At WIPC, the security and confidentiality of your Personal Data is very important to us. This Privacy Policy, which is incorporated into the Terms of Use, outlines how we handle your data in compliance with the Data Protection and Privacy Act, 2019 (DPPA) of Uganda.
1. Definitions of Key Terms
| Term | Definition |
| Term | Definition |
| Personal Data | Any information that identifies or makes identifiable a living individual (the “Data Subject”). |
| Data Subject | The identifiable person to whom the Personal Data belongs (i.e., you, as a user of our Digital Platforms). |
| Processing | Any operation performed on Personal Data, which includes activities like collecting, recording, storing, consulting, using, disclosing, or destroying the data. |
| Controller | The entity that decides why and how Personal Data is Processed. WIPC acts in this capacity. |
| Processor | A third party that Processes Personal Data strictly on behalf of and according to the instructions of the Controller (e.g., a service provider handling our email communications). |
| Digital Platforms | The collective term for WIPC’s official digital presence, including the website (wipc.org), any official mobile applications, and all other related digital services. |
2. Our Commitment to Data Protection and Uganda DPPA Compliance
We are committed to processing your Personal Data in compliance with the DPPA. We adhere to the core principles of the Act, including Accountability, Fair and Lawful Processing, Adequacy and Minimality, Quality of Information, and Security Safeguards.
3. Personal Data We Collect
We collect data that is adequate, relevant, and limited to what is necessary for our stated purposes.
In the course of our work, WIPC may process Sensitive Personal Data, including information relating to health, gender identity, disability, ethnic background, and experiences of violence or conflict. WIPC shall process Sensitive Personal Data only where strictly necessary for programme implementation and only with the Data Subject’s explicit, informed consent or as permitted under the Data Protection and Privacy Act, 2019.
A. Information You Provide to Us Directly:
| Data Category | Specific Data Elements | Relevance |
| Identity & Contact Data | Full name, email address, physical address, and telephone number. | User account creation and direct communication on the Digital Platforms. |
| Transaction & Financial Data | Donation amount and limited payment information (handled by secure third-party processors). | Processing payments for donations and event fees. |
| User Generated Content | Feedback, comments, policy submissions, and photos or videos uploaded. | Submitting reports, joining forums, or sharing field data. |
B. Information Collected Automatically (Usage, Device, and Location Data):
| Data Category | Specific Data Elements | Relevance |
| Device & Connection Data | IP address, device type, unique device identifiers (e.g., IMEI), operating system, and browser type. | Ensuring compatibility and preventing fraud across Digital Platforms. |
| Mobile Usage Data | Features used, screens viewed, time spent, and crash reports. | Analyzing performance and improving user experience. |
| Geolocation Data | GPS Coordinates (if explicit and ongoing consent is granted via the Digital Platforms permissions). | Required for specific field reporting or location-based features. |
4. Basis and Purpose for Processing Data
We process your Personal Data based on one of four legal grounds, and only for the specific purposes listed below:
| Legal Basis for Processing | Specific Purposes for which Data is Used |
| Contractual Necessity | Account Management, Transaction Processing, and Event Registration on the Digital Platforms. |
| Legal Obligation | Compliance Financial, Tax, and Legal Reporting requirements such as the Data Protection and Privacy Act 2019. |
| Legitimate Interests | Research and Policy Development, Service Improvement, Security and Fraud Prevention, and Operational Communications. |
| Consent | Sending Direct Marketing & Updates (opt-in required) and using Geolocation Services. Consent may be withdrawn at any time. |
5. Disclosure and Transfer of Personal Data
We will not sell or rent your Personal Data. We share data only with:
- Service Providers: Third parties who process data on our behalf and are bound by strict contractual confidentiality obligations.
- Legal Compliance: Law enforcement or judicial authorities when required by a Uganda court order.
Cross-Border Data Transfers (Processing Outside Uganda)
Any transfer of Personal Data outside of Uganda (regulated by Section 19 of the DPPA) will only occur if we ensure Adequate Protection Measures equivalent to the DPPA, or if we obtain your Explicit Data Subject Consent.
6. Data Security and Retention
WIPC implements appropriate, reasonable, technical, and organizational security measures to prevent unauthorized access or disclosure.
- Security Measures: Including Encryption, strict Access Controls (MFA), staff training, and system monitoring.
- Data Retention: We retain your data only for as long as necessary for the collected purposes or as legally mandated, followed by secure disposal.
- Sensitive datasets are subject to accelerated destruction or permanent de-identification once the research cycle is complete and all ethical and legal obligations are met.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve your experience and analyze usage on the Digital Platforms.
8. Your Data Protection Rights
As a Data Subject, you have specific rights under the DPPA:
- Right to Access: To request confirmation on whether we are processing your data and to request a copy of the Personal Data we hold about you.
- Right to Rectification: To request that we correct any inaccurate or incomplete Personal Data (Accuracy Principle).
- Right to Object: To object to the processing of your Personal Data, particularly for unsolicited direct marketing.
- Right to Prevent Processing: To prevent the processing of your Personal Data where the processing causes unwarranted substantial damage or distress to you or another person.
- Right to Erasure (Right to be Forgotten): To request the deletion of your Personal Data when your consent is withdrawn, or the data is no longer necessary for the purposes for which it was collected.
- Right to Withdraw Consent: To withdraw consent where processing relies on it.
To exercise any of these rights, please contact our Data Protection Officer.
9. Indemnification
You agree to defend, indemnify, and hold harmless WIPC and its affiliates from and against any claims, liabilities, damages, and expenses (including reasonable attorneys’ fees) arising out of your violation of these Terms or your use of the Digital Platforms.
9.1 Governing Law: These terms shall be governed by the laws of Uganda.
10. Changes to This Policy
We may update this Policy periodically. We will notify you of any material changes by posting the updated Policy on our website.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, please contact our Data Protection Officer:
Data Protection Officer
Women’s International Peace Center
Plot 1467 Church Rd, Bulindo, Wakiso
Email: dataprotection@wipc.org