Data Protection and Privacy Policy

  1. Introduction
    The Hovah West African Services Ltd and Adele Empowerment Foundation Consortium is committed to protecting the privacy and confidentiality of all personal information collected, stored, and processed during its digital skills training programs. This Data Protection and Privacy Policy outlines the principles and practices we follow to safeguard your personal information in compliance with the Nigerian Data Protection Regulation (NDPR) and international best practices.
  2. Scope of the Policy
    This policy applies to all students, staff, partners, and stakeholders involved in our training programs and activities at the Consortium’s training centre. It covers the collection, use, storage, sharing, and disposal of personal data.
  1. Data Collection
    We collect personal data for the purposes of program enrolment, administration, and monitoring. The types of data collected may include:
    • Name, contact details, date of birth, gender, educational background, NIN, BVN and other demographic information.
    • Data related to disabilities or special needs to ensure inclusive participation.
    • Attendance, progress, and feedback during training sessions.
  1. Legal Basis for Processing
    Personal data is collected and processed based on one or more of the following:
    • Consent provided by participants.
    • Fulfillment of contractual obligations.
    • Compliance with legal or regulatory requirements.
    • Legitimate interest in delivering and improving the training program.
  1. Data Usage
    We use personal data for the following purposes:
    • Enrolment and registration in training programs.
    • Delivering targeted and inclusive training services.
    • Monitoring and evaluation of program outcomes.
    • Reporting to stakeholders, including funding organizations, without or by disclosing required identifiable information by funding organization.
  1. Data Storage and Security
    We take appropriate technical and organizational measures to ensure the security of personal data, including:
    • Encryption of sensitive information.
    • Secure storage in password-protected systems.
    • Access control to limit data handling to authorized personnel only.
    • Regular security audits and updates to prevent breaches.
  1. Data Sharing
    We do not share personal data with third parties unless:
    • Required by law.
    • Necessary for program delivery (e.g., sharing attendance data and other necessary data with funding organizations).
    • Consent has been obtained from participants.
    In all cases, third parties are required to adhere to strict confidentiality and data protection standards.
  1. Data Retention
    Personal data will be retained only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Data that is no longer needed will be securely deleted or anonymized.
  1. Rights of Data Subjects
    Participants and stakeholders have the following rights concerning their data:
    • Access: Request access to their personal data.
    • Correction: Request corrections to inaccurate or incomplete data.
    • Deletion: Request deletion of their data, subject to legal or contractual obligations.
    • Objection: Object to the processing of their data in certain circumstances.
    Requests can be made via mobile at 2348133039718 or email at adeleempowermentfoundation@gmail.com .
  1. Breach Notification
    In the event of a data breach, affected individuals will be notified within 72 hours, and appropriate authorities will be informed as required by law.
  1. Policy Updates
    This policy will be reviewed and updated regularly to reflect changes in legal or operational requirements. Participants will be notified of any significant updates.
  1. Contact Information
    For inquiries or concerns about this policy, please contact:
    • Data Protection Officer (DPO): BIE EBIDOUZEE
    • Email: adeleempowermentfoundation@gmail.com
    • Phone: 2348133039718
    Effective Date: OCTOBER 2024
  2. Consent Management
    Participants will be required to provide consent for the collection and processing of their personal data before enrolling in the program. This consent will be:
    • Clearly stated and agreed upon by the participant.
    • Participants will be provided with details on how their data will be used and their rights.
    • Participants may withdraw consent at any time without affecting the lawfulness of prior processing.
  1. Special Provisions for Vulnerable Groups
    As the Consortium aims to empower women, persons with disabilities, and marginalized youth, additional measures will be taken to protect the privacy and data of vulnerable participants, including:
    • Minimizing the collection of sensitive information unless necessary.
    • Providing accessible and clear explanations of data practices.
    • Ensuring compliance with relevant legal protections specific to vulnerable groups.
  1. Third-Party Service Providers
    Where external vendors or service providers are engaged to support training activities or data management, the Consortium will ensure they comply with this policy and applicable data protection laws by:
    • Conducting due diligence on their data protection practices.
    • Including data protection clauses in all contracts.
    • Monitoring compliance through periodic reviews.
  1. Data Anonymization and Research Use
    Aggregated and anonymized data may be used for program evaluation, research, and reporting purposes. This ensures that individual participants cannot be identified while enabling the Consortium to assess the effectiveness of its programs and contribute to broader knowledge-sharing initiatives.
  1. Grievance Redress Mechanism
    Participants and stakeholders who believe their privacy rights have been violated or have concerns about the handling of their data may file a complaint by:
  2. Contacting the Data Protection Officer (DPO) via the contact information provided.
  3. Receiving acknowledgment of their complaint within five working days.
  4. Receiving a resolution or response within 30 working days.
    If unsatisfied, individuals may escalate their concerns to the relevant regulatory body (e.g., the National Information Technology Development Agency, NITDA).
  1. Employee and Volunteer Data
    In addition to participant data, the Consortium collects and processes personal data of its employees, trainers, and volunteers. This data will be:
    • Collected solely for employment or engagement purposes.
    • Kept secure and confidential.
    • Used only for legitimate administrative and operational needs.
    Employees and volunteers will also receive training on data protection practices to ensure compliance with this policy.
  1. Compliance with Laws and Regulations
    This policy is designed to align with:
    • The Nigeria Data Protection Regulation (NDPR).
    • The General Data Protection Regulation (GDPR), where applicable.
    • Any other relevant national or international data protection laws.
  1. Policy Acknowledgment and Agreement
    By participating in the Consortium’s training programs or engaging in its activities, individuals acknowledge that they have read, understood, and agreed to the terms of this Data Protection and Privacy Policy.