PETROPIA Privacy and Data Protection Policy

1. Introduction to PETROPIA

PETROPIA is a comprehensive AI Powered cloud-based forecourt automation solution designed for fuel stations across Ethiopia. It provides station owners with a complete view of their station's operations, including daily income and expenditures, and facilitates efficient management through features such as:

• Real-Time Monitoring: Real-time oversight of station activities, inventory, and transactions.
• Remote Price Change: Efficient management and implementation of fuel pricing changes.
• Pump Automation: Accurate fuel dispensing and sales tracking to minimize errors and prevent fraud.
• Tank Monitoring: Real-time fuel level tracking to minimize theft and prevent losses.
• Comprehensive Reporting: Generation of precise operational and financial reports.
• Prompt Notifications: Timely alerts regarding critical operational events and inventory levels.
• Cloud-Based Platform: Access your station data from anywhere with automated processes.

Our value proposition is to put station owners and management in control of their operations, empowering them with data-driven insights.

2. Data Controller and Processor

Nafta Labs PLC acts as the Data Controller for certain personal data collected directly through our website (e.g., contact information for inquiries and account registration).

For the operational and personal data processed through the PETROPIA solution on behalf of our clients (fuel station owners), Nafta Labs PLC acts as a Data Processor, while our clients act as the Data Controllers.

3. Data We Collect

We collect various types of data to provide and improve our Services.

3.1 Personal Data

Personal Data refers to any information that can be used to identify an individual. This may include:

• Contact Information: Name, email address, phone number, physical address (e.g., when a user signs up, requests support, or uses contact forms).
• Account Information: Usernames, passwords, and other credentials used to access PETROPIA Services.
• Billing and Payment Information: Details necessary for processing payments for our services.
• Communications: Records of your interactions with us, including customer support inquiries, feedback, and survey responses.
• Employee Data (from Clients): Our clients may input data about their employees for operational purposes, such as tracking performance or access control.

3.2 Operational and Non-Personal Data

This includes data generated through the use of the PETROPIA platform, which may not directly identify an individual but is crucial for service functionality:

• Transaction Data: Sales records, fuel pump readings, payment methods, product quantities, timestamps of transactions.
• Inventory Data: Fuel levels, stock movements, delivery records.
• Pricing Data: Current and historical fuel prices, price change logs.
• Financial Data: Income, expenditures, daily summaries, reconciliation data.
• System Usage Data: Logs of access to the platform, feature usage, error reports, performance metrics.
• Device and Network Information: IP address, browser type, operating system, device identifiers.
• Location Data: General location data derived from IP addresses or specific location data for features like remote monitoring.

4. How We Collect Data

We collect data through the following methods:

• Directly from You/Your Organization: When you register for a PETROPIA account, configure your station's settings, input operational data, contact customer support, or participate in surveys.
• Automatically through the PETROPIA Platform: As data is generated by your fuel station's operations (e.g., pump transactions, inventory updates, sensor data) and fed into the PETROPIA system.
• Through Cookies and Tracking Technologies: When you interact with our website and the PETROPIA platform.
• From Third Parties: We may receive data from integrated third-party systems as authorized by our clients (e.g., payment gateways, accounting software).

5. How We Use Your Data

We use the collected data for the following purposes:

• To Provide and Maintain Services: To operate and deliver the core functionalities of PETROPIA, including real-time monitoring, price change management, accurate reporting, and prompt notifications.
• To Improve and Develop Services: To understand how users interact with PETROPIA and identify areas for improvement, research and develop new features.
• For Security and Fraud Prevention: To protect the integrity and security of our systems and data, detect and prevent fraudulent activities.
• For Analytics and Performance Monitoring: To monitor the performance and stability of our Services, conduct data analysis to understand trends.
• For Legal and Regulatory Compliance: To comply with applicable laws, regulations, and legal processes.
• For Communication: To send service-related announcements, technical notices, security alerts, and administrative messages. Marketing communications are sent only with your consent.

6. Data Sharing and Disclosure

We may share your data in the following circumstances:

• With Your Consent: We may share data with third parties when we have your explicit consent to do so.
• With Our Clients (Data Controllers): As a data processor, we share operational and personal data collected through PETROPIA directly with our clients as part of service delivery.
• With Service Providers: We engage trusted third-party companies to perform services on our behalf (e.g., hosting, data analytics, payment processing, IT support). These providers are contractually obligated to protect your data.
• For Legal Reasons: We may disclose data if required by law or in response to valid requests by public authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
• To Protect Our Rights: We may disclose data when necessary to investigate, prevent, or take action regarding potential violations of our policies or suspected fraud.

7. Data Security

We implement robust technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data is encrypted both in transit (using TLS/SSL) and at rest.
• Access Controls: Strict access controls and authentication mechanisms limit access to data to authorized personnel only.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing.
• Employee Training: Our employees receive regular training on data protection best practices and security protocols.
• Data Minimization: We only collect and retain data that is necessary for the purposes outlined in this policy.
• Backup and Recovery: Regular backups are performed to ensure data availability and rapid recovery.

Despite our best efforts, no method of transmission over the Internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and within the PETROPIA platform to collect information about your browsing activities.

What are Cookies?

Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work more efficiently and to provide information to site owners.

Types of Cookies We Use

• Essential Cookies: Necessary for the operation of our website and PETROPIA platform, enabling core functionalities like secure login and navigation.
• Analytical/Performance Cookies: Allow us to recognize and count visitors and see how they move around our website, helping us improve functionality.
• Functional Cookies: Used to recognize you when you return to our website, enabling us to personalize content and remember preferences.

Your Choices

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Data Retention

We retain personal and operational data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.

The retention period is determined by:

• Contractual Obligations: Data related to your PETROPIA account will be retained for the duration of your contract and for a period thereafter as required for administrative, legal, or audit purposes.
• Legal Requirements: Certain data may be retained for longer periods to comply with applicable laws.
• Operational Needs: Data may be retained for business operations, service improvement, fraud prevention, and to resolve disputes.
• Data Minimization: Once data is no longer required, it will be securely deleted or anonymized.

10. International Data Transfers

As a cloud-based solution, data collected through PETROPIA may be stored and processed in any country where Nafta Labs or its service providers operate. This means your data may be transferred to, and maintained on, computers located outside of Ethiopia where data protection laws may differ.

When transferring data across international borders, we ensure that appropriate safeguards are in place to protect your data, such as:

• Utilizing Data Processing Agreements (DPAs) with standard contractual clauses approved by relevant authorities.
• Ensuring that the recipient country provides an adequate level of data protection.

By using the PETROPIA Services, you acknowledge and agree to such transfers.

11. Your Data Protection Rights

Depending on your jurisdiction and the nature of the data, you may have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: In certain circumstances, you have the right to request the deletion of your personal data.
• Right to Restrict Processing: You have the right to request that we limit the way we use your personal data.
• Right to Object to Processing: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant data protection authority.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request in accordance with applicable data protection laws.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18 ("Children"). We do not knowingly collect personal data from Children. If you are a parent or guardian and you become aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this policy will indicate when it was last revised. We encourage you to review this policy periodically. If we make significant changes, we will notify you through a prominent notice on our website or through other direct communication channels. Your continued use of the Services after such updates signifies your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy and Data Protection Policy or our data practices, please contact Nafta Labs PLC at:

For specific requests related to your data protection rights, please mark your email subject as "Data Protection Request."