Privacy Policy

Nova Axis Limited ("Nova Axis," "we," "our," or "us") is committed to the responsible and lawful processing of personal data. This Privacy Policy describes how we collect, use, disclose, store, and protect personal information when you interact with our website, platforms, services, and operations.

This Policy applies to all individuals whose personal data we process, including website visitors, clients, prospective clients, partners, vendors, job applicants, and any other persons who engage with Nova Axis. It covers our operations across renewable energy, solar installations, electric vehicle (EV) infrastructure, EPC/EPC+F project delivery, advisory services, and all related digital platforms.

Nova Axis processes personal data in accordance with: Nigeria's Nigeria Data Protection Act 2023 (NDPA); the Guidelines on Adequate Implementation of the Data Protection Regulations (GAID) issued by the Nigeria Data Protection Commission (NDPC); the European Union General Data Protection Regulation (GDPR) where applicable to data subjects in the EU/EEA; and all other applicable international data protection frameworks.

Identity & Contact Data: Full name, title, email address, phone number, mailing address, company or organisation name, and job title. This data is collected when you submit enquiries, request quotes, register on our platforms, or engage with Nova Axis directly.

Project & Technical Data: Information relating to energy needs, site specifications, project requirements, consumption data, technical assessments, and regulatory documentation shared for the purpose of project scoping, design, or delivery.

Financial & Transactional Data: Bank account details, payment card information (processed securely through authorised payment processors), invoicing records, and transaction history collected where necessary to execute contracts and process payments.

Usage & Technical Data: IP addresses, browser type, device identifiers, pages visited, time spent on pages, and other analytics data collected automatically when you visit our website or use our platforms.

Communications Data: Records of correspondence including emails, phone call logs, and written communications, retained for service continuity, compliance, and dispute resolution purposes.

Sensitive Data: We do not intentionally collect sensitive personal data (such as biometric, health, or political data) unless strictly required by law or with your explicit consent.

Under the NDPA 2023 and GDPR, Nova Axis processes personal data only where a valid legal basis exists:

Contractual Necessity: Processing required to enter into or perform a contract with you, including project delivery, service agreements, and billing.

Legitimate Interests: Processing necessary for our legitimate business interests such as improving our services, fraud prevention, internal analytics, and business development where such interests are not overridden by your rights and freedoms.

Legal Obligation: Processing required to comply with Nigerian law, regulatory requirements (including NERC, ECN, REA, NDPA), tax obligations, court orders, or other statutory duties.

Consent: Where we rely on your consent for example, to send marketing communications you may withdraw consent at any time without affecting the lawfulness of prior processing.

Nova Axis uses personal data for the following purposes: (a) providing, managing, and delivering our energy services and solutions; (b) processing project enquiries, quotes, and proposals; (c) executing and managing contracts, including EPC, solar, EV infrastructure, and advisory agreements; (d) communicating with you regarding your project, enquiry, or account; (e) invoicing, payment processing, and financial record-keeping; (f) complying with regulatory, statutory, and legal obligations applicable to our business; (g) improving our services, platforms, and customer experience through analytics and feedback; (h) conducting marketing and business development activities where lawful consent or legitimate interest applies.

We do not use personal data to make automated decisions that produce significant legal or similar effects without human oversight and appropriate safeguards.

Nova Axis does not sell, rent, or trade your personal data to third parties for their commercial purposes. We may share your personal data in the following limited circumstances:

Service Providers & Processors: Trusted third-party service providers who process data on our behalf including cloud infrastructure providers, payment processors, project management platforms, and IT service providers under binding data processing agreements that meet NDPA and GDPR standards.

Professional Advisers: Lawyers, accountants, auditors, and insurers bound by professional confidentiality obligations where necessary for legal or financial compliance.

Regulatory & Government Authorities: Where required by applicable law, court order, regulatory directive, or governmental request including disclosures to the NDPC, NERC, Federal Inland Revenue Service (FIRS), or other competent authorities.

Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to relevant parties subject to equivalent data protection commitments.

International Transfers: Where personal data is transferred outside Nigeria, we ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs), adequacy decisions, or other NDPA/GDPR-compliant mechanisms.

Nova Axis retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and regulation. Our retention periods are determined by: the nature of the data and the purpose of collection; applicable statutory limitation periods under Nigerian law; regulatory obligations (including tax, energy sector, and anti-money laundering requirements); and our legitimate business interests.

As a general guide: client project data is retained for a minimum of seven (7) years following project completion; financial and transactional records are retained for a minimum of six (6) years in accordance with Nigerian tax law; marketing consent records are retained for the duration of the consent plus one (1) year. When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention and disposal procedures.

Under the NDPA 2023 and GDPR, you have the following rights with respect to your personal data:

Right of Access: To request a copy of the personal data we hold about you and information about how it is used.

Right to Rectification: To request correction of inaccurate or incomplete personal data.

Right to Erasure: To request deletion of your personal data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful subject to our legal obligations to retain certain records.

Right to Restriction: To request that we limit the processing of your data in certain circumstances.

Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract.

Right to Object: To object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent, without affecting lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at privacy@novaxisltd.com. We will respond within 30 days in accordance with NDPA and GDPR timelines. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or another competent supervisory authority.

Nova Axis implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, disclosure, or misuse. These include: encryption of data in transit and at rest; access controls and role-based authentication; regular security assessments and vulnerability testing; staff training on data protection obligations; incident response procedures; and vendor due diligence for third-party processors.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, Nova Axis will notify the NDPC and affected individuals in accordance with NDPA and GDPR notification obligations.

Our website uses cookies and similar tracking technologies to enhance user experience, analyse traffic patterns, and optimise website performance. Cookie categories include: Strictly Necessary Cookies (required for website functionality and cannot be disabled); Performance & Analytics Cookies (used to understand how visitors interact with our website enabled only with consent); and Marketing Cookies (used to deliver relevant content and measure campaign effectiveness enabled only with explicit consent).

You can manage, restrict, or withdraw consent for non-essential cookies at any time through our cookie settings panel or through your browser settings. Disabling optional cookies will not affect core website functionality.

Our services are not directed to individuals under the age of 18. Nova Axis does not knowingly collect or process personal data from minors. If we become aware that personal data has been collected from a person under 18 without appropriate consent, we will take prompt steps to delete that data.

Nova Axis may update this Privacy Policy from time to time to reflect changes in our data practices, service offerings, or applicable law. The effective date of the current version is noted at the top of this page. Where changes are material, we will provide appropriate notice including via email where required by the NDPA or GDPR. Continued use of our services following any update constitutes acceptance of the revised Policy.