Privacy Policy — Suashi Humanitarian Foundation

Empowering Lives. Restoring Dignity.

Where Hope Meets Purpose · CAC Registered NGO · Serving Communities Across Nigeria
Your Data, Our Responsibility

Privacy Policy

Last updated: 21 May 2026

01 Introduction

Suashi Humanitarian Foundation ("we", "us", "our") is a CAC registered non-governmental organisation dedicated to improving social services, healthcare, and community development for families and communities across Nigeria. We take the protection of your personal data seriously and are committed to handling it responsibly, transparently, and with genuine respect for your privacy.

This Privacy Policy explains what personal information we collect through our website, how we use it, who we share it with, and the rights you hold over your data. It applies to all visitors to our website, donors, newsletter subscribers, volunteers, and anyone who contacts us.

Legal Framework. We comply with the Nigeria Data Protection Act 2023 (NDPA) and align our practices with the principles of the EU General Data Protection Regulation (GDPR), including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability.

By using this website, submitting a form, or making a donation, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please do not submit your personal information.


02 Data We Collect

We collect only the minimum personal information required to operate our charitable activities. Depending on how you interact with us, we may collect the following categories of data:

Contact & Volunteer Form Data

When you submit a contact or volunteer application form, we collect your full name, email address, phone number, and any message or additional information you choose to provide. Volunteers additionally provide details about their skills, availability, and areas of interest so that we can match them effectively to our programmes.

Donation & Payment Data

When you make a donation, we collect the donation amount, transaction reference number, payment method type (card, bank transfer, or OPay), and the date and time of the transaction. All card payments are processed directly and securely by Paystack. We never see, receive, or store your card number, CVV, expiry date, or PIN at any point in the payment process.

We NEVER store your card details. Paystack is a PCI-DSS Level 1 certified payment processor. Your card information is transmitted directly to Paystack's secure servers and is never passed to or stored on our systems.
Technical & Usage Data

We automatically collect certain technical data when you visit our website, including your IP address, browser type and version, operating system, referring URL, pages visited, and approximate geographic location derived from your IP address. This information is used solely for website security, fraud prevention, and understanding how our audience interacts with our content.

Cookies & Analytics

We use essential session cookies necessary for certain site features (such as the donation flow) to function correctly. We do not use third-party advertising or tracking cookies. See Section 06 for full details on our cookie use.

Newsletter Subscriptions

If you choose to subscribe to our newsletter, we collect your email address and the date you subscribed. Subscription is entirely voluntary, and you may unsubscribe at any time.


03 How We Use Your Data

We use the personal data we collect only for legitimate, specified purposes directly related to our charitable mission. Specifically, we use your data to:

  • Process your donation — to verify, confirm, and receipt your financial gift.
  • Send donation receipts and acknowledgements — a formal confirmation of your donation sent to your email address.
  • Communicate about campaigns and impact — to update you on specific campaigns you have supported, including how your contribution has been used.
  • Send our newsletter — only to subscribers who have given explicit consent; each email includes a one-click unsubscribe link.
  • Coordinate volunteer activities — to match your skills and availability with relevant volunteering opportunities and to communicate scheduling and programme updates.
  • Respond to your enquiries — to address messages sent through our contact form promptly and helpfully.
  • Improve our website and services — to understand how visitors use our site so that we can improve content, usability, and the donor experience.
  • Comply with legal obligations — to maintain accurate financial records as required under Nigerian law.

We do not use your data for automated profiling, targeted advertising, or any commercial purpose. We are a non-profit organisation, and your data exists only to further our charitable work.

Legal Bases. We process your data on the following legal bases under the NDPA: (a) contract performance — processing your donation; (b) legitimate interests — website security and fraud prevention; (c) consent — newsletter subscriptions; and (d) legal obligation — financial record-keeping.

04 Payment Security

We take the security of your financial transactions with the utmost seriousness. Our website supports two payment methods, each with its own security architecture:

Paystack (Card & Bank Payments)

All debit/credit card payments and Paystack-powered bank transfers are processed exclusively through Paystack's secure payment infrastructure. Paystack is certified to PCI-DSS Level 1, the highest standard for payment card data security. When you click "Pay" on our donation page, your card details are entered directly into Paystack's encrypted checkout — they never touch our servers.

