Privacy Policy

Digital Marketing Agency · Lagos, Nigeria

Effective Date: 10 April 2026

Last Updated: 10 April 2026

Company Detail Information

1. Introduction and Scope

This Privacy Policy (“Policy”) describes how Magnetize Marketing (“we,” “us,” “our”) collects, uses, stores, shares, and protects personal data in connection with our digital marketing services, website, and all communications with clients, prospective clients, partners, job applicants, and website visitors.

We are committed to protecting your privacy and handling your personal data in an open, transparent, and lawful manner, in full compliance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and all applicable guidelines issued by the Nigeria Data Protection Commission (NDPC).

By visiting our website at magnetize-marketing.com, engaging our services, submitting a contact or consultation form, communicating with us via WhatsApp or email, or applying for a position with us, you acknowledge that you have read and understood this Policy.

Scope: This Policy applies to all personal data processed by Magnetize Marketing in the course of providing digital marketing services including SEO, SEM, Social Media Marketing, Website Development, Generative Search Optimisation (GSO), Brand Development, Digital PR, Content Marketing, Email Marketing, Analytics, and Retail Distribution Strategy.

2. Who We Are and How to Contact Us

Magnetize Marketing is a full-service digital marketing agency based in Lagos, Nigeria. We serve startups, SMEs, and established brands across Nigeria and the African continent, providing data-driven digital marketing strategies designed to increase online visibility, generate qualified leads, and drive measurable revenue growth.

Data Controller

For the purposes of the Nigeria Data Protection Act 2023, Magnetize Marketing acts as the “Data Controller” with respect to personal data collected directly from you. When we process data on behalf of our clients (for example, managing a client’s advertising campaigns), we act as a “Data Processor.”

Contact Details for Privacy Matters

3. Information We Collect

We collect personal data in the following categories depending on the nature of your interaction with us:

3.1 Information You Provide Directly

When you use our website forms, contact us, or engage our services, we may collect:

• Full name and professional title
• Business name and industry sector
• Email address and phone number (including WhatsApp number)
• Website URL and existing digital presence information
• Business goals, marketing budgets, and service requirements
• Payment information (processed securely through third-party payment providers — we do not store full card numbers)
• Correspondence and communication records via email, WhatsApp, or phone
• Feedback, reviews, testimonials, and survey responses

3.2 Job Application Data

When you apply for a position at Magnetize Marketing, we collect:

• Full name, contact details, and location
• CV / résumé, cover letter, and portfolio materials
• Employment history, educational qualifications, and professional skills
• References and the details of named referees
• Right-to-work documentation where applicable

3.3 Technical and Usage Data (Collected Automatically)

When you visit our website, we automatically collect:

• IP address and approximate geographic location (city/region level)
• Browser type, version, and device operating system
• Pages visited, time spent on pages, and navigation path through our site
• Referring website (how you arrived at our site)
• Cookies and similar tracking technologies (see Section 10)
• Google Analytics data including session duration and behaviour flow

3.4 Data Collected as Part of Client Service Delivery

In the course of providing digital marketing services to clients, we may process personal data belonging to the client’s own customers. This processing is governed by a separate Data Processing Agreement (DPA) entered into with each client. We act strictly as a Data Processor in this context and do not use this data for any purpose other than the agreed service delivery.

3.5 Data from Third-Party Platforms

We may receive information about you from the following sources when connected to our client service work:

• Meta Platforms (Facebook, Instagram, WhatsApp Business API) — campaign performance data, audience insights, and engagement metrics
• Google platforms (Google Ads, Google Analytics 4, Google Search Console, Google Business Profile)
• LinkedIn Campaign Manager
• TikTok for Business
• Email marketing platforms (Mailchimp, Brevo)
• CRM systems operated by or on behalf of clients

4. How We Use Your Information

We use the personal data we collect for the following purposes:

Marketing communications: We will only send you marketing emails or WhatsApp messages where you have explicitly opted in, or where we have an existing client relationship and the communications relate to similar services. You may withdraw consent at any time by emailing info@magnetize-marketing.com or clicking ‘unsubscribe’ on any marketing email.

