Biodux Logo
Legal

Privacy Policy

How Biodux Technologies collects, uses, and protects your data in compliance with the Nigeria Data Protection Regulation (NDPR).

Last updated: April 6, 2026

Biodux Technologies ("Biodux", "we", "us", or "our") operates the Biodux PMS hospitality management platform. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our software, visit our website, or engage with our services. By using our platform, you agree to the practices described in this policy. Hotel operators using Biodux PMS are responsible for ensuring their guests are informed of this policy where applicable.

1. Information We Collect

1.1 Guest & Booking Data

When hotels use Biodux PMS to manage reservations, we process guest information including full name, email address, phone number, nationality, date of birth, government-issued identification numbers, booking dates, room preferences, special requests, and payment details. This data is collected on behalf of our hotel clients (data controllers) and processed by Biodux Technologies (data processor) in accordance with the Nigeria Data Protection Regulation (NDPR) 2019.

1.2 Hotel Operator & Staff Data

We collect information from hotel operators and their staff who use our platform, including name, work email address, phone number, job title, login credentials, and activity logs within the system. This is necessary to provide access to our software and to ensure accountability and security across your property.

1.3 Financial & Transaction Data

Our platform processes financial data including room rates, invoices, receipts, payment gateway transactions, tax records, and accounting reports. Payment card data is processed through PCI-DSS compliant third-party payment gateways and is never stored on Biodux servers.

1.4 Technical & Usage Data

We automatically collect technical information when you use our platform, including IP addresses, browser type and version, operating system, device identifiers, pages visited, features used, session duration, and error logs. This data is used to improve performance, troubleshoot issues, and enhance user experience.

2. How We Use Your Information

2.1 Service Delivery

We use collected data to provide, maintain, and improve the Biodux PMS platform — including property management, point of sales, booking engine, inventory management, accounting, and integration services. This is the primary legal basis for processing under Article 2.1 of the NDPR.

2.2 Guest Experience Management

Data is used to facilitate check-in and check-out processes, manage room assignments, process payments, send booking confirmations, handle guest communications via WhatsApp and email, and generate guest folios and invoices.

2.3 Compliance & Reporting

We process financial and operational data to help hotel operators comply with Nigerian tax regulations (FIRS), generate statutory reports, maintain audit trails, and fulfil obligations under the Hotels and Tourism Act and other applicable Nigerian laws.

2.4 Platform Security & Fraud Prevention

Usage and technical data is analysed to detect unauthorised access, prevent fraudulent transactions, monitor system integrity, and protect both our platform and your property's data from security threats.

2.5 Customer Support

We use account and usage data to provide technical support, diagnose issues, respond to queries, and deliver onboarding and training assistance to hotel operators and their staff.

3. Data Sharing & Disclosure

3.1 With Hotel Operators

Guest data is accessible to the hotel property whose systems collected it. Hotel operators are responsible as data controllers for obtaining appropriate consent from their guests and for using guest data in compliance with the NDPR and applicable hospitality regulations.

3.2 Third-Party Integrations

Biodux PMS integrates with Online Travel Agencies (OTAs), payment gateways, channel managers, door lock systems, internet providers, and IPTV systems. Data shared with these integrations is governed by their respective privacy policies. We ensure all third-party processors meet adequate data protection standards.

3.3 Service Providers

We engage trusted third-party service providers for cloud hosting, email delivery, SMS notifications, analytics, and customer support tooling. These providers are contractually bound to process data only as directed by Biodux and to maintain appropriate security standards.

3.4 Legal Requirements

We may disclose data to law enforcement agencies, regulatory bodies, or government authorities where required by Nigerian law, court order, or to protect the rights, safety, and property of Biodux Technologies, our clients, or the public.

3.5 No Sale of Data

Biodux Technologies does not sell, rent, or trade personal data of guests, hotel operators, or staff to any third party for commercial or marketing purposes.

