1. Introduction to GDPR Compliance

At Gen Fashion Ltd, we are committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR) where applicable.

This GDPR Compliance page applies to users located in the European Economic Area (EEA) and explains our commitment to transparency, accountability, and responsible data protection when offering products or services to individuals in the EU/EEA.

2. Scope of GDPR Applicability

GDPR may apply to Gen Fashion Ltd where we:

  • Offer products or services to individuals located in the EU or EEA
  • Monitor the behavior of EU/EEA visitors through cookies, analytics, or similar technologies

Users outside the EU/EEA may instead be governed primarily by other applicable laws, including the Nigeria Data Protection Regulation (NDPR) and other relevant local frameworks.

3. Lawful Basis for Processing (GDPR Article 6)

Where GDPR applies, we process personal data on one or more lawful bases, including:

  • Consent – for cookies, newsletters, and marketing communications
  • Contractual necessity – to process orders, payments, and deliveries
  • Legal obligation – to comply with tax, fraud prevention, and legal requirements
  • Legitimate interests – to improve our services, secure our systems, and prevent abuse

We ensure that each processing activity is linked to an appropriate legal basis.

4. Data Subject Rights Under GDPR

If you are located in the EU or EEA, you may have the following rights:

  • The right to access your personal data
  • The right to rectify inaccurate or incomplete data
  • The right to request erasure, also known as the Right to be Forgotten
  • The right to restrict processing
  • The right to object to certain processing activities
  • The right to data portability
  • The right to withdraw consent at any time where consent is relied upon

We will respond to valid rights requests in accordance with applicable GDPR timelines and requirements.

5. Data Collection & Processing Transparency

Gen Fashion Ltd is committed to transparent data processing. We clearly explain:

  • What personal data is collected
  • How the data is used
  • Why the data is processed
  • When data is shared with third parties
  • How long data is retained

For a broader explanation of data categories and processing purposes, users should also review our Privacy Policy.

6. Consent Management

Where consent is required under GDPR, we take steps to ensure that it is:

  • Freely given
  • Specific
  • Informed
  • Unambiguous

We may request explicit consent for:

  • Marketing emails
  • Cookies and tracking technologies
  • Personalized advertising, where applicable

Users are given options to:

  • Accept
  • Reject
  • Customize preferences

We also maintain records of consent where required.

7. Data Protection Measures

We implement suitable technical and organizational measures to protect personal data, including:

  • Encryption
  • Secure servers
  • Access controls
  • System monitoring
  • Security updates and maintenance
  • Restricted internal access to sensitive information

These measures are designed to reduce risk and support confidentiality, integrity, and availability of personal data.

8. Data Breach Notification

In the event of a personal data breach affecting GDPR-covered users, Gen Fashion Ltd will assess the incident promptly and take appropriate action.

Where required under GDPR:

  • Relevant supervisory authorities may be notified within 72 hours of becoming aware of the breach
  • Affected users may be informed where the breach is likely to result in a high risk to their rights and freedoms

We maintain internal procedures for breach detection, response, and mitigation.

9. Data Retention Policy (GDPR Perspective)

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, including for:

  • Order fulfillment
  • Customer support
  • Legal and tax obligations
  • Fraud prevention
  • Business recordkeeping

When data is no longer needed, it is securely deleted, anonymized, or otherwise disposed of in a protected manner.

10. International Data Transfers

Because Gen Fashion Ltd operates from Nigeria, personal data may be processed or stored outside the European Union.

Where GDPR applies and international data transfers occur, we aim to implement appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs)
  • Contractual protections with service providers
  • Security controls and transfer risk assessments
  • Other lawful safeguards recognized under applicable data protection law

11. Data Protection Officer (DPO) – If Applicable

Where required by law or business structure, Gen Fashion Ltd may appoint a Data Protection Officer (DPO) or responsible privacy contact to oversee data protection matters.

Until a separate DPO contact is published, privacy and GDPR-related concerns may be directed to our general support contact listed below.

12. Third-Party Processors

We may engage third-party processors to assist in service delivery, including:

  • Payment gateways
  • Logistics and shipping partners
  • Analytics providers
  • Hosting and cloud service providers
  • Marketing and communication platforms

Where GDPR applies, we expect such processors to:

  • Act only on our instructions
  • Implement proper security measures
  • Process personal data in a GDPR-compliant manner

13. Automated Decision-Making & Profiling

Gen Fashion Ltd may use limited profiling or automated systems for purposes such as:

  • Product recommendations
  • Marketing segmentation
  • Personalized offers
  • Fraud risk detection

We do not intend to use automated decision-making in a way that produces unlawful, unfair, or discriminatory effects on users.

Where legally required, users will be provided with relevant information and rights relating to such processing.

14. Children’s Data Protection

Where GDPR applies, children are entitled to enhanced protection of their personal data.

If we knowingly collect data from users under the applicable age threshold under EU law, we will require parental or guardian consent before such data is processed.

We encourage parents and guardians to contact us if they believe a child’s data has been submitted without proper authorization.

15. Complaints & Supervisory Authority

If you are located in the EU or EEA and believe your data protection rights have been violated, you may have the right to lodge a complaint with a competent data protection supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

We encourage users to contact us first so that we can attempt to resolve concerns directly and efficiently.

16. Policy Updates

Gen Fashion Ltd may update this GDPR Compliance page from time to time to reflect changes in law, business practices, or service operations.

Updates will be posted on this page, and continued use of our platform may constitute acceptance of the revised terms where permitted by law.

17. Contact Us

For GDPR-related questions, rights requests, or privacy concerns, please contact:

Contact Details: