Privacy Policy

Purpose and scope

Purpose: Ensure transparent, accountable management of personal data consistent with anti‑corruption, safeguarding, and human rights commitments.
Scope: Applies to beneficiaries, employees, volunteers, interns, donors, partners, stakeholders, and visitors to our website and digital platforms.

Organizational policy alignment

Commitment to integrity: Anti‑Fraud & Corruption Policy guides honest, transparent financial and operational activities.
Safeguarding and protection: Child Safeguarding Policy, Safeguarding Policy, and PSEA Policy enforce zero tolerance for harm, exploitation, and abuse.
Transparency and accountability: Disclosure Policy, Finance Policy, and M&E Policy ensure openness, responsible financial management, and measurable program impact.
Equality and inclusion: Gender Policy and Human Resources Policy promote non‑discrimination, fair recruitment, staff welfare, and development.
Responsible use of resources: Internet and Computer Use Policy and Mobile Phone Policy govern ethical, secure technology and communications.
Ethical procurement: Procurement Manual and Procurement Code of Conduct and Ethics ensure fair, transparent, and ethical supply practices.
Behavioral standards: Code of Conduct defines respectful, professional, and accountable behavior for staff, volunteers, and partners.

Information we collect

Personal details: Name, age, gender, contact information.
Professional details: Employment history, qualifications (for HR and recruitment).
Program data: Services accessed, participation records, feedback, monitoring and evaluation inputs.
Technical data: IP address, device information, browser type, website usage and analytics.

How we use information

Program delivery: Provide health, education, empowerment, and safeguarding services.
Accountability: Comply with Finance Policy, Procurement Manual, and M&E Policy for accurate reporting and impact measurement.
Safety and protection: Uphold Child Safeguarding, PSEA, and Safeguarding Policies to prevent harm and misconduct.
Transparency: Align with Anti‑Fraud & Corruption and Disclosure Policies to deter misuse and enable responsible reporting.
Communication: Share updates, opportunities, and advocacy initiatives with consent and opt‑out options.

Data protection principles

Confidentiality: Limit access to authorized personnel; protect data through administrative, technical, and physical safeguards.
Integrity: Maintain accurate, up‑to‑date records; prevent unauthorized alteration or misuse.
Transparency: Inform individuals about data uses, rights, and relevant policies.
Accountability: Enforce Code of Conduct and organizational ethics across all data handling.

Sharing of information

No sale of data: MAISHA does not sell or trade personal information.
Program partners: Share data only with trusted partners strictly for program delivery and support services.
Legal requirements: Disclose information when required by law or regulatory authorities.
Protection of rights: Share data to protect the safety and rights of individuals where necessary.

Safeguarding and security

Child protection: Child Safeguarding Policy governs collection and use of minors’ data, with parental/guardian consent and heightened security.
Gender equality: Gender Policy ensures non‑discriminatory data practices and respectful representation.
Digital security: Internet and Computer Use Policy mandates secure systems, access controls, and responsible use.
Responsible communications: Mobile Phone Policy ensures appropriate handling of personal data via mobile channels.
PSEA compliance: PSEA Policy enforces strict controls, reporting, and response mechanisms for misconduct.

Individual rights

Access: Request a copy of your personal data held by MAISHA.
Correction: Ask to correct or update inaccurate or incomplete information.
Consent withdrawal: Withdraw consent for specific uses where applicable.
Raise concerns: Report issues or complaints through the Disclosure Policy without fear of retaliation.

Cookies and website analytics

Usage data: We may use cookies and analytics to improve website performance and user experience.
Controls: You can manage cookie preferences via your browser settings; disabling cookies may affect site functionality.
Purpose: Analytics help us understand engagement and enhance accessibility, security, and content relevance.

Data retention and security

Retention: Keep personal data only as long as necessary for program, legal, and reporting requirements under the M&E and Finance Policies.
Security measures: Apply encryption, access controls, secure storage, and regular reviews per Internet and Computer Use Policy.
Procurement safeguards: Ensure third‑party vendors meet ethical and security standards under the Procurement Manual and Code of Conduct and Ethics.

Reporting and governance

Whistleblowing: Use the Disclosure Policy to report concerns about data misuse, fraud, or misconduct.
Investigations: Allegations are handled confidentially and in line with Anti‑Fraud & Corruption, Safeguarding, and PSEA Policies.
Continuous improvement: M&E Policy guides periodic reviews of privacy practices to strengthen effectiveness and accountability.

Our promise

Be accountable: Demonstrate clear responsibility to donors, partners, and communities.

Protect vulnerable groups: Prioritize safety, dignity, and rights in all data practices.

Ensure ethical governance: Maintain transparent, responsible management of information and resources.

Promote equal opportunity: Uphold inclusion and non‑discrimination across programs and operations.

Use resources responsibly: Apply secure, ethical technology and communications.