Data Protection - BehindDWheel Trucker's Ventures

Last Updated: April 30, 2026 | Data Protection Officer: dpo@behinddwheel.com

1. Our Commitment

BehindDWheel Truckers' Ventures Community is fully committed to protecting the personal data of our members, employees, and website visitors. We comply with all applicable data protection laws and regulations in Nigeria.

2. Regulatory Compliance

NDPR 2019

Nigeria Data Protection Regulation

Compliant

Full compliance with NDPR requirements for data collection, processing, storage, and transfer.

NDPC Act 2023

Nigeria Data Protection Commission

Compliant

Registered with NDPC. Annual data protection audit conducted.

SCUML

Special Control Unit Against Money Laundering

Registered

Registered with SCUML for financial transaction monitoring and reporting.

NDIC

Nigeria Deposit Insurance Corporation

Guidelines

Following NDIC cooperative society guidelines for member savings protection.

GDPR

EU General Data Protection Regulation

Ready

GDPR-compliant for any members or visitors from the European Union.

3. Technical Security Measures

Encryption at Rest: All sensitive member data (passwords, license numbers, NIN, BVN, bank details) is encrypted using AES-256 encryption before storage in the database.
Encryption in Transit: All data transmitted between your browser and our servers is protected by TLS 1.3 (HTTPS).
Content Security Policy (CSP): Strict CSP headers prevent cross-site scripting (XSS) and code injection attacks.
CSRF Protection: All forms are protected with unique, per-session Cross-Site Request Forgery tokens.
Input Sanitization: All user inputs are sanitized and validated before processing to prevent SQL injection and XSS attacks.
Rate Limiting: Login attempts are rate-limited to prevent brute force attacks.
Session Security: Sessions use HttpOnly, Secure, and SameSite=Strict cookies with automatic expiration.

4. Data We NEVER Store in Frontend

The following sensitive data is never exposed in client-side code (HTML, JavaScript, CSS) or browser-accessible storage:

FRSC Driver's License numbers
National Identification Numbers (NIN)
Bank Verification Numbers (BVN)
Bank account numbers (masked when displayed)
International Passport numbers
Full password hashes (only stored server-side with bcrypt)

All such data is processed and stored exclusively on our secure backend servers with strict access controls.

5. Data Processing Register

Data Category	Purpose	Legal Basis	Retention
Personal Info (Name, Email, Phone)	Membership management	Contractual necessity	Duration of membership + 7 years
KYC Documents (License, NIN)	Identity verification	Legal obligation (SCUML)	Duration of membership + 7 years
Financial Data (Savings, Loans)	Cooperative operations	Contractual necessity	Duration of membership + 7 years
Bank Details	Loan disbursements	Consent + contractual	Duration of membership
Usage Data (Cookies, IP)	Analytics & security	Consent + legitimate interest	Maximum 365 days

6. Data Subject Rights Request

To exercise any of your data subject rights (access, rectification, erasure, restriction, portability, objection), please contact our Data Protection Officer:

Email: dpo@behinddwheel.com
Phone: +234 803 654 7585
Response Time: We will respond within 30 days as required by NDPR

7. Breach Response Plan

In the event of a personal data breach, we will:

Contain the breach immediately
Assess the scope and impact within 24 hours
Notify affected members within 72 hours
Notify NDPC as required by law
Implement corrective measures
Conduct a post-incident review

8. Contact NDPC

If you believe your data rights have been violated, you have the right to lodge a complaint with the Nigeria Data Protection Commission:

Website: ndpc.gov.ng
Email: info@ndpc.gov.ng
Phone: +234 9 462 1900