4. Data Security

4.1 Technical Safeguards

We implement industry-standard security measures including 256-bit SSL/TLS encryption for data in transit, AES-256 encryption for sensitive data at rest, multi-factor authentication for administrative access, role-based access controls, and regular security audits and penetration testing.

4.2 Operational Safeguards

Access to personal data is restricted to Biodux staff who require it to perform their duties. All staff handling personal data undergo data protection training. We maintain detailed access logs and conduct regular internal audits of data handling practices.

4.3 Payment Security

All payment processing is handled through PCI-DSS Level 1 compliant payment gateways. Biodux PMS does not store, transmit, or process full payment card numbers on its servers. Tokenisation is used to reference payment instruments securely.

4.4 Incident Response

In the event of a data breach that is likely to result in risk to individuals, we will notify affected hotel operators and, where required, the National Information Technology Development Agency (NITDA) within 72 hours of becoming aware of the breach, in accordance with the NDPR.

5. Data Retention & Storage

5.1 Retention Periods

Guest booking and financial records are retained for a minimum of 7 years to comply with Nigerian tax and accounting regulations. Staff account data is retained for the duration of the contractual relationship plus 2 years. System logs are retained for 12 months. Marketing data is retained until consent is withdrawn.

5.2 Data Location

Data is primarily stored on servers located in Nigeria and within jurisdictions that provide adequate data protection. Where data is transferred internationally for backup or processing purposes, we ensure appropriate safeguards are in place, including standard contractual clauses or adequacy decisions.

5.3 Data Deletion

Upon termination of a hotel's subscription, we will retain data for 90 days to allow for data export. After this period, data will be securely deleted or anonymised unless retention is required by law. Hotel operators may request earlier deletion subject to legal retention requirements.

6. Your Rights Under the NDPR

6.1 Right to Access

You have the right to request a copy of personal data we hold about you. Hotel operators can access most guest and operational data directly through the Biodux PMS dashboard. Individuals wishing to exercise this right may contact us at privacy@biodux.com.

6.2 Right to Rectification

If personal data we hold is inaccurate or incomplete, you have the right to request correction. Hotel staff can update most data directly within the platform. Guest data corrections should be requested through the hotel where the stay occurred.

6.3 Right to Erasure

Subject to legal retention requirements, you may request deletion of your personal data. We will assess each request against our legal obligations and respond within 30 days. Where deletion is not possible due to legal requirements, we will inform you of the reason.

6.4 Right to Object & Restrict Processing

You have the right to object to certain types of processing and to request that we restrict how we use your data while a complaint is being investigated. To exercise these rights, contact our Data Protection Officer at dpo@biodux.com.

7. Cookies & Tracking

7.1 Essential Cookies

Our web-based platform uses essential cookies necessary for the platform to function, including session management, authentication tokens, and security cookies. These cannot be disabled as they are required for the service to operate.

7.2 Analytics Cookies

With your consent, we use analytics cookies to understand how our platform is used, which features are most valuable, and where improvements are needed. This data is aggregated and anonymised. You may opt out of analytics cookies through your browser settings.

7.3 Marketing Cookies

Our marketing website may use cookies to measure the effectiveness of our advertising and to deliver relevant content to prospective customers. These are only set with explicit consent and can be withdrawn at any time.

8. Contact & Complaints

8.1 Data Protection Officer

Biodux Technologies has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the NDPR and this Privacy Policy. You may contact our DPO at dpo@biodux.com or by writing to us at our registered address.

8.2 General Privacy Enquiries

For general privacy questions, data access requests, or concerns about how we handle your data, contact us at privacy@biodux.com or call 09060008694 during business hours (Monday–Friday, 8am–6pm WAT).

8.3 Complaints

If you are dissatisfied with our response to a privacy concern, you have the right to lodge a complaint with the National Information Technology Development Agency (NITDA), the regulatory authority for data protection in Nigeria, at nitda.gov.ng.

8.4 Registered Address

Biodux Technologies, 1A Ogunlowo Street, Obanta Avenue, Off Ajao Road, Ikeja, Lagos, Nigeria.