Menu Close

DHAN’s Data Policy

  1. Purpose and Scope

As part of their responsibilities, DHAN volunteers and staff acting on behalf of DHAN (referred to as “DHAN Data Users”) may have the opportunity to collect, access, use and/or process personal data of individuals who interact with DHAN.

 

Examples of personal data can include name, contact details, date of birth and pictures. This data includes, but is not limited to, existing or new data sources and data obtained via websites, applications, behavioral monitoring, and databases related to DHAN members, non-members, customers, product purchasers, and various other parties stored on local devices, cloud services, or applications provided by DHAN or entities other than DHAN (referred to as “DHAN Data”). This DHAN Data can be used to gain valuable business insights, make key business decisions on behalf of DHAN and advance the mission of DHAN.

 

This Policy defines the processes, rules and procedures that DHAN Data Users must follow when collecting, accessing, using (including sharing, publishing, and emailing) managing, and processing DHAN Data and addresses the following topics:

 

Data Collection, Access, and Use

Data Processing and Handling

Data Management

Data Requests and Incidents

Violations

Referenced policies

Compliance with the procedures outlined herein helps DHAN maintain proper data security and privacy consistent with industry best practices. It also helps to ensure compliance with various international regulations. This document incorporates and provides actions required to support the DHAN Privacy Policy.

 

All DHAN Data Users are required to comply with this DHAN Data Access and Use Policy.

  1. Data Collection, Access, and Use

DHAN Data is for access and use only by DHAN Data Users. DHAN Data shall not be furnished to outside entities or be used for any purpose other than for approved DHAN business. Access to DHAN Data shall be limited to those DHAN Data Users who need access to perform their responsibilities on behalf of DHAN. DHAN Data collected and/or managed by DHAN Data Users belongs to DHAN.

 

When collecting DHAN Data, the following information must be presented to individuals whose personal data is being collected (referred to as “Data Subjects”):

Statement of the purpose for which the data is being collected;

A link to read and agree to the DHAN Privacy Policy (if agreement has not been previously provided);

Where applicable, a link to agree to specific terms and conditions associated with the stated purpose; and

If necessary, a link to agree to receive additional information outside of the purpose stated.

Agreement to items 2-4 above, must be obtained prior to collecting and processing personal data. Only data required for the purpose shall be collected. Any agreement captured that is not directly communicated to the DHAN Consent Management System* must be provided to DHAN.

 

DHAN Data that is collected shall be used for the purpose stated at collection, and shall be processed for that purpose only, unless:

 

  1. Agreed to otherwise by the Data Subject;
  2. Processing the data is necessary for legitimate business purposes; or
  3. There are legal requirements for the use and processing of the data.

 

Before contacting an individual who has not previously expressed an interest or had a prior engagement, an DHAN Data User will validate their list against the DHAN Consent Management System to ensure agreement has been obtained. More information and step by step instructions can be found on the List Validation page.

 

DHAN Data Users may continue to contact individuals about previously stated interests or prior engagements.

 

DHAN Data Users publishing or sharing data shall classify the DHAN Data according to the DHAN Information Disclosure Policy and affix the appropriate notice to the DHAN Data, as well as any reports related to personal data.

 

Any mass email communication must include the ability for the recipient to unsubscribe and not receive further communications as well as provide a link to the DHAN Privacy Policy.

 

It is the responsibility of the DHAN Data User to keep informed of DHAN policies governing mailings, the use of labels and email addresses, regulations governing electioneering for DHAN offices, DHAN Privacy and Security policies and Email Terms and Conditions. Additional information is found in Section 14.1 of DHAN Policies, which is available from the DHAN Governing Documents website.

 

*  DHAN Consent Management System: DHAN uses software systems to store consent to its policies and ensure there is an audit trail. Consent can be related to the Privacy Policy, Data Access and Use Policy or specific terms & conditions.

 

  1. Data Processing and Handling

DHAN is responsible for the actions of DHAN Data Users with respect to the processing of DHAN Data. This includes DHAN Data collected and maintained by DHAN Data Users. DHAN Data Users shall process DHAN data as outlined in this document. Any third party processing of DHAN Data shall be subject to an agreement outlining the third party’s responsibility to comply with DHAN data privacy policies and applicable data privacy regulations. DHAN template agreements shall be used whenever possible and, if applicable, executed through the appropriate DHAN contracts process.

 

Whenever possible, remove personally identifiable data and use aggregated data prior to processing. If data is to be publicly presented, all personal data must be removed or hidden.

 

DHAN Data Users shall confer with DHAN staff at admin@dhnigeria.org to determine whether uses other than for the purpose stated at collection are permitted.

 

Digital Humanities Association in Nigeria