Imprint & Data Privacy
Legal Imprint of Sana Pads Limited
Company Information
Registered Name: Sana Pads Limited (a company incorporated in the Federal Republic of Nigeria).
Registered Address: 2 Clement Akpamgbo Close, Guzape, Abuja 900110, Federal Capital Territory, Nigeria.
Corporate Registration: Registered with the Corporate Affairs Commission (CAC) in Abuja, Nigeria, under Registration No. 7151140.
Tax Identification Number (TIN): 31740106-0001.
Responsible Representative: Mary Azaki Sabo (Managing Director, Sana Pads Limited).
Public Interest Status: Sana Pads Limited operates as a social enterprise dedicated to the public interest goal of promoting sustainable menstrual hygiene and reducing period poverty in Nigeria.
Contact Information
Email: sanapads.marketing@gmail.com
Telephone: +234 911 420 4930
For any inquiries or correspondence, please use the above contact details. Sana Pads Limited’s management is responsible for the content of this website and can be reached through the provided email or mailing address for official communications.
Privacy Policy
Last Updated: May 4, 2025
Sana Pads Limited (“we”, “us” or “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the Nigeria Data Protection Regulation (NDPR) and the EU General Data Protection Regulation (GDPR). It applies to all visitors, customers, donors, and users of our website and services. We aim to be transparent about our data practices and ensure that both Nigerian and international users’ privacy rights are respected.
1. Who We Are
Sana Pads Limited is a Nigerian social enterprise focused on providing reusable sanitary pads and promoting menstrual hygiene education. For the purposes of data protection laws, Sana Pads Limited is the “data controller” of the personal information collected on this website. If you have any questions about this policy or how we handle your data, please contact us using the details provided in the Contact section of this policy.
2. Data We Collect
We collect personal data that you provide to us directly, as well as some data automatically when you use our site. Below is an overview of the types of information we collect and the context in which we collect it:
When you purchase reusable sanitary pads or other products (either as a client, distributor, or on behalf of a foundation), we collect information necessary to process your order and deliver the products. This may include your name, delivery address, phone number, and email address, as well as order details (e.g. product selection and quantity). We use this information to fulfill your order, arrange shipping, and communicate with you about the delivery.
If you join our menstrual hygiene club or subscribe to our newsletters/updates, we collect your name and email address. We use this information to send you regular email updates about menstrual health, our products, and related news. You will have provided this information by filling out a subscription form, and you can unsubscribe at any time.
When you donate money via our site, we collect information to process the donation and acknowledge your contribution. This typically includes your name, contact information (such as email address and/or phone number), and donation details (such as the amount donated and the date of donation). If you consent or as permitted by law, we may also use your contact information to send you updates on how your donation was used and the impact of our programs, as well as future fundraising or project updates.
If you contact us through our website (for example, via the contact form or email), we will collect your name, email address, and the content of your message. Any additional information you choose to provide in your inquiry (such as phone number or other details) will also be collected. We use this data to respond to your questions, requests, or feedback.
When you visit our website, certain data is collected automatically from your device for security and analytics purposes. This may include IP address, browser type, device information, and browsing behavior on our site (such as pages viewed). We use cookies and similar technologies to collect some of this information (see the Cookies section below for more detail). This usage data helps us to secure our website, prevent fraud, and understand how users interact with our site so we can improve our services. (No personally identifying information is obtained in this process aside from technical data, and where required by law, we will ask for your consent for any non-essential cookies.)
Our website may use “cookies” (small text files placed on your device) and similar technologies to enhance user experience and analyze site usage. Where required by GDPR or NDPR, we will obtain your consent before using non-essential cookies. You can adjust your browser settings to refuse cookies, but note that some site features might not function properly as a result. For more details, you can refer to our Cookies notice (if available) or contact us.
3. How We Use Personal Data
We only use your personal data for specific purposes and in ways that are transparent to you. The main purposes for which we process your information are:
We use order and shipping information to process purchases of reusable pads and related products, arrange delivery to the provided address, and communicate with you about your order (e.g., order confirmations, shipping notifications). This is necessary for us to perform our contract with you when you make a purchase or request our products.
For those who subscribe to our menstrual hygiene club or newsletter, we use your name and email to send periodic emails containing updates, educational content, offers, or event information. We only send these communications with your consent (such as when you sign up on our website) and you can opt out at any time by clicking the unsubscribe link in our emails or contacting us.
