Privacy Policy

1. Introduction

STRANSFORM Limited ("Company", "we", "us", "our", or "STRANSFORM") operates the STRANSFORM institutional transformation platform. We are committed to protecting your privacy and ensuring institutional data security while delivering transformational programmes to African organizations and their leaders.

This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our strategic advisory services, institutional programmes, registration systems, participant management, and digital platform operations.

By registering for STRANSFORM programmes, using our platform, or engaging with our services, you consent to our practices as described in this Privacy Policy. If you disagree with our practices, please do not use our services.

2. Data We Collect

Personal Information

When you register for STRANSFORM programmes, we collect:

• Contact Information: Full name, email address, phone number, country of residence
• Professional Information: Job title, organization name, department, seniority level, years of professional experience, industry sector, LinkedIn profile URL
• Demographic Information: Gender (optional)
• Programme Information: Reasons for attending, dietary restrictions, accessibility requirements, accommodation needs, emergency contact information
• Participation Records: Programme attendance, certification status, feedback submissions
• Communication Data: Email correspondence, event communications, preference settings

Automated Information

We automatically collect certain information when you use our platform:

• Technical Data: IP address, browser type, device type, operating system, pages visited, time spent, referral source
• Cookies & Tracking: Session IDs, preferences, analytics identifiers (see Cookie Policy)
• QR Check-in Data: Check-in timestamps and venue location data for programme attendance
• Platform Analytics: User interactions with website features, resource downloads, search queries

3. How We Use Your Data

We use the information we collect for the following purposes:

Programme Operations

• Processing programme registration and managing participant records
• Communicating about programme dates, times, venues, and logistics
• Tracking attendance and generating certificates of participation
• Managing accessibility needs and special requirements
• Emergency contact protocols
• Post-programme feedback and evaluation

Service Improvement

• Analyzing programme effectiveness and participant outcomes
• Personalizing your experience on our platform
• Improving our digital infrastructure and user interface
• Understanding institutional transformation needs
• Developing enhanced strategic materials and frameworks

Communications

• Sending transaction emails (confirmations, certificates, receipts)
• Delivering programme updates and important announcements
• Requesting feedback and programme evaluations
• Sharing relevant transformation insights and resources (with consent)
• Responding to inquiries and support requests

Legitimate Business Operations

• Compliance with legal obligations and regulatory requirements
• Fraud prevention and security monitoring
• Managing institutional relationships and partnerships
• Strategic planning and business analytics

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to execute your programme registration and deliver our services
• Consent: Your explicit consent to receive marketing communications or optional services
• Legal Obligation: Compliance with applicable laws, regulations, and institutional requirements
• Legitimate Interests: Our business interests in programme improvement, security, fraud prevention, and institutional effectiveness

5. Data Sharing and Disclosure

When We Share Data

We may share your personal information with:

• Programme Partners: Co-facilitators, strategic partners, and venue operators as necessary for programme delivery
• Service Providers: Email platforms, analytics services, certificate systems, and cloud infrastructure providers
• Your Organization: With appropriate institutional stakeholders if you register on behalf of an organization (per institutional agreements)
• Legal Authorities: When required by law, court order, or regulatory requirements

Data Protection in Transfers

We ensure that any third parties processing your data maintain equivalent data protection standards. Service providers are contractually obligated to maintain data confidentiality and security.

What We Don't Do

• We do not sell participant data to commercial entities
• We do not rent email lists or participant databases
• We do not share data for purposes outside programme operations without explicit consent
• We do not disclose data to third parties for their independent marketing purposes

6. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Privacy Policy, or as required by applicable law.

• Registration Data: Retained for the duration of your participation and for programme records (minimum 3 years for institutional compliance)
• Attendance Records: Retained for 7 years to support certificate verification and programme history
• Communication Records: Retained for 2 years unless longer retention is required by law
• Analytics Data: Retained for 24 months for platform improvement
• Legal/Compliance Records: Retained per applicable legal and regulatory requirements

You may request deletion of your data at any time, subject to legal retention requirements and applicable data protection laws.

7. Security Measures

We implement enterprise-grade security measures appropriate for institutional-level data protection:

• SSL/TLS encryption for all data in transit
• Encrypted storage for sensitive personal data
• Access controls limiting data access to authorized personnel
• Regular security audits and vulnerability assessments
• Secure authentication mechanisms for platform access
• Incident response protocols for data breaches
• Employee confidentiality and data protection training

While we implement comprehensive security measures, no system is completely secure. We encourage you to use strong passwords and protect your account credentials.

8. Your Data Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right of Correction: Request correction of inaccurate or incomplete information
• Right of Erasure: Request deletion of your data (subject to legal obligations)
• Right of Portability: Request your data in a structured, commonly used format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent for optional processing at any time
• Right to Lodge a Complaint: File a complaint with relevant data protection authorities

9. Contact Us

For any privacy concerns, data access requests, or to exercise your rights, contact our Data Protection Officer:

We aim to respond to all data rights requests within 30 days. We may request additional information to verify your identity for security purposes.