Jadad Charity Foundation

Legal

Privacy Policy

How Jadad Charity Foundationcollects, uses, shares, and protects personal data — guided by Uganda's Constitution, the Data Protection and Privacy Act, 2019, and NGO safeguarding good practice.

Last updated: 18 July 2026

1. Introduction

Jadad Charity Foundation (“Jadad”, “we”, “us”, or “our”) is a community-focused charitable organisation working in Uganda, with operations and contact presence in Mbale City and surrounding communities. We are committed to protecting the privacy, dignity, and personal data of every person who interacts with us—whether as a visitor to our website, a donor, a partner, a volunteer, a community member, or a programme participant.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, with whom we may share it, and the rights available to you under Ugandan law.

We aim to process personal data lawfully, fairly, and transparently, and only for legitimate purposes connected to our charitable mission of education support, healthcare access, livelihoods and food security, and emergency relief.

3. Scope of this Policy

This Policy applies to personal data we collect through:

  • Our website (including https://jadadcharity.org and related development or staging environments);
  • Online forms (contact, donation inquiry, and strategic proposal access requests);
  • Email, telephone, WhatsApp, and other messaging channels we publish;
  • Social media pages we operate (for example Facebook), to the extent data is provided to us or becomes visible in public interactions;
  • Offline programme work, events, partnerships, and administrative records necessary for our charitable activities.

4. Key definitions

In this Policy, “personal data” means any information relating to an identified or identifiable natural person (a “data subject”), as contemplated under the Act. This may include a name, contact details, identification numbers, location information, photographs, financial or donation-related information, or online identifiers when linked to a person.

“Processing” means any operation performed on personal data, including collection, recording, storage, use, disclosure, transmission, or deletion.

“Sensitive personal data” may include, among other categories recognised under Ugandan law and good practice, information about children, health, religious beliefs, or other data requiring heightened protection. We treat such information with special care.

5. Personal data we collect

Depending on how you interact with us, we may collect the following categories of data:

  • Identity and contact data: name, email address, telephone or WhatsApp number, organisation or affiliation, postal or physical address;
  • Inquiry and correspondence data: messages you send via contact or donation forms, emails, or chat; subjects of interest (for example education, healthcare, emergency relief); optional donation amount ranges;
  • Proposal access data: name, email, organisation, reason for requesting access, approval status, access token metadata, view counts, and related administrative logs;
  • Technical and usage data: limited technical information such as IP address, browser type, device information, pages visited, and similar diagnostics that may be generated by our hosting or security providers when you use the website;
  • Programme and community data (offline or programme-related): information needed to deliver education, healthcare, livelihoods, or emergency support—collected with appropriate notice and, where required, consent or another lawful basis—handled under safeguarding rules;
  • Donor and partner relationship data: records of communications, pledges, acknowledgements, and (where you provide them) payment or bank references for processing gifts. We do not currently process card payments on this website; donation inquiries are used so we can respond with giving instructions;
  • Cryptocurrency-related data: if you give via crypto or ask for wallet details, we may process your contact details and any transaction hash or amount you choose to share. Public wallet addresses we publish are organisational receiving addresses, not personal data of donors. Blockchain transactions are public by design and outside our full control once broadcast.

6. How we collect personal data

We may collect personal data:

  • Directly from you when you fill in forms, email us, call or message us, request proposal access, or speak with our team;
  • Automatically through standard website and security technologies when you visit our site;
  • From publicly available sources or partners only where lawful and relevant (for example verifying a partner organisation), and never to exploit vulnerable persons;
  • From community structures or guardians where programmes involve children or persons who cannot provide data themselves, in line with safeguarding and the best interests of the child.

7. Why we process personal data (purposes)

We process personal data only for legitimate purposes connected to our mission, including:

  • Responding to inquiries, partnership requests, and donation questions;
  • Providing bank or mobile-money giving instructions and confirming receipt of gifts where appropriate;
  • Managing authorised, view-only access to confidential strategic proposal materials;
  • Planning, delivering, monitoring, and reporting on charitable programmes;
  • Safeguarding beneficiaries, staff, and volunteers;
  • Meeting legal, regulatory, audit, and NGO accountability obligations;
  • Improving our website, communications, and services;
  • Sending organisational updates where you have requested them or where we have another lawful basis (you may opt out of non-essential marketing-style communications).

8. Lawful bases for processing

Under the Data Protection and Privacy Act, 2019, and related principles, we rely on one or more of the following bases, as appropriate to each activity:

  • Consent — where you freely give clear permission (for example optional newsletters or certain uses of photographs);
  • Performance of a contract or steps prior to a contract — where processing is necessary to respond to a request you made;
  • Legal obligation — where the law requires us to keep or disclose records;
  • Legitimate interests — where processing is necessary for our charitable and administrative interests and does not override your rights and freedoms (for example website security, fraud prevention, and donor relationship management);
  • Vital interests or public interest / NGO functions — where applicable to emergency assistance and community welfare, always with dignity and necessity in mind.

9. Children and vulnerable persons

Our education and community programmes may involve children and other vulnerable persons. We recognise heightened duties under the Constitution (including dignity and protection of children), child-protection good practice, and data-protection principles.

We do not knowingly use our public website forms to collect personal data from children for marketing. Programme data about children is collected only as needed for support services, with appropriate parental/guardian involvement where required, minimised to what is necessary, and restricted to authorised personnel.

Images or stories of children are used only with appropriate consent or authorisation, and we avoid content that exposes a child to risk, stigma, or exploitation.

10. Sharing and disclosure

We do not sell personal data. We may share personal data only where necessary and lawful, for example with:

  • Service providers who host our website, deliver email, or provide IT and security (bound to protect data and use it only for instructed purposes);
  • Professional advisers (legal, audit, accounting) under confidentiality;
  • Payment or banking channels when you choose to give (banks and mobile-money operators process data under their own terms);
  • Partners, schools, clinics, or community structures solely as needed to deliver programmes you or your community engage in;
  • Regulators, law enforcement, courts, or the Personal Data Protection Office where required by law or to protect rights, safety, and integrity;
  • In the event of a merger, restructure, or transfer of charitable activities, subject to continued protection of your data.

11. Cross-border transfers

Our website and email systems may be hosted on infrastructure located outside Uganda (for example cloud hosting). Where personal data is transferred outside Uganda, we take reasonable steps to ensure appropriate safeguards and that processing remains consistent with the Act and your rights, including using reputable providers and limiting access to what is necessary.

12. Retention

We keep personal data only for as long as needed for the purposes described in this Policy, or as required by law, regulation, audit, or legitimate dispute-handling needs. When data is no longer required, we delete, anonymise, or securely archive it according to our internal practices.

Proposal access tokens and related logs may be retained for security and audit for a limited period after expiry or revocation.

13. Security measures

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or destruction. These may include access controls, encrypted connections (HTTPS), restricted admin credentials, least-privilege access for staff and volunteers, and secure handling of offline records.

No method of transmission or storage is completely secure. If we become aware of a personal data breach that is likely to affect your rights, we will take steps required under applicable law, which may include notification to the Personal Data Protection Office and, where appropriate, affected individuals.

14. Your rights as a data subject

Subject to the Act and any lawful exceptions, you may have the right to:

  • Be informed about how your personal data is processed;
  • Access personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion or restriction of processing in certain circumstances;
  • Object to certain processing, including for direct marketing;
  • Withdraw consent where processing is based on consent (without affecting prior lawful processing);
  • Lodge a complaint with the Personal Data Protection Office (PDPO) or other competent authority.

15. Cookies and similar technologies

Our website may use essential cookies or similar technologies required for security, basic functionality, and performance. We do not use personal data from cookies to sell advertising lists. If we introduce non-essential analytics cookies in future, we will update this Policy and, where required, provide appropriate notice or choices.

16. Third-party websites and social media

Our site may link to third-party sites (for example Facebook, payment pages, or partner organisations). Those sites have their own privacy practices. We are not responsible for their content or policies. We encourage you to read their notices before providing personal data.

17. Changes to this Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The “Last updated” date at the top of this page will be revised when changes are published. Material changes may also be highlighted on the website or communicated where appropriate.

18. How to contact us

For privacy questions, access or correction requests, or complaints about our handling of personal data, please contact:

  • Jadad Charity Foundation
  • Email: donate@jadadcharity.org
  • Phone / WhatsApp: +256 785 041 739
  • Address: Plot 1, Bunyoli road, Namalogo, Industrial City Division, Mbale City
  • You may also contact the Personal Data Protection Office (PDPO) of Uganda for guidance or to lodge a complaint: https://pdpo.go.ug/

19. Disclaimer

This Privacy Policy is provided for transparency and operational guidance. It is not a substitute for formal legal advice or for statutory registration steps that may be required of data collectors or processors under Ugandan law (including any registration or compliance obligations with the Personal Data Protection Office). We will continue to refine our practices as our programmes and legal obligations evolve.

Related pages: Terms of Service · Contact · Donate · About us