Utopie Pay Concierge

Privacy Policy

Effective Date: January 1, 2026 | Last Updated: January 7, 2026

Utopie Pay Concierge is operated by Utopie Integrated Services (Nigeria), Utopie Technologies Inc. (USA & Canada). This Privacy Policy governs the collection, processing, storage, and protection of personal data in strict compliance with the Nigeria Data Protection Regulation (NDPR) 2019, General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA) Canada, and all applicable international trade, customs, and financial regulations.

1. Data Controller Information

Nigeria Operations (Primary Data Controller):

Utopie Integrated Services

No. 7 Awofeso Street, Lagos, Nigeria

Licensed Customs Agent - Nigeria Customs Service

Email: privacy@utopiepay.com

Data Protection Officer: dpo@utopiepay.com

Phone: (+234) 816 919 6841

United States Operations:

Utopie Technologies Inc.

8 The Green STE A, Dover, Kent, Delaware, 19901, United States

Incorporated: November 1, 2021

Canada Operations (MSB License Holder - Effective May 2026):

Utopie Technologies Inc.

800, 25th Street A East Owen Sound, Ontario N4K 6W6, Canada

2. Legal Basis for Data Processing

We process your personal data under the following legal bases as stipulated by NDPR Section 2.1, GDPR Article 6, and PIPEDA Section 5:

2.1 Contractual Necessity

Processing is necessary for the performance of contracts including customs clearance agreements, trade financing arrangements, logistics service contracts, escrow agreements, supplier sourcing agreements, and payment processing services between you and Utopie Pay Concierge.

2.2 Legal Obligation

We are legally required to process personal data to comply with:

  • Nigeria Customs Service Act (Cap N71, LFN 2004) and Nigeria Customs Service Regulations - requiring declaration of goods, calculation of duties, and submission of importer/exporter information
  • Central Bank of Nigeria (CBN) Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Regulations 2022 - mandating customer due diligence, transaction monitoring, and suspicious activity reporting
  • Foreign Exchange (Monitoring and Miscellaneous Provisions) Act - governing foreign currency transactions and repatriation
  • Nigerian Investment Promotion Commission (NIPC) Act - regulating foreign investment and capital importation
  • Standards Organisation of Nigeria (SON) Act - requiring product certification and quality standards compliance
  • National Agency for Food and Drug Administration and Control (NAFDAC) Act - mandating registration and approval for regulated products
  • Nigerian Export Promotion Council (NEPC) Act - governing export documentation and incentives
  • Financial Action Task Force (FATF) Recommendations - international AML/CFT standards
  • World Customs Organization (WCO) Framework - customs procedures and trade facilitation
  • International Maritime Organization (IMO) Regulations - shipping and cargo documentation
  • Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) - for Canadian MSB operations

2.3 Legitimate Interests

We process data for fraud prevention, credit risk assessment, supplier vetting and verification, platform security, service improvement, and business analytics, provided such processing does not override your fundamental rights and freedoms under NDPR Article 2.3.

2.4 Consent

For marketing communications, analytics cookies, geolocation tracking, and optional premium services, we obtain your explicit, informed, freely given, specific, and unambiguous consent in full compliance with NDPR Article 2.2 and GDPR Article 7.

3. Categories of Personal Data Collected

3.1 Identity and Contact Information

  • Full legal name (as appears on government-issued identification)
  • Date of birth, place of birth, nationality, gender
  • National Identification Number (NIN), Bank Verification Number (BVN) for Nigerian residents
  • International passport number, driver's license, or other government-issued ID
  • Residential address (street, city, state, postal code) and proof of address
  • Business address and registered office for corporate clients
  • Email addresses (personal and business)
  • Phone numbers (mobile and landline), WhatsApp contact information
  • Business registration documents (CAC certificate, tax identification number)
  • Director and shareholder information for corporate entities

3.2 Financial Information

  • Bank account details (account number, bank name, branch, sort code)
  • SWIFT/BIC codes for international transfers, IBAN where applicable
  • Payment card information (tokenized via PCI-DSS Level 1 compliant processors)
  • Transaction history including amounts, dates, descriptions, and counterparties
  • Payment receipts, invoices, bank statements
  • Credit worthiness assessments and credit bureau reports for trade financing
  • Foreign exchange transaction records and conversion rates
  • Wallet balances, deposit history, withdrawal requests
  • Tax identification numbers and tax compliance certificates
  • Financial statements for corporate credit applications

3.3 Trade and Customs Documentation

  • Import/export licenses and permits from relevant authorities
  • Commercial invoices with complete product descriptions and valuations
  • Packing lists detailing contents, weights, and dimensions
  • Bills of lading (B/L), airway bills, and other transport documents
  • Certificates of origin issued by chambers of commerce
  • Phytosanitary certificates for agricultural products
  • SONCAP (Standards Organisation of Nigeria Conformity Assessment Programme) certificates
  • NAFDAC registration numbers for food, drugs, cosmetics, and medical devices
  • Harmonized System (HS) codes for tariff classification
  • Supplier information: names, addresses, tax IDs, business licenses
  • Supplier vetting reports and due diligence documentation
  • Product descriptions, specifications, quantities, unit values
  • Incoterms and payment terms (FOB, CIF, DDP, etc.)
  • Insurance certificates and cargo valuation
  • Shipping and logistics tracking information (container numbers, vessel names, ETAs)
  • Warehouse receipts and delivery confirmation

3.4 Technical and Usage Data

  • IP addresses, device identifiers (IMEI, MAC address), browser fingerprints
  • Browser type and version, operating system, screen resolution
  • Login credentials (passwords hashed using bcrypt with minimum 256-bit encryption and salt)
  • Authentication tokens, session IDs, and multi-factor authentication data
  • Cookies, web beacons, and similar tracking technologies
  • Platform usage patterns, pages viewed, features accessed, click streams
  • Search queries, filters applied, document downloads
  • Session duration, frequency of use, navigation paths
  • Geolocation data (with explicit consent, including GPS coordinates and Wi-Fi positioning)
  • Error logs, crash reports, and diagnostic information

3.5 Communication Records

  • Customer support inquiries via email, phone, WhatsApp, and chat
  • Support ticket history and resolution records
  • Email correspondence with our team and third-party service providers
  • WhatsApp messages (with prior consent as required by Nigerian Communications Act)
  • Phone call recordings (with notification: "This call may be recorded for quality and training purposes")
  • Feedback, reviews, ratings, testimonials, and survey responses
  • Complaint records and dispute resolution documentation

4. Purposes of Data Processing

4.1 Customs Clearance Services

  • Preparation and electronic submission of Single Goods Declaration (SGD) forms to Nigeria Customs Service via the Nigeria Integrated Customs Information System (NICIS)
  • Classification of goods under the Harmonized System (HS) nomenclature
  • Calculation of customs duties, Value Added Tax (VAT), levies, surcharges, and excise duties based on Nigeria Customs and Excise Tariff
  • Payment of duties and taxes to NCS on your behalf
  • Liaison with Nigeria Customs Service officers, terminal operators, and port authorities
  • Obtaining release orders and customs clearance certificates
  • Coordination of physical examination and scanning procedures
  • Verification and validation of import/export documentation for regulatory compliance
  • Obtaining necessary permits, certificates, and approvals from SON, NAFDAC, NEPC, Federal Ministry of Agriculture, Nigerian Quarantine Service, and other agencies

4.2 Trade Financing and Payment Processing

  • Know Your Customer (KYC) verification including identity verification, address verification, and biometric authentication where required
  • Enhanced Due Diligence (EDD) for high-risk customers and Politically Exposed Persons (PEPs)
  • Credit risk assessment using credit bureau data, financial statements, and trade references
  • Approval and disbursement of trade financing for customs duties, supplier payments, and logistics costs
  • Processing Naira-denominated payments via Nigerian banks and payment processors
  • Foreign currency payments and remittances in compliance with CBN Form A requirements
  • Managing escrow accounts for supplier payments and buyer protection
  • Foreign exchange conversion at CBN-approved rates
  • Transaction monitoring for unusual patterns and suspicious activities
  • Filing Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs) to Nigerian Financial Intelligence Unit (NFIU) as required by Money Laundering (Prevention and Prohibition) Act
  • Sanctions screening against OFAC, UN, EU, and Nigerian sanctions lists

4.3 Logistics and Supply Chain Management

  • Coordinating international shipping with freight forwarders, shipping lines, and airlines
  • Booking cargo space and arranging container loading
  • Real-time shipment tracking via GPS, AIS (Automatic Identification System), and carrier APIs
  • Managing warehouse storage at ports and bonded warehouses
  • Arranging final mile delivery to client locations
  • Obtaining marine cargo insurance and providing claims assistance
  • Coordinating with inspection companies for pre-shipment inspection

4.4 Supplier Sourcing and Vetting

  • Identifying and qualifying international suppliers (particularly in China and Asia)
  • Verification of supplier business licenses, certifications, and compliance records
  • Conducting factory audits and capability assessments
  • Negotiating prices, payment terms, and delivery schedules
  • Quality inspection and product certification
  • Managing supplier relationships and performance monitoring

