Privacy Policy

Privacy policy

Effective Date: January 31, 2024

STEMAIDE Africa ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Data Privacy Policy outlines how we collect, use, disclose, and protect your personal information.

I. Introduction

A. Purpose of the Data Privacy Policy

The purpose of this Data Privacy Policy is to inform individuals about how STEMAIDE Africa collects, uses, stores, and protects personal data. This policy ensures transparency and accountability in our data handling practices.

B. Scope and Applicability of the Policy

This policy applies to all personal data collected by STEMAIDE Africa from customers, users, and visitors of our website, services, and products. It outlines our practices and procedures for handling such data.

C. Definitions of Key Terms

  • Personal Data: Information relating to an identified or identifiable individual.
  • Data Subject: The individual whose personal data is being collected, held, or processed.
  • Processing: Any operation performed on personal data, whether automated or manual.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes data on behalf of the Data Controller.

  • II. Collection of Personal Data

    A. Types of Personal Data Collected

    We collect various types of personal data, including but not limited to:

  • Contact details (name, email address, phone number).
  • Demographic information (age, gender).
  • Educational background.
  • Usage data (interaction with our products and services).
  • Payment information.
  • B. Legal Basis for Collecting Personal Data

    We collect and process personal data based on the following legal grounds:

  • Consent of the data subject.
  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests pursued by STEMAIDE Africa.
  • C. Methods of Collecting Personal Data

    Personal data is collected through various methods, including:

  • Direct interactions (filling out forms on our website).
  • Automated technologies (cookies and web beacons).
  • Third-party sources partners and affiliates.
  • D. Consent and Withdrawal of Consent

    Data subjects have the right to consent to the collection and processing of their personal data. They can withdraw their consent at any time by contacting us.

    E. Children's Data and Parental Consent

    We do not knowingly collect personal data from children under the age of 13 without parental consent. Parents or guardians can review, modify, or delete their child's personal data by contacting us.


    III. Use of Personal Data

    A. Purpose of Using Personal Data

    Personal data is used for various purposes, including:

  • Providing and improving our products and services.
  • Communicating with users.
  • Processing payments.
  • Conducting research and analysis.
  • B. Data Minimization Principle

    We collect only the personal data necessary to fulfill the specified purposes and avoid excessive data collection.

    C. Lawful Processing of Personal Data

    All personal data is processed lawfully, fairly, and transparently in compliance with applicable laws and regulations.

    D. Retention and Storage of Personal Data

    Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.


    E. Accuracy and Updating of Personal Data

    We take reasonable steps to ensure that personal data is accurate and up-to-date. Data subjects can update their information by contacting us.

    F. Data Sharing and Transfer

    Personal data may be shared with third parties for specific purposes, such as service provision and legal compliance. We ensure that such transfers are conducted securely and in compliance with applicable laws.


    IV. Rights of Data Subjects

    A. Overview of Data Subjects' Rights

    Data subjects have several rights regarding their personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability.

    B. Access to Personal Data

    Data subjects can request access to their personal data by contacting us. We will provide the requested information within a reasonable time frame.

    C. Rectification and Erasure of Personal Data

    Data subjects can request the rectification of inaccurate data and the erasure of data that is no longer necessary for the specified purposes.

    D. Restriction of Processing

    Data subjects can request the restriction of processing under certain conditions, such as when the accuracy of the data is contested.

    E. Objection to Processing

    Data subjects can object to the processing of their personal data for direct marketing purposes or other legitimate interests.

    F. Data Portability

    Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

    G. Automated Decision-Making and Profiling

    Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affect them.


    V. Data Security

    A. Measures to Ensure Data Security

    We implement appropriate technical and organizational measures to ensure the security of personal data, including:

  • Access controls
  • Encryption
  • Regular security assessments
  • B. Encryption and Pseudonymization

    Personal data is encrypted during transmission and storage. Where appropriate, we also pseudonymize data to protect individuals' privacy.

    C. Incident Response and Breach Notification

    We have procedures in place to detect, respond to, and report data breaches. Affected data subjects will be notified promptly if a breach poses a high risk to their rights and freedoms.

    D. Employee Responsibilities and Training

    Our employees are trained on data privacy and security practices. They are required to follow internal policies and procedures to protect personal data.


    VI. Third-Party Processors

    A. Use of Third-Party Processors

    We may engage third-party processors to perform certain functions on our behalf, such as payment processing and data analysis.

    B. Due Diligence in Selecting Processors

    We conduct due diligence to ensure that third-party processors have adequate data protection measures in place.

    C. Data Processing Agreements with Processors

    We enter into data processing agreements with third-party processors to ensure compliance with data protection laws.

    D. Monitoring and Auditing of Processors

    We regularly monitor and audit third-party processors to ensure they comply with our data protection requirements.


    VII. International Data Transfers

    A. Transfer Mechanisms for International Data Transfers

    Personal data may be transferred to countries outside the European Economic Area (EEA) using appropriate transfer mechanisms, such as:

  • Standard contractual clauses
  • Adequacy decisions
  • Binding corporate rules (BCRs)
  • B. Adequacy Decisions and Standard Contractual Clauses

    We ensure that transfers are based on adequacy decisions by the European Commission or standard contractual clauses that provide appropriate safeguards.

    C. Binding Corporate Rules (BCRs) and Certification Mechanisms

    We may use BCRs or other certification mechanisms to ensure that personal data transferred internationally is adequately protected.


    VIII. Compliance and Enforcement

    A. Responsibilities of the Data Protection Officer (DPO)

    Our Data Protection Officer (DPO) is responsible for overseeing compliance with this policy and data protection laws. The DPO can be contacted at dop@stemaide.com

    B. Internal Policies and Procedures

    We have internal policies and procedures in place to ensure compliance with data protection laws and this policy.

    C. Data Protection Impact Assessments

    We conduct data protection impact assessments (DPIAs) for high-risk processing activities to identify and mitigate potential risks.

    D. Audits and Reviews

    We regularly audit and review our data protection practices to ensure ongoing compliance and identify areas for improvement.

    E. Handling Data Breaches and Complaints

    We have procedures in place to handle data breaches and complaints. Data subjects can contact us to report a breach or file a complaint.


    IX. Updates and Amendments

    A. Review and Revision of the Data Privacy Policy

    We regularly review and update this policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

    B. Notification of Changes to Data Subjects

    We will notify data subjects of any significant changes to this policy and obtain their consent where required.


    X. Conclusion

    A. Commitment to Data Privacy and Protection

    STEMAIDE Africa is committed to protecting the privacy and personal data of our users. We strive to implement best practices and comply with all applicable data protection laws.

    B. Contact Information for Inquiries and Concerns

    If you have any questions or concerns about this Data Privacy Policy or our data protection practices, please contact us at: contact@stemaide.com