Ratio Africa Limited ("Ratio Africa", "we", "us", "our") respects the privacy of every person who visits ratioafrica.com or otherwise engages with us. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, how long we keep it, and the rights you have over your personal data.
This policy is governed primarily by the Nigeria Data Protection Act 2023 (NDPA) and its General Application and Implementation Directive 2025 (GAID), as well as the Nigeria Data Protection Regulation 2019 (NDPR), as enforced by the Nigeria Data Protection Commission (NDPC) and other applicable privacy and data protection laws regarding the processing of Personal Information.
This Privacy Policy applies to your use of (regardless of means of access) our Services. You may access or use our Services through a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each, a "Device"). This Privacy Policy also applies to your offline interactions with Ratio Africa.
01Who we are
Ratio Africa helps companies fix the bottlenecks behind slow execution, weak adoption, manual processes, and stretched teams. The work spans sales, operations, finance, product, learning, and customer experience. Whether it lands as training, AI systems, advisory, or embedded leadership, the goal is the same: faster decisions, less drag, stronger teams, and better business results.
- Contact email: connect@ratioafrica.com
- Data protection contact: connect@ratioafrica.com
For all matters relating to your personal data or this policy, please write to connect@ratioafrica.com. We aim to respond within 30 days.
02Scope of this policy
This policy applies to personal data we collect or process when you:
- visit or interact with ratioafrica.com and any subdomains we operate;
- submit a contact form, request a consultation, or subscribe to our updates;
- engage us as a client or supplier, or are an employee or representative of a client or supplier;
- attend our events, webinars, or in-person sessions;
- register for, pay for, or take part in one of our cohorts, workshops, or training programmes, including using the learn portal and any cohort group;
- communicate with us by email, phone, or social media; or
- apply for a role, internship, or partnership with us.
This policy does not cover the practices of third parties whose services or sites we link to. Read their policies separately.
03The personal data we collect
We collect only the personal data we need to deliver our services, respond to your enquiries, run our business, and meet our legal obligations. The categories are:
-
Identification and contact data
Name, job title, employer or organisation name, work or personal email address, phone number, and country of residence. -
Engagement and commercial data
The content of your enquiries, scoping notes, signed engagement letters, statements of work, deliverables we produce for you, invoices, payment confirmations, and correspondence relating to a client or supplier relationship. -
Technical and usage data
IP address, approximate location derived from IP, device type, operating system, browser type and version, the pages you visit on ratioafrica.com, referring URL, and timestamps. We collect this through cookies and similar technologies as described in section 9. -
Cohort and learning data (if you register for a cohort)
Your registration details (name, email, phone number), the payment metadata we hold for your transaction (the Paystack transaction reference, amount, and currency), your learn-portal account and the email used for sign-in, your assignment submissions, the name and completion record shown on your public certificate verification page, and your Telegram handle if you join a cohort group. Card details are entered directly with Paystack and are not stored by us, except partial data such as the card brand, the last four digits, and the issuing bank, together with the payer's IP address. -
Security and audit data
For security and to keep an audit trail, we log your IP address and browser user agent on our servers when you take certain actions, including signing in to the learn portal, using a magic-link access token, downloading a guide, changing your email preferences, and maintaining a session. This server-side logging is separate from analytics cookies, and we rely on legitimate interest for it as set out in section 5. -
Marketing and communication data
Your preferences for receiving communications from us, the topics you have indicated interest in, and a record of email events we log for audit, namely whether a message was sent, suppressed, or subject to an opt-out, together with the date and time. -
Recruitment data (only if you apply for a role)
CV, cover letter, work history, references, right-to-work information where relevant, and any other information you choose to share with us.
We do not knowingly collect special categories of data (such as health, religion, political opinions, biometric data, or data concerning children under 18). If you share special category data with us inadvertently in correspondence, we will minimise its use and delete it where not required.
04How we collect personal data
We collect personal data:
- directly from you, when you submit a form, send us an email, sign a contract, attend an event, or apply for a role;
- automatically, when you interact with our website, through cookies and analytics;
- from third parties, including publicly available business sources such as LinkedIn or company registries where we are researching prospective clients or partners, and from service providers acting on our behalf.
05Lawful basis for processing
Under Section 25 of the Nigeria Data Protection Act (NDPA), every processing activity must rely on at least one lawful basis. Depending on the circumstances and the purpose for which we process your Personal Information, Ratio Africa may rely on one or more of the following lawful bases:
Consent
By using our Services, you consent to the terms of this Privacy Policy and permit us to process your Personal Information to provide our Services effectively. By accessing our Services and voluntarily providing the requested Personal Information, you consent to the collection, use, and disclosure of such information in accordance with this Privacy Policy.
You may withdraw your consent at any time by sending a request to connect@ratioafrica.com or by using the unsubscribe link in our emails. Withdrawal of consent does not affect the lawfulness of any processing carried out before such withdrawal. If you do not consent to the collection, use, or disclosure of your Personal Information as outlined in this Privacy Policy, please refrain from providing such information to Ratio Africa.
Contractual Obligations
We may process your Personal Information where such processing is necessary to fulfil our contractual obligations to you or to take steps at your request prior to entering into a contract.
When you engage us to provide Services, subscribe to our offerings, or enter into any business arrangement with us, we may process information such as your name, contact details, payment information, and any other information reasonably required to perform our obligations and manage our contractual relationship with you. Without this information, we may be unable to provide the requested Services.
Legal Obligations
We may process your Personal Information where necessary to comply with applicable legal and regulatory obligations under Nigerian law. This may include processing for tax reporting, accounting requirements, compliance with labour and employment laws, responding to lawful requests from public authorities, complying with court orders, and meeting other statutory obligations.
Legitimate Interests
We may process your Personal Information where such processing is necessary for our legitimate interests or those of a third party, provided that those interests are not overridden by your fundamental rights and freedoms.
Such legitimate interests may include fraud detection and prevention, safeguarding our information technology systems, improving our Services, securing our networks, pursuing or defending legal claims, and communicating information about our Services where permitted by law. In relying on this lawful basis, we assess and balance our interests against your rights and reasonable expectations.
You may object to processing carried out on the basis of legitimate interests at any time.
Vital Interests
We may process your Personal Information where necessary to protect your vital interests or those of another natural person, particularly where the data subject is physically or legally incapable of giving consent.
Public Interest
We may process your Personal Information where such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
These lawful bases may be extended to include any additional grounds for the processing of Personal Information as may be recognised under applicable data protection laws from time to time.
06How we use your personal data
We use the personal data we collect to:
- respond to enquiries, schedule discovery calls, and prepare proposals;
- deliver consulting engagements, including product audits, strategy work, embedded PM services, and market-entry advisory;
- send you invoices, take payment, and keep accounting records;
- send you service-related communications (for example, scheduling updates, deliverable handovers);
- send you marketing communications about our services;
- analyse aggregate website traffic and improve site content and user experience;
- comply with our legal, regulatory, and tax obligations;
- protect our systems, prevent fraud, and defend our legal rights; and
- assess job applications and onboard new team members.
We do not use your personal data to make automated decisions that produce legal or similarly significant effects on you. We do not sell your personal data to anyone.
07Who we share your personal data with
We share personal data only where necessary, and only with parties bound by appropriate confidentiality and data protection obligations. The categories are:
Service providers (data processors acting on our instructions):
- Cloud hosting and email infrastructure (for example, our website host and business email provider)
- Payment processors and banking partners for receiving fees
- Accounting and bookkeeping providers
- Analytics providers, specifically Microsoft Clarity, which we use only on our public pages to understand and improve them
- Customer relationship management and project management tools
- Professional advisers (lawyers, accountants, auditors)
Other recipients:
- Regulators and authorities where we are legally required to disclose information (for example, the NDPC, tax authorities, or law enforcement responding to a valid request)
- Counterparties and their advisers in the context of a transaction, merger, or sale of the business, under appropriate confidentiality terms
- Insurers and re-insurers where relevant to a claim or risk
Where a recipient acts as a data processor on our behalf, we put in place a written data processing agreement that requires them to process personal data only on our documented instructions, apply appropriate security, support data subject rights, assist with breach notification, and return or delete data at the end of the engagement.
A list of our principal service providers and sub-processors, the purpose of each, and the country or region of processing is published on our Service Providers and Sub-processors page.
08International transfers of personal data
Some of the service providers we use are located outside Nigeria, including in the European Economic Area, the United Kingdom, and the United States. For example, our application database and file storage are hosted on Supabase in the United Kingdom. The providers we use, and the region of each, are listed on our Service Providers and Sub-processors page.
Microsoft Clarity may process your interaction data outside Nigeria, including in the United States. For this transfer we rely on Microsoft's data protection terms and standard contractual clauses as the safeguard. You can prevent this by blocking analytics cookies in your browser or by using Microsoft's opt-out, as described in section 9.
Under Section 41 of the NDPA, we transfer personal data outside Nigeria only where one of the following applies:
- the destination country is recognised by the NDPC as providing adequate protection;
- the transfer is covered by binding corporate rules, an approved code of conduct, a certification mechanism, or contractual clauses providing equal or adequate protection;
- you have given explicit consent after being informed of the risks; or
- the transfer is necessary for the performance of a contract with you, an important public interest, or the establishment, exercise, or defence of legal claims.
