Privacy Policy

We collect information directly from you, automatically through your use of our site and services, and from a small number of trusted third parties (such as our payment processor). Specifically, we collect:

• Account data — name, email address, phone number, organisation, job title and password (stored only as a salted hash) when you register for an account or a CPI membership.
• Order & payment data — billing address, products purchased, transaction reference and payment status. Card details are entered on TransactPay’s PCI-DSS compliant pages and are never stored on our servers.
• Usage data — pages viewed, reports downloaded, search queries, time spent, and referring URL.
• Device & log data — IP address, browser type and version, operating system, device identifiers and approximate location derived from IP.
• Communications — content of emails, WhatsApp messages, support tickets and event registrations you submit to us.

We use your information to:

• Deliver the reports, intelligence feeds, memberships, training and events you purchase from us.
• Authenticate your account and provide access to gated content on petroinfong.org.
• Process payments, issue receipts and prevent fraud through our payment processor.
• Send transactional messages (order confirmations, password resets, renewal notices).
• Send the morning brief and other newsletters you have explicitly subscribed to — you can unsubscribe from each at any time.
• Improve our products by analysing aggregate usage; we do not profile individual readers for advertising.
• Comply with our legal obligations, including tax, anti-money-laundering and lawful requests from regulators.

Our lawful bases under the NDPR / NDPA are: contract performance (when you place an order), consent (for marketing emails), legal obligation (for tax records) and legitimate interest (for security and analytics).

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent strictly necessary:

• Payment processor — TransactPay, who processes card and bank-transfer transactions on our behalf.
• Infrastructure providers — hosting, database, email-delivery and analytics vendors bound by data-processing agreements.
• Professional advisors — auditors, accountants and lawyers, under confidentiality.
• Regulators and law enforcement — where we are required by Nigerian law or a court order to disclose.

Where data is transferred outside Nigeria, we rely on adequacy decisions or standard contractual clauses to protect it.

We protect your data using TLS 1.2+ in transit, encryption at rest for sensitive fields, role-based access controls, audit logging, and routine vulnerability testing. Despite these measures, no method of transmission over the internet is 100% secure. If we ever discover a personal-data breach that is likely to result in risk to your rights, we will notify you and the Nigeria Data Protection Commission within 72 hours, in line with the NDPA.

Under the NDPR / NDPA you have the right to:

• Access the personal data we hold about you and request a copy.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, where we have no overriding legal obligation to retain it.
• Object to or restrict processing for direct marketing.
• Withdraw consent at any time without affecting prior lawful processing.
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC).

For subscribers in the EEA / UK we honour the equivalent rights under the GDPR; for California residents we honour the rights under the CCPA. To exercise any right, email us at info@petroinfong.org. We will respond within 30 days.

We use a small number of cookies and similar technologies to keep you signed in, remember the cart and currency you selected, and measure aggregate site usage. You can disable cookies in your browser, but parts of the site (account, cart, checkout, gated reports) will not function correctly without them.

We do not run third-party advertising trackers. Analytics is configured with IP anonymisation and respects the Do-Not-Track header where your browser sends one.

We retain account and order records for as long as your account is active and for a further seven (7) years after closure to satisfy Nigerian tax and audit requirements. Newsletter subscriptions are retained until you unsubscribe. Anonymised analytics is retained indefinitely.

We may update this Privacy Policy from time to time to reflect changes to our services or applicable law. The revised version will be posted on this page with an updated “Last updated” date. If a change is material, we will give you at least 14 days’ notice by email before it takes effect.

For questions, requests or complaints relating to your personal data, please address them to the Data Protection Officer at the above email and reference DPO REQUEST in the subject line.

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Disputes arising out of or in connection with it shall be subject to the exclusive jurisdiction of the courts of Lagos State, Nigeria.