Privacy Policy

1. Introduction

Ubuntu Harmony Foundation ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ubuntuharmony.org and interact with our services.

As a registered Non-Profit Organization (NPO) in South Africa (Registration Number: 2025/287672/08), we comply with the Protection of Personal Information Act 4 of 2013 (POPIA) and all applicable South African data protection laws.

By using our website, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our website.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Make a donation: Name, email address, phone number, physical address, payment information
• Subscribe to our newsletter: Email address, name (optional)
• Contact us: Name, email address, phone number, message content
• Volunteer or partner with us: Name, contact details, qualifications, employment history, references
• Register for events: Name, contact information, dietary requirements, accessibility needs
• Apply for programs: Personal details, identification documents, financial information, educational background

2.2 Information Automatically Collected

When you visit our website, we may automatically collect certain information, including:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, links clicked, referring website
• Location Data: General geographic location based on IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

2.3 Information from Third Parties

We may receive information about you from third parties, such as payment processors, social media platforms (if you interact with us there), and public databases for verification purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Processing Donations: To process and acknowledge your donations, issue tax certificates (Section 18A), and maintain donation records
• Communication: To send newsletters, updates about our programs, event invitations, and respond to your inquiries
• Program Administration: To manage volunteer applications, program enrollments, and event registrations
• Website Improvement: To analyze website usage, improve functionality, and enhance user experience
• Legal Compliance: To comply with legal obligations, including NPO reporting requirements and tax regulations
• Security: To protect against fraud, unauthorized access, and other security threats
• Marketing: To inform you about our initiatives, campaigns, and fundraising activities (with your consent)
• Research and Analytics: To understand our impact and improve our programs

4. Legal Basis for Processing (POPIA Compliance)

Under POPIA, we process your personal information based on the following lawful grounds:

• Consent: You have given explicit consent for specific purposes (e.g., newsletter subscription)
• Contractual Necessity: Processing is necessary to fulfill our obligations to you (e.g., processing donations)
• Legal Obligation: We must process your information to comply with South African laws and regulations
• Legitimate Interests: Processing is necessary for our legitimate interests as an NPO, provided it does not override your rights

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us with:

• Payment processing and banking services
• Email marketing and communication platforms
• Website hosting and analytics
• Event management systems

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Requests from government authorities or regulatory bodies
• Protection of our legal rights or the safety of others
• Investigation of fraud or security issues

5.3 Partners and Collaborators

With your consent, we may share information with partner organizations, sponsors, or collaborators for joint programs or initiatives.

5.4 Business Transfers

In the event of a merger, acquisition, or transfer of assets, your information may be transferred to the successor organization, subject to the same privacy protections.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure Socket Layer (SSL) encryption for data transmission
• Secure servers and databases with access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection and confidentiality
• Restricted access to personal information on a need-to-know basis

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific retention periods include:

• Donation Records: Retained for at least 5 years as required by South African tax laws
• Newsletter Subscriptions: Retained until you unsubscribe
• Contact Inquiries: Retained for 2 years after resolution
• Volunteer Records: Retained for the duration of your involvement plus 3 years
• Website Analytics: Anonymized after 26 months

After the retention period expires, we will securely delete or anonymize your information.

8. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the following rights:

• Right to Access: You can request access to the personal information we hold about you
• Right to Correction: You can request that we correct inaccurate or incomplete information
• Right to Deletion: You can request deletion of your personal information, subject to legal retention requirements
• Right to Object: You can object to the processing of your information for direct marketing purposes
• Right to Restriction: You can request that we restrict processing of your information in certain circumstances
• Right to Data Portability: You can request a copy of your information in a structured, commonly used format
• Right to Withdraw Consent: You can withdraw your consent at any time where processing is based on consent
• Right to Lodge a Complaint: You can lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, please contact us using the details provided in Section 14.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us:

• Remember your preferences and settings
• Understand how you use our website
• Improve website functionality and performance
• Provide relevant content and advertisements

Types of Cookies We Use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage
• Functional Cookies: Remember your preferences
• Marketing Cookies: Track your browsing to provide relevant content

You can control cookies through your browser settings. However, disabling cookies may affect website functionality. For more information, visit www.allaboutcookies.org.

10. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or services. We are not responsible for the privacy practices or content of these external sites.

We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by Ubuntu Harmony Foundation.

11. Children's Privacy

Our website is not intended for children under the age of 18. We do not knowingly collect personal information from children without parental consent.

When we collect information about children as part of our programs (e.g., educational initiatives), we obtain consent from parents or legal guardians and implement additional safeguards to protect children's information.

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately so we can delete the information.

12. International Data Transfers

Your information is primarily stored and processed in South Africa. However, some of our service providers may be located in other countries.

When we transfer information internationally, we ensure appropriate safeguards are in place as required by POPIA, including standard contractual clauses and adequacy assessments.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on our website
• Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our website after changes are posted constitutes acceptance of the updated policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Information Regulator South Africa:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

15. Consent

By using our website and providing your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our website or provide us with your personal information.