For transfers to recipients in the EEA or the UK, we rely on the European Commission's Standard Contractual Clauses or the UK International Data Transfer Agreement, as appropriate, with supplementary measures where required.
We document the basis for every cross-border transfer and the adequate safeguards in place. You may request details of the safeguards applied to a specific transfer by writing to connect@ratioafrica.com.
09Cookies and similar technologies
ratioafrica.com uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a site.
We set essential and functional cookies, and analytics cookies, on our public pages.
Strictly necessary cookies. These are required for the site to work, for example to keep your session secure, to protect forms against cross-site request forgery, and to remember that you have seen our cookie notice. You can block them in your browser settings, in which case parts of the site may not work.
Functional cookies. We set one functional cookie to remember the currency in which prices are shown to you. It is first-party and is not used for tracking or advertising.
Analytics cookies. On our public pages we use Microsoft Clarity, a third-party analytics tool from Microsoft. When enabled, Clarity records how visitors interact with a page, including clicks, scrolling, and aggregated heatmaps, and it sets first-party cookies to do so. We use Clarity only on our public pages. We never run it on the participant learning area at ratioafrica.com/learn. You can read Microsoft's privacy notice at privacy.microsoft.com/privacystatement.
How we treat analytics. We treat site analytics as an essential, first-party function that helps us keep the website working well and improve it. Microsoft Clarity loads on our public pages by default when it is enabled. We never load it on the participant learning area at ratioafrica.com/learn, we do not use it for advertising, and we do not sell the data.
Opting out. You can opt out of Clarity by blocking or deleting cookies in your browser settings, by turning on your browser's tracking-protection or do-not-track feature, or through Microsoft's own controls described in Microsoft's privacy notice at privacy.microsoft.com/privacystatement. Opting out does not affect the essential parts of the site.
Retention. Microsoft retains Clarity data in line with its own retention schedule, which is generally short. We do not use Clarity data to identify you personally.
10How long we keep your personal data
We keep personal data only as long as we need it for the purposes set out in this policy, or as required by law.
When the retention period ends, we securely delete or anonymise the data. Anonymised data may be retained for analytics or business intelligence.
11Your rights
Under the NDPA, the NDPR, and (where applicable) GDPR, you have the following rights over your personal data:
- Right to be informed about how we process your personal data.
- Right of access to a copy of the personal data we hold about you.
- Right to rectification of personal data that is inaccurate, out of date, incomplete, or misleading. Where the error was caused by us, rectification is provided at no cost.
- Right to erasure of your personal data in certain circumstances, including where the data is no longer needed for the purposes it was collected, where you withdraw consent, or where the processing is unlawful.
- Right to restrict processing in certain circumstances, including while a rectification or objection request is being considered.
- Right to data portability, allowing you to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object to processing carried out on the basis of legitimate interest or for direct marketing. Where you object to direct marketing, we will stop processing for that purpose immediately.
- Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
- Right to withdraw consent at any time where we rely on consent as our lawful basis.
- Right to lodge a complaint with the Nigeria Data Protection Commission, or with a supervisory authority.
To exercise any of these rights, write to connect@ratioafrica.com. We may ask you to verify your identity before responding. We will respond within 30 days, or explain the reason for any delay. Most requests are free of charge; for manifestly unfounded or excessive requests, we may charge a reasonable fee or refuse to act.
12How we protect your personal data
We apply technical and organisational measures appropriate to the sensitivity of the data, the volume processed, and the risks involved. These include:
- transport encryption (HTTPS) on all web traffic;
- encryption at rest, provided by our database and storage provider;
- access to systems restricted to authorised personnel;
- regular software updates and dependency patching;
- regular backups of production data;
- written confidentiality obligations on every team member and contractor;
- training and onboarding that covers data protection responsibilities;
- written data processing agreements with every processor;
- incident response procedures and a documented breach notification process.
No system is perfect. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the NDPC within 72 hours and notify you directly without undue delay where the risk to your rights and freedoms is high.
13Children
We do not knowingly collect the personal data of children without their parent's consent. If you become aware that a child has provided us with personal data, write to connect@ratioafrica.com and we will delete it unless a parent or guardian has provided the necessary consent.
14Third-party links
Our site may link to third-party sites, tools, or content. We are not responsible for the privacy practices of those parties. We encourage you to read their privacy policies before sharing personal data with them.
15Changes to this policy
We may update this policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of the policy indicates when it was last revised. For material changes, we will notify you by a prominent notice on the site or by email where appropriate. Continued use of our services after a change means you accept the updated policy.
16Contact
For any question about this policy, to exercise your rights, or to make a complaint, contact us at:
Ratio Africa Limited
Data protection contact: connect@ratioafrica.com
General enquiries: connect@ratioafrica.com