O
Omni Desk Omni Channel Limited
Legal Documentation
Omni Channel Limited — Omni Desk

Privacy Policy

We are committed to protecting the privacy and security of your data. This policy explains how we collect, use, share, and protect information when you use the Omni Desk CRM & ERP Platform and Mobile App.

📅 Effective Date: 1 July 2025 🏢 Omni Channel Limited — Nigeria ⚖️ NDPR 2019 & NDPA 2023 Compliant

Privacy at a Glance A plain-language summary — please read the full policy for complete details.

🔐

Your Data is Yours

Customer Data always belongs to you. We never sell or monetise it.

🛡️

Secure by Design

We use encryption, access controls, and regular security audits.

🇳🇬

NDPR Compliant

We process data in accordance with Nigeria's data protection laws.

🗑️

Right to Erasure

You can request deletion of your data at any time.

📦

Data Portability

Export all your data anytime in standard formats.

🔔

Breach Notification

We notify you within 72 hours of any confirmed data breach.

🔒 Our Commitment to You Omni Channel Limited takes your privacy seriously. This Privacy Policy applies to all personal data processed through the Omni Desk web platform at omni-desk.com and the Omni Desk Mobile App. By using our Services, you acknowledge that you have read and understood this Policy.

1 Introduction

This Privacy Policy describes how Omni Channel Limited ("we," "us," or "our") collects, uses, stores, shares, and protects information in connection with the Omni Desk CRM and ERP Business Suite, including the web platform accessible at omni-desk.com and the Omni Desk Mobile Application (collectively, the "Platform").

We are committed to processing personal data lawfully, fairly, and transparently, in accordance with the Nigeria Data Protection Regulation 2019 (NDPR), the Nigeria Data Protection Act 2023 (NDPA), and other applicable data protection and privacy laws.

This Policy should be read together with our Terms and Conditions. Any capitalised terms not defined in this Policy have the same meaning as in our Terms and Conditions.

2 Who We Are

Data Controller (for platform users) and Data Processor (for Customer Data):

For the purposes of this Policy, Omni Channel Limited acts as:

  • Data Controller in respect of personal data collected directly from Users for account management, product improvement, communications, and security purposes;
  • Data Processor in respect of Customer Data submitted through the Platform by our Customers, who are the data controllers of such data.

3 Scope & Application

3.1 This Policy applies to:

  • Individuals who register for or use the Omni Desk web platform;
  • Individuals who download and use the Omni Desk Mobile App;
  • Representatives of organisations that subscribe to Omni Desk;
  • Visitors to the omni-desk.com website;
  • Any individual whose personal data is submitted or processed through the Platform by our Customers.

3.2 This Policy does not apply to the data practices of third-party services or websites that may be linked to or integrated with Omni Desk. We encourage Users to review the privacy policies of any third-party services they use.

4 Data We Collect

4.1 Account & Registration Data

When you create an Omni Desk account, we collect:

  • Full name and job title;
  • Business email address and phone number;
  • Company name, industry, and business address;
  • Username and hashed password;
  • Subscription plan selected and billing information.

4.2 Usage & Platform Data

As you use the Platform, we automatically collect:

  • Log data: IP address, browser type and version, operating system, pages visited, timestamps, and referring URLs;
  • Feature usage data: which modules and features are accessed, frequency of use, and session duration;
  • Device information: device type, model, screen resolution, and unique device identifiers (for Mobile App users);
  • Error and crash reports to help us diagnose and resolve technical issues;
  • API call logs where the Customer has enabled API access.

4.3 Customer Data

Customer Data is the data that our Customers and their authorised Users upload, create, or process within the Platform as part of their business operations (e.g., CRM contacts, sales records, employee information, financial transactions). We process Customer Data on behalf of the Customer and only as directed by the Customer, as described in Section 8.

4.4 Payment Data

When processing subscription payments, we collect billing name, billing address, and payment method details. Payment card details are processed by our PCI-DSS compliant payment processor; we do not store full card numbers on our servers.

4.5 Communications Data

When you contact our support team or communicate with us via email, live chat, or the in-app support system, we retain records of such communications, including the content of messages, to assist with support and improve service quality.

4.6 Mobile App Data

In addition to the above, the Omni Desk Mobile App may collect:

  • Device location data (only where explicitly enabled by the User for location-aware features);
  • Camera access (only where enabled for document scanning or profile photo features);
  • Push notification tokens to deliver alerts and notifications;
  • Contacts (only where explicitly granted permission for specific integration features).

6 How We Use Your Data

We use the personal data we collect for the following purposes:

  • Service Provision: To provide, operate, maintain, and improve the Omni Desk Platform and all associated features;
  • Account Management: To create and manage User accounts, verify identity, and handle authentication;
  • Billing & Payments: To process subscription payments, issue invoices, and manage billing inquiries;
  • Customer Support: To respond to support requests, troubleshoot issues, and communicate service-related information;
  • Security & Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, abuse, or violations of our Terms;
  • Platform Analytics: To understand how the Platform is used, identify trends, and make data-driven improvements (data used in aggregated, anonymised form where possible);
  • Communications: To send service updates, security alerts, maintenance notices, and—where consent is given—marketing communications;
  • Legal Compliance: To comply with applicable laws, respond to legal process, and enforce our agreements;
  • Onboarding & Training: To provide onboarding materials, tutorial content, and product education;
  • Product Development: To develop new features and services, using insights from aggregated and anonymised usage data.

We do not use personal data to make fully automated decisions that have significant legal or similarly significant effects on individuals without providing the opportunity for human review.

7 Data Sharing & Disclosure

We do not sell, rent, or trade your personal data or Customer Data to any third party. We may share data only in the following limited circumstances:

7.1 Service Providers & Sub-processors

We engage trusted third-party service providers to assist in operating the Platform, including cloud hosting providers, payment processors, email delivery services, and analytics tools. These providers access data only as necessary to perform their services and are contractually bound to maintain confidentiality and process data only as instructed.

7.2 Legal Requirements

We may disclose personal data if required by law, court order, governmental authority, or regulatory body, including but not limited to the National Information Technology Development Agency (NITDA) under Nigerian law. We will, where legally permitted, notify the Customer of such requirements in advance.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred to the acquiring entity, subject to the same privacy commitments described in this Policy. Customers will be notified of any such change.

7.4 Protection of Rights

We may disclose data where necessary to protect the legal rights, property, or safety of Omni Channel Limited, our Customers, Users, or the public, including the investigation of potential fraud or cybercrime.

7.5 Consent

We may share your data with third parties when you have given explicit consent to such sharing.

8 Customer Data Processing

Important Distinction: Customer Data refers to data that our Customers submit to the Platform as part of their business operations (e.g., their clients' contact records, employee payroll data, sales transactions). Omni Channel Limited processes this data as a Data Processor under the Customer's instructions.

8.1 We process Customer Data strictly in accordance with the Customer's instructions, as set out in our Terms and Conditions and any applicable Data Processing Agreement (DPA) executed with enterprise Customers.

8.2 We do not access, use, or disclose Customer Data for any purpose other than providing and improving the Services, except where required by law.

8.3 Customers are responsible, as Data Controllers, for ensuring that any personal data they upload or process through Omni Desk has been collected lawfully, and that data subjects have been informed of its processing in accordance with applicable law.

8.4 Enterprise Customers may request a Data Processing Agreement (DPA) with additional commitments regarding sub-processor management, data processing records, and audit rights by contacting privacy@omni-desk.com.

8.5 A current list of our sub-processors who may process Customer Data is available on request.

9 Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal obligations. Our standard retention periods are:

Data TypeRetention Period
Account & registration data Duration of subscription + 2 years after closure
Customer Data Duration of subscription + 60 days post-termination
Billing & payment records 7 years (statutory requirement under FIRS regulations)
Support & communications records 3 years from last interaction
System/access logs 12 months
Marketing consent records Until consent is withdrawn + 1 year
Trial account data (if not converted) 30 days after trial expiry
Mobile App crash reports 6 months

After the applicable retention period, we securely delete or anonymise personal data in a manner that prevents reconstruction.

10 Security Measures

We implement a comprehensive security programme to protect personal data and Customer Data, including:

  • Encryption in Transit: All data transmitted between Users, the Mobile App, and our servers is encrypted using TLS 1.2 or higher (HTTPS);
  • Encryption at Rest: Customer Data stored in our databases is encrypted using AES-256 encryption;
  • Access Controls: Role-based access control (RBAC) ensures that only authorised personnel can access data, with access rights limited to those required for specific job functions;
  • Multi-Factor Authentication (MFA): MFA is available and strongly recommended for all administrator accounts;
  • Audit Logging: All access to Customer Data is logged and auditable;
  • Regular Security Assessments: We conduct periodic vulnerability assessments and penetration testing of the Platform;
  • Data Centre Security: Our cloud infrastructure is hosted with reputable providers that maintain ISO 27001 certification and physical security controls;
  • Employee Training: All staff who handle personal data receive regular data protection and security training;
  • Incident Response Plan: We maintain a documented incident response procedure to manage and contain security breaches.

In the event of a confirmed personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Customer and, where applicable, the relevant regulatory authority (NITDA) within seventy-two (72) hours of becoming aware of the breach, as required by the NDPA 2023.

11 Cookies & Tracking Technologies

11.1 What Are Cookies?

Cookies are small text files placed on your device when you access the Omni Desk web platform. We also use similar technologies such as web beacons, pixels, and local storage.

11.2 Types of Cookies We Use

Cookie TypePurposeCan be Disabled?
Essential / Strictly Necessary Enable core functions: login sessions, authentication tokens, security features No — required for the Platform to function
Functional Remember preferences: language settings, display options, saved filters Yes
Analytics Understand Platform usage, measure performance, identify errors Yes — via cookie preferences
Marketing Deliver relevant product information on Omni Desk website (not within the app) Yes — opt-out available

11.3 Managing Cookies

You can manage cookie preferences through the cookie settings panel accessible from the Omni Desk website footer. You may also configure your browser to refuse cookies, though this may affect the functionality of the Platform. Analytics and marketing cookies require your explicit consent before being set.

