Leeta

Vendor Privacy Policy

CustomerVendor

VENDOR PRIVACY POLICY

Effective Date: Mar 14, 2026

This Vendor Privacy Policy (“Vendor Policy”) explains how LEETA Technologies Limited (“LEETA”, “we”, “our”, or “us”) collects, uses, processes, stores, and shares personal information and business-related data of vendors, merchants, service providers, and partners (collectively, “Vendors”) who register on, access, or use LEETA’s platforms and services.

This Vendor Policy applies specifically to Vendors who offer goods or services through LEETA’s technology platforms, including but not limited to liquefied petroleum gas (LPG) supply, logistics, delivery services, automation tools, and related marketplace services (collectively, the “Vendor Services”).

For the purposes of applicable data protection laws, including the Nigeria Data Protection Act (NDPA) 2023, LEETA generally acts as a data controller in respect of Vendor personal information processed for onboarding, compliance, platform operations, and service delivery. In certain circumstances, Vendors may also act as independent data controllers, particularly in relation to personal data they collect directly from customers in the course of fulfilling orders or providing services.

By registering as a Vendor, creating an account, or using LEETA’s Vendor Services, you acknowledge that you have read and understood this Vendor Privacy Policy and agree to the collection and processing of your information as described herein.

2. INFORMATION WE COLLECT FROM VENDORS

To operate its platform and provide Vendor Services, LEETA processes certain personal data and business-related information relating to Vendors and their authorized representatives. Such information is collected only where necessary to onboard Vendors, operate the platform, comply with applicable legal and regulatory obligations, facilitate transactions, and maintain the safety and integrity of LEETA’s services.

For the purposes of this Vendor Privacy Policy, “Vendor Information” means any personal data or business-related information that identifies, relates to, describes, or can reasonably be linked to a Vendor, its representatives, or authorized users.

2.1 Information You Provide Directly to Us

When you register as a Vendor, create an account, or otherwise engage with LEETA’s Vendor Services, you provide certain information directly to us. This information is necessary to establish your Vendor account, verify your business and authorized representatives, enable transactions, administer payments, support service delivery, and maintain compliance with applicable legal and regulatory requirements.

The categories of information we collect directly from Vendors include the following:

  • Business and Registration Information LEETA processes information relating to a Vendor’s business identity and legal status in order to confirm eligibility to operate on the platform and to meet regulatory obligations. This may include business names (including trading names), business addresses, corporate registration details such as CAC registration numbers, tax identification information, and relevant regulatory filings. LEETA may also collect information relating to licenses or permits required to provide specific services, including LPG-related approvals.
  • Vendor Representative Information LEETA processes information relating to owners, directors, officers, or other authorized representatives to manage Vendor accounts and ensure that only authorized individuals act on behalf of a business. This may include names, contact details, and identification documents where required for verification, compliance, or security purposes.
  • Account and Authentication Information LEETA collects information necessary to create, secure, and manage Vendor accounts, including login credentials, account settings, user roles and permissions, and other authentication or security-related information used to control access to the platform.
  • Payment and Settlement Information To facilitate payments and settlements, LEETA processes financial information provided by Vendors, such as bank or mobile money details, payout preferences, and related billing or invoicing information, solely for transaction administration and financial recordkeeping.
  • Operational and Transaction Information In providing services through the platform, Vendors supply information relating to orders, service fulfillment, delivery arrangements, and transaction records. This information supports platform operations, service delivery, dispute resolution, and service quality
  • Communications and Support Information LEETA processes information contained in communications with Vendors, including support requests, feedback, complaints, and dispute-related correspondence, in order to respond to inquiries, provide support, and improve services.
  • Content You Submit Vendors may submit content such as business profiles, service descriptions, pricing information, listings, or supporting documents. LEETA processes this content to display Vendor offerings and operate the platform. While Vendors may choose not to provide certain information, failure to provide required Vendor Information may limit or prevent registration, access to Vendor Services, receipt of payments, or compliance with applicable legal and regulatory requirements.

2.2 Verification and Compliance Information

In addition to the information collected for routine platform operations, LEETA may process additional information from Vendors for verification and compliance purposes. This may include information required to confirm identity, business location, regulatory status, safety compliance, or eligibility to operate on the platform, whether obtained directly from Vendors or through trusted third-party service providers. Such information may involve government-issued identification, proof of address or business premises, safety certifications or inspection records, and the results of verification or background checks where permitted by law.

2.3 Information We Generate or Collect Automatically

When Vendors access or use LEETA’s Vendor Services, certain information may be generated or collected automatically through the operation of the platform. This includes technical and usage-related information necessary to operate, secure, and improve the services, and to support platform functionality. Such information may include device and network details, activity logs, platform interactions, service metrics, and system performance data. Where relevant to logistics, delivery coordination, safety, or regulatory compliance, LEETA may also process location-related information, subject to applicable law and platform or device settings. LEETA processes this information to maintain platform security, monitor performance, troubleshoot issues, support service delivery, and ensure the reliability and integrity of the Vendor Services.

2.4 Information We Receive From Third Parties

LEETA may receive Vendor Information from third parties in connection with the operation of the platform and the provision of Vendor Services. This may include information obtained from government registries or regulatory authorities, payment processors or financial institutions, verification and compliance service providers, logistics or technology partners, or LEETA group companies or affiliates. Such information may be combined with information collected directly from Vendors where necessary to operate, improve, secure, and support the Vendor Services, comply with legal or regulatory obligations, and manage risk.

2.5 Information Relating to Customers

In the course of providing services through LEETA, Vendors may receive limited personal information relating to customers (such as names, contact details, delivery addresses, or service instructions). Such information is provided solely to enable Vendors to fulfill orders or services requested through the platform. Vendors are responsible for processing customer personal data in compliance with applicable data protection laws and must use such data only for legitimate service-related purposes.

3. HOW WE USE VENDOR INFORMATION

LEETA processes Vendor Information only for specified, explicit, and legitimate purposes connected to the operation of its platform and the provision of Vendor Services. Vendor Information is not processed in a manner incompatible with these purposes and is used only to the extent necessary for the functions described below:

  • To verify business identity and authorization, assess eligibility to operate on the platform, conduct onboarding and ongoing verification, create and administer Vendor accounts, manage access controls, and communicate with authorized representatives regarding account status, compliance, and operational matters.
  • To enable and manage orders and service delivery through the platform, including coordinating fulfillment and logistics, sharing necessary operational details, maintaining transaction and performance records, and resolving service-related issues, complaints, or disputes.
  • To comply with applicable legal, regulatory, and safety obligations, including taxation, record-keeping, and sector-specific regulatory requirements. Where applicable, this includes compliance with LPG-related licensing, safety, and operational frameworks and responding to lawful requests, audits, or directives from regulatory or governmental authorities.
  • To calculate and process payments, administer settlements and payouts, manage billing and invoicing, reconcile transactions, and maintain accurate financial, accounting, and audit records in accordance with applicable financial and tax laws.
  • To maintain the security and integrity of the platform, prevent fraud, misuse, or unauthorized access, monitor and analyse platform performance, troubleshoot technical issues, and improve platform functionality and user experience based on operational insights.

4. HOW WE SHARE VENDOR INFORMATION

LEETA only shares Vendor Information where necessary to provide services, comply with legal obligations, or protect the safety, security, and integrity of the platform. Vendor Information is not sold or otherwise shared for marketing purposes.

4.1 With Customers

Vendor Information may be shared with customers strictly as necessary to facilitate order fulfillment, service delivery, and communication regarding orders. This includes sharing details such as delivery instructions, contact information, and relevant service or product information to complete transactions.

4.2 With Logistics Partners

Currently, Vendors are primarily responsible for arranging delivery and logistics. However, where third-party logistics partners are used, LEETA may share Vendor and order-related information to coordinate delivery, track shipments, schedule pickups, and confirm service completion. If LEETA decides to manage logistics directly in the future, Vendor Information may be used internally to plan, execute, and monitor delivery operations securely and in compliance with applicable regulations.

4.3 With Payment Processors and Financial Institutions

To facilitate payments, settlements, and reconciliation, LEETA may share financial information such as bank account details, mobile money information, invoices, and transaction records with payment processors, banks, or other financial institutions. This ensures that payouts are processed accurately, securely, and in compliance with relevant financial and tax regulations.

4.4 With Regulators and Authorities

LEETA may disclose Vendor Information to governmental, regulatory, or tax authorities when required by law or regulation. This includes sharing information necessary for licensing, safety, tax compliance, or sector-specific obligations, such as LPG-related regulatory requirements. Such disclosures are made strictly to satisfy legal obligations or prevent regulatory violations.

4.5 With Service Providers and Affiliates

Vendor Information may be shared with third-party service providers or LEETA affiliates that perform services on our behalf, including compliance checks, fraud prevention, IT support, or analytics. These parties are bound by contractual obligations to maintain the confidentiality and security of the information and may only process it in accordance with LEETA’s instructions.

5. VENDOR RESPONSIBILITIES

Vendors play an important role in protecting data and ensuring compliance with applicable laws while using LEETA’s platform. As independent operators, Vendors have certain responsibilities to safeguard customer and platform data.

5.1 Vendors as Independent Data Controllers

While LEETA acts as a data controller for Vendor Information collected directly through the platform, Vendors may also act as independent data controllers for personal data they collect from customers or third parties in the course of fulfilling orders or providing services. Vendors are responsible for ensuring that such data is collected, stored, and processed lawfully, fairly, and securely in accordance with applicable data protection laws, including the NDPA 2023.

5.2 Duty to Protect Customer Data

Vendors must implement reasonable technical and organizational measures to protect the personal data of their customers from unauthorized access, disclosure, alteration, or loss. This includes ensuring that any third parties engaged by the Vendor to provide services also maintain adequate data protection safeguards. Failure to protect customer data may result in service restrictions, account suspension, or legal liability.

