Ratio Africa Limited ("Ratio Africa", "we", "us", "our") respects the privacy of every person who visits ratioafrica.com or otherwise engages with us. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, how long we keep it, and the rights you have over your personal data.
This policy is governed primarily by the Nigeria Data Protection Act 2023 (NDPA) and its General Application and Implementation Directive 2025 (GAID), as enforced by the Nigeria Data Protection Commission (NDPC). It also takes account of the Nigeria Data Protection Regulation 2019 (NDPR) as subsidiary regulation, and the EU General Data Protection Regulation 2016/679 (GDPR) to the extent we process personal data of individuals located in the European Economic Area or the United Kingdom. Where any provision of this policy conflicts with the NDPA, the NDPA prevails.
01Who we are
Ratio Africa Limited is a product outcomes and growth consultancy registered in the Federal Republic of Nigeria. We help early stage founders, established companies, and international firms entering African markets achieve measurable product outcomes.
- Contact email: connect@ratioafrica.com
- Data protection contact: connect@ratioafrica.com
For all matters relating to your personal data or this policy, please write to connect@ratioafrica.com. We aim to respond within 30 days.
02Scope of this policy
This policy applies to personal data we collect or process when you:
- visit or interact with ratioafrica.com and any subdomains we operate;
- submit a contact form, request a consultation, or subscribe to our updates;
- engage us as a client or supplier, or are an employee or representative of a client or supplier;
- attend our events, webinars, or in-person sessions;
- communicate with us by email, phone, or social media; or
- apply for a role, internship, or partnership with us.
This policy does not cover the practices of third parties whose services or sites we link to. Read their policies separately.
03The personal data we collect
We collect only the personal data we need to deliver our services, respond to your enquiries, run our business, and meet our legal obligations. The categories are:
-
Identification and contact data
Name, job title, employer or organisation name, work or personal email address, phone number, and country of residence. -
Engagement and commercial data
The content of your enquiries, scoping notes, signed engagement letters, statements of work, deliverables we produce for you, invoices, payment confirmations, and correspondence relating to a client or supplier relationship. -
Technical and usage data
IP address, approximate location derived from IP, device type, operating system, browser type and version, the pages you visit on ratioafrica.com, referring URL, and timestamps. We collect this through cookies and similar technologies as described in section 9. -
Marketing and communication data
Your preferences for receiving communications from us, the topics you have indicated interest in, and engagement with our emails (opens, clicks) where you have consented to analytics. -
Recruitment data (only if you apply for a role)
CV, cover letter, work history, references, right-to-work information where relevant, and any other information you choose to share with us.
We do not knowingly collect special categories of data (such as health, religion, political opinions, biometric data, or data concerning children under 18). If you share special category data with us inadvertently in correspondence, we will minimise its use and delete it where not required.
04How we collect personal data
We collect personal data:
- directly from you, when you submit a form, send us an email, sign a contract, attend an event, or apply for a role;
- automatically, when you interact with our website, through cookies and analytics;
- from third parties, including publicly available business sources such as LinkedIn or company registries where we are researching prospective clients or partners, and from service providers acting on our behalf.
05Lawful basis for processing
Under Section 25 of the NDPA, every processing activity must rely on at least one lawful basis. We rely on the following, matched to each processing purpose:
| Processing purpose | Lawful basis (NDPA / GDPR) |
|---|---|
| Responding to enquiries you submit through the website or by email | Consent; Steps prior to entering a contract |
| Delivering services under a signed engagement letter | Performance of a contract |
| Invoicing, payments, and tax recordkeeping | Compliance with a legal obligation |
| Sending direct marketing emails about our services | Consent (which you may withdraw at any time) |
| Improving the website and understanding visitor behaviour | Legitimate interest (we have completed a balancing assessment) |
| Recruiting and assessing candidates | Steps prior to entering a contract; Consent |
| Defending or pursuing legal claims | Legitimate interest; Compliance with a legal obligation |
| Securing our systems and preventing fraud | Legitimate interest |
Where we rely on consent, you may withdraw it at any time by contacting connect@ratioafrica.com or by using the unsubscribe link in our emails. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
Where we rely on legitimate interest, we have weighed our interest against your rights and freedoms. You may object to processing on this basis at any time (see section 11).
06How we use your personal data
We use the personal data we collect to:
- respond to enquiries, schedule discovery calls, and prepare proposals;
- deliver consulting engagements, including product audits, strategy work, embedded PM services, and market-entry advisory;
- send you invoices, take payment, and keep accounting records;
- send you service-related communications (for example, scheduling updates, deliverable handovers);
- send you marketing communications about our services, but only where you have consented or, for existing clients, on a soft opt-in basis with an easy way to unsubscribe;
- analyse aggregate website traffic and improve site content and user experience;
- comply with our legal, regulatory, and tax obligations in Nigeria and elsewhere we operate;
- protect our systems, prevent fraud, and defend our legal rights; and
- assess job applications and onboard new team members.
We do not use your personal data to make automated decisions that produce legal or similarly significant effects on you. We do not sell your personal data to anyone.
07Who we share your personal data with
We share personal data only where necessary, and only with parties bound by appropriate confidentiality and data protection obligations. The categories are:
Service providers (data processors acting on our instructions):
- Cloud hosting and email infrastructure (for example, our website host and business email provider)
- Payment processors and banking partners for receiving fees
- Accounting and bookkeeping providers
- Analytics providers (only where you have consented to non-essential cookies)
- Customer relationship management and project management tools
- Professional advisers (lawyers, accountants, auditors)
Other recipients:
- Regulators and authorities where we are legally required to disclose information (for example, the NDPC, tax authorities, or law enforcement responding to a valid request)
- Counterparties and their advisers in the context of a transaction, merger, or sale of the business, under appropriate confidentiality terms
- Insurers and re-insurers where relevant to a claim or risk
Where a recipient acts as a data processor on our behalf, we put in place a written data processing agreement that requires them to process personal data only on our documented instructions, apply appropriate security, support data subject rights, assist with breach notification, and return or delete data at the end of the engagement.
A list of our principal service providers and the country of processing is available on request from connect@ratioafrica.com.
08International transfers of personal data
Some of the service providers we use are located outside Nigeria, including in the European Economic Area, the United Kingdom, and the United States.
Under Section 41 of the NDPA, we transfer personal data outside Nigeria only where one of the following applies:
- the destination country is recognised by the NDPC as providing adequate protection;
- the transfer is covered by binding corporate rules, an approved code of conduct, a certification mechanism, or contractual clauses providing equal or adequate protection;
- you have given explicit consent after being informed of the risks; or
- the transfer is necessary for the performance of a contract with you, an important public interest, or the establishment, exercise, or defence of legal claims.
For transfers to recipients in the EEA or the UK, we rely on the European Commission's Standard Contractual Clauses or the UK International Data Transfer Agreement, as appropriate, with supplementary measures where required.
We document the basis for every cross-border transfer and the adequate safeguards in place. You may request details of the safeguards applied to a specific transfer by writing to connect@ratioafrica.com.
09Cookies and similar technologies
ratioafrica.com uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a site.
We use three categories of cookies:
Strictly necessary cookies. These are required for the site to function (for example, remembering your cookie preferences and session security). They cannot be disabled in our preference centre, but you can block them in your browser settings, in which case parts of the site may not work.
Analytics cookies. These help us understand how visitors use the site, which pages perform well, and where users come from. We use these only where you have consented.
Functional cookies. These remember choices you make (for example, language preference) to give you a more personalised experience.
In line with Article 19 of the GAID, we obtain your opt-in consent through a cookie banner before setting any non-essential cookies. The banner is visible on your first visit. You can withdraw or change your preferences at any time by clicking "Cookie preferences" in the footer.
A full list of the cookies we currently set, their purpose, and duration is available on request from connect@ratioafrica.com. We will publish a standalone cookie notice as our analytics and functional tooling matures.
10How long we keep your personal data
We keep personal data only as long as we need it for the purposes set out in this policy, or as required by law.
| Category | Retention period |
|---|---|
| Website enquiry data with no follow-up | 12 months from last contact |
| Active prospect and engagement scoping records | Duration of relationship plus 24 months |
| Signed engagement letters, statements of work, deliverables | 7 years after the end of the engagement (tax and audit requirements) |
| Invoices, payment records, financial records | 7 years (Companies and Allied Matters Act requirements) |
| Marketing subscriber records | Until you unsubscribe or after 24 months of inactivity, whichever is sooner |
| Website analytics (aggregated) | 14 months |
| Recruitment records for unsuccessful applicants | 12 months with consent for future opportunities, otherwise deleted |
| Recruitment records for successful applicants | Duration of employment plus 7 years |
| CCTV recordings of physical premises (if applicable) | 30 days unless retained for an incident |
When the retention period ends, we securely delete or anonymise the data. Anonymised data may be retained for analytics or business intelligence.
11Your rights
Under the NDPA, the NDPR, and (where applicable) GDPR, you have the following rights over your personal data:
- Right to be informed about how we process your personal data (this policy fulfils that obligation).
- Right of access to a copy of the personal data we hold about you.
- Right to rectification of personal data that is inaccurate, out of date, incomplete, or misleading. Where the error was caused by us, rectification is provided at no cost.
- Right to erasure of your personal data in certain circumstances, including where the data is no longer needed for the purposes it was collected, where you withdraw consent, or where the processing is unlawful.
- Right to restrict processing in certain circumstances, including while a rectification or objection request is being considered.
- Right to data portability, allowing you to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object to processing carried out on the basis of legitimate interest or for direct marketing. Where you object to direct marketing, we will stop processing for that purpose immediately.
- Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we do not carry out such processing).
- Right to withdraw consent at any time where we rely on consent as our lawful basis.
- Right to lodge a complaint with the Nigeria Data Protection Commission, or with a supervisory authority in your country of residence if you are in the EEA or the UK.
To exercise any of these rights, write to connect@ratioafrica.com. We may ask you to verify your identity before responding. We will respond within 30 days, or explain the reason for any delay. Most requests are free of charge; for manifestly unfounded or excessive requests, we may charge a reasonable fee or refuse to act.
If you are not satisfied with our response, you may contact the Nigeria Data Protection Commission at info@ndpc.gov.ng or visit https://ndpc.gov.ng. Contact details for other supervisory authorities are available on request.
12How we protect your personal data
We apply technical and organisational measures appropriate to the sensitivity of the data, the volume processed, and the risks involved. These include:
- transport encryption (HTTPS) on all web traffic;
- encryption at rest for systems storing client data;
- role-based access control with least-privilege principles;
- multi-factor authentication on all administrator accounts;
- regular software updates and dependency patching;
- backups stored separately from production systems with restoration testing;
- written confidentiality obligations on every team member and contractor;
- training and onboarding that covers data protection responsibilities;
- written data processing agreements with every processor;
- incident response procedures and a documented breach notification process.
No system is perfect. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the NDPC within 72 hours and notify you directly without undue delay where the risk to your rights and freedoms is high.
13Children
Our services are aimed at businesses, not individuals under 18. We do not knowingly collect personal data of children. If you become aware that a child has provided us with personal data, write to connect@ratioafrica.com and we will delete it.
14Third party links
Our site may link to third party sites, tools, or content. We are not responsible for the privacy practices of those parties. We encourage you to read their privacy policies before sharing personal data with them.
15Changes to this policy
We may update this policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of the policy indicates when it was last revised. For material changes, we will notify you by a prominent notice on the site or by email where appropriate. Continued use of our services after a change means you accept the updated policy.
16Contact
For any question about this policy, to exercise your rights, or to make a complaint, contact us at:
Ratio Africa Limited
Data protection contact: connect@ratioafrica.com
General enquiries: connect@ratioafrica.com