What we store from Paystack transactions: donation amount, transaction reference ID, payment channel, and timestamp. That is all. We never receive, process, or store card numbers, CVV codes, expiry dates, or PINs.
OPay (Bank Transfers)

For donations made via OPay bank transfer, the transaction is processed entirely within your bank's own secure environment and OPay's platform. We receive only a transfer confirmation and reference number from OPay. Your bank account details, OPay credentials, and PIN are never shared with us or stored on our systems.

General Security Measures

Our website is served over HTTPS (TLS encryption) at all times. Our servers apply strict access controls, and all database entries are protected with industry-standard security practices. Any team member with access to donation records is bound by a confidentiality obligation.


05 AI Chatbot

Our website includes an AI-powered chatbot to help visitors find information about our programmes, campaigns, and how to donate or volunteer. This chatbot is powered by the Google Gemini API.

How Chatbot Data Is Handled
  • Conversations are transmitted to Google's Gemini API for processing. Google's own Privacy Policy governs the processing of data by their API services.
  • We do not store your chatbot messages linked to any personally identifiable information such as your name or email address.
  • We retain only anonymised session hash identifiers and aggregate usage counts for the purpose of quality monitoring and improving the chatbot's accuracy over time.
  • Chatbot session logs are automatically deleted after 90 days.
Important: Please do not share sensitive personal information — such as your full ID number, bank account details, passwords, or medical information — in the chatbot. The chatbot is designed to answer general questions and direct you to the right resources.

06 Cookies

Cookies are small text files placed on your device by a website. We use them sparingly and only where necessary.

Session Cookies (Essential)

We use session cookies that are strictly necessary for the website to function. These include:

  • Session state cookie — maintains your session as you navigate between pages, particularly during the donation flow (e.g., preserving your donation amount between steps).
  • CSRF protection token — a security token that protects our forms from cross-site request forgery attacks.

These cookies do not collect personal information for tracking or marketing purposes and are deleted when you close your browser.

No Third-Party Tracking Cookies

We do not use Google Analytics, Facebook Pixel, advertising cookies, or any other third-party tracking technology that follows you across the web. We have no interest in profiling our visitors.

How to Disable Cookies

You can configure your browser to reject cookies or to alert you before accepting them. Please note that disabling essential session cookies may prevent certain site features — including the donation form — from working correctly. Instructions for managing cookies can be found in your browser's help documentation:


07 Data Sharing

Your personal data is never sold, rented, or traded. We do not share your information with third parties for any commercial, advertising, or marketing purpose.

We will NEVER sell your data. As a charitable organisation committed to trust and transparency, selling personal data is fundamentally contrary to our values and is prohibited under the NDPA.

We share data only with the following service providers, and only to the extent necessary to deliver our services:

Paystack
Payment processing (card and bank transfers). Paystack receives only the information necessary to process your transaction. They are bound by their own PCI-DSS compliance obligations and privacy policy.
OPay
Bank transfer processing. OPay handles transactions within their own secure platform. We receive only confirmation and reference data.
Google Gemini API
Chatbot responses. Messages are processed by Google in an anonymised context. No personally identifiable data is intentionally submitted to the API.
PHPMailer / SMTP
Email delivery of donation receipts, contact replies, and newsletters. Emails are transmitted via our secure SMTP server. Your email address is used only to deliver the specific email you requested.

All third-party processors are contractually bound to handle your data only as we instruct, to maintain appropriate security measures, and not to use it for any other purpose. We select processors that demonstrate adequate data protection standards.

Legal Disclosures

In rare circumstances, we may be required to disclose personal data if compelled by a valid court order, law enforcement request, or other legal process under Nigerian law. In such cases, we will disclose only the minimum information legally required and, where permitted, will notify you of such a request.


08 Your Rights Under the NDPA

The Nigeria Data Protection Act 2023 grants you a number of important rights over your personal data. We are committed to honouring these rights promptly and without requiring you to jump through unnecessary hoops.

  1. Right of Access — You have the right to request a copy of all personal data we hold about you. We will provide this in a clear, readable format.
  2. Right to Rectification — If any data we hold about you is inaccurate or incomplete, you have the right to request that we correct it.
  3. Right to Erasure — You may request the deletion of your personal data, subject to any legal obligation requiring us to retain certain records (e.g., donation records for 7 years). We will delete everything we are not legally obliged to retain.
  4. Right to Restriction of Processing — In certain circumstances, you may ask us to temporarily pause the use of your personal data.
  5. Right to Data Portability — Where technically feasible, you may request a copy of your personal data in a structured, machine-readable format.
  6. Right to Withdraw Consent — Where we rely on your consent to process your data (such as for newsletters), you may withdraw that consent at any time without affecting the lawfulness of prior processing. You can unsubscribe from emails at any time via the link in any email we send you, or by contacting us directly.
  7. Right to Object — You may object to our processing of your data where we rely on legitimate interests as our legal basis, unless we can demonstrate compelling grounds that override your interests.
  8. Right to Lodge a Complaint — You have the right to lodge a complaint with the National Data Protection Bureau (NDPB) if you believe we have mishandled your personal data. See Section 11 for contact details.
Response Time. We will respond to all valid data rights requests within 30 days of receipt. If we need more time due to complexity, we will notify you within the initial 30-day period and explain the reason for any extension.

To exercise any of these rights, please contact us at info@suashihumanitarianfoundation.org with the subject line "Data Rights Request" and a description of your request. We may need to verify your identity before processing the request.


09 Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The table below outlines our standard retention periods:

Data Type Retention Period Reason
Donation records (amount, reference, date) 7 years Legal requirement under Nigerian financial regulations and NGO accountability standards
Newsletter subscriptions Until you unsubscribe Consent-based; you may withdraw at any time
Volunteer application data 2 years after last activity To maintain volunteer records and facilitate future re-engagement
Contact form messages 2 years To track enquiry history and provide consistent responses
Chatbot session logs (anonymised) 90 days Quality monitoring and chatbot improvement
Server access logs (IP, pages visited) 90 days Security monitoring and fraud prevention

When data reaches the end of its retention period, it is securely and permanently deleted from our systems.


10 Children's Privacy

Our website and online services are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

While our charitable work directly benefits children in need, all online interactions — donations, volunteering, newsletter subscriptions, and contact form submissions — are intended to be completed by adults.

If you believe we have inadvertently collected data from a minor, please contact us immediately at info@suashihumanitarianfoundation.org. We will take prompt action to locate and permanently delete that information from our systems.

Parents and guardians who wish to make a donation or volunteer enquiry on behalf of a family are encouraged to do so themselves using their own personal information.


11 Contact the Data Controller

For the purposes of the Nigeria Data Protection Act 2023, the Data Controller is:

Suashi Humanitarian Foundation
CAC Registered Non-Governmental Organisation, Nigeria

Email: info@suashihumanitarianfoundation.org
Phone: +234 818 938 6050
Areas of Operation: Communities Across Nigeria
Complaints to the National Data Protection Bureau (NDPB)

If you are not satisfied with our response to your data rights request or believe your data has been processed unlawfully, you have the right to lodge a complaint with Nigeria's independent data protection authority:

National Data Protection Bureau (NDPB)
Website: ndpb.gov.ng
The NDPB is the government body established under the Nigeria Data Protection Act 2023 to oversee compliance and handle complaints from data subjects.

We ask that you contact us first so that we have the opportunity to address your concern directly and promptly before escalation to the NDPB.


12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the services we offer. The most current version will always be available on this page.

When we make material changes — changes that significantly affect how we use your data or your rights — we will take reasonable steps to notify you. Depending on the nature of the change and the contact information we hold, notification may be by:

  • A prominent notice on our website homepage or donation page;
  • An email to newsletter subscribers and registered donors;
  • An updated "Last Updated" date at the top of this page.
This policy was last updated on 21 May 2026. We recommend bookmarking this page and reviewing it periodically, especially before making a donation or submitting personal information.

Your continued use of our website following a policy update constitutes your acceptance of the revised terms. If you do not agree with any changes, you may contact us or choose to discontinue use of the site.

Questions about your data?

We are committed to being transparent and responsive. If you have any questions about how we handle your personal information, or if you would like to exercise any of your data rights, our team is happy to help.


Newsletter

Stay Close to Our Mission

Monthly impact reports, stories & urgent needs — straight to your inbox.

No spam, ever. Unsubscribe anytime. We respect your privacy.