We use donor information to process your donations (including processing payment through secure payment providers) and to maintain records of contributions. With your permission, or as allowed by applicable law, we may also send thank-you messages, donation receipts, and follow-up communications to inform you about the impact of your contribution or to invite further support for our cause. We strive to be accountable to our donors by providing updates on how funds are used; however, you have the choice to opt out of receiving future communications from us at any time.
If you reach out with questions, feedback, or requests, we will use your provided contact information and message details to respond to you. This may include assisting you with product information, addressing any issues with an order, or providing information about our programs and initiatives upon request.
We analyze website usage data (which generally does not directly identify you) to understand user behavior and preferences. This helps us improve our website layout, content, and services. For example, understanding which pages are most visited can guide us in enhancing those sections. We may also use technical data to diagnose and fix issues with the site, ensure security, and prevent fraudulent or malicious activities (such as hacking or spam). Where we rely on cookies or similar tracking for analytics, we will do so in accordance with consent requirements under NDPR/GDPR
In certain cases, we are required by law to process and retain personal data. For instance, we may need to keep records of sales and donations for taxation, accounting, or reporting purposes. If authorities lawfully request information (e.g., for an investigation or audit), we may process personal data to comply with those legal obligations. We will only disclose the data that is necessary and will inform you of such disclosures when permitted.
4. Legal Basis for Processing Personal Data
We process personal data only when we have a valid legal basis to do so under applicable data protection laws. Because we serve both Nigerian users and others (including potentially EU residents), our processing is conducted in line with both the NDPR and the GDPR. The legal bases we rely on include:
We will obtain your consent before collecting or using your personal data in cases where consent is required. Under both NDPR and GDPR, your consent is the legal basis for sending you marketing communications such as our menstrual club updates or newsletters. For example, by subscribing with your email, you consent to receive our updates. You also give consent when you fill out the contact form for us to use the information to reply. You have the right to withdraw your consent at any time (for example, you can unsubscribe from emails or notify us to stop using data you provided voluntarily). Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
When we need to process your data to fulfill a contract with you or to take steps at your request before entering into a contract, this serves as a legal basis. Under GDPR, this is Article 6(1)(b) – necessary for the performance of a contract. Under NDPR, processing to provide you with the requested service would be considered a legitimate purpose disclosed to you. For instance, when you purchase products from us or donate to us, we process your name, address, and payment details to complete the transaction and deliver the goods or services you requested. Similarly, if you ask for information or support, using your data to respond can be seen as part of providing the service. Without this data, we would not be able to fulfill your order or donation effectively.
In situations where we must process or retain data to comply with a law or regulatory requirement, we rely on legal obligation as the basis. (GDPR Article 6(1)(c) allows processing that is necessary for compliance with a legal obligation.) For example, Nigerian law or tax regulations may require us to keep certain transaction records (including personal data of buyers or donors) for a set period. Likewise, if EU law imposes any obligation (such as keeping records for VAT or informing authorities of certain activities), we will process data as needed to comply. In such cases, we only process the data specifically required by law.
Under the GDPR, we may process personal data if it is necessary for our legitimate interests, provided those interests are not overridden by your data protection rights (GDPR Article 6(1)(f)). For instance, it could be our legitimate interest to communicate with our existing donors and customers about related causes or products that might interest them, or to improve our services by analyzing usage data. We will always consider your rights and expectations; for example, any marketing to prior donors will be done in a very limited way or with separate consent as needed. Important: The NDPR (Nigeria) places strong emphasis on consent and does not explicitly recognize “legitimate interest” in the same way as GDPR. This means that for Nigerian data subjects, we will typically either rely on your consent or another clear legal basis (contract or legal obligation) for such processing. We will not use your data for any purpose that you would not reasonably expect or that is not disclosed to you.
In summary, we ensure that every piece of personal data we collect has a specific purpose and legal justification. If we ever need to process your personal data for a new purpose that is not covered by this Privacy Policy, we will inform you and obtain any required consent or provide a relevant legal basis before proceeding.
5. Data Sharing and Disclosure
We treat your personal information with care and confidentiality. We do not sell your personal data to third parties. However, in order to run our operations and provide our services, we sometimes need to share data with trusted third parties under strict conditions:
We may share necessary information with third-party service providers who perform functions on our behalf. This includes, for example:
Shipping and Logistics Companies: to deliver your orders to you (they will receive your name and delivery address, and possibly phone number for delivery coordination).