5. Legal Basis for Processing (NDPA 2023 Compliance)

Under the Nigeria Data Protection Act 2023, we are required to identify a lawful basis for each category of personal data processing. Our lawful bases are as follows:

5.1 Consent (Section 25, NDPA 2023)

We rely on your freely given, specific, informed, and unambiguous consent for:

• Sending promotional emails, newsletters, and WhatsApp marketing messages
• Publishing your name, likeness, or testimonial in our marketing materials or case studies
• Setting non-essential cookies and tracking technologies

You have the right to withdraw consent at any time without detriment. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

5.2 Contract Performance (Section 25(b), NDPA 2023)

We process data as necessary to:

• Enter into and perform service agreements with clients
• Respond to and process consultation requests that precede a contract
• Manage billing, invoicing, and payment administration

5.3 Legal Obligation (Section 25(c), NDPA 2023)

We process data to comply with:

• Nigerian tax laws and financial reporting obligations to the Federal Inland Revenue Service (FIRS)
• The Advertising Regulatory Council of Nigeria (ARCON) Act No. 23 of 2022 and the Nigeria Code of Advertising Practice
• Anti-money laundering obligations and fraud prevention requirements
• Court orders, regulatory investigations, or legal proceedings

5.4 Legitimate Interests (Section 25(f), NDPA 2023)

We rely on legitimate interests for:

• Operating, maintaining, and improving our website and services
• Protecting our business, staff, and clients from fraud, security threats, and reputational harm
• Communicating with existing clients about related services
• Processing job applications and managing our talent pipeline

Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) and are satisfied that our interests are not overridden by your rights and freedoms. You may request a copy of our LIA by contacting us.

6. Information Sharing and Third-Party Disclosure

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share data only in the following limited circumstances:

6.1 Service Providers and Subprocessors

We engage trusted third-party service providers who process personal data on our behalf in order to deliver our services. All such providers are contractually bound to process data only on our documented instructions and to implement appropriate security measures.

6.2 Professional Advisors

We may share data with our legal advisors, accountants, and auditors where necessary for the provision of their professional services to us. All such advisors are bound by professional confidentiality obligations.

6.3 Regulatory and Law Enforcement Bodies

We will disclose personal data to regulatory authorities, law enforcement agencies, or courts where we are legally required to do so, including:

• The Nigeria Data Protection Commission (NDPC)
• The Advertising Regulatory Council of Nigeria (ARCON)
• The Federal Inland Revenue Service (FIRS)
• Nigerian Police Force or other competent authorities upon valid legal request

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, personal data held by us may be transferred to the acquiring entity. We will provide notice of any such transfer and your data will continue to be protected in accordance with this Policy.

6.5 With Your Consent

We may share your data with third parties not described above where you have given your explicit consent, for example, for the publication of a case study or client testimonial on our website or in marketing materials.

7. International Data Transfers

As a digital marketing agency operating with global technology platforms, some of the personal data we collect is transferred to and processed in countries outside Nigeria. These transfers occur primarily in connection with our use of cloud-based service providers based in the United States and European Union.

Where personal data is transferred outside Nigeria, we ensure that appropriate safeguards are in place to protect your data in accordance with the NDPA 2023 and NDPR 2019. These safeguards include:

• Standard Contractual Clauses (SCCs) approved by the NDPC or equivalent competent authority
• Binding Corporate Rules (BCRs) where applicable
• Transfers to countries with an adequate level of data protection as recognised by the NDPC
• Your explicit consent where required

You may request further information about the specific safeguards applied to any international transfer of your personal data by contacting us.

8. Data Retention

We retain personal data for only as long as is necessary for the purposes for which it was collected, or as required by applicable Nigerian law. The following retention schedule applies:

Upon expiry of the applicable retention period, personal data will be securely deleted, anonymised, or — where deletion is not technically feasible — isolated from further processing until deletion is possible.

9. Your Rights Under Nigerian Data Protection Law

Under the Nigeria Data Protection Act 2023, you have the following rights with respect to your personal data. We are committed to facilitating the exercise of these rights promptly and without undue delay.

Response Time: We will respond to all data rights requests within 30 days of receipt. Where a request is complex or numerous, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reasons for it within the initial 30-day period.

