Legal
What we collect
Effective 29 April 2026 · Version 1.0
1.1 Categories of personal data
We collect the minimum personal data necessary for the purposes described in this Section. Personal data is any information relating to an identified or identifiable natural person, as defined in section 65 of the Nigeria Data Protection Act 2023 (“NDPA”) and Article 4(1) of the General Data Protection Regulation (“GDPR”).
(a) Information you give us
- Donation form data: the amount and currency of the contribution; the payment method (cryptocurrency selected); your name, email, and declared nationality where you choose to provide them; the order ID generated by our system.
- KYC / identification documents: for contributions above the threshold set in Terms § 2 (Contributions), we may require government-issued identification, proof of address, and a sworn declaration of source of funds, as required under the Money Laundering (Prevention and Prohibition) Act 2022, the Terrorism (Prevention and Prohibition) Act 2022, and the Electoral Act 2022.
- Correspondence: the content of emails, messages, support tickets, or other communications you send to the Campaign.
- Volunteer & enquiry forms: name, contact details, geographic location, skills, and any other information you voluntarily disclose.
(b) Information collected automatically
- Device & browser data: IP address (truncated where practicable), user agent, screen resolution, language, and timezone.
- Usage data: pages viewed, the order in which they were viewed, referrer, time on page.
- Diagnostic data: server logs, error traces, and rate-limit metadata, retained strictly for security and abuse-prevention.
(c) Information from third parties
- NowPayments OÜ (our regulated payment processor) provides us with payment-status data linked to the order ID we sent. This is necessary to confirm your contribution.
- Public on-chain data: where you transmit a contribution to a wallet address we control, the transaction is, by the nature of public blockchains, visible on the relevant ledger. We do not collect blockchain data beyond what is necessary to reconcile the contribution.
1.2 Lawful basis for processing
We process personal data only where one of the lawful bases set out in section 25 of the NDPA, and where applicable Article 6 GDPR, applies:
| Purpose | Lawful basis (NDPA / GDPR) | Examples |
|---|---|---|
| Operating the Site | Legitimate interests / Art. 6(1)(f) GDPR; § 25(c) NDPA | Logging, security, abuse prevention |
| Processing a contribution you initiate | Contractual necessity / Art. 6(1)(b) GDPR; § 25(b) NDPA | Generating an invoice, confirming payment |
| Statutory record-keeping (Electoral Act, AML) | Legal obligation / Art. 6(1)(c) GDPR; § 25(d) NDPA | Reporting to INEC, AML/CFT recordkeeping |
| Newsletter / volunteer outreach | Consent / Art. 6(1)(a) GDPR; § 25(a) NDPA | Email updates you have opted in to |
| Defending legal claims | Legitimate interests / Art. 6(1)(f) GDPR; § 25(c) and § 26(c) NDPA | Election petitions, regulatory enquiries |
1.3 Sensitive personal data
We do not request or collect sensitive personal data (for example, data revealing political opinions, racial or ethnic origin, religious beliefs, biometric data, or health data) except where (i) you voluntarily provide it in correspondence, (ii) processing is strictly necessary for compliance with a legal obligation imposed on the Campaign, or (iii) you have given express, granular, written consent.
Where you donate, the mere fact of your donation may, depending on your jurisdiction, constitute a political opinion. We treat that information with the safeguards in Section 3 and Section 6.
1.4 Children
The Site is not directed at persons under the age of eighteen (18). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact contact@peterobi.support and we will erase the data without undue delay.
1.5 Retention periods
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Indicative retention periods:
- Donation records (financial): seven (7) years from the end of the financial year in which the contribution was received, in line with Section 14 of the Companies Income Tax Act and AML/CFT recordkeeping requirements;
- Donor identifying information for KYC: five (5) years from the end of the customer relationship, per the Money Laundering Act 2022;
- Server access logs: ninety (90) days, except where preserved for an ongoing security investigation;
- Email correspondence: two (2) years from receipt, unless retained for a longer period to defend a legal claim;
- Volunteer / newsletter mailing list: for as long as you remain subscribed plus thirty (30) days after your unsubscribe request, to record your opt-out;
- Aggregated and de-identified analytics: indefinitely, as the data no longer constitutes personal data.
At the expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.
1.6 Changes to the categories we collect
Where we propose to collect new categories of personal data, we will update this Section and post a prominent notice on the Site at least fourteen (14) days before the change takes effect, except where the change is required by law to come into effect sooner.