Policy

Privacy Policy

Last updated: January 2024

1. Introduction

EWEDEO ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you interact with our website, programs, or services. By using our website or providing us with your personal data, you agree to the practices described in this policy.

We handle all personal data in accordance with applicable Ethiopian law and international best practices for nonprofit data governance.

2. What Information We Collect

We may collect the following categories of personal information:

  • Contact information: Your name, email address, phone number, and postal address when you contact us, sign up for newsletters, or fill out a form.
  • Donation information: When you make a donation, we collect your name, email, amount donated, payment method type, and transaction reference. We do not store full card numbers. Payments are processed securely by Stripe (USD) or Chapa (ETB).
  • Volunteer and application data: If you apply to volunteer, we collect your name, contact details, area of interest, and any information you provide in your message.
  • Usage data: We may collect anonymized data about how you navigate our website (pages visited, time spent, browser type) to improve our site. This is done through privacy-respecting analytics tools.
  • Program beneficiary data: For individuals in our programs, we collect only the minimum data necessary to deliver and evaluate our services. Beneficiary data is handled under a separate internal Data Protection Protocol.

3. How We Use Your Information

We use your personal information only for the following purposes:

  • To respond to your inquiries and communicate with you about our work.
  • To process donations and send you official receipts.
  • To manage volunteer applications and coordinate opportunities.
  • To send periodic updates, newsletters, and impact reports, but only where you have given us consent or expressed an interest in receiving them.
  • To improve our website and communications based on anonymized usage analytics.
  • To comply with our legal obligations, including financial reporting requirements for a registered CSO in Ethiopia.

We do not sell, rent, or trade your personal information to third parties. Ever.

4. Legal Basis for Processing

We collect and process your personal data on the following bases:

  • Consent: Where you have explicitly opted in (e.g., newsletter subscriptions).
  • Contractual necessity: To process a donation or fulfill a volunteer arrangement.
  • Legitimate interests: To improve our services and communicate our mission, balanced against your rights.
  • Legal obligation: To comply with Ethiopian charity law and financial regulations.

5. Data Storage and Security

Your personal data is stored on secure servers hosted within the cloud infrastructure of our hosting providers. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. These measures include:

  • Encrypted HTTPS connections throughout our website.
  • Access controls ensuring only authorized staff can access personal data.
  • Regular security reviews and staff data-protection training.
  • Secure deletion of data that is no longer required.

We retain personal data only as long as is necessary for the purposes described in this policy, or as required by law. Donation records are retained for seven years for accounting and compliance purposes. Contact form data is deleted after 12 months unless an ongoing relationship exists.

6. Third-Party Services

We use a small number of trusted third-party services to operate our website and process payments:

  • Stripe: For USD card payments. Stripe is PCI-DSS compliant. See Stripe's Privacy Policy.
  • Chapa: For ETB (Ethiopian Birr) payments. See Chapa's Privacy Policy.
  • Email delivery: We may use a third-party email service provider to send transactional emails and newsletters. These providers only receive the email address necessary to send the message.

7. Cookies

Our website uses a minimal set of cookies necessary for the site to function correctly (such as session cookies for form security via CSRF tokens). We do not use advertising or tracking cookies. If you prefer to block all cookies, you can configure your browser to do so, though some features of the site may not function as intended.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct any inaccurate personal information.
  • Request deletion of your personal data (subject to our legal retention obligations).
  • Object to or restrict certain uses of your data.
  • Withdraw consent at any time where consent is the basis of processing (e.g., unsubscribe from our newsletter).

To exercise any of these rights, contact us at privacy@edig.org.et. We will respond within 30 days.

9. Children's Privacy

Our website is not directed at children under 13. We do not knowingly collect personal data from children without verified parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

For the collection and use of data relating to program beneficiaries who are minors, please contact us directly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the revised policy on this page with an updated "last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: