Privacy Policy
Privacy Policy
Effective Date: June 13, 2026
Last Updated: June 13, 2026
Rilavo ("we," "us," or "our") is committed to protecting the privacy, confidentiality, and security of the personal data of our customers, website visitors, and service users. This Privacy Policy outlines our practices regarding the collection, processing, usage, storage, disclosure, and cross-border transfer of your personal data when you access or use our storefront website https://rilavo.com (the "Site"), register a user account, complete purchases, or engage with our customer services. This Policy is structured to comply fully with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), and applicable international data protection standards governing cross-border e-commerce.
BY ACCESSING THE SITE, REGISTERING AN ACCOUNT, OR PURCHASING PRODUCTS, YOU EXPLICITLY ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND CONSENT TO THE DATA PRACTICES DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THESE TERMS, YOU MUST IMMEDIATELY DISCONTINUE ALL USE OF THE SITE.
Section 1 - Data Controller and Identity
For the purposes of the Nigeria Data Protection Act 2023, the data controller is Rilavo, with its primary place of business located at 12 Joel Ogunnaike Street, Ikeja GRA, Lagos, Nigeria. We are responsible for deciding how and why we collect and process your personal data. We have appointed a dedicated Data Protection Officer (DPO) who is responsible for overseeing questions and compliance matters in relation to this Privacy Policy. You may contact our DPO directly by email at support@rilavo.com.
Section 2 - Categories of Personal Data We Collect
We collect various types of information from and about you to process orders, facilitate global logistics, manage payments, and provide high-quality services. The categories of personal data we collect include:
- Identity Data: Includes your full legal name, username, billing name, shipping recipient name, date of birth, and any credentials or identification documents requested by our quality-assurance or compliance teams to verify transactions.
- Contact Data: Includes your physical billing address, physical shipping address, email address, and active telephone numbers (primary and secondary contact numbers for courier coordination).
- Transactional and Purchase Data: Includes details about the specific products you viewed or purchased, transaction reference IDs, order date and time, total payment amount, discounts applied, shipping tracking codes, delivery logs, communication history with our support agents, and claim records (such as defective item reports).
- Financial and Payment Data: All financial transactions on the Site are processed securely through our licensed and PCI-DSS compliant payment processor, Paystack. Rilavo does not collect, access, view, or store your credit/debit card numbers, CVV codes, bank account numbers, or transaction PINs. Paystack processes all payment details directly on our behalf, returning only transaction success tokens and reference IDs to verify capture.
- Technical and Analytics Data: Includes your IP address, browser type and version, operating system and platform, time zone setting, geolocation data, referral source, duration of site visit, and page interaction metrics collected automatically via cookies, web server logs, and analytics pixels.
Section 3 - How We Collect Your Personal Data
We utilize different methods to collect personal data from and about you, including:
- Direct Interactions: You provide us with your Identity Data, Contact Data, and Transactional Data by filling in forms on the Site, creating a customer account, subscribing to newsletters, contacting customer support, or checking out and paying for an order.
- Automated Technologies: As you interact with the Site, we automatically collect Technical and Analytics Data. This information is gathered using cookies, web beacons, tracking pixels, and server logs. Please refer to Section 10 for detailed cookie usage information.
- Third-Party Integrations: We receive transaction status updates and reference details from our payment gateway providers (Paystack) to verify payments, as well as tracking events and delivery status updates from international and local logistics providers.
Section 4 - Purposes of Processing and Legal Bases
We process your personal data in accordance with the legal bases established under the Nigeria Data Protection Act 2023. The table below outlines how we use your data and the legal bases we rely upon to do so:
| Processing Purpose | Data Categories Used | Legal Basis for Processing (NDPA 2023) |
|---|---|---|
| Account registration and profile management. | Identity Data, Contact Data | Performance of a Contract |
| Order processing, payment verification, and order capture. | Identity, Contact, Transactional, Financial | Performance of a Contract; Legitimate Interest (Fraud prevention) |
| Managing logistics, customs clearances, international transport, and local door-to-door delivery. | Identity Data, Contact Data, Transactional Data | Performance of a Contract |
| Handling refunds, replacement claims, defective item reviews, and support inquiries. | Identity, Contact, Transactional, Technical | Performance of a Contract; Legitimate Interest (Customer service quality) |
| Maintaining statutory sales records, tax compliance, and regulatory reporting in Nigeria. | Identity, Contact, Transactional | Compliance with a Legal Obligation |
| Direct marketing, email newsletters, and promotional announcements. | Identity Data, Contact Data | Consent (User may opt-out at any time) |
| Preventing payment fraud, chargeback abuse, and securing Site infrastructure. | Identity, Contact, Financial, Technical | Legitimate Interest (Network security and asset protection) |
Section 5 - International Data Transfers (Logistics Compliance Shield)
Rilavo operates under a direct-to-consumer curated sourcing model. By purchasing products from the Site, you explicitly acknowledge and agree that:
- Logistics Operations: Products are sourced directly from international manufacturers and dispatched from partner warehouses located outside Nigeria (primarily in China).
- Cross-Border Transfer: To fulfill our contract with you, your Identity Data and Contact Data (specifically your recipient name, shipping address, and telephone number) must be transferred across national boundaries to our overseas sourcing agents, supplier warehouses, and international cargo networks.
- Necessary for Contract: This international transfer of data is strictly necessary for the performance of the purchase contract and the physical delivery of your order.
- Safeguards: We ensure that all international partners, shipping agents, and logistics coordinators are bound by strict confidentiality and data protection agreements to guarantee that your data is processed securely and in accordance with this Privacy Policy.
Section 6 - Disclosures of Your Personal Data
We do not sell, rent, trade, or lease your personal data to third parties for marketing purposes. We disclose your data to trusted third-party service providers only to execute our business operations and comply with legal mandates:
- Logistics & Courier Providers: We share your delivery details with overseas warehouse operators, air freight transport services, and local last-mile courier services in Nigeria (e.g., local delivery agents in Lagos) to coordinate the shipment and physical drop-off of your package.
- Payment Gateway Providers: Transaction details are shared securely with Paystack to authorize, capture, and clear card payments, bank transfers, or USSD payments.
- Technology & Infrastructure Providers: Our database hosting platforms, website servers, and customer support software tools process technical data to keep the Site running securely and efficiently.
- Professional Advisors & Auditors: Lawyers, accountants, and insurers who provide professional advice, auditing, and dispute resolution services.
- Legal Compliance & Law Enforcement: We may disclose your data if required by the laws of the Federal Republic of Nigeria, by court orders, or by regulatory agencies (such as the Nigeria Data Protection Commission) to comply with legal processes or investigate fraud, chargeback abuse, or security incidents.
Section 7 - Data Security and Incident Response
We have implemented robust technical, organizational, and physical security measures designed to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized manner. All data transmitted through checkout is protected using Secure Socket Layer (SSL/TLS) encryption. Access to your personal data is restricted to authorized employees, agents, contractors, and service providers who have a legitimate business need to know, and who are subject to strict confidentiality agreements.
In accordance with the Nigeria Data Protection Act 2023, we maintain a comprehensive data data breach response plan. In the event of a suspected personal data breach, we will investigate immediately and notify the Nigeria Data Protection Commission (NDPC) and affected data subjects within seventy-two (72) hours of becoming aware of the breach, where legally required.
Section 8 - Data Retention Policies
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Under Nigerian commercial and tax laws, we are required to retain basic transactional records, invoices, and purchase histories for a minimum of seven (7) years from the date of the transaction. Marketing data and contact preferences are retained until you request the deletion of your account or withdraw your consent.
Section 9 - Your Legal Rights Under the NDPA 2023
Under the Nigeria Data Protection Act 2023 and the NDPR, you possess key rights concerning your personal data. These rights include:
- Right of Access: The right to request confirmation as to whether we process your data and to receive copies of the personal data we hold about you.
- Right to Rectification: The right to request that we correct any inaccurate, outdated, or incomplete personal data.
- Right to Erasure (Right to be Forgotten): The right to request the deletion or removal of your personal data from our databases, subject to statutory retention exceptions (e.g. tax records).
- Right to Restriction of Processing: The right to request that we suspend or restrict the processing of your personal data in certain scenarios (e.g., while verifying data accuracy).
- Right to Object: The right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
- Right to Data Portability: You can request the transfer of your structured personal data to yourself or to another data controller.
- Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact our DPO at support@rilavo.com. We do not charge a fee for processing legitimate requests, and we aim to respond to all valid requests within thirty (30) calendar days.
Section 10 - Cookies and Tracking Technologies
The Site uses cookies (small text files saved on your device) to distinguish you from other users, manage your shopping cart session, optimize site speed, and analyze website traffic. The categories of cookies we use include:
- Strictly Necessary Cookies: Required for the basic operation of the Site, including user login, session persistence, and shopping cart operations.
- Performance & Analytical Cookies: Allow us to count visits, track traffic sources, and identify which pages are most and least popular to improve user experience.
- Targeting & Advertising Cookies: Used to deliver relevant advertisements and track the performance of marketing campaigns.
You can configure your internet browser to block or refuse cookies, or to alert you when cookies are being sent. However, please note that if you disable or block cookies, some parts of the Site (including the checkout page and cart persistence) may function incorrectly or become inaccessible.
Section 11 - Governing Law and Jurisdiction
This Privacy Policy, and any disputes, claims, or actions arising out of or in connection with it, shall be governed by, interpreted, and construed in accordance with the laws of the Federal Republic of Nigeria. Any dispute arising from this Policy that cannot be resolved amicably through mediation shall be submitted to the exclusive jurisdiction of the courts located in Lagos State, Nigeria.
Section 12 - Amendments to This Privacy Policy
We reserve the right to update or amend this Privacy Policy at any time. When modifications are made, we will post the revised policy on this page and update the "Effective Date" and "Last Updated" timestamps at the top of the document. We encourage you to review this Policy periodically to stay informed about how we protect your personal data. Your continued use of the Site or our services after any amendments constitute your acceptance of the revised Privacy Policy.
Section 13 - Contact Information
If you have any questions, feedback, complaints, or if you believe that we have violated your data privacy rights, please contact our Data Protection Officer at support@rilavo.com. We take all complaints seriously and will investigate them promptly.
