Digivic Initiative
Last updated: 14 January 2026

1. Introduction, Purpose and Scope

Digivic Initiative (“Digivic Initiative”, “we”, “us”, or “our”) is a non-profit organisation working to advance digital transformation strategies in Nigeria and Africa. 

This Privacy Policy explains how we collect, use, store, share, and protect personal data obtained through our website: https://www.digivic.org/ and related online and offline activities.

Digivic Initiative is committed to respecting privacy, protecting personal data, and upholding human-rights-respecting and risk-aware data protection standards, particularly for individuals and communities operating in sensitive or high-risk civic environments.

This Policy applies to all website visitors, supporters, partners, donors, volunteers, researchers, programme participants, and other individuals whose personal data we process.

2. Applicable Legal Framework

This Privacy Policy is drafted in compliance with, and informed by, the following frameworks:

  • Nigeria Data Protection Act, 2023 (NDPA)
  • Nigeria Data Protection Regulation (NDPR)
  • Guidelines issued by the Nigeria Data Protection Commission (NDPC)
  • African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention)
  • ECOWAS Supplementary Act on Personal Data Protection
  • EU General Data Protection Regulation (GDPR), where applicable

Where multiple laws apply, Digivic Initiative adopts the highest applicable standard of data protection and a human-rights-respecting interpretation.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Sensitive / Special Category Data: Personal data revealing political opinions, civic or union affiliation, human rights work, or information about vulnerable or at-risk individuals.
  • Data Subject: The individual to whom personal data relates.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • Consent: A freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

4. Categories of Data We Collect

4.1 Personal Data

We may collect:

  • Name
  • Email address
  • Phone number
  • Organisation or affiliation
  • Location (country or city level)
  • IP address and basic device information

4.2 Sensitive / Special Category Data

Where strictly necessary and with appropriate safeguards, we may process:

  • Information relating to participation in advocacy, civic engagement, or human rights activities
  • Voluntarily provided information revealing political opinions, civic or union affiliation
  • Information relating to vulnerable or at-risk individuals or communities

We do not intentionally collect sensitive data unless it is necessary for legitimate advocacy, research, safeguarding, or organisational purposes.

4.3 Donor and Grant-Related Data

We may collect:

  • Donor names and contact details
  • Organisational affiliation
  • Donation or grant history
  • Correspondence relating to funding, reporting, or compliance

 

5. How We Collect Data

We collect data through:

  • Website contact forms and newsletter sign-ups
  • Advocacy campaigns and public statements
  • Event registrations, trainings, and workshops
  • Research, surveys, interviews, and consultations
  • Volunteer, fellowship, and partnership applications
  • Secure communications with activists, community members, and partners
  • Donor engagement and grant management processes
  • Cookies and minimal analytics tools

 

6. Purpose and Lawful Basis for Processing

We process personal data for the following purposes and lawful bases:

  • Advocacy, public education, and communications
    • Lawful basis: Legitimate interest; public interest
  • Capacity building, research, and programme delivery
    • Lawful basis: Consent; legitimate interest; public interest
  • Donor management, reporting, and compliance
    • Lawful basis: Legal obligation; legitimate interest
  • Organisational administration and safeguarding
    • Lawful basis: Legitimate interest; legal obligation
  • Sensitive data processing
    • Lawful basis: Explicit consent and/or substantial public interest, with safeguards

 

7. Special Protections for Advocacy-Sensitive Data

Digivic Initiative applies enhanced protections to high-risk and sensitive data, including:

  • Data minimisation and strict purpose limitation
  • Collection only where necessary and proportionate
  • Anonymisation or pseudonymisation where feasible
  • Restricted access on a need-to-know basis
  • Heightened security measures for sensitive communications and records

 

8. Donor and Grant-Related Data

Donor and grant-related data is used strictly for:

  • Acknowledgement and stewardship
  • Financial accountability, audits, and reporting
  • Compliance with legal and donor requirements
  • Organisational communications

We treat donor information as confidential and do not disclose it except:

  • Where required by law or regulation
  • For audits or financial compliance
  • Where required under donor or grant agreements

9. Data Sharing and Third Parties

We may share limited data with trusted third-party service providers (such as email platforms, accounting services, and secure cloud storage) strictly for organisational purposes.

All third parties are subject to contractual confidentiality and data protection obligations.

We do not sell personal data.

10. Cross-Border Data Transfers

Where data is transferred outside Nigeria, we ensure:

  • Adequate data protection safeguards
  • Use of GDPR-compliant mechanisms where applicable
  • Transfers are limited and necessary

 

11. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to meet legal and accountability requirements. Data is securely deleted or anonymised when no longer required.

  1. Data Subject Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Object to or restrict processing
  • Withdraw consent at any time
  • Request data portability (where applicable)
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or another competent authority

Requests may be submitted using the contact details below.

13. Children and Vulnerable Persons

Digivic Initiative does not intentionally collect personal data from children without appropriate consent. Where work involves children or vulnerable persons, additional safeguarding and data protection measures are applied.

14. Security Measures

We implement technical and organisational measures appropriate to the level of risk, including secure storage, access controls, and internal data protection practices.

15. Updates to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with the revised date.

16. Contact Information

For privacy or data protection enquiries, contact:
Digivic Initiative
Email: info@digicivic.org