Terms & Conditions

URBANHOME FRONT DATA PRIVACY POLICY Effective Date: 20 April 2026 Last Updated: 20 April 2026 Version: 1.0 Governing Law: Federal Republic of Nigeria Data Controller: Copen Group, For and on behalf of urbanHome Front Contact: privacy@copengroup.com ⚠ IMPORTANT NOTICE – PLEASE READ CAREFULLY This Privacy Policy explains how Urban Home Front, an affiliated platform and trading brand of Copen Group, collects, uses, stores, and discloses your personal data when you use the Urban Home Front website, software, mobile application, and related services on mobile phones, laptops, tablets, desktops, and any other compatible system or device. By using the website, software, or any related service, you consent to the practices described in this Policy. This Policy is incorporated by reference into the Urban Home Front Terms and Conditions of Use. 1. WHO WE ARE 1.1 Urban Home Front is an affiliated platform and trading brand of Copen Group ("Company," "We," "Us," or "Our"), a real estate development company registered under the laws of the Federal Republic of Nigeria, with its principal office at Plot 32 Ebeano Housing Estate, Enugu, Nigeria. 1.2 For the purposes of applicable Nigerian data protection legislation, including the Nigeria Data Protection Act 2023 ("NDPA") and the Nigeria Data Protection Regulation 2019 ("NDPR"), the Company is the Data Controller in respect of the personal data collected through this website, software, and related services.. 1.3 Questions, comments, and requests regarding this Privacy Policy should be directed to our Data Protection Officer at: privacy@copengroup.org.ng. 2. SCOPE OF THIS POLICY 2.1 This Privacy Policy applies to all users of the Urban Home Front website, software, mobile application, and related services, including prospective buyers, registered users, and visitors who access the website, software, or application without registering. 2.2 This Policy covers personal data collected through the website, software, customer service channels, and any other interactions you have with us in connection with Urban Home Front. 2.3 This Policy does not apply to third-party websites, services, or applications that may be linked to or integrated with our website or application. We encourage you to review the privacy policies of any third-party services you access. 3. PERSONAL DATA WE COLLECT 3.1 Data You Provide to Us We collect personal data that you actively provide when you use the website or Application, including: Identity data: full name, date of birth, gender, and a copy of any identification documents you submit for verification purposes. Contact data: email address, phone number, and residential or correspondence address. Account credentials: username and encrypted password. Financial and transaction data: bank account details, payment card information (processed via secure third-party payment processors), transaction records, and mortgage or financing enquiry details. Property preferences: property types, locations, price ranges, and investment objectives you specify on the Application. User-generated content: messages, enquiries, feedback, reviews, or other content you submit through the Application. Correspondence: records of communications between you and the Company, including customer support interactions. 3.2 Data Collected Automatically When you access or use the Website or Application, we automatically collect: Device and technical data: IP address, device type and model, operating system and version, unique device identifiers, browser type and version, and mobile network information. Usage data: pages and screens viewed, features used, links clicked, search terms entered, property listings accessed, time and date of access, and session duration. Location data: with your permission, we collect precise GPS location data to provide location-based property search features. You may disable location access through your device settings, though this may affect certain features. Log data: server logs, error reports, and diagnostic data generated by your use of the Application. Cookie and tracking data: information collected through cookies, web beacons, pixel tags, and similar technologies as described in Section 10 below. 3.3 Data from Third Parties We may receive personal data about you from third parties, including: Identity verification providers who assist us in confirming your identity for property transaction purposes. Credit reference agencies or financial institutions, where you apply for mortgage assistance or financing facilitated through the Website, or Application. Analytics and advertising partners who provide aggregated or pseudonymized data about user behavior. Social media platforms, if you choose to connect a social media account to the Website, or Application or engage with our social media channels. 4. HOW WE USE YOUR PERSONAL DATA We use your personal data for the following purposes and on the following legal bases: Purpose Description Legal Basis Account Management Creating and managing your user account, authenticating your identity, and maintaining your profile. Performance of a contract Service Delivery Providing property listings, search functionality, valuations, and related real estate services. Performance of a contract Transactions Processing payments, managing reservations, and facilitating property sale and rental transactions. Performance of a contract Customer Support Responding to your enquiries, resolving complaints, and providing technical assistance. Legitimate interests Personalization Tailoring property recommendations, search results, and content to your preferences. Consent / Legitimate interests Security & Fraud Prevention Detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other security incidents. Legitimate interests / Legal obligation Legal Compliance Complying with applicable laws, regulations, court orders, and regulatory requirements, including anti-money laundering and Know-Your-Customer (KYC) obligations. Legal obligation Analytics & Improvement Analyzing usage patterns, conducting research, and improving the Website or Application’s features and performance. Legitimate interests Marketing & Communications Sending promotional materials, newsletters, and property updates, where you have opted in to receive such communications. Consent Aggregated Reporting Producing anonymized, aggregated market and usage statistics that cannot identify any individual. Legitimate interests 5. DISCLOSURE OF YOUR PERSONAL DATA 5.1 We do not sell your personal data to third parties. We may share your data in the following circumstances: 5.2 Service Providers We engage trusted third-party service providers to perform functions on our behalf, including payment processing, identity verification, cloud hosting, analytics, customer support, and marketing services. These providers access your data only to the extent necessary to perform their services and are contractually bound to maintain confidentiality and comply with applicable data protection laws. 5.3 Professional Advisers We may disclose your data to lawyers, auditors, accountants, insurers, and other professional advisers where necessary for the conduct of our business, subject to appropriate confidentiality obligations. 5.4 Regulatory and Legal Authorities We may disclose your data to law enforcement agencies, regulatory bodies, courts, or other governmental authorities where required or permitted by law, including for the purposes of preventing or investigating fraud, money laundering, or other criminal activity, or in response to a lawful request. 5.5 Business Transactions In the event of a merger, acquisition, restructuring, sale of assets, or similar corporate transaction involving the Company, your personal data may be transferred to the relevant successor entity, subject to the same protections set out in this Policy. 5.6 With Your Consent We may share your data with third parties not described above where you have given us your explicit prior consent to do so. 6. INTERNATIONAL DATA TRANSFERS 6.1 The Company is based in Nigeria and your data is primarily processed within Nigeria. Where we engage service providers located in other countries, we ensure that appropriate safeguards are in place in accordance with the NDPA and applicable regulations, including the use of standard contractual clauses or equivalent mechanisms approved by the Nigeria Data Protection Commission. 6.2 By using the Website, or Application, you acknowledge that your data may be transferred to and processed in countries outside Nigeria. We will always take appropriate steps to ensure that such transfers are lawful and that your data remains adequately protected. 7. DATA RETENTION 7.1 We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirements. 7.2 In determining the appropriate retention period, we consider the nature, sensitivity, and volume of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means. 7.3 As a general guide: Account data is retained for the duration of your account and for a period of seven (7) years thereafter, in compliance with applicable Nigerian tax and corporate records requirements. Transaction records are retained for a minimum of seven (7) years from the date of the relevant transaction. KYC and identity verification data is retained in accordance with applicable anti-money laundering regulations. Marketing and communications data is retained until you withdraw your consent or unsubscribe. Technical and log data is typically retained for up to twelve (12) months. 7.4 Upon expiry of the applicable retention period, we will securely delete or anonymize your personal data. Where deletion is not immediately possible, we will isolate your data from further processing until deletion can be effected. 8. YOUR DATA SUBJECT RIGHTS 8.1 Under the NDPA and applicable regulations, you have the following rights in respect of your personal data: Right of access: You may request a copy of the personal data we hold about you and information about how we use it. Right to rectification: You may request that we correct any inaccurate or incomplete personal data we hold about you. Right to erasure: In certain circumstances, you may request that we delete your personal data. This right is subject to applicable legal and regulatory obligations that may require us to retain certain data. Right to restriction of processing: You may request that we restrict the processing of your data in certain circumstances, for example where you contest the accuracy of the data or object to our use of it. Right to data portability: Where processing is based on your consent or the performance of a contract, you may request that we provide your personal data to you in a structured, commonly used, and machine-readable format, or transfer it directly to another data controller where technically feasible. Right to object: You may object to the processing of your data based on our legitimate interests, including for direct marketing purposes. We will cease such processing unless we have compelling legitimate grounds that override your interests. Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Right to lodge a complaint: You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe that the processing of your data infringes applicable data protection law. 8.2 To exercise any of your rights, please submit a written request to privacy@copengroup.com. We will respond to your request within thirty (30) days of receipt. We may require you to verify your identity before processing your request. 8.3 The exercise of certain rights may affect our ability to provide some or all of the Services to you. 9. DATA SECURITY 9.1 The Company implements a range of technical and organizational security measures designed to protect your personal data against unauthorized access, accidental loss, disclosure, alteration, or destruction. These measures include: Encryption of personal data in transit using Transport Layer Security (TLS) protocols. Encryption of sensitive data at rest using industry-standard encryption algorithms. Access controls and authentication procedures limiting access to personal data to authorized personnel on a need-to-know basis. Regular security assessments, penetration testing, and vulnerability management. Staff training on data protection and information security practices. Incident response procedures for detecting, reporting, and managing data security breaches. 9.2 You are responsible for maintaining the confidentiality of your account credentials. You should choose a strong password and not disclose it to any third party. You must notify us immediately at privacy@copengroup.com if you become aware of any unauthorized use of your account or any security breach. 9.3 No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant regulatory authority in accordance with applicable law. 10. COOKIES AND TRACKING TECHNOLOGIES 10.1 The Website, or Application uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content. Cookies are small data files stored on your device. 10.2 We use the following categories of cookies: Strictly necessary cookies: Essential for the operation of the Application, including authentication, session management, and security. These cannot be disabled. Performance and analytics cookies: Collect information about how users interact with the Website, or Application, enabling us to improve functionality and performance. Functionality cookies: Remember your preferences and settings to provide a more personalized experience. Targeting and advertising cookies: Used with your consent to deliver relevant property listings and marketing content based on your browsing history and preferences. 10.3 You may control the use of non-essential cookies through your device or browser settings, or through any cookie preference centre provided within the Website, or Application. Please note that disabling certain cookies may affect the functionality of the Website, or Application. 10.4 We may use third-party analytics tools (such as Google Analytics or similar services) that collect and process usage data on our behalf. Such third parties are bound by their own privacy policies and applicable data protection obligations. 11. MINORS 11.1 The website and software are intended for use by persons who are 21 years of age or older, consistent with the eligibility requirements in the Urban Home Front Terms and Conditions of Use. We do not knowingly collect personal data from persons under the age of 21. 11.2 If we become aware that we have inadvertently collected personal data from a person under the age of 21 without appropriate parental or guardian consent, we will take immediate steps to delete that data. If you believe that we may have collected such data, please contact us at privacy@copengroup.org.ng. 12. DIRECT MARKETING 12.1 With your prior consent, we may contact you by email, SMS, push notification, or other means to provide information about our property developments, promotions, events, and related services. 12.2 You may opt out of receiving marketing communications at any time by: Clicking the “unsubscribe” link in any marketing email; Adjusting your notification preferences within the website or software settings; or Contacting us directly at privacy@copengroup.org.ng. 12.3 Opting out of marketing communications will not affect communications that are necessary for the performance of a contract with you or for the provision of customer support. 13. THIRD-PARTY LINKS AND INTEGRATIONS 13.1 The website or software may contain links to, or integrate with, third-party websites, platforms, or services. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies before providing any personal data. 13.2 Where the website or software integrates with third-party payment processors, identity verification services, or mapping providers, your interactions with such services are subject to their respective privacy policies. We will always identify where third-party services are used within the website or software. 14. CHANGES TO THIS PRIVACY POLICY 14.1 We reserve the right to update or modify this Privacy Policy at any time. We will notify you of material changes by posting a notice within the website or software or by sending an email to the address associated with your account, on or before fourteen (14) days after the changes take effect. 14.2 Your continued use of the website or software after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically. 14.3 The “Last Updated” date at the top of this Policy reflects the date of the most recent revision. Older versions of this Policy are available upon request. 15. GOVERNING LAW AND JURISDICTION 15.1 This Privacy Policy shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulation 2019, and any other applicable Nigerian legislation. 15.2 Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the Federal Republic of Nigeria. 16. HOW TO CONTACT US If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or wish to exercise any of your rights, please contact our Data Protection Officer: Data Protection Officer Copen Group, for Urban Home Front Address: Plot 32 Ebeano Housing Estate, Enugu, Enugu State, Nigeria Email: privacy@copengroup.org.ng Regulatory Authority: Nigeria Data Protection Commission (NDPC) www.ndpc.gov.ng We are committed to working with you to achieve a fair resolution of any complaint or concern about privacy. If you are not satisfied with our response, you have the right to refer the matter to the NDPC. This Privacy Policy is effective as of 20 April 2026 | Version 1.0 © 2026 Copen Group. All rights reserved.