PRIVACY POLICY

Dataset Nexus Tech

www.datasetnexustech.com

Effective Date: 7th March, 2026 | Last Updated: 7th March, 2026

This Privacy Policy (“Policy”) describes how Dataset Nexus Tech (“Company”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data obtained through the use of our website www.datasetnexustech.com (“Website”) and any related services, products, or platforms offered by Dataset Nexus Tech (collectively, “Services”).

This Policy is designed to comply with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and, to the extent applicable, the European Union General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and any other applicable data protection legislation.

By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please discontinue use of our Website and Services immediately.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

For purposes of applicable data protection law, the Data Controller responsible for your personal data is:

Company Name: Dataset Nexus Tech

Website: www.datasetnexustech.com

Email Address: [email protected]

Business Address: FCT Abuja, Nigeria

Data Protection Contact: [email protected]

If you have any questions, concerns, or requests regarding this Policy or the processing of your personal data, please contact us using the details above.

2. SCOPE AND APPLICATION

This Policy applies to:

• All visitors to our Website, including prospective users, registered students, and casual browsers;

• All registered users who have created an account to access our educational programmes and resources;

• All individuals who interact with Dataset Nexus Tech via email, social media, telephone, or any other communication channel;

• All individuals who make purchases of, or enquire about, any of our technology education programmes;

• All job applicants, contractors, and partners who provide personal data in connection with their engagement with the Company.

This Policy does not apply to third-party websites, applications, or services that may be linked from our Website. We encourage you to review the privacy policies of any third-party services you access.

3. DEFINITIONS

For the purposes of this Policy, the following terms shall have the meanings set out below:

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”), directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to that person.

“Processing” means any operation performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

“Data Controller” means the entity that determines the purposes and means of processing personal data — in this case, Dataset Nexus Tech.

“Data Processor” means any entity that processes personal data on behalf of the Data Controller.

“Consent” means any freely given, specific, informed, and unambiguous indication by the Data Subject that they agree to the processing of their personal data.

“Special Categories of Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.

4. PERSONAL DATA WE COLLECT

4.1 Data You Provide Directly

We collect personal data that you voluntarily provide when you:

• Register an account on our Website (full name, email address, phone number, password);

• Enrol in any of our educational programmes (course preferences, education background, employment status);

• Make a payment for our services (billing name, payment card details processed via our secure payment processors, billing address);

• Contact us via email, contact forms, or other communication channels (name, email, message content);

• Subscribe to our newsletters or marketing communications (name, email address);

• Participate in surveys, competitions, or promotional activities;

• Apply for any position or partnership with Dataset Nexus Tech.

4.2 Data We Collect Automatically

When you access our Website, we may automatically collect technical and usage data, including:

• Internet Protocol (IP) address and approximate geographic location;

• Browser type and version, operating system, and device type;

• Pages visited, time and duration of visits, and referring URLs;

• Clickstream data and interaction logs;

• Cookie identifiers and session tokens (see Section 10 on Cookies).

4.3 Data from Third Parties

We may receive personal data about you from third parties, including:

• Social media platforms (e.g., LinkedIn, Google, Facebook) if you choose to log in or share data via these platforms;

• Payment processors and financial institutions;

• Analytics and advertising partners;

• Publicly available sources where permitted by law.

4.4 Special Categories of Data

We do not intentionally collect special categories of personal data. However, if such data is voluntarily provided by you (e.g., disability information for accessibility purposes), we will process it only with your explicit consent and in accordance with applicable law.

5. LEGAL BASES FOR PROCESSING PERSONAL DATA

We process your personal data only where we have a valid legal basis to do so. The applicable legal bases under the GDPR, UK GDPR, and NDPA are:

(a) Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (e.g., creating an account, processing enrolment, providing course access).

(b) Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject under Nigerian law or any other applicable jurisdiction.

(c) Legitimate Interests: Processing is necessary for the purposes of our legitimate interests (e.g., improving our Services, ensuring platform security, fraud prevention), provided that those interests are not overridden by your rights and interests.

(d) Consent: Where we rely on your consent to process your personal data (e.g., for marketing communications, cookies), you have the right to withdraw your consent at any time without affecting the lawfulness of prior processing.

(e) Vital Interests: Where necessary to protect your vital interests or those of another natural person.

6. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA

We use your personal data for the following specific purposes:

• To create, manage, and administer your user account and profile;

• To process enrolments, payments, and deliver our educational programmes and course materials;

• To communicate with you regarding your account, course progress, certificates, and any queries you submit;

• To send you administrative notices, technical updates, and security alerts;

• To send you marketing and promotional communications (only where you have provided consent or where permitted by law, and subject to your right to opt out);

• To personalise your experience on our Website and recommend relevant courses or content;

• To conduct analytics, monitor Website performance, and improve our Services;

• To detect, investigate, and prevent fraudulent transactions, security breaches, and other prohibited activities;

• To comply with our legal and regulatory obligations, including tax, accounting, and reporting requirements;

• To respond to lawful requests from competent governmental or regulatory authorities;

• To enforce our Terms and Conditions and other legal agreements.

7. DATA RETENTION

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected or as required by applicable law. The specific retention periods are as follows:

• Account and registration data: Retained for the duration of your account and for a period of five (5) years following account closure, or as required by law;

• Transaction and payment records: Retained for a minimum of seven (7) years in accordance with Nigerian tax and financial reporting obligations;

• Course completion and certification records: Retained for ten (10) years to facilitate verification by you or prospective employers;

• Marketing and communication preferences: Retained until you withdraw consent or opt out, whichever is earlier;

• Technical and log data: Retained for a period of twelve (12) months from collection;

• Support and correspondence records: Retained for three (3) years following the resolution of any query.

Upon expiry of the applicable retention period, we will securely delete, anonymise, or pseudonymise your personal data in accordance with industry best practices.

8. SHARING AND DISCLOSURE OF PERSONAL DATA

8.1 Categories of Recipients

We do not sell, rent, or trade your personal data. We may share your personal data only in the following circumstances and with the following categories of recipients:

(a) Service Providers and Data Processors: We engage trusted third-party service providers to assist in operating our Website and delivering our Services, including cloud hosting providers, payment processors, email delivery services, customer support platforms, and analytics providers. These parties are contractually bound to process your data only on our instructions and in accordance with this Policy.

(b) Business Partners: We may share limited data with carefully vetted educational or employment partners to facilitate job placement or career support initiatives, where you have given your consent.

(c) Legal and Regulatory Authorities: We may disclose personal data to law enforcement agencies, regulatory bodies, courts, or other government authorities where required or permitted by law, or where necessary to protect our legal rights.

(d) Corporate Transactions: In the event of a merger, acquisition, restructuring, sale of assets, or insolvency proceedings, your personal data may be transferred to relevant third parties as part of the transaction, subject to equivalent data protection obligations.

(e) With Your Consent: We may share your data with third parties where you have provided explicit consent for us to do so.

8.2 International Data Transfers

Our primary operations are based in Nigeria. Some of our third-party service providers and sub-processors may be located in other countries, including countries within the European Economic Area (EEA), the United Kingdom, or the United States of America. Where we transfer your personal data outside Nigeria or the EEA, we ensure that appropriate safeguards are in place, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission;

• Adequacy decisions by relevant supervisory authorities;

• Other legally recognised transfer mechanisms under applicable data protection law.

You may request further information about the safeguards applicable to any international transfer of your data by contacting us at [email protected].

9. DATA SECURITY

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security measures include, but are not limited to:

• Encryption of data in transit using Transport Layer Security (TLS) protocols;

• Encryption of sensitive data at rest using industry-standard encryption standards;

• Role-based access controls limiting access to personal data on a strict need-to-know basis;

• Regular security assessments, vulnerability scans, and penetration testing;

• Multi-factor authentication for administrative access to our systems;

• Secure development practices, including code reviews and dependency management;

• Staff training and awareness programmes on data protection and information security;

• Incident response and data breach notification procedures.

Notwithstanding the above, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any account credentials and must notify us immediately if you suspect any unauthorised access to your account.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies

Cookies are small text files placed on your device when you visit our Website. We use cookies and similar tracking technologies (including pixel tags, web beacons, and local storage) to enhance your experience, understand how our Website is used, and deliver targeted content.

10.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the Website to function properly. These cannot be disabled without impacting Website functionality.

• Performance and Analytics Cookies: Collect anonymised information about how visitors use our Website (e.g., pages visited, error messages). We may use services such as Google Analytics for this purpose.

• Functional Cookies: Remember your preferences and settings (e.g., language, login status) to personalise your experience.

• Marketing and Targeting Cookies: Track your browsing habits to serve relevant advertisements on third-party platforms. These are only set with your prior consent.

10.3 Managing Cookies

You can manage and control cookies through your browser settings. You may also withdraw consent to non-essential cookies at any time through our cookie preference centre available on our Website. Please note that disabling certain cookies may affect the functionality and performance of the Website. For more information about managing cookies, visit www.allaboutcookies.org.

11. YOUR RIGHTS AS A DATA SUBJECT

Subject to applicable law, you have the following rights in respect of your personal data:

(a) Right of Access (Article 15 GDPR / Section 34 NDPA): You have the right to request a copy of the personal data we hold about you and information about how we process it.

(b) Right to Rectification (Article 16 GDPR / Section 34 NDPA): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

(c) Right to Erasure / Right to be Forgotten (Article 17 GDPR): You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other lawful basis for processing.

(d) Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we limit the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to our processing.

(e) Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request that we transmit that data to another controller, where technically feasible.

(f) Right to Object (Article 21 GDPR): You have the right to object, on grounds relating to your particular situation, to the processing of your personal data where we rely on legitimate interests as our lawful basis. You have an absolute right to object to processing for direct marketing purposes.

(g) Right to Withdraw Consent: Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

(h) Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects on you.

(i) Right to Lodge a Complaint: You have the right to lodge a complaint with a relevant supervisory authority if you believe that our processing of your personal data violates applicable data protection law (see Section 15).

11.1 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to us by email at [email protected] with the subject line “Data Subject Rights Request”. We will respond to your request within thirty (30) days of receipt. In complex cases, or where we receive a high volume of requests, we may extend this period by an additional sixty (60) days, in which case we will notify you accordingly. We may require you to verify your identity before processing your request.

Where requests are manifestly unfounded, excessive, or repetitive, we reserve the right to charge a reasonable administrative fee or refuse to act on the request, in accordance with applicable law.

12. CHILDREN’S PRIVACY

Our Website and Services are not directed at children under the age of eighteen (18) years. We do not knowingly collect personal data from children under the age of 18 without verifiable parental or guardian consent. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such data from our records.

Where our Services are accessed by individuals aged 16-17 years with parental consent, such processing will be carried out in accordance with applicable law and with appropriate additional safeguards.

13. MARKETING COMMUNICATIONS

We may send you marketing communications about our programmes, offers, events, and updates, provided that:

• You have expressly opted in to receive such communications; or

• You are an existing customer and the communication relates to similar services to those you have previously purchased from us, and you have not opted out.

You have the right to opt out of marketing communications at any time by:

• Clicking the “Unsubscribe” link in any marketing email you receive from us;

• Contacting us at [email protected] with the subject “Marketing Opt-Out”; or

• Updating your communication preferences within your account settings.

Please note that even if you opt out of marketing communications, we may still send you transactional and administrative messages relating to your account or purchases.

14. DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority (the Nigeria Data Protection Commission (NDPC) and, where applicable, the relevant EU/UK supervisory authority) without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach;

• Notify affected Data Subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms, providing a clear description of the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

We maintain an internal data breach register and incident response procedure to ensure that breaches are promptly identified, contained, investigated, and reported in accordance with applicable law.

15. SUPERVISORY AUTHORITIES AND COMPLAINTS

If you believe that our processing of your personal data has violated applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority:

Nigeria (NDPA/NDPR): Nigeria Data Protection Commission (NDPC)

• Website: www.ndpc.gov.ng

• Email: [email protected]

We encourage you to contact us directly in the first instance so that we may address your concerns before you escalate to a supervisory authority.

16. LINKS TO THIRD-PARTY WEBSITES

Our Website may contain links to third-party websites, applications, or services. This Policy does not apply to such third-party platforms, and we are not responsible for their data protection practices. We strongly encourage you to review the privacy policies of any third-party websites you visit through links on our Website.

17. CHANGES TO THIS PRIVACY POLICY

We may update this Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory requirements. Any changes will be posted on this page with an updated “Last Updated” date. Where the changes are material, we will notify you by email or by a prominent notice on our Website prior to the change taking effect. We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

Your continued use of our Website or Services following the posting of an updated Policy constitutes your acceptance of the changes, to the extent permitted by law.

18. GOVERNING LAW AND JURISDICTION

This Policy is governed by and shall be construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019. To the extent that our processing activities fall within the scope of the GDPR or UK GDPR, those instruments shall apply in respect of Data Subjects located in the EEA or the United Kingdom respectively.

Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of the Federal Capital Territory, Abuja, Nigeria, without prejudice to your rights to bring proceedings before a competent supervisory authority.

19. CONTACT US

If you have any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us:

Company: Dataset Nexus Tech

Data Privacy Contact: [email protected]

Physical Address: FCT Abuja, Nigeria

Website: www.datasetnexustech.com

We are committed to addressing your concerns promptly and professionally.

This Privacy Policy was prepared on 7th March, 2026 and is effective as of that date.