12 Mobile App Privacy

12.1 The Omni Desk Mobile App collects data as described in Section 4. In addition to the general data practices described in this Policy, the following applies specifically to the Mobile App:

  • Location Data: Location access is optional. The Mobile App will request location permission only for specific features (such as field agent tracking or geo-tagging). You may revoke location permission at any time through your device settings.
  • Push Notifications: The Mobile App may send push notifications for alerts, task reminders, and system messages. You may disable push notifications through your device notification settings.
  • Camera Access: Camera permission may be requested to allow document scanning or profile photo uploads. Camera access is only invoked when you explicitly initiate such an action.
  • Offline Data: The Mobile App may cache limited data locally on your device to enable offline functionality. Locally cached data is encrypted and cleared when you log out or uninstall the App.
  • App Analytics: We may collect anonymised crash reports and usage analytics to improve the Mobile App experience. These are processed by our analytics sub-processors under data processing agreements.

12.2 You may review permissions granted to the Omni Desk Mobile App at any time through your device's settings menu and revoke any permission you do not wish to grant.

13 Third-Party Services

13.1 The Omni Desk Platform may include integrations with third-party applications and services (e.g., payment gateways, email services, accounting platforms, cloud storage). When you use such integrations, data may be shared with those third parties in accordance with their respective privacy policies.

13.2 We are not responsible for the privacy practices of third-party services. We encourage Customers to review the privacy policies of any third-party services they connect to Omni Desk.

13.3 Where we engage sub-processors to process Customer Data on our behalf, we ensure that such sub-processors provide adequate guarantees of appropriate technical and organisational data protection measures and are bound by written data processing agreements.

14 International Data Transfers

14.1 Omni Channel Limited is based in Nigeria. Where we transfer personal data outside Nigeria (for example, to cloud infrastructure providers), we ensure that such transfers are subject to appropriate safeguards, including:

  • Transfers to countries recognised by NITDA as providing adequate data protection;
  • Contractual clauses approved or accepted under NDPR/NDPA frameworks;
  • Binding corporate rules or equivalent mechanisms where applicable.

14.2 Customers whose business requires all data to remain within Nigeria may request information about our data residency options by contacting privacy@omni-desk.com.

15 Your Rights & Choices

Under the Nigeria Data Protection Act 2023 and the NDPR, you have the following rights with respect to your personal data:

RightDescription
Right to Access Request a copy of the personal data we hold about you.
Right to Rectification Request correction of inaccurate or incomplete personal data.
Right to Erasure Request deletion of your personal data, subject to legal retention obligations.
Right to Restrict Processing Request that we limit how we use your personal data in certain circumstances.
Right to Data Portability Receive your data in a structured, machine-readable format and transfer it to another service.
Right to Object Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or another relevant supervisory authority.

15.1 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to privacy@omni-desk.com. We will respond to your request within thirty (30) days in accordance with NDPA requirements. We may request identity verification before processing your request.

15.2 Marketing Opt-Out

You may unsubscribe from marketing communications at any time by clicking "Unsubscribe" in any marketing email, or by updating your notification preferences within the Platform. Service-related communications (such as billing notices and security alerts) cannot be opted out of while your account is active.

15.3 Customer Data Rights (as Data Processor)

Where personal data is processed by us as a Data Processor on behalf of a Customer, data subject rights requests relating to Customer Data should be directed to the Customer (the Data Controller) in the first instance. We will assist Customers in responding to such requests as required by applicable law.

16 Children's Privacy

16.1 The Omni Desk Platform is designed for business use and is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from minors.

16.2 If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such data. If you believe that a minor's data has been collected through our Platform, please notify us immediately at privacy@omni-desk.com.

17 Policy Updates

17.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Where changes are material, we will notify registered users via email and/or in-platform notification at least fourteen (14) days before the changes take effect.

17.2 Minor or non-material changes may take effect upon publication. The date of the most recent revision will always be displayed at the top of this page.

17.3 Continued use of the Platform after changes take effect constitutes your acceptance of the updated Privacy Policy. If you do not agree with the updated Policy, you should cease use of the Platform and may close your account.

17.4 The current version of this Privacy Policy will always be available at https://omni-desk.com/privacy.

18 Contact & Data Protection Officer

For all privacy-related enquiries, data subject rights requests, or to report a data protection concern, please contact us through the following channels:

ContactDetails
Data Protection & Privacy privacy@omni-desk.com
General Support support@omni-desk.com
Security Incidents security@omni-desk.com
Website https://omni-desk.com
Registered Office Omni Channel Limited, Lagos, Federal Republic of Nigeria

Regulatory Authority

If you are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with the:

  • Nigeria Data Protection Commission (NDPC) — the supervisory authority for data protection in Nigeria.
  • Website: https://ndpc.gov.ng

Document Version: This Privacy Policy is effective as of 1 July 2025. The last revision date of this document is 1 July 2025. It applies to the Omni Desk web platform and Omni Desk Mobile App operated by Omni Channel Limited.