Privacy Policy

Effective Date: August 2025

Last updated: August 2025

1. Introduction

The Institute of African Research, Advisory & Innovation (“iARAi”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you interact with us in any capacity—including as a website visitor, research participant, program applicant, donor, partner, or subscriber.

This Privacy Policy complies with global data protection laws, including:

  • The Nigeria Data Protection Act (NDPA) (2023)
  • The General Data Protection Regulation (GDPR) (EU and UK)
  • The California Consumer Privacy Act (CCPA) (as amended by CPRA).

By interacting with us, you acknowledge that you have read and understood this, Policy.

2. Who We Are

iARAi is an interdisciplinary research and innovation institute operating in Nigeria, with a global orientation. We conduct research, advisory, and education activities focused on sustainability, development, governance, equity, and emerging technologies.

3. Scope of This Policy

This Policy applies when you:

  • Visit or interact with our website(s) or digital platforms
  • Apply for a program, fellowship, or job with us
  • Register for an event, webinar, or consultation
  • Participate in our research or complete a survey
  • Sign up to our newsletter or mailing list
  • Collaborate or partner with us in any formal capacity
  • Contact us by email, social media, or online forms

Additional privacy notices may apply in certain cases (e.g., specific research studies or grant programs). Where applicable, those notices will supplement or override this Policy.

4. What Information We Collect

We collect different types of personal information depending on how you interact with us:

a. Information You Provide Voluntarily

  • Personal Identifiers: Name, email address, phone number, country of residence, organisation, role/title
  • Professional Data: CVs, academic or work history, statements of interest
  • Application Data: Fellowship, grant, job, or program application materials
  • Research Responses: Survey answers, interview responses, audio/video submissions
  • Preferences: Newsletter opt-ins, mailing list interests, communication preferences
  • Event-Related Data: RSVP status, dietary needs, accessibility requirements (if voluntarily provided)
  • Sensitive Data (With Consent): Gender, ethnicity, disability status, philosophical or research views (e.g., in surveys or diversity tracking)

b. Information We Collect Automatically

When you visit our website, we may automatically collect:

  • IP address and approximate geolocation
  • Browser type, device type, operating system
  • Pages visited, time spent, click activity
  • Referring URL and exit pages
  • Cookies and analytics data (see Section 9)

c. Information from Third Parties

We may receive personal data about you from:

  • Public sources (e.g., LinkedIn, academic directories)
  • Partner organisations or referrers
  • Background checks (with your consent)
  • Research collaborators or event co-hosts

We do not knowingly collect data from children under 16 years of age without verifiable parental consent.

5. How We Use Your Information

We use your personal information for the following purposes:

  • To process your application for fellowships, research, or jobs
  • To assess your eligibility for events, programs, or partnerships
  • To manage participation in research, consultations, and calls for action
  • To communicate with you (e.g., respond to inquiries, send updates or invites)
  • To analyse and report on engagement and impact (usually in anonymised form)
  • To send newsletters or updates when you opt in
  • To meet our contractual or legal obligations (e.g., funder reporting)
  • To improve our services, website, and institutional performance

We will only use your information for the purpose it was collected, or a reasonably related purpose. If we intend to use your data for something materially different, we will request your consent.

6. Our Legal Bases for Processing

Depending on your jurisdiction, we process your personal data under one or more of the following legal grounds:

Under NDPA (Nigeria)

  • Lawfulness, fairness, and transparency guide all data processing
  • Consent is obtained for sensitive data or non-essential processing
  • Data minimisation and purpose limitation are strictly observed

Under GDPR (EU/UK)

  • Consent: e.g., when you sign up for a newsletter or volunteer data
  • Contractual Necessity: e.g., during application, selection, or partnership processes
  • Legitimate Interests: e.g., event management, analytics, internal governance
  • Legal Obligation: e.g., for financial compliance or safeguarding

Under CCPA (California)

  • You have rights to know, access, delete, correct, or restrict the use of your data
  • iARAi does not sell personal data as defined under CCPA

7. Sensitive Personal Data

We may process sensitive information only where necessary and lawful, including:

  • Diversity & Inclusion Monitoring: gender, ethnicity, disability status
  • Research Purposes: philosophical or ethical views (with your consent)
  • Event Access & Safety: dietary needs, access requirements (only when provided by you)

Such data is handled with heightened confidentiality and is not shared outside iARAi or its trusted service providers.

8. Data Sharing & Disclosure

We may share your personal information under strict conditions and only when necessary:

  • Service Providers: such as email platforms, data storage providers, and website analytics tools
  • Research Collaborators & Reviewers: under confidentiality or ethics obligations
  • Funder Reporting: in aggregate or anonymised form
  • Recruitment or Fellowship Reviewers: under confidentiality and data protection terms
  • Legal or Regulatory Authorities: where required by law or compliance standards
  • Emergency Situations: where disclosure is necessary to prevent harm or comply with duty of care

We do not sell or trade your data under any circumstances.

9. Cookies & Analytics

We use cookies and similar tracking technologies to:

  • Improve your browsing experience
  • Monitor engagement with our content
  • Generate reports for internal use or funders

You can disable or manage cookies through your browser settings. We use tools like Google Analytics and Google Search Console to measure traffic and performance. These may collect anonymised data about how users interact with our site.

To opt out of Google Analytics tracking: https://tools.google.com/dlpage/gaoptout 

10. International Data Transfers

iARAi collaborates with international partners and uses cloud-based systems that may process your data outside Nigeria. When this occurs, we ensure that:

  • Transfers are made under standard contractual clauses (SCCs) or similar frameworks
  • Service providers follow strict data protection standards
  • Your rights are protected in line with global regulations

11. Data Security

We take data security seriously and have implemented reasonable technical and organisational measures, including:

  • SSL encryption on websites and forms
  • Secure cloud storage and restricted access controls
  • Internal data handling and confidentiality protocols
  • Regular security audits and breach response policies

While we strive to protect all data, no transmission over the internet is 100% secure.

12. Data Retention

We retain personal data only for as long as is necessary to:

  • Fulfil the purposes described in this Policy
  • Comply with legal or regulatory requirements
  • Support audit trails and institutional memory
  • Respond to legal claims or contractual obligations

Data is securely deleted or anonymised when no longer required.

13. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request corrections to inaccurate or outdated data
  • Request deletion of your personal data
  • Withdraw consent at any time (where consent is the basis for processing)
  • Object to processing for specific purposes
  • Request transfer of your data in a structured, machine-readable format
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, please contact us at info@theiarai.org. We may request proof of identity to process your request.

14. Third-Party Services & Embedded Content

Our website may include embedded content (e.g., videos, event registration forms) or links to external platforms. These sites may collect data according to their own privacy policies, which we do not control. We recommend reviewing their privacy policies separately.

15. Policy Updates

We may update this Privacy Policy from time to time to reflect legal, operational, or technological changes. Updated versions will be posted at www.theiarai.org/privacy-policy with the new effective date.

We encourage you to review this Policy periodically.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Institute for African Research, Advisory & Innovation (iARAi)
📧 Email: info@theiarai.org