Payment Processors and Banks: to securely handle donation payments or product purchase transactions (they receive your payment details and may process your name and email for receipts or verification). We use reputable payment gateways that are PCI-DSS compliant to ensure your payment information is handled securely.
Email and Newsletter Services: if we use an email marketing service to send out newsletters or club updates, your name and email address will be stored with that service provider for the purpose of sending you emails. We ensure that any such provider has adequate data protection measures.
IT and Hosting Providers: who help us manage our website and data storage (they may process data like our website databases or backups which include your information, under secure and confidential conditions).
These service providers are only given the information necessary to perform their specific services, and they are contractually obligated to process your data only for our instructed purposes and to protect it in line with this Privacy Policy and applicable law.
Within Sana Pads Limited, your information is accessed only by authorized personnel who need it to perform their duties – for example, the team handling order fulfillment, donor relations, or customer service. All staff are bound by confidentiality and data protection obligations.
We may disclose personal data if required to do so by law or legal process, for example in response to a court order, subpoena, or regulatory request. We may also share information if we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request. In all such cases, we will only provide the data that is necessary and will object to overbroad requests when appropriate. If allowed, we will inform you of such requests.
In the unlikely event that Sana Pads Limited undergoes a major business transaction such as a merger, acquisition, or sale of assets, personal data we hold may be transferred to the new owner/partner as part of that deal. If this happens, we will ensure the new entity continues to respect your personal data in line with this Privacy Policy, and we will notify you (for example, via a notice on our website or email) of any change in data handling. You will have the opportunity to exercise your rights regarding your data in such circumstances.
We require any third party that receives your personal data to protect it in accordance with applicable data protection laws. Whenever personal data is shared, it is done securely and only to the extent necessary for the purpose.
6. International Data Transfers
Sana Pads Limited is based in Nigeria and our primary operations occur in Nigeria. However, the personal data we collect may be stored or processed in other countries, for example if we use cloud services or service providers located outside Nigeria, or if we need to communicate with donors and partners internationally. Notably, if you are an individual in the European Union (EU) or European Economic Area (EEA), your data may be transferred to Nigeria (which is outside the EEA) when you interact with our site or services.
We are mindful of our obligations when transferring personal data across national borders. Under the NDPR: international transfers of Nigerian residents’ data are allowed only to countries with adequate data protection or with appropriate safeguards in place (or with the individual’s consent, if other conditions are not met). Under the GDPR: we must ensure that any personal data leaving the EEA is protected by certain mechanisms (such as transferring to countries deemed to have an adequate level of data protection by the EU, or using Standard Contractual Clauses, or obtaining explicit consent from you).
Here are the steps we take for international data transfers:
Adequacy and Equivalent Protection: Whenever possible, we aim to host and process data in jurisdictions with strong data protection laws. For example, if our email newsletter provider or cloud backup service is located in the EU or a country that the EU deems “adequate” in data protection (such as countries that meet EU standards), those transfers are automatically safeguarded under GDPR. Similarly, for Nigerian data, if data is stored in an environment with comparable protection, we consider that compliant with NDPR’s intent.
Standard Contractual Clauses (SCCs): If we need to transfer EU personal data to a service provider or partner in a country not considered adequate (which would include Nigeria for EU data, since Nigeria is not yet on the EU’s adequacy list), we will put in place EU Standard Contractual Clauses or other approved transfer mechanisms. These are legal contracts approved by the European Commission that bind the receiver of the data to protect it according to EU privacy standards. This ensures that your EU-originating personal data remains safeguarded even after transfer.
NDPR Safeguards: For transferring data out of Nigeria, we comply with NDPR requirements by ensuring the foreign recipient has agreed to uphold privacy protections. If we were to, for instance, store some Nigerian user data on a US-based cloud server, we would ensure that the cloud provider has robust security and privacy commitments (and if needed, seek your consent for that transfer). The Nigeria Data Protection Bureau/Commission may issue guidelines on acceptable destinations, which we will follow.
Your Consent for Cross-Border Transfer: In cases where neither an adequacy decision nor a formal safeguard like SCCs is in place, we will seek your explicit consent before transferring your personal data internationally. For example, if you are a Nigerian user and we want to use a new service provider in a country without a strong data law, we would inform you and only proceed if you agree.