Identity Verification: To protect your privacy and prevent unauthorised disclosure, we may require you to verify your identity before we process a data rights request. We will not charge a fee for processing a rights request unless it is manifestly unfounded, excessive, or repetitive.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience, analyse site traffic, and support our marketing activities. A cookie is a small text file stored on your device when you visit a website.

10.1 Types of Cookies We Use

10.2 Managing Your Cookie Preferences

On your first visit to our website, you will be presented with a cookie consent banner. You may accept all cookies, accept only necessary cookies, or customise your preferences by category.

You may also manage or delete cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website. For detailed instructions on managing cookies in popular browsers, visit: www.allaboutcookies.org.

10.3 The Meta Pixel

Our website uses the Meta Pixel (formerly Facebook Pixel), a piece of code that allows us to measure the effectiveness of advertising on Meta platforms (Facebook and Instagram) by tracking actions taken on our website. The Meta Pixel may collect your IP address, browser information, and pages visited. This data is processed by Meta Platforms, Inc. under their own privacy policy, available at www.facebook.com/privacy/policy. You may opt out of interest-based advertising from Meta at: www.facebook.com/ads/preferences.

11. Meta Platforms and Third-Party Advertising

As a digital marketing agency, we manage advertising campaigns on Meta platforms (Facebook, Instagram, and WhatsApp) on behalf of our clients, and we also advertise our own services on these platforms. The following describes how your data may interact with Meta in both contexts.

11.1 Advertising on Behalf of Clients

When we manage Meta Ads campaigns for clients, we act as a Data Processor under a formal engagement with the client (Data Controller). Audience targeting uses platform-level data held by Meta and may involve:

• Custom Audiences created by uploading hashed client data (email lists, phone numbers) to Meta’s systems
• Lookalike Audiences generated from existing customer data
• Interest-based and behavioural targeting using Meta’s advertising infrastructure

All such processing is conducted strictly in accordance with Meta’s Terms of Service, the client’s own privacy policy and data processing obligations, and applicable Nigerian data protection law.

11.2 ARCON Compliance

All advertising content placed by Magnetize Marketing or on behalf of our clients through Meta platforms and directed at the Nigerian market complies with:

• The Advertising Regulatory Council of Nigeria (ARCON) Act No. 23 of 2022
• The Nigeria Code of Advertising Practice (NCAP)
• The requirement for Advertising Standards Panel (ASP) pre-approval of all Nigerian-targeted digital advertisements
• The restriction on the use of foreign models and voice-over artists in Nigerian advertisements

We obtain ASP Certificates of Approval before advertising campaigns go live in the Nigerian market.

12. WhatsApp Business Communications

We use WhatsApp Business to communicate with clients, respond to enquiries, and provide service updates. The WhatsApp number associated with Magnetize Marketing is +234 812 007 7876.

12.1 How We Use WhatsApp

• Responding to consultation requests and business enquiries
• Sending service-related updates, project status communications, and meeting confirmations
• Sharing reports, deliverables, and campaign performance updates with clients
• Sending marketing messages only where you have explicitly requested them or opted in to receive them

12.2 WhatsApp Data Processing

WhatsApp messages are processed by Meta Platforms, Inc. under WhatsApp’s own privacy policy. WhatsApp applies end-to-end encryption to messages sent between users. Our WhatsApp Business account may retain message history for client service purposes in accordance with our retention schedule (Section 8).

If you contact us via WhatsApp, your phone number, message content, and any media shared will be stored as part of our communication records. You may request deletion of your WhatsApp communication records by contacting us.

12.3 Opting Out of WhatsApp Marketing

You may opt out of receiving WhatsApp marketing messages from us at any time by replying “STOP” to any marketing message, or by contacting us directly. Opting out of marketing messages will not affect service communications necessary for the delivery of contracted services.

13. Google Analytics and Search Platforms

Our website uses Google Analytics 4 (GA4) to understand how visitors interact with our website. GA4 collects anonymised data including pages viewed, session duration, traffic sources, device types, and geographic location (city/region level). We have configured GA4 with IP anonymisation enabled, meaning your full IP address is never stored by Google Analytics.

We also use Google Search Console to monitor our website’s performance in Google Search results. This involves Google providing aggregate data about search queries, click-through rates, and indexing status. No personally identifiable information from individual users is accessible through Google Search Console.

For Google Ads campaigns managed on behalf of clients, Google Conversion Tracking may be implemented. This uses cookies to record conversions (e.g., form submissions, purchases) that result from a Google Ads click. This data is processed by Google LLC under Google’s Privacy Policy: policies.google.com/privacy.

You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at: tools.google.com/dlpage/gaoptout. You may manage your Google Ads personalisation preferences at: adssettings.google.com.

14. Security of Your Information

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

14.1 Technical Safeguards

• HTTPS encryption (TLS 1.2 or higher) across all pages of our website
• Secure password policies and multi-factor authentication (MFA) on all internal systems
• Regular software updates and security patching
• Firewall protection and intrusion detection on our hosting infrastructure
• Encrypted file storage for sensitive client documents
• Data minimisation — we only collect and retain data that is necessary for the specified purpose

14.2 Organisational Safeguards

• Access to personal data is restricted to staff members who require it to perform their duties
• All team members receive data protection training aligned with NDPA 2023 requirements
• Third-party service providers are vetted for data security practices before engagement
• Data Processing Agreements (DPAs) are executed with all subprocessors
• Incident response procedures are in place to detect, report, and manage personal data breaches

14.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, in accordance with Section 40 of the NDPA 2023. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Payment Security: We do not store full payment card details on our systems. All card and bank transfer transactions are processed through PCI-DSS compliant payment processors (Paystack, Flutterwave). Our access to financial data is limited to transaction records (amount, date, reference number) for accounting and reconciliation purposes only.

15. Children’s Privacy

Our website and digital marketing services are intended for business use and are directed at adults aged 18 years and above. We do not knowingly collect, solicit, or process personal data from persons under the age of 18. Our services are not designed for or marketed to minors.

If you are a parent or guardian and believe that a minor has provided us with personal data without your consent, please contact us immediately at info@magnetize-marketing.com. We will promptly investigate and, if confirmed, delete such data from our records.

In the course of managing advertising campaigns for clients on Meta platforms, we comply with Meta’s policies restricting the targeting of users under 18 with certain categories of advertising content. We do not create or serve advertising directed at children on behalf of clients.

16. Links to Third-Party Websites

Our website may contain links to third-party websites, including social media platforms (Facebook, Instagram, LinkedIn, TikTok), partner organisations, and industry resources. These links are provided for your convenience and do not imply our endorsement of, or responsibility for, the content or privacy practices of those websites.

When you leave our website and visit a third-party site, that site’s own privacy policy will govern the collection and use of your personal data. We strongly encourage you to review the privacy policy of any third-party website you visit. We are not responsible for the privacy practices or content of third-party websites.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, applicable law, or regulatory guidance from the NDPC. All updates will be posted on our website at magnetize-marketing.com/privacy-policy with the revised “Last Updated” date prominently displayed at the top of the document.

Where changes are material — meaning they significantly affect your rights or how we process your personal data — we will notify you by email (where we hold your email address) or by displaying a prominent notice on our website prior to the change taking effect. Material changes will take effect no sooner than 30 days from the date of notice.

Your continued use of our website or services after the effective date of any update constitutes your acknowledgement of the revised Policy. If you do not agree to the updated Policy, you should discontinue use of our services and may exercise your data rights as described in Section 9.

18. Complaints and Regulatory Contacts

We take privacy complaints seriously and are committed to resolving them fairly and promptly.

18.1 Raising a Complaint with Us

If you have a concern or complaint about how we have handled your personal data, we encourage you to contact us in the first instance:

18.2 Nigeria Data Protection Commission (NDPC)

If you are not satisfied with our response to your complaint, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint directly with the Nigeria Data Protection Commission (NDPC), the supervisory authority responsible for enforcing the NDPA 2023 in Nigeria.

18.3 Advertising Regulatory Council of Nigeria (ARCON)

Complaints relating specifically to advertising content — including digital advertisements placed on Meta platforms, Google, or other channels — may also be directed to ARCON:

19. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below: