Privacy Policy

llocal Limited

Effective Date: 10 October, 2025 | Last Updated: 10 October, 2025

Disclaimer: This Privacy Policy describes the privacy practices of llocal Limited ("we," "our," or "us") for our website llocal.net and mobile application llocal (collectively, the "Services"). By using our Services, you agree to the terms outlined in this Policy.

1. Definitions

Personal Data
Any information relating to an identified or identifiable natural person.
Processing
Any operation performed on Personal Data, such as collection, use, storage, disclosure, or destruction.
Data Controller
The entity that determines the purposes and means of processing Personal Data (i.e., llocal Limited).
Data Processor
A third party that processes Personal Data on behalf of the Data Controller.
Consent
Any freely given, specific, informed, and unambiguous indication of user agreement to process their Personal Data.
Biometric Data
Personal data resulting from technical processing relating to physical, physiological, or behavioral characteristics.

2. Information We Collect

2.1. Data You Provide Voluntarily

  • Account Registration: Name, email address, telephone number, username, hashed password
  • Profile Information: Photograph, biography, gender, date of birth, physical address
  • User-Generated Content: Photos, videos, audio, files, recordings, comments, reviews, forum posts, private messages
  • Financial and Transactional Data: Purchase history, subscription records, billing address
  • Biometric Data: face scans for authentication]
  • Customer Support Communications: Content of support interactions

Payment Processing Note: Payment card details are processed directly by our PCI-DSS compliant third-party payment processors. We only receive tokenized payment confirmations and do not store full card numbers.

2.2. Data Collected Automatically

  • Device Information: Device ID, IMEI, MAC address, hardware serial number, IP address, operating system, browser type
  • Service Usage Data: Crash logs, performance data, pages viewed, features used, clickstream data
  • Location Data: GPS coordinates (with permission), approximate location from IP/Wi-Fi
  • Cookies and Tracking Technologies:
    • Strictly Necessary (essential for service)
    • Performance/Analytics (e.g., Google Analytics)
    • Functional (enhanced functionality)
    • Targeting/Advertising (personalized ads)

2.3. Data from Third Parties

  • Social Networks (when connecting accounts)
  • Single Sign-On (SSO) Providers
  • Data Brokers and Marketing Partners
  • Publicly Available Sources

4. Purposes of Processing

Purpose of Use Categories of Personal Data Legal Basis (GDPR)
Service Provision & Account Management Account Information, Profile Information, Financial Data Performance of a Contract
Personalization of User Experience Usage Data, Device Information, Profile Information Legitimate Interests / Consent
Marketing & Advertising Contact Information, Usage Data, Device Information Consent / Legitimate Interests
Communication & Customer Support Contact Information, Communications, Account Information Performance of a Contract / Legitimate Interests
Security, Fraud & Abuse Prevention Device Information, Account Information, Usage Data, IP Address Legitimate Interests / Legal Obligation

5. Data Sharing and Disclosure

We disclose Personal Data with the following categories of third parties:

  • Service Providers (Data Processors): Cloud hosting, analytics, marketing, customer support under strict contractual terms
  • Advertising Partners: For targeted ads and measurement (opt-out available)
  • Professional Advisors: Lawyers, auditors, insurers where necessary
  • Law Enforcement and Public Authorities: When required by law
  • Business Transferees: In connection with mergers, acquisitions, or asset sales
  • With Your Consent: For any other purpose disclosed with your permission

CCPA/CPRA Notice: We do not "sell" or "share" Personal Data as defined under CCPA/CPRA.

6. International Data Transfers

Your Personal Data may be processed in countries outside your country of residence, including the United States, the United Kingdom or among many others.

When transferring data from the EEA, UK, or Switzerland to non-adequate countries, we rely on:

  • European Commission's Standard Contractual Clauses (SCCs)
  • Your explicit consent for specific transfers
  • Other legally adequate mechanisms

7. Data Retention

Data Category Retention Trigger / Period
Account Data Duration of account life, plus 3 years for legal compliance
Financial & Transactional Data 7 years for tax and financial reporting
Marketing Data Until consent withdrawal or opt-out
Technical Log Data 12 months for security and analytics
Inactive Accounts Deleted after 24 months of inactivity

8. Data Security

We implement a comprehensive security framework including:

  • Technical Measures: Encryption in transit (TLS 1.2+) and at rest, pseudonymization, secure coding practices
  • Organizational Measures: Strict access controls, security training, confidentiality agreements
  • Physical Measures: Data center access controls

We maintain an incident response plan to handle potential data breaches in compliance with legal notification requirements.

9. Your Rights and Choices

You have the following rights regarding your Personal Data:

  • Right of Access & Data Portability: Request a copy of your data in machine-readable format
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion under certain circumstances
  • Right to Restriction of Processing: Request we stop processing some data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Non-Discrimination: Protection against discrimination for exercising rights

Verification Process: We must verify your identity to process requests. We may ask for information to confirm you are the account owner.

Appeal Process: If we decline your request, we will explain why and provide appeal instructions.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16 (GDPR) or 13 (COPPA). We do not knowingly collect Personal Data from children. If we discover such data, we will delete it immediately.

11. Changes to This Policy

We may update this Policy and will notify you of material changes by:

  • Posting the new Policy on our Services
  • Updating the "Last Updated" date
  • Sending email notification for significant changes
  • Requiring acknowledgment upon next login

12. Contact Information

Contact Our Privacy Team

Data Protection Officer / Privacy Team: llocal Legal Team

Email: legal@llocal.net

Postal Address: FCT 900107, Nigeria.

You have the right to lodge a complaint with a supervisory authority in your country of residence.