Privacy Policy - WelcometoNigeria Development Initiative

WelcometoNigeria Development Initiative (WeNDI)

Effective Date: January 1, 2026

Introduction

WelcometoNigeria Development Initiative (WeNDI) is a cross-sectoral development organization dedicated to advancing inclusive economic growth, cultural promotion, tourism development, innovation, and social impact across Nigeria. In delivering our programs and interventions, WeNDI is committed to protecting the privacy, dignity, and personal data of individuals, communities, partners, and stakeholders we engage with.

This Privacy Policy explains how WeNDI collects, uses, stores, shares, and protects personal data in line with Nigeria’s development priorities and applicable data protection laws.

Legal and Regulatory Framework

WeNDI processes personal data in compliance with:

* The Nigeria Data Protection Act (NDPA) 2023

* The Nigeria Data Protection Regulation (NDPR) and related guidelines issued by the Nigeria

Data Protection Commission (NDPC)

* Applicable sector-specific regulations and international best practices where relevant

This Policy reflects Nigeria’s national objectives for digital trust, inclusive growth, innovation, and responsible data governance.

3. Scope of This Policy

This Policy applies to personal data collected through:

* WeNDI programs, projects, and economic interventions

* Websites, digital platforms, and social media channels

* Events, conferences, trainings, and cultural or tourism initiatives

* Partnerships with government, private sector, civil society, and development agencies

* Monitoring, evaluation, research, and impact assessment activities

4. Guiding Principles

WeNDI’s data processing activities are guided by the following principles:

* Lawfulness, fairness, and transparency

* Purpose limitation aligned with development objectives

* Data minimization and proportionality

* Accuracy and integrity of data

* Security and confidentiality

* Accountability and responsible data stewardship

5. Types of Personal Data We Collect

Depending on the nature of engagement, WeNDI may collect:

5.1 Identification and Contact Data

* Names, email addresses, phone numbers, postal addresses

* Organization or affiliation details

5.2 Program and Participation Data

* Applications for programs, grants, trainings, or initiatives

* Attendance records and participation details

* Feedback, surveys, and evaluation responses

5.3 Socio‑economic and Development Data

* Demographic or socio-economic information relevant to development planning

* Community-level data for research, monitoring, and evaluation

5.4 Digital and Technical Data

* IP addresses, device information, and website usage analytics

* Cookies and similar technologies (where applicable)

WeNDI does not intentionally collect sensitive personal data unless required by law or explicitly consented to for specific development purposes.

6. Lawful Basis for Processing

WeNDI processes personal data based on one or more of the following lawful grounds:

* Consent of the data subject

* Performance of a contract or participation in a program

* Compliance with legal or regulatory obligations

* Public interest and development objectives aligned with national priorities

* Legitimate interests pursued in a manner that does not override individual rights

7. Purpose of Data Collection and Use

Personal data is used to:

* Design, implement, and evaluate economic development and social impact programs

* Support tourism, cultural, innovation, and enterprise development initiatives

* Facilitate partnerships with public and private stakeholders

* Conduct research, monitoring, evaluation, and learning activities

* Communicate program updates, opportunities, and reports

* Ensure transparency, accountability, and impact reporting

Data will not be used for purposes incompatible with these objectives.

8. Data Sharing and Disclosure

WeNDI may share personal data with:

* Government institutions and regulators where required by law or national development reporting obligations

* Development partners, donors, and collaborators strictly for approved program delivery, monitoring, evaluation, learning, and accountability purposes

* Service providers, consultants, and implementing partners acting under written agreements and strict confidentiality obligations

All data sharing is conducted on a need‑to‑know basis, limited to what is necessary, and in compliance with applicable data protection laws.

9. Donor and Partner Data Sharing Framework

In the implementation of donor‑funded and partnership‑driven programs, WeNDI applies a structured and transparent data sharing framework to ensure accountability while protecting individual and community rights.

Under this framework, WeNDI:

* Shares personal or project‑related data with donors and partners only where it is necessary for program oversight, reporting, audits, impact assessment, or compliance

* Ensures data sharing is governed by written agreements, memoranda of understanding, or data processing agreements that define purpose, scope, retention, and security standards

* Applies anonymization or aggregation of data where full personal identification is not required

* Prevents donors or partners from using shared data for purposes unrelated to the agreed development objectives

* Requires partners to comply with the Nigeria Data Protection Act (NDPA) 2023, NDPC guidance, and any applicable international data protection standards

Where donor or partner data protection requirements exceed local standards, WeNDI applies the higher standard, provided it does not conflict with Nigerian law or community interests.

