Introduction
LASTMILE ID NIGERIA LTD ("LastMile ID", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect information about you when you interact with our website, services, and products.
This policy applies to all individuals who visit our website at lastmileidentity.com, submit information through our waitlist or registration forms, use any LastMile ID service or product, apply to become a field agent, or enter into a partnership with us.
By submitting your information or using our services, you acknowledge that you have read and understood this Privacy Policy. Please read it carefully. If you do not agree with its terms, do not use our services.
Who We Are
For the purposes of applicable data protection law, the data controller of your personal information is:
| Legal Name | LASTMILE ID NIGERIA LTD |
| Trading Name | LastMile ID |
| RC Number | RC-9268413 |
| Address | 37 King's Street, Umuaji Quarters, Asaba, Delta State, Nigeria |
| info@lastmileidentity.com | |
| Phone | +234 807 779 5585 |
| Website | lastmileidentity.com |
For all data protection enquiries and to exercise your rights, you may contact us directly at privacy@lastmileidentity.com or at the address above.
Data We Collect
We collect personal data only to the extent necessary for the purposes described in this policy. The categories of data we collect depend on how you interact with us.
Information You Provide Directly
When you register, sign up, or interact with our services, we may collect:
- Identity data: Full name, date of birth, age
- Contact data: Phone number, WhatsApp number, email address
- Location data: State, LGA, city or town, street address, property details
- Property data: Property type, ownership status, property-related interests
- Professional data: Company name, job title, industry, work email (for business users and partners)
- Government/institutional data: Agency name, department, official contact details (for government partners)
- Agent application data: Qualification level, availability, smartphone ownership, referral source (for field agent applicants)
- Communications: Any messages, enquiries, or feedback you send us
Information Collected Automatically
When you visit our website, we may automatically collect certain technical data, including:
- Device data: Device type, operating system, browser type and version
- Usage data: Pages visited, time spent, links clicked, referring URLs
- Network data: IP address, approximate geographic location derived from IP
- Cookies and similar technologies: See our cookie practices below
We do not use tracking technologies beyond what is necessary for basic site functionality at this stage of our operations.
Information From Third Parties
We may receive information about you from government databases, identity verification providers, or other partners where you have consented to such sharing or where it is necessary to verify the accuracy of address or identity data as part of our core service.
How We Use Your Data
We use the personal data we collect for the following purposes:
- Waitlist management: To record and process your interest in LastMile ID services and contact you when onboarding opens in your area
- Address registration: To assign and issue a verified LastMile ID (LM-ID) to your property
- Identity and address verification: To provide address verification services to businesses, fintechs, logistics companies, and other institutional users
- Business and API access: To onboard business partners, grant API access, and manage integrations
- Government partnerships: To facilitate institutional collaboration with LGAs, state agencies, and federal bodies
- Field agent programme: To process agent applications, manage agent operations, and process agent earnings
- Service communications: To send confirmations, updates, and notices relevant to your registration or account
- Product improvement: To understand usage patterns and improve our services
- Security and fraud prevention: To detect and prevent fraudulent or unauthorised activity
- Legal compliance: To comply with applicable laws, regulations, and lawful requests
We do not use your data for automated profiling that produces significant legal effects, direct marketing to third parties, or any purpose incompatible with those described above without your explicit consent.
Legal Basis for Processing
Under the Nigeria Data Protection Act 2023 (NDPA) and internationally recognised data protection principles, we rely on the following legal bases for processing your personal data:
| Legal Basis | When We Rely on It |
|---|---|
| Consent | When you voluntarily submit your information via our waitlist or contact forms; where you opt in to marketing communications |
| Contract | Where processing is necessary to fulfil a service you have requested, such as field agent engagement or API access |
| Legitimate Interests | For fraud prevention, product improvement, analytics, and security — where our interests do not override your fundamental rights |
| Legal Obligation | Where we are required to process data to comply with Nigerian law or a lawful order |
| Vital Interests | In emergency situations where address data is required to protect life |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
How We Share Your Data
We do not sell, rent, or trade your personal data. We share your data only in the following circumstances:
Service Providers
We may share your data with trusted third-party service providers who process data on our behalf, including cloud storage and hosting providers, identity and KYC verification partners, payment processors, and SMS or communication service providers. All service providers are bound by contractual data processing obligations consistent with applicable law.
Institutional Partners
Where you have provided address data for the purpose of registration, anonymised or aggregated location and property data may be shared with government partners (LGAs, state agencies) for the purpose of civic infrastructure planning. Personally identifiable information is only shared with institutional partners where you have consented or where sharing is required by law.
Business Verification Users
Where a registered business user queries an address through our verification API, we confirm or deny the validity of an address. We do not share your personal details with the querying business beyond what is necessary for verification.
Legal Requirements
We may disclose your data to regulators, law enforcement, or government bodies where required by law, court order, or to protect the rights, property, or safety of LastMile ID or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
| Data Category | Retention Period |
|---|---|
| Waitlist submissions | Until onboarding in your area is complete, or 3 years — whichever is earlier |
| Registered address data | Indefinitely while the LM-ID remains active; deleted upon verified deregistration request |
| Business / API partner records | Duration of the partnership plus 7 years for legal and audit purposes |
| Field agent records | Duration of engagement plus 3 years |
| Technical / website logs | Up to 12 months |
| Communications and correspondence | 3 years from date of last communication |
After the applicable retention period, we securely delete or anonymise your data. Where anonymisation is not possible, data is securely destroyed in accordance with our data disposal procedures.
Your Rights
Under the Nigeria Data Protection Act 2023 and applicable international standards, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@lastmileidentity.com. We will respond within 30 days. We may need to verify your identity before processing your request.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls limiting data access to authorised personnel only, secure server infrastructure hosted with reputable providers, and regular review of our security practices.
While we take data security seriously, no system is entirely impenetrable. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the NDPC and affected individuals in accordance with our obligations under the NDPA 2023.
Children's Privacy
Our services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@lastmileidentity.com and we will delete the information promptly.
Field agent applicants must be at least 18 years of age. Address registration on behalf of a minor may be completed by a parent or legal guardian, who bears responsibility for the accuracy of the information submitted.
International Data Transfers
LastMile ID is incorporated and operates in Nigeria. Your data is primarily stored and processed within Nigeria. Where we use third-party service providers (such as cloud infrastructure) that may process data outside Nigeria, we ensure appropriate safeguards are in place, including contractual data transfer clauses consistent with NDPA 2023 requirements.
We do not transfer personal data to jurisdictions that do not provide an adequate level of data protection without implementing appropriate safeguards.
Regulatory Compliance
This policy is designed to comply with the following applicable laws and standards:
- Nigeria Data Protection Act 2023 (NDPA) — the primary data protection legislation in Nigeria
- Nigeria Data Protection Regulation 2019 (NDPR) — continuing obligations under the original regulation
- General Data Protection Regulation (GDPR) — applied as an international best-practice standard for users in GDPR-covered jurisdictions
The supervisory authority for data protection in Nigeria is the Nigeria Data Protection Commission (NDPC). You may contact them at ndpc.gov.ng if you wish to raise a concern about our data practices.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and, where appropriate, notify users via email or a notice on our website.
Your continued use of our services after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
Contact Us
For all data protection enquiries, requests to exercise your rights, or concerns about how we handle your data, please contact us through any of the following channels:
We aim to respond to all data protection requests within 30 days of receipt.