When you use or interact with us through the services, we may collect Personal Data. Sometimes this will be on our own behalf and other times this will be on behalf of an Organizer using our Services to run an event. This is an important distinction for purposes of certain data protection laws and this is explained as follows:
Information We Collect from Event Organizers Information you provide to us: In some cases, we may collect your card information (e.g., your credit card number and expiration date, billing address, etc.), some of which may constitute Personal Data, to secure certain payments. In addition, if you use our payment processing services, we will collect financial information from you (e.g., your bank account information or an address to send checks) as necessary to facilitate payments and information required for tax purposes (e.g., your taxpayer identification number). Information we obtain from other sources: We may also collect or receive Personal Data including your brand name, type of business, business location, website, category of events you create, location of events you create, images for event banner, business registration number, Corporate Affairs Commission Registration number (where registered in Nigeria), Utility Bill, Valid means of Identification, email address and other contact information from third party sources, such as third party websites and marketing partners, your bank, our payment processing partners. If you are an Organizer, we will collect additional Personal Data from you.
Our Services are meant for use by adults only. We do not knowingly collect personally identifiable information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and you think your child under 13 has given us information, you can email us. You can also write to us at the address listed at the end of this Policy. Please mark your inquiries “COPPA Information Request”.
We may need to transfer your Personal Data outside of the country from which it was originally provided. This may be Ibloov or third parties that we work with who may be located in jurisdictions outside Nigeria, the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe. Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data. Such transfers will be made pursuant to the standard data protection clauses adopted by the Commission (EU Standard Contractual Clauses (Processors). In the event that EU authorities or courts determine that the transfer mechanism above is no longer an appropriate basis for transfers, Ibloov and customer shall promptly take all steps reasonably necessary to demonstrate adequate protection for the Personal Data, using another approved mechanism.
In cases where we are a data controller over data accessed in an unauthorized manner, we will notify the affected users directly. When we are solely a processor of data, we will notify event organizers we determine to be most likely in contact with that individual around the time of a data incident involving the unauthorized access of that individual’s Personal Data.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The GDPR requires us to tell you about the legal ground we're relying on to process any personal data about you. The legal grounds for us processing your data include:
We shall comply with the provisions of the Constitution of the Federal Republic of Nigeria 1999 (as amended), the Nigeria Data Protection Regulation 2019, The Federal Competition and Consumer Protection Act 2019, Cybercrimes (Prohibition, Prevention) Act 2015, National Identity Management Commission Act, 2007, National CyberSecurity Policy and Strategy 2021 and all other relevant laws, legislations and regulations in collecting, storing, using and sharing data of organizers, consumers and visitors of Ibloov.
We comply with the EU-US Privacy Shield regarding the collection, use and retention of personal information transferred from the EU and Switzerland. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. As participating in the Privacy Shield, we are subject to the jurisdiction and enforcement powers of the US Federal Trade Commission. We may be liable for the onward transfer of personal data to a third-party agent, as described in the Privacy Shield Principles. Under certain circumstances, we may be required to disclose personal information to public authorities, for law enforcement purposes. To learn more about the Privacy Shield framework please visit: https://www.privacyshield.gov/.
For purposes of this Section 12 only, the terms “personal information,” “collection,” “sell,” “business purpose” and “commercial purpose” have the meaning given to them under the California Consumer Privacy Act of 2018 (the “CCPA”). If you reside in California, you have certain rights set forth below. These rights are in addition to any other rights you may have under this Policy. If you have any questions about these rights or how to exercise them, please contact us. Please note that we may disclose your personal information for business or commercial purposes as described in this Policy.
Disclosure and deletion requests: You have the right to request that we disclose to you what personal information about you we collect, use, disclose and sell. Subject to certain limitations in the CCPA, you also have the right to request that we delete your personal information. You may submit such a request by contacting us. If you submit a request by email, your email must include “California Request” in the subject line. We will not discriminate against you for exercising your rights under the CCPA.
In addition, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. Please note that we do not disclose your personal information to any third parties for their direct marketing purposes, except for any Client whose Event you have registered for, in which case the Client may use your personal information for their direct marketing purposes. To make a request, please send us an email or write to us. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
Right to opt out: The CCPA also provides California consumers the right to opt out of the sale of their personal information. As explained in this Policy, we do not sell the personal information of our users.
Verification: We reserve the right to verify any request made under the CCPA by asking you to provide supporting documentation that the request is submitted by you, although we are not obligated to verify a request. You may also choose to have an agent submit a request on your behalf, in which case we may, but are not obligated to, verify that the agent is authorized to act on your behalf. We assume no responsibility for responding to any consumer requests.
For European Users Data Protection Laws. If you are a resident of the European Union (“EU”) or Switzerland, you are entitled to certain protections under the EU’s General Data Protection Regulation (“GDPR”) and/or other applicable laws (collectively, the “Data Protection Laws”), and this section applies to your use of the Services. As used in this section, the terms “processing,” “processor,” “controller” and “personal data” have the meaning given to them in the Data Protection Laws.
How we obtain your personal data: Generally, we obtain your personal data from you because you want to use Ibloov. In order to use the Services (for example, to attend an organizer’s Event), you will need to register on Ibloov and create an account. Without providing this information, you will not be able to use the services provided by Ibloov. You may also voluntarily provide additional personal data in order to make greater use of the services, and we may collect personal data about you (such as your IP address) to provide the functionality of the Services. Finally, we may obtain your name and contact information from a client in connection with one or more events.
Our role with respect to your personal data: When we process your personal data on behalf of our client for the purpose of providing the Services, we act as a processor of your personal data, as defined under the Data Protection Laws. In such situations, the controller(s) of your personal data, as defined under the Data Protection Laws, are any Client(s) who organize any Event(s) which you attend. You may be able to find the contact information of the relevant Client by looking at the Event they posted. However, when we process your personal data for our own purposes (such as improving the Services), we may be considered the controller of your personal data for purposes of such processing.
Purposes and legal bases for processing: Your personal data will be processed for the purposes described in this Policy. The legal grounds for our processing, and our clients’ processing, of your personal data are:
If you have a complaint about Ibloov's privacy practices you should write to us by email or any means necessary for you to contact us. We will take reasonable steps to work with you to attempt to resolve your complaint. Ibloov and the disputing party shall seek to resolve the dispute amicably by using Alternative Dispute Resolution (‘ADR’) procedure acceptable to both parties before pursuing any other remedies available to them.