Privacy Policy

1. Introduction

This Privacy Policy ("Policy") applies to all personal information collected by Nana Media Institute ("Institute", "we", "us", or "our") through:

Our official website and mobile applications
Course enrollment and registration processes
Educational programs and training sessions
Communication channels (email, phone, in-person)
Events, workshops, and seminars

1.1 Scope

This Policy applies to all students, prospective students, instructors, partners, and visitors who interact with our services. By using our services, you consent to the collection and use of your information as described in this Policy.

1.2 Legal Basis

We process personal data based on:

Consent: You have given clear consent for processing
Contract: Processing is necessary for educational services
Legal Obligation: Required by Ugandan educational laws
Legitimate Interest: For institutional improvement and safety

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

Category	Information Collected	Purpose
Identity Data	Full name, date of birth, national ID number, passport details	Student identification and verification
Contact Data	Email address, phone number, physical address	Communication and course delivery
Educational Data	Academic history, qualifications, course preferences	Program matching and academic planning
Financial Data	Payment information, billing address, transaction history	Payment processing and financial records
Technical Data	IP address, device type, browser information, usage patterns	System security and service improvement
Academic Performance	Grades, attendance records, project submissions	Academic tracking and certification

2.2 Sensitive Information

We may collect sensitive personal information with explicit consent:

Health information (for accommodation needs)
Emergency contact details
Special dietary requirements
Accessibility needs

2.3 Information Sources

We collect information from:

Direct Collection: Forms, applications, registrations
Automated Collection: Website and app usage analytics
Third Parties: Payment processors, education partners
Public Sources: Professional social media profiles (with consent)

3. How We Use Your Information

3.1 Primary Uses

We use your personal information for:

Educational Services: Course delivery, assessment, and certification
Communication: Updates, announcements, and academic notifications
Administration: Enrollment, scheduling, and record keeping
Payment Processing: Fee collection and financial administration
Support Services: Technical assistance and student counseling

3.2 Secondary Uses

With appropriate consent, we may use information for:

Marketing and promotional communications
Alumni relations and networking opportunities
Institutional research and program improvement
Career placement and job opportunity notifications
Events and workshop invitations

3.3 Legal and Safety Uses

We may use information when necessary for:

Compliance with legal obligations
Protection of student and staff safety
Investigation of misconduct or policy violations
Emergency response and crisis management

4. Information Sharing and Disclosure

4.1 Internal Sharing

Information is shared internally among:

Academic staff and instructors (course-related information only)
Administrative personnel (as needed for service delivery)
IT support team (for technical assistance)
Management (for institutional reporting)

4.2 Third-Party Partners

We may share information with trusted partners:

Payment Processors: For secure transaction processing
Technology Providers: For system maintenance and support
Educational Partners: For joint programs and certifications
Employers: With consent for placement opportunities

4.3 Legal Disclosures

We may disclose information when required by:

Court orders or legal processes
Government agencies and regulatory bodies
Law enforcement (with proper authorization)
Emergency situations affecting safety

Important: We never sell personal information to third parties for commercial purposes. All sharing is governed by strict agreements protecting your privacy.

5. Data Security

🛡️ Security Measures

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

5.1 Technical Safeguards

Encryption: All sensitive data is encrypted in transit and at rest
Access Controls: Role-based access with multi-factor authentication
Firewalls: Network security to prevent unauthorized access
Regular Updates: Software and security patches applied promptly
Monitoring: 24/7 system monitoring for security threats

5.2 Physical Safeguards

Secure server facilities with restricted access
Locked filing cabinets for physical documents
Clean desk policy for sensitive information
Secure disposal of confidential materials

5.3 Administrative Safeguards

Staff training on privacy and security practices
Background checks for personnel with data access
Regular security audits and assessments
Incident response procedures

5.4 Data Breach Response

In the event of a data breach, we will:

Contain and assess the breach within 24 hours
Notify affected individuals within 72 hours
Report to relevant authorities as required
Implement additional safeguards to prevent recurrence

6. Data Retention

6.1 Retention Periods

Data Type	Retention Period	Reason
Student Records	7 years after graduation	Academic verification and alumni services
Financial Records	7 years after final payment	Tax compliance and audit requirements
Application Data	3 years if not enrolled	Future application consideration
Marketing Preferences	Until consent withdrawn	Communication preferences
Website Analytics	26 months	Service improvement

6.2 Secure Disposal

When data is no longer needed, we:

Permanently delete electronic records using secure methods
Shred physical documents in a secure manner
Verify complete removal from backup systems
Document the disposal process for audit purposes

7. Your Privacy Rights

You have the following rights regarding your personal information:

📋 Access

Request copies of your personal data

✏️ Rectification

Correct inaccurate or incomplete information

🗑️ Erasure

Request deletion of your data (with limitations)

⏸️ Restriction

Limit how we use your information

📤 Portability

Receive your data in a portable format

❌ Objection

Object to certain types of processing

7.1 Exercising Your Rights

To exercise any of these rights:

Submit a written request to our Privacy Officer
Provide proof of identity for verification
Specify which right you wish to exercise
We will respond within 30 days

7.2 Limitations

Some rights may be limited when:

Required for legal compliance
Necessary for academic record integrity
Needed for public interest or safety
Protected by other legal provisions

8. Cookies and Tracking

8.1 Cookie Usage

Our website and mobile application use cookies for:

Essential Cookies: Required for basic functionality
Preference Cookies: Remember your settings and choices
Analytics Cookies: Understand how you use our services
Marketing Cookies: Deliver relevant content (with consent)

8.2 Managing Cookies

You can control cookies through:

Browser settings to block or delete cookies
Our cookie preference center
Opt-out tools for third-party analytics
Mobile app privacy settings

8.3 Third-Party Services

We use third-party services that may collect information:

Google Analytics (with anonymized IP addresses)
Social media plugins (with user consent)
Payment processing services
Educational technology platforms

9. Children's Privacy

9.1 Age Requirements

Our services are designed for individuals aged 16 and above. For students under 18:

Parental or guardian consent is required
Additional privacy protections apply
Parents have rights to access and control data
Special handling of sensitive information

9.2 Parental Rights

Parents and guardians may:

Review their child's personal information
Request correction or deletion of data
Withdraw consent for data processing
Receive copies of privacy communications

9.3 Enhanced Protections

For minors, we implement additional safeguards:

Limited data collection to educational necessities
Restricted sharing with third parties
Enhanced security measures
Regular review of data necessity

10. International Data Transfers

10.1 Data Location

Your personal information is primarily stored and processed in Uganda. However, we may transfer data internationally for:

Cloud hosting and backup services
Technical support and maintenance
International partnership programs
Academic collaboration projects

10.2 Transfer Safeguards

When transferring data internationally, we ensure:

Adequate protection levels in destination countries
Contractual safeguards with service providers
Compliance with international privacy frameworks
Regular monitoring of transfer security

11. Changes to This Policy

11.1 Policy Updates

We may update this Privacy Policy to:

Reflect changes in our services or practices
Comply with new legal requirements
Improve clarity and transparency
Address new privacy concerns

11.2 Notification Process

When we make significant changes:

Updated policy posted on our website and app
Email notification to all registered users
30-day notice period before changes take effect
Opportunity to object or withdraw consent

11.3 Version Control

We maintain:

Clear version numbers and dates
Archive of previous policy versions
Summary of changes made
Effective date of each version

Nana Media

📋 Table of Contents

🔒 Our Commitment to Your Privacy