IN THIS DOCUMENT

LEGAL DOCUMENT 04 OF 05

Privacy Policy

Effective and Active:Aligned with Tanzania's Electronic & Postal Communications Act
01.

What Information We Collect and Why

What We Collect
Why We Collect It
Who It Applies To
Name, email, phone number
To communicate with you about your application or participation
All users
Professional skills, qualifications, experience
To match volunteers to appropriate programs — this is the core of what we do
Volunteers
Criminal background check results
Required for all volunteers working with minors or vulnerable adults. Results are seen only by the Program Coordinator and retained only for the duration of your involvement.
Volunteers (youth-facing)
Student intake assessment responses
To understand each student's starting point and measure the impact of our programs
Program participants (students)
Health data (for Community Health Reach only)
Clinical records and referral data collected by credentialed medical volunteers, held securely and shared only with the relevant health authority
Community Health participants
Website usage data
To understand how people use our website so we can improve it. We use anonymised analytics only.
All website visitors
Donor or funder information
For grant reporting, acknowledgment, and communication about our work
Donors and funders
02.

Data About Children

Student data collected through The Finish Line Project including confidence assessments, goal letters, and progress records is used solely to deliver and measure the program. It is never used for fundraising content, marketing materials, or public communications without separate, specific, written consent from the student’s parent or guardian.

03.

Health Data

Health data collected during Community Health Reach activities — including vaccination records, screening results, and referral information is collected and held in accordance with the requirements of the Tanzania Ministry of Health and is shared only with the district health authority as required for clinical continuity. We do not retain clinical health records beyond the period required by health authority guidelines.

Community health participants have the right to access their own records at any time by communicating with the program coordinator.

04.

Who We Share Your Data With

We do not sell, trade, or rent your personal data to anyone. We share data only where necessary to operate our programs:

  • Partner schools and universities — limited contact information for enrolled program participants
  • District Health Authority — health data for Community Health Reach participants, as required by law
  • Background check providers — for volunteer credential verification only
  • Grant funders and institutional donors — anonymised, aggregated impact data only. Never individual personal data.
  • Technology service providers — our website host and email platform. We ensure these providers meet appropriate data protection standards.
05.

Your Rights

You have the following rights regarding your personal data. To exercise any of them, contact us and we will respond within 10 working days.

06.

How Long We Keep Your Data

Data Type
Retention Period
Reason
Volunteer application data
3 years after last program involvement
Alumni network and program continuity
Student assessment data
2 years after program completion
Longitudinal impact tracking
Background check results
Duration of volunteer engagement only
Minimal retention principle
Health outreach records
Per Ministry of Health guidelines
Legal requirement
Donor and funder data
7 years
Financial reporting obligations
Website analytics data
13 months (rolling)
Industry standard for anonymised analytics
07.

How We Protect Your Data

We use password protected, encrypted storage for all personal data. Access to personal data is restricted to staff and volunteers who need it to deliver their program role. We conduct a data security review annually.

In the event of a data breach that affects your rights or freedoms, we will notify you within 72 hours of becoming aware of it and will take immediate steps to contain and remedy the breach.

Your data. Your right to ask.

Our Data Responsible officer is the Program Coordinator. To exercise any data rights or raise a concern, don’t hesitate to contact us.

We will respond within 10 working days.