, or safety of us, our customers or others;
  • Where we may transfer rights and obligations according to our agreement with you.

Data Processing Principles

We adhere to the following data privacy principles required by law:

Fairness and Transparency: We collect and use your Personal Data in a lawful, transparent, and fair manner.

Purpose Limitation: We only collect Personal Data for specific, clearly defined, and legitimate purposes. We won't use it for anything beyond those purposes without your consent.

Data Minimization: We only collect the minimum amount of Personal Data necessary to achieve our stated purposes.

Storage Limitation: We will not retain your Personal Data for longer than necessary to fulfill the purposes for which it was collected.

Accuracy: We strive to maintain accurate and up-to-date information. You have the right to request corrections if needed.

Security: We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, damage, or misuse.

Accountability: We are accountable for your data and demonstrate compliance with these principles.

Service providers

We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), provide service on our behalf, perform Service-related services, or assist us in analysing how our Service is used.These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

External sites

Our Service may contain links to other sites not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's policy

Our Service does not address anyone under 18 ("Children"). We do not knowingly collect Personal Data from anyone under 18. If you are a parent or guardian and know that your child has provided us with Personal Data, please contact us via dpo@busha.co. If we become aware that we have collected Personal Data from children without verification of parental consent, we remove that information from our servers.

Changes to privacy policy

We may update our Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page. We will notify you via email and/or by a notice on our Service before the change becomes effective and update the "effective date" at the top of this Privacy Notice. You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when posted on this page.

Client's liability

The security of your data is important to us. But remember that no method of transmission over the internet or method of electronic storage is 100% secure.

While we do our best to protect your personal information, we cannot guarantee the security of any information that you transmit to us. You are solely responsible for maintaining the secrecy of any passwords or other account information, and we will not be liable if such information is leaked or disclosed by reason of your negligence. By using the Service, you agree to the collection and use of information in accordance with this notice.

Contact us

If you have any questions about this Privacy Notice, please contact our Data Protection Officer via dpo@busha.co

We use cookies to enhance your experience, analyze site traffic and deliver personalized content. Cookie Policy

Accept
Deny