Suacasa

Privacy Policy

Effective Date: May 2025  |  Last Updated: May 2025

Governing Laws: Nigeria Data Protection Act (NDPA) 2023  |  EU General Data Protection Regulation (GDPR)

1. Introduction

Welcome to Suacasa (“we”, “our”, or “us”). We are a luxury property development company based in Lagos, Nigeria, committed to designing eco-friendly, design-led residential homes for discerning buyers locally and across the global diaspora.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you interact with us — whether through our website, social media channels, WhatsApp, email, telephone, or in person.

Because we market our developments to clients both within Nigeria and internationally — including within the European Union and United Kingdom — this Policy is designed to comply with both the Nigeria Data Protection Act (NDPA) 2023 and the EU General Data Protection Regulation (GDPR) / UK GDPR.

By engaging with Suacasa, you acknowledge that you have read and understood this Privacy Policy. Please read it carefully.

 

2. Who We Are (Data Controller)

Suacasa is the data controller responsible for your personal information. This means we determine the purposes and means by which your personal data is processed.

Company Name: Suacasa

Registered Address: Lagos, Nigeria

Email: Info@suacasang.com

Phone: +234 814 897 4985

Website: www.suacasang.com

Suacasa is registered with the Nigeria Data Protection Commission (NDPC) in compliance with the NDPA 2023. Our registration details are available upon request.

 

3. Information We Collect

We may collect the following categories of personal information:

3.1 Information You Provide Directly

  • Full name and contact details (phone number, email address, WhatsApp)
  • Residential or mailing address and nationality
  • Purchase preferences (property type, bedroom count, intended use, budget)
  • Financial information relevant to property transactions (e.g. proof of funds, payment details)
  • Identification documents required for KYC/AML compliance (e.g. passport, national ID)
  • Communications you send us via email, WhatsApp, contact forms, or social media

3.2 Information Collected Automatically

  • IP address, browser type, and operating system when you visit our website
  • Pages visited, time spent, and clickstream data
  • Device identifiers and location data
  • Cookies and similar tracking technologies (see Section 9)

3.3 Information from Third Parties

  • Referral information from partners, agents, or property introducers
  • Publicly available information used to verify your identity
  • Data from social media platforms where you engage with our content

 

4. How We Use Your Information

We use your personal information for the following purposes:

  • To respond to your enquiries and provide information about our developments
  • To process property reservations, sales agreements, and related transactions
  • To comply with legal and regulatory obligations, including KYC and anti-money laundering (AML) requirements
  • To send you relevant updates on our developments, pricing, and availability (where you have consented or we have a legitimate interest to do so)
  • To improve our website, marketing materials, and overall client experience
  • To manage our ongoing relationship with you as a client, prospect, or partner
  • To conduct internal analysis, forecasting, and business reporting
  • To comply with court orders, legal proceedings, or government authority requests

We will only use your data for purposes compatible with the reason it was originally collected. If we wish to use it for a new purpose, we will inform you and, where required, seek your consent.

 

5. Legal Basis for Processing

We process your personal data under clearly defined legal bases, in compliance with both the NDPA 2023 and the GDPR:

5.1 Under the NDPA 2023

  • Contractual necessity — to fulfil obligations arising from a property transaction or enquiry
  • Legal obligation — to comply with applicable Nigerian laws and regulatory requirements
  • Legitimate interests — to operate, grow, and promote our business responsibly, provided these are not overridden by your rights
  • Consent — where you have explicitly agreed to receive marketing communications or to the use of non-essential cookies

5.2 Under the GDPR (for EU/UK Data Subjects)

  • Article 6(1)(b) — processing necessary for the performance of a contract
  • Article 6(1)(c) — processing necessary to comply with a legal obligation
  • Article 6(1)(f) — processing based on legitimate interests, where not overridden by your fundamental rights
  • Article 6(1)(a) — processing based on your freely given, specific, informed, and unambiguous consent

Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

 

6. Data Breach Notification

We take data breaches seriously and have internal procedures in place to detect, investigate, and respond to any suspected breach of your personal data.

6.1 Our Obligations

  • In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, where feasible
  • Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay
  • For EU/UK data subjects, we will additionally comply with GDPR breach notification obligations under Article 33 and Article 34

6.2 What We Will Tell You

Our breach notification will include, where possible:

  • A description of the nature of the breach
  • The categories and approximate number of individuals and records affected
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach and mitigate its effects

If you suspect your personal data has been compromised, please contact us immediately at Info@suacasang.com.