4.5 Platform Security and Fraud Prevention

  • User authentication using multi-factor authentication (MFA) - SMS OTP, email OTP, authenticator apps
  • Authorization and access control based on role-based permissions (Client, Admin, Super Admin)
  • Detection and prevention of fraudulent transactions using machine learning algorithms
  • Monitoring for account takeover attempts, credential stuffing, and brute force attacks
  • Security incident response and breach notification within 72 hours as required by NDPR
  • Compliance with PCI-DSS Level 1 standards for payment card security
  • Regular security audits, penetration testing, and vulnerability assessments

5. Data Sharing and Third-Party Disclosure

We share your personal data only as necessary for service delivery and legal compliance:

5.1 Government Agencies and Regulators

  • Nigeria Customs Service (NCS) - customs declarations and duty payments
  • Central Bank of Nigeria (CBN) - foreign exchange transactions and AML reporting
  • Nigerian Financial Intelligence Unit (NFIU) - suspicious transaction reports
  • Standards Organisation of Nigeria (SON) - product certification
  • National Agency for Food and Drug Administration and Control (NAFDAC) - regulated products
  • Federal Inland Revenue Service (FIRS) - tax compliance
  • Nigerian Ports Authority (NPA) - cargo handling
  • Corporate Affairs Commission (CAC) - business verification

5.2 Service Providers and Business Partners

  • Payment processors and banks - transaction processing
  • Freight forwarders and shipping lines - logistics coordination
  • Warehouse operators - cargo storage
  • Insurance companies - cargo insurance
  • Credit bureaus - credit assessments
  • Cloud hosting providers - data storage (AWS, Google Cloud with Nigerian data residency where required)
  • Identity verification services - KYC checks
  • Email and SMS providers - communications

All third-party processors are bound by data processing agreements (DPAs) ensuring NDPR compliance.

6. International Data Transfers

As an international trade platform, we transfer data across borders under the following safeguards:

Nigeria to USA/Canada: Data transfers to our USA and Canadian entities are protected by Standard Contractual Clauses (SCCs) approved by NDPR and GDPR, ensuring equivalent data protection.

Nigeria to China/Asia: Supplier data sharing for sourcing services is limited to business contact information and product specifications, with contractual protections.

Adequacy Assessments: We conduct transfer impact assessments for all cross-border data flows as required by NDPR Section 2.7.

7. Data Security Measures

Technical Safeguards

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Bcrypt password hashing with salt
  • Multi-factor authentication (MFA)
  • Intrusion detection systems (IDS)
  • Regular security patches and updates
  • Database access controls and audit logs
  • Secure API authentication (OAuth 2.0, JWT)

Organizational Safeguards

  • Staff training on data protection
  • Background checks for employees
  • Role-based access controls
  • Confidentiality agreements (NDAs)
  • Data Protection Impact Assessments (DPIAs)
  • Incident response procedures
  • Regular security audits
  • Business continuity and disaster recovery plans

8. Data Retention

We retain personal data for the following periods, or longer if required by law:

Data Category Retention Period Legal Basis
Customs documentation 5 years from clearance date Nigeria Customs Service Act
Financial transactions 7 years from transaction date CBN AML/CFT Regulations, Companies and Allied Matters Act (CAMA)
KYC/AML records 7 years after account closure Money Laundering (Prevention and Prohibition) Act
Trade financing agreements 6 years after final payment Statute of limitations for contracts
Communication records 2 years Business operations and dispute resolution
Marketing consent Until withdrawn or 2 years of inactivity NDPR consent requirements

9. Your Rights Under NDPR and GDPR

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion (subject to legal retention requirements)

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent for marketing and optional services

Right to Lodge Complaint

File complaint with Nigeria Data Protection Commission (NDPC)

How to Exercise Your Rights:

Email: privacy@utopiepay.com or dpo@utopiepay.com

Phone: (+234) 816 919 6841

Mail: Data Protection Officer, No. 7 Awofeso Street, Lagos, Nigeria

We will respond to requests within 30 days as required by NDPR Section 3.1(f).

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Provide details of the breach, potential consequences, and mitigation measures
  • Document all breaches in our breach register

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly and notify the parent or guardian.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. Material changes will be communicated via email and prominent notice on our platform at least 30 days before taking effect. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Information

General Inquiries: concierge@utopiepay.com

Privacy Matters: privacy@utopiepay.com

Data Protection Officer: dpo@utopiepay.com

Phone: (+234) 816 919 6841

WhatsApp: (+234) 816 919 6841

Address: No. 7 Awofeso Street, Lagos, Nigeria

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of Nigerian courts.