Privacy & Data Protection

CADEF CAMEROON is committed to protecting the privacy, dignity, and rights of all people whose personal information we collect, hold, or process. This Privacy & Data Protection policy explains what data we collect, why we collect it, how we protect it, the rights of data subjects, and how to contact us about privacy matters.

Scope

This policy applies to all personal data processed by CADEF CAMEROON across programmes, websites, events, partnerships, and third-party platforms. It applies to staff, board members, volunteers, interns, beneficiaries, donors, partners, suppliers, and website visitors.

Principles

CADEF follows these data protection principles:

Lawful, fair and transparent processing: We process data with a clear purpose and in line with applicable law.
Purpose limitation: We collect data only for specified, legitimate purposes and do not use it incompatibly.
Data minimisation: We collect only the data necessary for the stated purpose.
Accuracy: We keep personal data accurate and up to date.
Storage limitation: We retain data only as long as needed for legal, reporting, or programme requirements.
Integrity and confidentiality: We protect data against unauthorised access, loss, or misuse.
Accountability: We document processing activities and can demonstrate compliance with this policy.

Types of Personal Data Collected

We may collect and process one or more of the following categories of personal data depending on the interaction:

Identifiers: name, date of birth, national ID, passport number.
Contact details: address, phone number, email.
Sensitive data where strictly necessary: health information, disability status, child protection details, and special category data; processed only with legal basis and additional safeguards.
Programmatic information: beneficiary records, attendance, assessments, case notes.
Financial information: bank details, donation records, payment confirmations.
Professional information: employer, role, references for recruitment.
Digital data: IP addresses, device identifiers, cookies and analytics from our websites.

Legal Basis for Processing

We process personal data only when we have a lawful basis, including:

Consent given by the data subject.
Performance of a contract or to take steps prior to entering a contract.
Compliance with legal obligations.
Protection of vital interests.
Legitimate interests pursued by CADEF where these do not override individual rights.

For special category data, we seek explicit consent or rely on a legally permitted basis with appropriate safeguards.

How We Use Personal Data

We use personal data for purposes including:

Delivering and monitoring programmes and services.
Managing staff, volunteers, interns, and contractors.
Processing donations, grants, and financial accountability.
Communicating with stakeholders, beneficiaries, and supporters.
Safeguarding, case management, and protection referrals.
Legal, regulatory, and audit obligations.
Website analytics, security, and improving user experience.

Cookies and Website Tracking

Our website uses cookies and analytics tools to enhance usability, measure traffic, and protect security. Users can manage cookie preferences through their browser settings. We do not use tracking for behavioural advertising without clear consent.

Data Sharing and Third Parties

We share personal data only when necessary and with safeguards:

With partners, contractors, and service providers under written agreements that require appropriate data protection.
With statutory authorities where required by law or to protect a person’s safety.
With funders when required for reporting, subject to data minimisation.
With aggregated, anonymised data for reporting and learning that does not identify individuals.

We do not sell personal data.

International Transfers

When personal data is transferred across borders we ensure appropriate protections are in place, such as contractual safeguards, encryption, or transfer mechanisms required by law. Transfers follow the higher standard when national laws differ.

Data Security

We apply technical and organisational measures to protect personal data, including:

Access controls and role-based permissions.
Encryption of sensitive data in transit and at rest where feasible.
Regular security reviews and staff training.
Secure backups and disaster recovery procedures.
Vendor due diligence and contractual security obligations.

Retention and Deletion

We retain personal data only for as long as necessary for the purpose collected, or to meet legal and funding requirements. Retention periods are defined in our Document Retention policy. When data is no longer required it is securely deleted or anonymised.

Data Subject Rights

Where applicable, individuals can exercise the following rights:

Right to access a copy of their personal data.
Right to rectify inaccurate or incomplete data.
Right to request erasure or restriction of processing where lawful.
Right to object to processing based on legitimate interests.
Right to data portability where technically feasible.
Right to withdraw consent at any time for processing based on consent.

Requests will be handled promptly and in accordance with applicable law.

Handling Data Breaches

CADEF maintains an incident response process for suspected or confirmed data breaches. We will contain and assess incidents, notify affected individuals and regulators as required, and document corrective actions to prevent recurrence.

Children and Vulnerable People

We take extra precautions when processing data about children and vulnerable people. We process such data only when necessary, obtain parental or guardian consent where appropriate, and apply heightened safeguards consistent with our Child Protection & Safeguarding policy.

Vendors, Contractors, and Partners

All vendors and partners that process personal data on our behalf must sign data processing agreements that set out responsibilities, security standards, and audit rights. CADEF conducts due diligence before engaging vendors and monitors ongoing compliance.

Complaints and Contact

For questions, to exercise your rights, or to make a complaint about our data practices, contact:

Email: info@cadef.org
Postal: CADEF CAMEROON, Krata Junction, Limbe, Fako, South West Region, Cameroon.
Safeguarding and privacy concerns will be handled in a timely and confidential manner.

If you remain unsatisfied after our response, you may refer your complaint to the relevant data protection authority in your country of residence.

Policy Governance and Review

The Executive Management Team is responsible for implementing this policy. The Board oversees compliance and approves major changes. This policy is reviewed at least annually and updated as required.