At InterMediation Nigeria Foundation, we are committed to retaining personal data only for as long as it is necessary to fulfill the purposes for which it was collected, comply with legal obligations, or fulfill our operational requirements. This Data Retention Policy outlines the specific retention periods and the procedures we follow to ensure that data is stored responsibly and securely.

Types of Data and Retention Periods

We categorize the data we collect and store based on its nature and purpose. The retention periods for different types of data are as follows:

  1. Beneficiary Data
  • Personal Identification Information: Retained for the duration of the individual’s engagement with our services and up to 5 years after their last interaction, unless longer retention is required by law or necessary for future program evaluations.
  • Health Information: Medical records related to Vesico-Vaginal Fistula (VVF) treatment and related health services are retained for 7 years from the last date of treatment to comply with healthcare regulations. In some jurisdictions, health data may be retained for longer periods based on local laws.
  • Program Data: Information related to participation in skills acquisition programs, including progress reports, is retained for 5 years after the completion of the program for reporting, evaluation, and potential future engagements.
  1. Donor and Partner Data
  • Donation Records: Financial records, including donation amounts, payment details, and donor information, are retained for 7 years to comply with tax and financial regulations.
  • Contact Information: Donor and partner contact details may be retained for up to 5 years after the last donation or partnership, unless the individual requests the deletion of their data.
  1. Staff and Volunteer Data
  • Employment Records: Staff employment records, including contracts, payroll, and compliance documents, are retained for 7 years after the termination of employment for legal and tax purposes.
  • Volunteer Information: Volunteer records are retained for 3 years after the last engagement unless further retention is necessary for future programs.
  1. Communications Data
  • Emails and Correspondence: Communications with beneficiaries, donors, partners, or other stakeholders are retained for 2 years from the date of the last interaction unless required for legal or operational reasons.
  1. Media and Testimonials
  • Photographs, Videos, and Testimonials: These are retained indefinitely or until the individual withdraws their consent for use. Explicit consent is always required for their use in public materials, and individuals can request removal at any time.
  1. Legal and Regulatory Retention

In some cases, retention periods may be extended to comply with specific legal or regulatory requirements. Examples include:

  • Healthcare Data: Retained based on healthcare laws and regulations (e.g., HIPAA or local health laws), which may require keeping medical records for extended periods.
  • Financial and Tax Data: Donor and financial records may need to be retained for up to 7 years or longer to comply with tax laws and audit requirements.
  1. Data Disposal Procedures

When personal data is no longer needed and has reached the end of its retention period, we take the following steps to ensure secure and permanent disposal:

  1. Physical Records
  • Secure Shredding: Paper records, including consent forms, medical records, and financial documents, are securely shredded to ensure that sensitive information cannot be reconstructed or accessed by unauthorized individuals.
  1. Digital Records
  • Secure Deletion: Digital records, such as electronic files, emails, and cloud-stored data, are securely deleted using industry-standard data destruction methods. This ensures that deleted data cannot be recovered or accessed.
  • Deactivation of Accounts: Any user accounts, including those of staff, volunteers, or beneficiaries, are deactivated, and all associated data is permanently deleted from our systems after the retention period expires.
  1. Retention Reviews and Audits

To ensure compliance with this policy, we conduct regular reviews and audits of our data retention practices:

  • Annual Review: We conduct an annual review of stored data to identify any records that have reached the end of their retention period and ensure they are securely disposed of.
  • Automated Retention Controls: In cases where our systems allow, we use automated tools to manage data retention, ensuring that records are automatically flagged for deletion once they reach their retention period.
  1. Right to Data Deletion

Individuals have the right to request the deletion of their personal data under certain circumstances. We honor these requests in compliance with applicable laws, subject to the following conditions:

  • Legal Obligations: We may be required to retain certain records (e.g., financial or health data) even after a deletion request to comply with legal, tax, or regulatory obligations.
  • Operational Necessity: Some records may be retained for a longer period if they are necessary for ongoing operational needs or program evaluation.
  • How to Request Deletion: Individuals can request the deletion of their personal data by contacting us at [Insert Contact Information]. We will process deletion requests within a reasonable time and in compliance with applicable laws.
  1. Data Retention Exceptions

In rare cases, we may need to retain personal data for longer periods due to:

  • Ongoing Legal Proceedings: If the data is part of ongoing legal investigations, disputes, or audits, we may need to retain it until the matter is resolved.
  • Future Program Participation: In some cases, we may retain contact information and program data if there is a high likelihood that the individual will re-engage with our services in the future.