Privacy Policy

  • Home
  • Privacy Policy

Privacy Policy

April 27, 2025 2025-06-20 13:55

Privacy Statement

OpenSwitch Africa Foundation

Effective Date: June 20, 2025 

The OpenSwitch Africa Foundation is committed to protecting the privacy and personal data of all individuals interacting with our website (https://openswitchafrica.org/) and services. As a non-profit dedicated to developing an open-source payment switch to revolutionize instant payments in Africa, we prioritize transparency, security, and compliance with applicable data protection laws. This Privacy Statement outlines how we collect, use, store, and protect your personal data, as well as your rights regarding that data.

Scope

This Privacy Statement applies to all visitors, users, donors, partners, and stakeholders who engage with the OpenSwitch Africa Foundation website, including those accessing our services, making donations, or participating in open-source initiatives. It covers all personal data collected through the website and related activities.

Data We Collect

We may collect the following types of personal data:

  • Contact Information: Name, email address, phone number, or mailing address provided when you contact us, donate, subscribe to newsletters, or register for events.
  • Financial Information: Payment details (e.g., mobile money, bank card, or cryptocurrency wallet information) for donations, processed securely via third-party payment providers.
  • Usage Data: Information about your interaction with the website, such as IP address, browser type, device information, pages visited, and time spent, collected via cookies and analytics tools.
  • Open-Source Contributions: GitHub usernames or other identifiers provided by contributors to our open-source payment switch repositories.
  • Feedback and Survey Data: Information submitted through forms, surveys, or community forums to improve our services or programs.

We collect only the data necessary for the purposes outlined below, adhering to the principle of data minimization.

How We Collect Data

  • Directly from You: When you submit forms, make donations, subscribe to newsletters, or engage in open-source activities.
  • Automatically: Through cookies, analytics tools (e.g., Google Analytics), and server logs when you visit our website.
  • From Third Parties: From payment processors (e.g., for donations) or partners (e.g., event collaborators), with your consent or as permitted by law.

Purpose of Data Collection

We use your personal data to:

  • Process donations and provide receipts, per the Donor Management Policy.
  • Communicate updates, newsletters, or event invitations, with your consent.
  • Manage and improve our website, ensuring functionality and user experience.
  • Facilitate open-source collaboration, including attributing contributions to the payment switch.
  • Conduct research and surveys to enhance our programs and advocacy efforts.
  • Ensure compliance with legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements for financial transactions.

Legal Basis for Processing

We process personal data based on:

  • Consent: For newsletters, marketing, or optional data sharing (e.g., event registrations).
  • Contractual Necessity: To process donations or fulfill partnership agreements.
  • Legitimate Interests: To improve our website, analyze usage, or engage open-source communities, where such interests do not override your rights.
  • Legal Obligation: To comply with laws, such as the Ghana Data Protection Act or Financial Action Task Force (FATF) guidelines for cryptocurrency transactions.

Data Protection and Security

We implement robust measures to protect your personal data, including:

  • Encryption: AES-256 encryption for data at rest and in transit (e.g., via HTTPS).
  • Access Controls: Role-based access to sensitive data, restricted to authorized personnel, with multi-factor authentication (MFA).
  • Secure Payment Processing: Third-party processors (e.g., Stripe, Paystack) handle financial data, compliant with PCI-DSS standards.
  • Regular Audits: Annual security audits and penetration testing to identify vulnerabilities.
  • Data Minimization: Collecting only the data necessary for specific purposes.

In the event of a data breach, we will notify affected individuals and relevant authorities within 72 hours, as required by the Ghana Data Protection Act, GDPR, or other applicable regulations, per our Data Protection and Privacy Policy.

Data Sharing and Transfers

We may share your data with:

  • Service Providers: Third-party vendors (e.g., cloud hosting, analytics, payment processors) bound by Data Protection Agreements (DPAs) ensuring compliance with applicable laws.
  • Partners: For collaborative initiatives (e.g., open-source projects, events), with your consent or as anonymized data.
  • Regulators: To comply with legal obligations, such as AML/KYC requirements or tax reporting.

For cross-border data transfers, we ensure compliance with GDPR, Nigeria’s NDPR, Kenya’s DPA, South Africa’s POPIA, and other relevant frameworks, using safeguards like Standard Contractual Clauses (SCCs) where necessary.

Cookies and Tracking

Our website uses cookies and similar technologies to enhance user experience and analyze usage. Types include:

  • Essential Cookies: Necessary for website functionality (e.g., navigation, session management).
  • Analytics Cookies: To track usage patterns and improve services (e.g., Google Analytics).
  • Marketing Cookies: For targeted communications, only with your consent.

You can manage cookie preferences via our website’s cookie consent tool. Disabling cookies may affect website functionality.

Your Rights

As a data subject, you have the following rights, subject to applicable laws:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data, where no legal basis for retention exists.
  • Restriction: Limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests or for marketing purposes.
  • Data Portability: Receive your data in a structured, machine-readable format.
  • Withdraw Consent: Revoke consent for data processing at any time, without affecting prior lawful processing.

To exercise these rights, contact our Data Protection Officer (DPO) at info@openswitchafrica.org. We will respond within 30 days, as required by law.

Data Retention

We retain personal data only as long as necessary:

  • Donor Data: 7 years post-contribution, per Ghanaian tax and non-profit regulations.
  • Website Usage Data: Up to 2 years for analytics, unless anonymized.
  • Open-Source Contributor Data: Retained for the duration of active contributions or as required for attribution, unless deletion is requested.
  • Other Data: As specified in donor or partnership agreements, or per legal requirements.

Data no longer needed is securely deleted using certified erasure methods.

Third-Party Links

Our website may contain links to third-party sites (e.g., GitHub, payment processors). We are not responsible for their privacy practices. Please review their privacy policies before sharing personal data.

Compliance with Laws

We comply with:

  • Ghana Data Protection Act
  • General Data Protection Regulation (GDPR)
  • Nigeria’s Data Protection Regulation (NDPR)
  • Kenya’s Data Protection Act (DPA)
  • South Africa’s Protection of Personal Information Act (POPIA)
  • Financial Action Task Force (FATF) guidelines for cryptocurrency transactions

Data Protection Impact Assessments (DPIAs) are conducted for high-risk activities, per our Data Protection and Privacy Policy.

Updates to this Statement

This Privacy Statement may be updated to reflect changes in regulations, technology, or operations. Updates will be posted on our website with an effective date, and significant changes will be communicated via email or website notices.