 

7. Third Parties and Data Processing Agreements

Suacasa does not sell your personal data to any third party. Where we engage external service providers (data processors) to process personal data on our behalf, we require them to do so under a written Data Processing Agreement (DPA) that legally binds them to:

  • Process personal data only on our documented instructions
  • Implement appropriate technical and organisational security measures
  • Support Suacasa in fulfilling data subject rights requests
  • Notify us promptly in the event of a data breach
  • Not engage sub-processors without prior written consent from Suacasa
  • Delete or return all personal data upon termination of services

Categories of third parties we may share your data with include:

  • Legal, financial, and professional advisors involved in property transactions
  • Regulatory bodies or government authorities where required by law
  • Technology and service providers supporting our website, CRM, communications, and marketing tools
  • Partner agents or introducers, only with your knowledge and where necessary

 

8. Cross-Border Data Transfers

As a company that markets globally, Suacasa may transfer your personal data to countries outside Nigeria and the European Economic Area (EEA). We ensure all international transfers are protected by appropriate safeguards, including:

  • Transfers to countries recognised by the NDPC as providing an adequate level of data protection
  • Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers from the EU/UK
  • Binding Corporate Rules or other lawful transfer mechanisms where applicable

We document the basis for all cross-border data transfers and the safeguards in place for the recipient country. You may request details of these safeguards by contacting us at Info@suacasang.com.

 

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse traffic, and personalise content. The types of cookies we use include:

  • Essential cookies — necessary for the website to function correctly
  • Analytics cookies — help us understand how visitors interact with our site (e.g. Google Analytics)
  • Marketing cookies — used to deliver relevant content and measure campaign performance

For visitors from the EU and UK, we will request your consent before placing any non-essential cookies, in compliance with GDPR and the ePrivacy Directive. You may manage, withdraw, or update your cookie preferences at any time through your browser settings or our cookie consent tool.

Please note that disabling certain cookies may affect your experience on our website.

 

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by applicable law. Our general retention periods are:

  • Client and transaction records — minimum of seven (7) years in line with financial and legal obligations
  • Enquiry and marketing records — up to two (2) years from last interaction
  • Cookie and analytics data — as specified in our cookie policy, typically between 30 days and 2 years

Once data is no longer required, we securely delete or anonymise it. You may request deletion of your data at any time, subject to legal and regulatory exceptions (see Section 11).

 

11. Your Rights

11.1 Rights Under the NDPA 2023 (Nigerian Data Subjects)

Under the Nigeria Data Protection Act 2023, you have the following rights:

  • Right of Access — to request a copy of the personal data we hold about you
  • Right to Rectification — to request correction of inaccurate or incomplete data
  • Right to Erasure — to request deletion of your data, subject to legal exceptions
  • Right to Restriction — to request that we limit how we process your data
  • Right to Object — to object to processing based on legitimate interests or for direct marketing
  • Right to Data Portability — to receive your data in a structured, machine-readable format
  • Right to Withdraw Consent — where processing is based on consent, you may withdraw it at any time

11.2 Additional Rights Under GDPR (EU/UK Data Subjects)

If you are located in the EU or UK, you have the above rights plus:

  • Right not to be subject to automated decision-making — including profiling, where it produces legal or similarly significant effects
  • Right to lodge a complaint with your local supervisory authority (e.g. your national Data Protection Authority or the UK ICO)

To exercise any of your rights, please contact us using the details in Section 14. We will respond within 30 days. We may need to verify your identity before processing your request.

 

12. Data Protection Impact Assessments (DPIAs)

Where a data processing activity is likely to result in a high risk to the rights and freedoms of individuals — for example, large-scale processing of financial or identity data — Suacasa will carry out a Data Protection Impact Assessment (DPIA) before commencing such processing.

Where a DPIA indicates that a high risk remains after appropriate mitigation measures, we will consult the Nigeria Data Protection Commission (NDPC) and, where relevant, the appropriate EU supervisory authority, prior to processing.

DPIAs form part of our ongoing commitment to privacy by design and default.

 

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure, or destruction. These include:

  • Restricted access controls and role-based permissions
  • Encrypted communication channels where applicable
  • Regular staff training on data protection obligations
  • Periodic review of data handling practices and security controls
  • Secure disposal of personal data no longer required

While we take all reasonable precautions, no method of electronic transmission or storage is completely secure. We encourage you to exercise care when sharing sensitive information online.

 

14. Children’s Privacy

Our services are intended for adults and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with their data, please contact us immediately at Info@suacasang.com so we can promptly delete it.

 

15. Contact Us & Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

Suacasa — Data Privacy Enquiries

Email: Info@suacasang.com

Phone: +234 814 897 4985

Website: www.suacasang.com

Address: Lagos, Nigeria

If you are an EU or UK data subject and you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority — for example, your national DPA or the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

Nigerian data subjects may also direct complaints to the Nigeria Data Protection Commission (NDPC) at www.ndpc.gov.ng.

 

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or regulatory guidance. We will notify you of significant changes by posting the updated Policy on our website with a revised effective date at the top of the document.

For material changes affecting EU/UK data subjects, we will provide direct notice where required under GDPR. We encourage you to review this Policy periodically.

© 2025 Suacasa. All rights reserved.

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria.

EU/UK residents: Additional protections apply under the GDPR and UK GDPR.