Privacy Policy

1. Introduction

Open Privacy Africa (“OPA,” “we,” “us,” or “our”) is an independent nonprofit organization advancing digital rights, privacy, and cybersecurity across Africa. We are deeply committed to protecting the privacy of every individual who interacts with our website, resources, and programs. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

2. Information We Collect

We collect minimal personal data, consistent with our privacy-first principles:

2.1 Information You Provide

• Contact Form Submissions: Name, email address, organization (if provided), and the content of your message when you use our contact form.
• Newsletter Subscriptions: Email address if you subscribe to our newsletter or mailing list.
• Event Registrations: Name, email, organization, and role when registering for workshops, webinars, or fellowships.

2.2 Information Collected Automatically

• Basic Server Logs: IP address (anonymized where possible), browser type, referring page, and timestamp of access. These are standard web server logs retained for security and operational purposes.

3. How We Use Information

We use the information we collect solely for the following purposes:

• Responding to your inquiries and contact form submissions.
• Sending newsletters or updates you have explicitly opted into.
• Processing event and fellowship applications.
• Improving the security, functionality, and content of our website.
• Complying with legal obligations where applicable.

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising, profiling, or commercial purposes.

4. Legal Basis for Processing

We process personal data under the following legal bases, consistent with the EU General Data Protection Regulation (GDPR) and applicable African data protection laws:

• Consent: When you voluntarily submit a contact form, subscribe to a newsletter, or register for an event.
• Legitimate Interest: For website security, operational analysis, and improving our services.
• Legal Obligation: Where we are required to process or retain data under applicable law.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. Specifically:

• Contact form data is retained for up to 12 months after your last communication with us.
• Newsletter subscriptions remain active until you unsubscribe.
• Server logs are retained for a maximum of 90 days.
• Event and fellowship data is retained for the duration of the program plus 24 months for reporting purposes.

6. Cookies and Tracking

As a privacy-first organization, we do not use invasive tracking technologies, third-party advertising cookies, or behavioral analytics tools.

• We may use strictly necessary cookies for basic site functionality (e.g., theme preference).
• If we implement website analytics, we use privacy-respecting, cookieless solutions that do not track individual users across sessions or websites.
• We do not embed third-party social media trackers on our site.

7. Third-Party Services

We may use the following categories of third-party services, each selected for their commitment to privacy and security:

• Hosting Provider: For website hosting and content delivery.
• Email Service: For processing newsletter subscriptions and transactional emails.
• Content Management: For managing and delivering website content.

We require all third-party service providers to uphold strong data protection standards and process data only on our behalf.

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest where applicable.
• Access controls limiting data access to authorized personnel only.
• Regular security assessments and monitoring of our systems.
• Secure data disposal procedures when data is no longer needed.

9. International Data Transfers

As a pan-African organization, some data may be processed in jurisdictions outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections consistent with applicable data protection laws such as the GDPR and the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention).

10. Your Rights

You have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Withdrawal of Consent: Withdraw consent at any time (e.g., unsubscribe from newsletters).
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.

To exercise any of these rights, please contact us at privacy@openprivacy.africa. We will respond to your request within 30 days.

11. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will promptly delete it. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any material changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: