Privacy Policy

HIAN Charity Foundation ("HIAN," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect the personal data of individuals who interact with our organization, including donors, volunteers, beneficiaries, partners, website visitors, and other stakeholders ("you" or "your").

This Privacy Policy applies to all personal information collected through our website (https://hiancharityfoundation.org), our social enterprise platform Hiacart (https://hiacart.com), mobile applications, offline interactions, events, and any other means by which you interact with HIAN Charity Foundation (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Services immediately.

1. Information We Collect

1.1 Personal Information You Provide

We may collect the following categories of personal information when you voluntarily provide it to us:

• Identity Information: Full name, date of birth, gender, nationality, government-issued identification (for certain compliance purposes).
• Contact Information: Email address, telephone number, postal address, country of residence, emergency contact details.
• Financial Information: Payment card details, bank account information, mobile money account details, donation history, and billing address (processed securely through our payment processors).
• Professional Information: Occupation, employer, professional qualifications, skills, volunteer experience, curriculum vitae.
• Donation Information: Donation amounts, frequency, designated programs, gift aid declarations, and donor preferences.
• Beneficiary Information: Family composition, income level, living conditions, health status, educational background (collected for program eligibility and impact assessment).
• Communications: Messages, inquiries, feedback, testimonials, photographs, videos, and stories you choose to share with us.
• Partnership Information: Organization name, registration documents, references, partnership proposals.

1.2 Information Collected Automatically

When you visit our website or use our Services, we automatically collect certain information through cookies, web beacons, log files, and similar technologies:

• Device Information: IP address, browser type and version, operating system, device type, screen resolution, device identifiers.
• Usage Information: Pages visited, time spent on pages, links clicked, referral source, exit pages, date and time stamps, search terms.
• Location Information: General geographic location derived from your IP address (not precise GPS location).
• Cookie Data: Session identifiers, preferences, authentication tokens (see Section 8 on Cookies).

1.3 Information from Third Parties

We may receive information about you from the following sources:

• Payment processors and financial institutions (transaction confirmations).
• Social media platforms (when you interact with our content or pages).
• Partner organizations and other NGOs (referrals, joint program data).
• Publicly available sources and registries (for due diligence and compliance).
• Service providers who assist us in operating our organization.

2. How We Use Your Information

We process your personal information for the following lawful purposes:

2.1 Core Operations

• To process donations, issue receipts, and manage donor relationships.
• To onboard, coordinate, and communicate with volunteers.
• To evaluate, enroll, and support beneficiaries in our programs.
• To manage partnerships, collaborations, and contractual relationships.
• To deliver our charitable programs and services effectively.
• To comply with legal, regulatory, and reporting obligations applicable to non-profit organizations in Uganda.

2.2 Communications

• To send newsletters, impact stories, and updates about our work (with your consent where required).
• To respond to inquiries, requests, and feedback.
• To send administrative communications, including donation confirmations and policy updates.
• To provide event invitations and fundraising appeals (you may opt out at any time).

2.3 Improvement and Analysis

• To analyze website usage and improve user experience.
• To measure and evaluate the impact of our programs.
• To conduct internal research, audits, and quality assurance.
• To identify trends, needs, and opportunities in the communities we serve.

2.4 Legal and Security

• To detect, prevent, and investigate fraudulent or illegal activities.
• To protect the rights, property, and safety of HIAN, our beneficiaries, staff, volunteers, and the public.
• To enforce our Terms of Use and other agreements.
• To comply with court orders, legal process, or government requests.

3. Legal Basis for Processing

We process your personal information based on one or more of the following legal grounds:

• Consent: Where you have given clear, informed, and freely given consent for specific processing purposes.
• Legitimate Interests: Where processing is necessary for our legitimate charitable interests, provided these interests are not overridden by your rights and freedoms.
• Contractual Necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary to comply with applicable laws, regulations, or legal orders.
• Vital Interests: Where processing is necessary to protect the vital interests of any individual.
• Public Interest: Where processing is necessary for the performance of a task carried out in the public interest.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who assist us in operating our organization, including payment processors, email and communication platforms, cloud storage providers, website hosting, analytics services, and professional advisors. These providers are bound by contractual obligations to protect your data and process it only on our instructions.

4.2 Partner Organizations

We may share limited information with partner NGOs, community-based organizations, schools, and health facilities for the purpose of delivering programs and services to beneficiaries, with appropriate safeguards in place.

4.3 Legal and Regulatory

We may disclose information when required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of HIAN Charity Foundation, our stakeholders, or the public.

4.4 With Your Consent

We may share your information for purposes not described in this policy when we have your explicit consent to do so.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The specific retention periods vary depending on the nature of the information and the purpose of collection:

• Donor and financial records: 7 years (in accordance with Uganda Revenue Authority requirements and accounting standards).
• Volunteer and employment records: 5 years after the end of the relationship.
• Beneficiary records: 5 years after the last program interaction.
• Newsletter subscriptions and marketing consents: Until you unsubscribe or withdraw consent.
• Website analytics data: 26 months.
• Inquiry and communication records: 2 years after last contact.

When the retention period expires, we will securely delete, destroy, or anonymize your personal information.

6. Data Security

HIAN Charity Foundation takes the security of your personal information seriously. We implement appropriate technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, destruction, or misuse, including:

• Encryption: SSL/TLS encryption for data transmitted through our website. Encryption at rest for sensitive stored data.
• Access Controls: Role-based access to personal data, limited to authorized personnel who require it for their duties.
• Authentication: Strong password policies and multi-factor authentication where available.
• Monitoring: Regular security assessments, vulnerability scanning, and intrusion detection.
• Training: Regular data protection and privacy training for all staff and volunteers.
• Physical Security: Secured premises with controlled access to areas where personal data is stored.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Your Data Protection Rights

Depending on your jurisdiction and applicable laws, you may have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data in certain circumstances ("right to be forgotten").
• Right to Restrict Processing: You may request limitation of how we process your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, machine-readable format for transfer to another controller.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You may file a complaint with the relevant data protection supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us using the details in Section 11. We will respond to your request within 30 calendar days. We may need to verify your identity before processing certain requests.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand visitor behavior. Cookies are small text files placed on your device when you visit a website.

8.1 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly, including security, authentication, and accessibility features. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and choices to provide enhanced, personalized features.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (currently minimal on our site).

8.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can block, delete, or receive alerts about cookies. However, disabling certain cookies may affect the functionality of our website. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

9. Children's Privacy

HIAN Charity Foundation is committed to protecting the privacy of children. Our programs serve children and youth, and we collect information about beneficiaries under the age of 18 only with the informed consent of a parent, legal guardian, or authorized caregiver, and solely for the purpose of delivering charitable services and measuring program impact.

We do not knowingly collect personal information from children under the age of 13 through our website or other digital channels without verified parental consent. If we become aware that we have inadvertently collected personal data from a child under 13 without proper consent, we will promptly delete such information from our records. Parents or guardians who believe their child has provided us with personal information may contact us using the details in Section 11.

10. International Data Transfers

HIAN Charity Foundation is based in Uganda. However, some of our service providers, partners, and platforms may be located in other countries, including the United States and European Union member states. When we transfer personal data internationally, we implement appropriate safeguards in accordance with applicable data protection laws, including:

• Standard Contractual Clauses approved by relevant authorities.
• Verification that the recipient country provides an adequate level of data protection.
• Binding corporate rules for intra-group transfers.
• Explicit consent from data subjects where required.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer:

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:

• Post the updated policy on this page with a new "Last Updated" date.
• Provide prominent notice on our website for a reasonable period before changes take effect.
• Notify you directly via email if the changes significantly affect your rights or how we process your data.

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this policy periodically to stay informed about our privacy practices.

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Uganda, including the Data Protection and Privacy Act, 2019 and the Data Protection and Privacy Regulations, 2021, without regard to conflict of law principles. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Uganda.

14. Acknowledgment

By using our Services, donating, volunteering, or otherwise engaging with HIAN Charity Foundation, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please refrain from using our Services and contact us to discuss any concerns.