5.3 Compliance with NDPA/NDPC Guidelines

Vendors are responsible for complying with applicable Nigerian data protection laws, including the NDPA 2023 and any guidance or directives issued by the NDPC. This includes obtaining appropriate consent where required, honoring data subject rights, reporting any data breaches promptly, and cooperating with LEETA or regulators in relation to compliance or investigative matters. Compliance ensures that both the Vendor and LEETA meet their legal obligations and maintain trust with customers and authorities.

5.4 Operational and Regulatory Responsibility

Vendors operate as independent businesses on the LEETA platform and are solely responsible for ensuring that their activities comply with all applicable laws, regulations, and industry standards governing their operations. This includes obtaining, maintaining, and complying with any licenses, permits, certifications, or approvals required to provide their goods or services. Vendors acknowledge and accept all risks associated with providing services without complete licenses, permits, or regulatory approvals. LEETA does not verify, certify, endorse, or guarantee the regulatory compliance, licensing status, or operational eligibility of any Vendor and shall not be responsible for any legal, regulatory, or operational violations committed by Vendors.

5.5 Vendor Insurance and Acknowledgment of Risk (Unverified Vendors)

Unverified Vendors must maintain adequate business liability insurance covering potential operational risks, property damage, personal injury, or regulatory fines arising from their activities on the LEETA platform. By registering as an Unverified Vendor, you explicitly acknowledge that you operate at your own risk, LEETA does not verify your compliance or licenses, and you remain solely responsible for all legal, regulatory, and operational obligations. Proof of insurance may be requested by LEETA at any time.

Failure to comply with these responsibilities may result in actions by LEETA, including temporary or permanent suspension of Vendor accounts, restriction of access to the platform, or termination of Vendor agreements. Vendors may also be held legally accountable under applicable data protection laws for breaches of customer privacy or regulatory obligations. LEETA reserves the right to take appropriate measures to mitigate risks and protect the integrity of its services and the personal data of all parties involved.

6. DATA RETENTION & SECURITY

6.1

LEETA retains Vendor information only for as long as necessary to provide the Vendor Services, fulfill contractual and regulatory obligations, and maintain operational records. In general, Vendor data may be retained for up to five (5) years after a Vendor account becomes inactive. Certain information may be kept for longer periods where required by law, including tax records, safety compliance documents, or LPG-related regulatory obligations.

6.2

LEETA implements appropriate technical, administrative, and physical safeguards designed to protect Vendor Information from unauthorized access, disclosure, alteration, or loss. These measures include access controls, encryption, secure data storage, and monitoring systems to detect and prevent potential security threats.

6.3

Vendors must also take reasonable steps to protect the data they handle, including safeguarding account credentials, securely storing documents, and promptly reporting any suspected data breaches to LEETA.

6.4

Upon request or account closure, LEETA will securely delete, anonymize, or archive Vendor information in accordance with applicable law and internal retention policies. Certain data may be retained where legally required or for legitimate business purposes, such as dispute resolution or fraud prevention.

7. VENDOR RIGHTS

As a Vendor, you have certain rights over your personal and business information processed by LEETA:

  • You may request access to the personal and business data LEETA holds about you or your authorized representatives. This allows you to verify the information and understand how it is being used.
  • You can request that any inaccurate or incomplete information be corrected. This ensures that your records are accurate for account management, payments, and compliance purposes.
  • You may request the deletion of your personal data, subject to LEETA’s need to retain information for legal, regulatory, or operational purposes. Certain records, such as tax, safety, or LPG compliance documents, may need to be retained even after account closure.
  • You may request restrictions on how your personal data is processed in certain circumstances, for example, while a dispute is being resolved or if you contest the accuracy of the data.
  • You can object to certain processing of your personal data where permitted by law, including marketing communications or other processing not essential to the provision of Vendor Services.
  • Where technically feasible, you can request that LEETA provide your personal and business data in a structured, commonly used, and machine-readable format to facilitate transfer to another service provider.
  • To exercise any of these rights, please contact LEETA via the support channels provided on the platform. Requests will be handled in accordance with applicable data protection laws.
  • You may withdraw your consent to the processing of your personal data at any time where LEETA relies on consent as the legal basis for processing. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal.

8. CHANGES TO THIS POLICY

LEETA may update this Vendor Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, business practices, or platform functionality. When updates are made, the revised policy will be made available through the LEETA platform, and the effective date will be updated accordingly.

Vendors are encouraged to review this Vendor Privacy Policy periodically to stay informed about how their information is processed and protected.

This Vendor Privacy Policy should be read together with LEETA’s General Privacy Policy, Terms and Conditions, and any applicable Vendor agreements. In the event of any inconsistency between this Vendor Privacy Policy and LEETA’s General Privacy Policy, this Vendor Privacy Policy shall prevail in relation to Vendor Information.