Please note that international transfers might also occur when you personally decide to use our services from outside Nigeria – for example, if an EU donor submits their information on our Nigerian-based website, that inherently involves transferring their data to Nigeria. By engaging with our site and providing information, users understand that their data will be handled as described in this policy. Regardless of where your data is processed, we will take appropriate steps to protect it. We also continuously monitor developments in international data transfer regulations to remain compliant.
7. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal or regulatory requirements. We follow the data minimization and storage limitation principles of NDPR and GDPR. This means we do not keep data indefinitely without justification. Below are our general retention practices for different categories of data:
Customers (Orders and Shipping): If you have purchased products from us, we will retain your order information (including personal details associated with the purchase) for as long as needed to complete the transaction and provide any customer service or after-sales support. After fulfilling your order, we typically keep the data for a period of up to six (6) years from the date of the transaction. This retention period allows us to refer to transaction records for accounting purposes, to handle any potential disputes or refunds, and to comply with record-keeping obligations (for example, financial records for taxation or audits). Six years is a common statutory period for business record retention. After this period, or if the data is no longer required, we will securely delete or anonymize it. (If local laws require a different retention period, we will follow those legal requirements.)
Subscription (Newsletter/Club) Data: If you have subscribed to our menstrual hygiene club updates or newsletter, we will keep your name and email on our mailing list until you unsubscribe or otherwise request deletion. If you remain an active subscriber, we will continue to process your data for this purpose. If we notice that your email address has become inactive or bounces over an extended period, we may remove it from our list. Additionally, under NDPR guidelines, when a digital service has not been actively used for a certain time (e.g., three years of inactivity), data should be deleted. In line with that, if you do not open or engage with our communications for a long period (about 2-3 years), we may purge your contact from our list to protect your privacy. In any event, every marketing email we send includes an easy way to opt-out, and once you opt-out, we will stop sending you emails and will delete your subscription data from our active mailing list. (We may retain a minimal record of your email to ensure we honor your opt-out and do not accidentally re-add you.)
Donor Information: Donation records (name, contact, and donation details) are retained to acknowledge and track contributions, issue receipts, and meet legal financial record requirements. We generally retain donation records for up to six (6) years as well, in alignment with best practices for financial record retention. This helps us comply with any audits, anti-fraud regulations, and to have historical data on our funding sources. If you have consented to receive updates, we will keep your contact information for sending those updates until you opt out. If you request deletion of your data, we will remove or anonymize your contact information from our donor communications list. However, we may need to keep a record of the donation itself (with your name) in our financial logs for the remainder of the retention period as required by law or accounting standards. After the retention period lapses, or once it’s confirmed that the data is no longer needed, we will securely delete or anonymize donor personal data.
Contact Form and Inquiry Data: Communications and inquiries (such as emails or contact form messages) are kept for as long as needed to address your inquiry and follow up. We may retain these communications for a period of time (typically up to 1-2 years) in case you have further questions or to reference previous conversations if you reach out again. If the inquiry leads to a commercial relationship (e.g., you become a customer or partner), we may retain relevant communications as part of our business records under the customer or partner profile, subject to the retention periods above. If not, and once the communication is concluded and no longer needed, we will delete the correspondence. We periodically review old inquiries and purge data that is no longer necessary.
Website Usage Data: Aggregated or anonymized web analytics data may be retained for a longer period for trend analysis, since it does not identify individuals. However, raw logs that contain IP addresses or identifiable information are typically rotated or deleted within a short timeframe (usually within a few months) unless needed for security investigations. For example, our server logs might be kept for 6-12 months for security monitoring and then automatically purged. If we store cookies on your device, their duration depends on the type of cookie – some may last only for your session, while others (like a preference cookie) might last a few months or a year. You can always clear cookies from your browser manually.
In all cases, when we no longer have a legitimate need or legal obligation to keep your personal data, we will ensure it is either securely deleted, anonymized, or destroyed. We also take care to avoid storing multiple redundant copies of personal data. Our data retention practices are periodically reviewed to ensure we are not keeping data longer than necessary. Keep in mind that in some situations we may need to retain data for a longer period if required by applicable law, or to establish, exercise, or defend legal claims (for example, if there is ongoing litigation or an investigation). We will always adhere to the maximum retention periods allowed by law and will not use your data for secondary purposes after your relationship with us has ended, except as required for legal compliance or legitimate internal purposes (like internal audit).
8. Your Rights as a Data Subject
We respect your rights to control your personal data. Whether you are protected under NDPR, GDPR, or both, our goal is to provide you with easy means to exercise the key data subject rights. These rights include:
Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to ask for a copy of the data we hold about you. We will provide you with relevant information, usually within a reasonable time and in a commonly used format. (Under NDPR and GDPR, we will typically respond to access requests within one month, and this service is generally free of charge unless the requests are manifestly unfounded or excessive.)
Right to Rectification (Correction): If any personal data we have about you is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you change your email address or realize we have a typo in your name, you can ask us to fix it, and we will do so promptly.
Right to Erasure (Deletion): You can request that we delete your personal data in certain circumstances. This is sometimes called the “right to be forgotten.” For instance, if you subscribed to our newsletter and no longer want us to have your information, you can ask us to remove it. We will comply with deletion requests provided we do not have a compelling reason to retain the data (such as a legal obligation or an overriding legitimate interest). We will also notify third-party processors to delete your data if they received it from us. Note that transactional records (like donation receipts) might not be erasable immediately if needed for legal record-keeping, but we will inform you if that is the case and will delete what we can.
Right to Object: If we process your data based on a legitimate interest (under GDPR) or for direct marketing, you have the right to object to that processing. For example, if you’re a donor and we send you occasional updates by relying on our interest in engaging supporters, you can object at any time, and we will stop using your data for that purpose. Under NDPR, since we mostly rely on consent for such cases, withdrawing consent achieves the same outcome. You can also object to any profiling or automated decision-making (though currently we do not perform automated decision-making on user data).
Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain situations. For instance, if you contest the accuracy of your data or have objected to processing, you can ask that we pause further use of your data while we address your concern. During restriction, we can store your data but will not process it further until the issue is resolved (except for storage or as necessary for legal claims, etc.).
Right to Data Portability: For data you have provided to us and which we process by automated means under consent or contract (this mostly applies under GDPR), you have the right to request a copy in a structured, commonly used, machine-readable format (for example, CSV or JSON file), so that you can transfer it to another service. In practical terms, this right may apply if you wanted to take the personal information you gave us for one service to another provider. We will assist with such requests to the extent applicable.
Right to Withdraw Consent: As mentioned, if we rely on your consent to process any of your personal data, you have the right to withdraw that consent at any time. This will not affect any processing already done while the consent was in effect, but it will stop us from continuing the processing based on consent. For example, you can unsubscribe from our newsletter (withdrawing consent to receive emails), or ask us to stop processing data you gave via an optional form. Once consent is withdrawn, we will cease the related processing and, if no other legal basis applies, we will delete or anonymize that data.
Right to Lodge a Complaint: We strive to address all your questions and requests to your satisfaction. However, if you believe we have infringed your privacy rights or violated data protection laws, you have the right to lodge a complaint with the appropriate supervisory authority. Under NDPR, you can contact the Nigeria Data Protection Bureau (NDPB) or any successor Data Protection Commission responsible for enforcement of data privacy in Nigeria. Under GDPR, you may reach out to the data protection authority in the EU country where you reside, where you work, or where the alleged infringement occurred. For instance, if you are in the EU, you might contact your national Data Protection Authority or the lead authority in the country of our EU representative (if we designate one in the future). We would appreciate the chance to deal with your concerns directly first, so we encourage you to contact us with any complaint, and we will do our best to resolve it in a fair and transparent manner.
To exercise any of your rights, you can contact us via the contact information provided in this policy. We may need to verify your identity before fulfilling certain requests (to protect your data from unauthorized access). This could involve asking for some additional information or identification. We will respond to legitimate requests as quickly as possible, and at least within the timeframes required by law (generally within one month, with the possibility of an extension for complex requests – if an extension is needed, we will inform you and explain why).
Please note that these rights are not absolute; in some cases, legal exemptions might apply. If we cannot fulfill a request (due to a legal requirement or an exemption), we will explain the reasoning to you. For example, if you request deletion of data that we are legally required to keep (say, for financial auditing), we may not be able to delete it until the required retention period ends. However, we will communicate with you and find a reasonable solution whenever possible (such as restricting access to the data).
