Data Processing &
Protection Policy
Introduction
This Data Processing/Protection Policy is the overarching policy for data security, processing and protection for the Young Professionals Forum (YPF) FCT Chapter (hereinafter referred to as “us”, “we”, “our” or “the organization”).
Purpose & Scope
Purpose of the Policy
This policy exists to comply with the requirements of relevant legislation and standards including, but not limited to: the Nigerian Data Protection Regulation 2009 (NDPR), the Cybercrimes Act (2015), the 10 Data Security Standards, the General Data Protection Regulation (2016), the common law duty of confidentiality, and other relevant guidelines. We recognize data protection as a fundamental right and abide by the principles of data protection.
Scope of the Policy
This policy applies to employees, contractors, third-party vendors and any other person who, in the course of their employment, contract, or agreement with us, has cause to handle personal or sensitive data collected by us. This policy covers our data protection principles and commitment to common law and legislative compliance, as well as procedures for data protection.
Data Collection
Data Collected
In the course of interaction with our Products/Services, we collect data to enable us to operate our Services and provide you with the best experience. You provide some of this data to us directly, such as when you register: as a member or for an event, subscribe to a newsletter or contact us for support. We also receive some of your data by means of how you interact with our Services.
Categorization of Collected Member Data
Personal information including name, email, age, gender, and spousal information.
Information about your local church and YPF group including district, group, region, state, country, and leader/worker status.
Information about your professional life including job title, employment status, work location, and more.
Means of Data Collection
We collect data in two principal ways: when you provide them to us (E.g. when you register as a member) as well as automatically (E.g. Cookies and Usage data).
- Device & Usage Data: When you visit and interact with our Services, we collect details about your device (such as operating system, hostname, browser type, referring URLs) and usage data (interactions with us via email).
- Cookies & Similar Tech: Subject to your consent, we automatically collect information to keep you logged in, remember your preferences, and identify your device.
Data We Do Not Collect
We do not intentionally collect sensitive personal information such as personal data revealing political opinions, philosophical beliefs, data identifying a person's sex life, or personal monitoring data. If such information is being requested by anyone claiming to be an agent of the YPF, please immediately contact support via email at [email protected].
How We Use Your Information
Provide Product Access
Upon receiving your information, we use it for account creation, granting you access to other products, communicating with you via email, identifying you on our website, and inviting you to take part in surveys.
Administrative Purposes
We use your information for developing new products and services, authenticating and verifying individual identities, communicating about your account, and complying with our legal obligations.
Member Management
We use your data for member management, specifically for effective communication between leaders and members, attendance tracking, statistical purposes, and informing members of events and programs.
Data Access & Storage
cloudSecure Storage
Data is stored on secure cloud services (AWS and Microsoft Azure), with regular data sanitation exercises carried out by authorized personnel ONLY.
hourglass_emptyRetention Period
We retain data for the duration of the user's membership or as necessary to fulfill the purpose for which it was collected, resolve disputes, establish legal defenses, conduct audits, enforce agreements, and comply with applicable laws.
delete_sweepDeletion of Data
If you would like to delete your personal information, you may do so in your account settings. Barring legal requirements, we will delete your full profile (within reason). After deletion, certain non-identifiable data may remain. However, we will delete or de-identify your personal information.
Role-Based Access
To ensure data privacy, access is strictly limited to specific roles within the organizational structure, restricted to individuals under their authority:
Restricted Roles
Data protection is maintained through secure authentication and role-based authorization protocols. You are, however, granted access to your data and can request a copy of it.
Data Processing Principles
We will establish and maintain policies for the controlled and appropriate sharing of user information with other agencies (if any), taking into account all relevant legislation and user consent.
Where consent is required for the processing of personal data, we will ensure that informed and explicit consent is obtained and documented in clear, accessible language and in an appropriate format.
We will establish and maintain policies to ensure compliance with the NDPR, GDPR, and Cybercrimes Act.
d. Personal Data Rights of Our Users
We actively uphold the following personal data rights for every member and user:
Right to be informed
Know what data we collect, how we use it, and how long we keep it.
Right of access
Request and obtain a copy of the personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete personal data.
Right to erasure
Request deletion of your data when it is no longer needed (Right to be Forgotten).
Right to restrict processing
Request that we temporarily or permanently stop processing your data.
Right to object
Object to our processing of your data based on personal circumstances.
Responsibilities
Data Security Lead (DSL)
We have appointed a member of staff to be our Data Security Lead (DSL). The DSL reports directly to the highest management level of the organization.
Organizational Support
We will support the DSL with the necessary resources to carry out their tasks and ensure that they can maintain expertise.
c. Duties of the Data Security Lead (DSL)
The designated duties of our Data Security Lead comprise:
Ensure the rights of individuals in terms of their personal data are upheld in all instances, keeping data collection, sharing, and storage aligned with common law principles and regulations.
Define our data protection policy, procedures, and related processes, ensuring sufficient resources are allocated to support policy requirements.
Monitor information handling to ensure compliance with laws, official guidance, and organizational procedures, liaising with senior management and the DPO.
Oversee system and process changes to guarantee that data protection safeguards are built-in from the ground up.