10. Alignment with International Development Partner Data Protection Standards

In addition to compliance with Nigerian data protection laws, WeNDI aligns its data governance practices with internationally recognized development and humanitarian data protection frameworks, including but not limited to:

10.1 European Union – General Data Protection Regulation (EU GDPR)

Where programs involve EU‑based funding, partners, or data subjects, WeNDI applies GDPR principles, including:

* Lawful, fair, and transparent processing

* Purpose limitation and data minimization

* Accuracy, storage limitation, and integrity

* Protection of data subject rights, including access, rectification, and erasure where applicable

10.2 World Bank Environmental and Social Framework (ESF)

For World Bank–supported or aligned projects, WeNDI integrates data protection considerations within the **Environmental and Social Standard (ESS 1 and ESS 10)by:

* Managing personal and community data as part of social risk assessment

* Ensuring stakeholder engagement, disclosure, and grievance mechanisms related to data use

* Protecting vulnerable and marginalized groups from data‑related harm

10.3 Global Donor Agency Support/Funded Programme

For global‑funded programs, WeNDI adheres to UN data protection and privacy expectations by:

* Limiting collection of personally identifiable information (PII)

* Applying strong safeguards for beneficiary and partner data

* Supporting accountability, learning, and transparency without compromising individual privacy

10.4 United Nations Development Programme (UNDP)

For UNDP‑supported initiatives, WeNDI aligns with UNDP’s principles on personal data protection by:

* Using data strictly for sustainable development and humanitarian objectives

* Ensuring confidentiality, neutrality, and do‑no‑harm principles

* Promoting ethical data use in fragile, community‑based, and development contexts

This alignment ensures that WeNDI’s programs meet both national and international expectations for responsible data governance.

11.Cross‑Border Data Transfers

Where personal data is transferred outside Nigeria, WeNDI ensures:

* Adequate data protection safeguards are in place

* Transfers comply with NDPA and NDPR requirements

* Data subjects’ rights remain protected

12. Data Security Measures

WeNDI implements appropriate technical and organizational measures to safeguard personal data, including:

* Secure digital systems and access controls

* Data encryption where appropriate

* Staff training on data protection and confidentiality

* Regular risk assessments and security reviews

13. Data Retention

Personal data is retained only for as long as necessary to:

* Fulfill program, legal, and accountability requirements

* Support development planning and impact evaluation

When no longer required, data is securely deleted or anonymized.

14. Rights of Data Subjects

In line with Nigerian law, individuals have the right to:

* Access their personal data

* Request correction of inaccurate or incomplete data

* Withdraw consent where processing is based on consent

* Request deletion or restriction of processing, subject to legal limitations

* Lodge a complaint with the Nigeria Data Protection Commission (NDPC)

15. Community and Development Data Ethics

In line with Nigeria’s development priorities and WeNDI’s grassroots approach, WeNDI commits to ethical, people‑centered data practices that respect the diversity, culture, and realities of communities across Nigeria. Specifically, WeNDI will:

* Engage communities using clear, simple, and culturally appropriate language

* Seek community‑level consent where data is collected collectively or through representatives

* Respect traditional institutions, local governance structures, and community leadership

* Ensure inclusion of women, youth, persons with disabilities, and vulnerable groups

* Avoid harm, discrimination, exploitation, or stigmatization arising from data use

* Use community data strictly to advance inclusive development, livelihoods, cultural preservation, and social wellbeing

16. Data Protection Impact Assessment (DPIA) for Donor‑Funded Projects

For donor‑funded, large‑scale, or high‑risk projects, WeNDI conducts a Data Protection Impact Assessment (DPIA) prior to data collection or processing. The DPIA is used to:

* Identify and assess risks to the rights and freedoms of individuals and communities

* Evaluate the necessity and proportionality of data processing activities

* Assess potential impacts on vulnerable populations and local communities

* Define mitigation measures to reduce data protection, security, and ethical risks

DPIAs are conducted in line with the Nigeria Data Protection Act (NDPA) 2023, NDPC guidance, and donor data protection requirements. Where required, DPIA findings may be shared with donors, regulators, or partners, subject to confidentiality obligations.

17. Cookies and Digital Platforms

Where WeNDI uses cookies or similar technologies, users will be informed, and consent will be obtained where required. Cookies are used primarily for functionality, analytics, and service improvement.

18. Updates to This Policy

WeNDI may update this Privacy Policy to reflect:

* Changes in law or regulation

* Evolving development priorities or operational needs

Updated versions will be published through official WeNDI communication channels.

19. Contact Information

For questions, requests, or concerns regarding this Privacy Policy or personal data processing, please contact:

Data Protection Officer

WelcometoNigeria Development Initiative (WeNDI)

Email: wendiinitiatives@gmail.com

Address: Plot 1234, Samuel Ladoke Akintola Boulevard, Garki 2, Abuja, Federal Capital Territory

WeNDI is committed to responsible data governance as a foundation for trust, sustainable development, and Nigeria’s socio‑economic transformation

Share this:

Like this: