top of page

Data Protection Policy

Effective Date: October 25th, 2025
Last Updated: October 26th, 2025

​

At Yele Health Impact Foundation (YHIF), we are committed to protecting the privacy, security, and integrity of all personal data entrusted to us.

​

This Data Protection Policy outlines how we collect, store, process, and safeguard personal information in compliance with the Nigeria Data Protection Regulation (NDPR 2019) and other applicable global standards, such as the EU General Data Protection Regulation (GDPR).

​

1. Purpose

The purpose of this policy is to ensure that all personal data handled by YHIF is processed lawfully, fairly, transparently, and securely, in support of our mission to improve health and reduce poverty across Africa.

​

2. Scope

This policy applies to:

​

  • All staff, trustees, and volunteers of YHIF

  • Contractors, consultants, and partners who handle YHIF data

  • All personal data collected through our website, programs, and activities

​

3. Definition of Personal Data

“Personal data” refers to any information that can identify an individual directly or indirectly, such as:

​

  • Name, email address, phone number, postal address

  • Identification number or financial information

  • Online identifiers (e.g., IP address, device ID)

  • Any other data that can reasonably identify a person

​

4. Data Protection Principles

YHIF follows these key principles when handling personal data:

​

  1. Lawfulness, Fairness, and Transparency – Data is processed legally and transparently.

  2. Purpose Limitation – Data is collected only for legitimate purposes related to our mission.

  3. Data Minimization – Only necessary data is collected and processed.

  4. Accuracy – We ensure all personal data is accurate and kept up to date.

  5. Storage Limitation – Data is retained only as long as necessary.

  6. Integrity and Confidentiality – We protect data against unauthorized access, loss, or misuse.

  7. Accountability – YHIF is responsible for demonstrating compliance with these principles.

​

5. Lawful Basis for Processing

YHIF processes personal data on one or more of the following legal bases:

​

  • Consent: When individuals voluntarily share their data (e.g., donations, newsletter sign-up).

  • Legal Obligation: When required to comply with applicable laws or regulations.

  • Contractual Necessity: When processing is required to fulfill agreements with partners or donors.

  • Legitimate Interest: When processing supports YHIF’s non-profit objectives in a balanced and ethical way.

​

6. Data Subject Rights

All individuals whose data we hold (“data subjects”) have the right to:

​

  • Access their personal information

  • Request correction or deletion of their data

  • Withdraw consent at any time

  • Object to processing

  • Request data portability

  • Lodge complaints with the Nigeria Data Protection Bureau (NDPB)

​

Requests can be sent to privacy@yelehealth.org, and YHIF will respond within 30 days.

​

7. Data Security

YHIF implements strong administrative, physical, and technical measures to secure personal data, including:

​

  • Secure servers and encrypted storage

  • Password-protected systems

  • Restricted staff access on a need-to-know basis

  • Regular data backups and security reviews

  • Confidentiality agreements with third-party partners

​

8. Data Retention

We retain personal data only for as long as needed to fulfill its intended purpose, meet legal obligations, or support YHIF’s legitimate interests.


When data is no longer required, it will be securely deleted or anonymized.

​

9. Data Sharing and Third Parties

YHIF may share data with:

​

  • Service providers (e.g., donation platforms, email services)

  • Partner organizations involved in YHIF programs

​

Such partners are required to handle all data in compliance with NDPR and this policy.
YHIF does not sell or share personal data for commercial purposes.

​

10. International Data Transfers

When personal data is transferred outside Nigeria, YHIF ensures adequate protection measures are in place — consistent with NDPR and international data protection laws.

​

11. Breach Management

In the event of a personal data breach, YHIF will:

  • Investigate immediately

  • Take steps to minimize harm

  • Notify the Nigeria Data Protection Bureau (NDPB) within 72 hours (if required)

  • Inform affected individuals, where applicable

​

12. Roles and Responsibilities

Data Protection Officer (DPO): Oversees compliance, monitors practices, and manages data-related concerns.

All Staff and Volunteers: Must follow this policy and report any suspected breaches.

​

Contact the DPO via privacy@yelehealth.org

​

13. Policy Review

This policy will be reviewed annually or whenever significant changes occur in law, operations, or technology.

.

​

14. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

​

Yele Health Impact Foundation (YHIF)
Email: privacy@yelehealth.org

Website: www.yelehealth.org

Address: Adj Oba Elejeshi House, Oonie Layout, Ajebamidele Area, Ile-Ife, Nigeria. 

bottom of page