Overall, we are committed to honoring your rights and ensuring you have control over your personal information. Your trust is important to us, and we will always work to protect your privacy and handle your requests with respect and care.
9. Data Security Measures
We understand the importance of securing personal data and have implemented appropriate security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. We take both technical and organizational precautions to ensure data is handled safely:
Our website is encrypted using SSL/TLS technology, which means that any data transmitted between your browser and our site (for example, when you fill out forms or make a purchase) is encrypted in transit. We store personal data on secure servers that are protected by firewalls and access controls. Where possible, we employ measures such as encryption of sensitive data at rest, pseudonymization of data (replacing identifying fields with codes), and regular backups to prevent data loss. We also apply security patches and updates to our systems in a timely manner to guard against known vulnerabilities.
Within our organization, we restrict access to personal data to employees and contractors who need that information to process it (on a need-to-know basis). Those individuals are trained on the importance of confidentiality and privacy. We have internal policies in place guiding how to handle personal data. For example, staff are required to use strong passwords, and multi-factor authentication is enabled for access to sensitive systems where possible. We log access and actions on personal data to maintain an audit trail. Additionally, we avoid unnecessary printing of personal data, and any physical documents containing personal information are stored securely and shredded when no longer needed.
When we use third-party service providers (such as payment processors or cloud services), we select reputable companies with proven security track records. We review their security practices (often outlined in their privacy policies or compliance certifications) to ensure they meet our standards. For instance, our payment processing partners are PCI-DSS compliant (a security standard for handling payment card data), and our email service providers often certify to standards like ISO 27001 or SOC 2 for information security. We also sign data processing agreements with such providers to require that they protect your data and notify us promptly in the event of any security incident.
We monitor our systems for potential vulnerabilities and breaches. We use anti-malware tools and may employ intrusion detection/prevention systems. Periodically, we assess our security measures and may conduct tests (like vulnerability scans or penetration testing) to identify and fix weaknesses. In addition, we have procedures to identify suspected malicious activity (such as multiple failed login attempts) and respond accordingly (like temporarily blocking access to prevent intrusion).
Despite all the measures in place, no method of transmission or storage is 100% secure. In the unlikely event of a data breach (for example, a security incident leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data), we have a response plan. We will contain and investigate the breach immediately. If the breach is likely to result in a risk to your rights and freedoms (under GDPR) or has significant impact (under NDPR), we will notify the appropriate authorities within the timeline they require (GDPR generally requires reporting to the authority within 72 hours). If the breach poses a high risk to you (for example, a leak of sensitive information), we will also inform you without undue delay, along with steps you should take to protect yourself. We will take all necessary actions to mitigate the breach and prevent future occurrences.
Your responsibility: It’s important to note that you play a role in keeping your data secure as well. When you interact with our site, ensure that you use a secure connection and keep your own login credentials (if any) confidential. Be aware of common scams – for example, we will never ask you for your password via email, and any payment on our site will be done through our secure payment portal, so beware of any request to send money outside our official channels.
We are continuously improving our security practices as new technologies and threats emerge. We are committed to protecting your personal data, and if you have any questions about the security of your data, feel free to contact us.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top of the policy. If the changes are significant, we may also provide a more prominent notice (such as a banner on our website or an email notification of the update). We encourage you to review this page periodically to stay informed about how we are protecting your information.
Your continued use of our website or services after any modifications to this policy will constitute your acknowledgment of the changes and your agreement to be bound by the updated policy. However, if we propose to use your personal data for a new purpose that requires your consent, we will seek your consent first.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us:
Sana Pads Limited
Address: 2 Clement Akpamgbo Close, Guzape, Abuja 900110, F.C.T, Nigeria.
Email: sanapads.marketing@gmail.com
Telephone: +234 911 420 4930
Please address any data protection inquiries to the attention of our Privacy Compliance team (you can simply mention it in your email subject or letter). We will gladly assist you with information, access requests, or any issues you wish to raise.
For requests to exercise your rights (such as accessing or deleting your data), you may email us with details of your request. We might ask you to verify your identity to ensure we are protecting your information from unauthorized access. We will respond as quickly as possible, and no later than the timeframe required by law.
Your privacy is very important to us. We appreciate the trust you place in Sana Pads Limited and will continue to work hard to safeguard your personal information. Thank you for supporting our mission to improve menstrual hygiene – we are committed to honoring that support with responsible and lawful use of your data.