Cybersecurity Education Initiative (CYSED)
Cybersecurity Education Initiative (CYSED)
DONATE

Privacy Policy

  1. Home
  2. Privacy Policy

Introduction

We, the Cybersecurity Education Initiative (CYSED) – a youth-led non-profit organization committed to preventing cybercrime and advancing cybersecurity in Africa through innovative and sustainable education and advocacy – take privacy and the security of personal data very seriously. We are committed to protecting the privacy and personal data of our website visitors, beneficiaries, program participants, project partners, and all individuals who interact with us electronically or in person.

This privacy policy contains important information for you. It explains:

  • Who we are;
  • Details about our website and other digital platforms;
  • What personal data we collect about you;
  • How, when, and why we collect, store, use, and share your personal data;
  • How we keep your personal data secure;
  • For how long we retain your personal data;
  • Your rights in relation to your personal data;
  • Information regarding marketing and communications; and
  • How to contact us or the relevant supervisory authorities should you have a complaint.

We are CYSED, a non-profit organization aimed at creating a safer digital environment through cybersecurity education and advocacy across Africa. Our principal contact for data protection purposes is info@cysed.org

When we collect, use, and process personal data, we comply with the Nigeria Data Protection Act, 2023 (NDPA). In this capacity, CYSED is a “controller” of personal data, meaning we determine the purposes and means of processing that data.

This policy applies to your use of our website, communications, program participation, and any electronic or in-person interactions with CYSED. Please note that our website may contain links to third-party websites that operate independently. For privacy information related to these other websites, please consult their privacy policies.

Our Commitment to Your Privacy

CYSED is committed to safeguarding personal data in order to:

  • Deliver impactful educational and advocacy programs;
  • Comply with applicable laws and regulations;
  • Meet the expectations of beneficiaries, partners, and community members; and
  • Protect our organization’s integrity and reputation.

Key Terms Used in This Policy:

  • Personal Data: Any information relating to an identified or identifiable individual (data subject), as defined by the NDPA.
  • Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
  • We/Us/Our: Refers to CYSED.
  • You/Your: Refers to individuals accessing our website, participating in our programs, or interacting with us.

Personal Data We Collect

We collect personal data whenever you:

  • Visit our website, subscribe to newsletters, contact us, register for events or programs, provide feedback, or engage with us on social media;
  • Participate in CYSED initiatives, projects, or programs as a beneficiary;
  • Use features on our website, such as forms, registration pages, and surveys;
  • Interact with us electronically or through our physical facilities.

Data collected includes:

  • Contact Information: Name, email address, phone number, and other contact details.
  • Usage Data: Information on your interactions with our website, such as pages visited and links clicked.
  • Technical Data: IP address, browser type, device type, and operating system.
  • Program Participation Data: Information about your involvement in CYSED programs, feedback, and assessments.
  • Demographic Information (for Beneficiaries): Age, gender, education level, and occupation.
  • Sensitive Data (with consent): Health or disability information to ensure program accessibility.

Consent to Use of Data

You consent to our use of your personal data when you voluntarily provide it through forms, program registration, or participation in our initiatives. You may withdraw your consent at any time by contacting info@cysed.org

How We Use Personal Data

CYSED uses personal data for the following purposes:

  1. Service Delivery: To provide educational resources, manage program participation, and tailor services to meet individual needs.
  2. Program Monitoring and Evaluation: To assess the impact of our initiatives, analyze feedback, and improve our services.
  3. Communication: To send updates, newsletters, event information, and respond to inquiries.
  4. Research and Development: To understand cybersecurity trends and develop resources for public education.
  5. Compliance with Legal Obligations: To fulfill regulatory requirements and ensure data protection compliance.
  6. Cybersecurity Awareness and Advocacy: To promote best practices and advocate for cybersecurity on a community level.
  7. Event Management: To coordinate logistics for events, including webinars, workshops, and conferences.
  8. Fundraising and Grant Applications: To support funding applications by demonstrating program effectiveness.

Please inform us if your personal data changes during your relationship with us to ensure accuracy and relevance.

The Lawful Basis and Purposes for Processing Your Data

Under the NDPA, we only process your data for legitimate purposes, which may include:

  • Consent: When you voluntarily provide your information for specific activities.
  • Performance of Contract: To deliver services you have registered for, such as program participation.
  • Legal Obligation: To comply with applicable regulations and accountability standards.
  • Public Interest: For educational purposes in the public interest, such as promoting cybersecurity awareness.
  • Legitimate Interests: For organizational needs, such as improving services and monitoring program success.

Marketing and Communications

With your consent, we may contact you by email, SMS, phone, or mail about CYSED services, events, and updates. You have the right to opt out of receiving communications at any time by contacting info@cysed.org or by using the unsubscribe link provided in our communications.

Sharing Your Personal Data

CYSED does not sell your personal data for marketing purposes. However, we may share your data with trusted third parties under the following conditions:

  • Service Providers: External providers for event management, payment processing, and communication services, who are bound by data protection agreements.
  • Sponsors and Partners: CYSED works with sponsors and partners on various projects to support cybersecurity education and advocacy initiatives. These parties are contractually obligated to handle your personal data securely and in compliance with applicable data protection laws.
  • Legal Authorities: Regulatory bodies, law enforcement agencies, or other government entities, when required by law or to protect our rights and interests.
  • CYSED Team Members: CYSED personnel who need access to personal data to fulfill organizational goals and responsibilities.

We require all third parties to treat your personal data with confidentiality and only process it for purposes specified by CYSED.

Data Transfers Outside Nigeria

If CYSED needs to transfer personal data to third parties outside Nigeria, we ensure appropriate safeguards are in place, such as data protection agreements, in compliance with the NDPA.

Data Retention Period

CYSED retains personal data only as long as necessary for the purposes outlined in this policy, considering legal and operational needs:

  • Legal Requirements: Data is retained as required by law.
  • Operational Needs: Data is retained to fulfill CYSED’s mission and improve our services.
  • Data Deletion: When data is no longer required, it will be securely deleted or anonymized.

Security of Your Personal Data

We are committed to securing your data through measures including:

  • Encryption: Protection of sensitive data during transmission and storage.
  • Access Controls: Restricting data access to authorized personnel only.
  • Physical Security: Secure access controls at our facilities.
  • Regular Audits: Ongoing security assessments to protect data integrity.

No method of transmission or storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Your Data Protection Rights

Under the NDPA, you have the following rights:

  • Right to be Informed: Access details on how we collect and use your data.
  • Right of Access: Request access to your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data in certain circumstances.
  • Right to Restrict Processing: Limit how we use your data under certain conditions.
  • Right to Data Portability: Request transfer of your data to another organization.
  • Right to Object: Object to processing based on legitimate interests.
  • Rights Regarding Automated Decision-Making: CYSED does not engage in automated decision-making or profiling.

To exercise these rights, please contact us at info@cysed.org

How to Make a Complaint

If you have concerns about our use of your data, please contact us at info@cysed.org. You also have the right to lodge a complaint with the Nigeria Data Protection Commission.

Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. The “last updated” date will indicate recent revisions. We encourage you to review this policy regularly.

Contact Us

For questions about this policy or the information we hold about you, please contact our Data Protection Officer at amina@cysed.org.

By using our website and services, you consent to our collection and use of your personal data as described in this policy.

Last Updated: 3rd November 2024.