At InterMediation Nigeria Foundation, we recognize the importance of maintaining confidentiality and transparency when handling personal information. We are committed to only sharing personal data when necessary for the fulfillment of our mission and in compliance with legal obligations. This document outlines what data is shared, with whom, and under what conditions.

  1. Data We May Share

The types of data we may share include:

Beneficiary Data

  • Personal Identification Information: Name, age, gender, and contact details.
  • Health Information: Medical history, diagnosis, treatment plans, and progress related to Vesico-Vaginal Fistula (VVF) treatment.
  • Program Participation: Information about involvement in skills acquisition and empowerment programs.

Donor and Partner Data

  • Donation Information: Donation amounts, payment details, and related records.
  • Contact Information: Names, email addresses, and phone numbers of donors or partners for communication and reporting purposes.

Staff and Volunteer Data

  • Employment or Volunteer Details: Contact information, job roles, and necessary compliance documents for background checks or legal compliance.
  1. Who We Share Data With

We may share personal data with the following parties:

  1. Medical Professionals and Healthcare Providers
  • Purpose: To ensure beneficiaries receive the appropriate medical treatment for VVF and related conditions.
  • Data Shared: Health information, treatment plans, and contact information.
  • Legal Basis: Explicit consent from the beneficiary or their guardian is obtained before sharing health data with medical providers.
  1. Program Partners and Trainers
  • Purpose: To facilitate skills acquisition and empowerment programs for beneficiaries.
  • Data Shared: Information on program participation, progress, and feedback.
  • Legal Basis: Consent is obtained before sharing any relevant data with trainers or partner organizations.
  1. Donors and Sponsors
  • Purpose: To provide reports on the impact of their contributions and updates on programs they support.
  • Data Shared: Aggregated, anonymized data about the impact and outcomes of the programs. Personal data is not shared unless explicitly agreed upon.
  • Legal Basis: Donors are informed and can consent to the use of anonymized data in reports.
  1. Government and Legal Authorities
  • Purpose: To comply with legal obligations such as audits, investigations, or reporting requirements.
  • Data Shared: Depending on the legal request, this may include financial records, employment information, or health data.
  • Legal Basis: Compliance with national laws, regulations, or court orders.
  1. Third-Party Service Providers
  • Purpose: To support administrative, technical, and operational functions, such as cloud storage providers, IT support, and secure payment processors.
  • Data Shared: Necessary data such as encrypted financial information or contact details.
  • Legal Basis: These providers are subject to confidentiality agreements and are required to comply with our data protection standards.
  1. Media and Public Awareness
  • Purpose: To raise awareness about the impact of our work and share success stories of beneficiaries (e.g., for campaigns, reports, or fundraising).
  • Data Shared: Personal stories, photos, or videos of beneficiaries, only with explicit written consent.
  • Legal Basis: Consent is always obtained before sharing personal data for publicity purposes.
Conditions for Data Sharing

Data sharing is always conducted with the following safeguards in place:

  1. Informed Consent
  • Consent First: We obtain explicit consent before sharing any personal data, especially for health information and media content.
  • Opt-In Model: Individuals have the opportunity to opt into any form of data sharing that goes beyond the scope of service delivery (e.g., sharing stories for marketing purposes).
  1. Anonymization and Aggregation
  • Anonymized Data: Whenever possible, we anonymize or aggregate data before sharing it. This means that personal identifiers such as names, contact information, or specific health details are removed, ensuring the individual’s privacy is protected.
  • Aggregated Reports: When sharing data with donors or the public, we use aggregated data to show program outcomes without revealing personal details.
  1. Data Protection Agreements
  • Third-Party Compliance: All third parties with whom we share personal data (e.g., medical professionals, partners, service providers) are required to sign data protection agreements, ensuring they comply with our privacy standards and legal requirements.
  • Data Sharing Agreements: Formal agreements are established with partners, defining the scope of the data being shared, the purpose, and the security measures in place to protect the data.
  1. When Data is Not Shared

There are specific instances where we do not share data:

  • No Sale or Rental of Data: We do not sell or rent personal data to third parties for marketing, commercial, or other purposes.
  • No Unauthorized Sharing: Personal data will never be shared without the individual’s explicit consent unless required by law (e.g., a legal subpoena or court order).
  1. Your Rights Regarding Shared Data

Individuals whose data we collect and share have the following rights:

  • Right to Be Informed: Individuals have the right to know what personal data is being shared, with whom, and for what purpose.
  • Right to Withdraw Consent: Consent to data sharing can be withdrawn at any time. Once consent is withdrawn, we will cease any further sharing of the individual’s data unless legally required.
  • Right to Access: Individuals can request a copy of the personal data we have shared and review how it has been used.
  • Right to Rectification: If shared data is inaccurate or incomplete, individuals can request that it be corrected.
  1. Security of Shared Data

We take the following measures to ensure that shared data is protected:

  • Encryption: All data shared electronically is encrypted during transmission to prevent unauthorized access.
  • Secure Platforms: We use secure platforms for data sharing, such as encrypted cloud services or secure email systems.
  • Access Control: Only authorized individuals or organizations with a legitimate need are granted access to the shared data.