Privacy

Privacy Policy

Last updated: 8 July 2026

EYASU Global (“EYG”, “we”) is the digital identity and community platform of the Southwest Cameroonian community worldwide. This policy explains what personal data we collect, why we collect it, and the rights you have — including rights granted by the EU General Data Protection Regulation (GDPR) and by comparable laws in the UK, US, and Cameroon. It is maintained by the EYG platform team.

1. Who we are and how to contact us

The data controller is EYASU Global. For any privacy question, contact us through the contact page. Requests about your personal data (access, correction, deletion, portability, objection) are handled by the Board of Trustees and Finance & Audit committee.

2. Data we collect

  • Identity — name, first name, phone, email, country of residence, home DA (development association), village, and (for verified members) a government-issued ID document image.
  • Membership records — Global Identity Number (GIN), Public Member Identity (PMI), verification history, and the code of conduct you accepted.
  • Financial records — donations you make, pledges, and (for offline payments) the reference code you used. We do not store card numbers.
  • Engagement — event RSVPs, volunteer hours, scholarship applications, forum posts, election receipts (that you voted — never how you voted), and notifications.
  • Technical — sign-in timestamps, IP addresses on privileged actions, and server logs for security and abuse prevention.

3. Why we process it (lawful bases under GDPR)

  • Contract — to operate your membership, issue your GIN, process donations, and let you participate in elections.
  • Legitimate interests — to prevent fraud, secure the platform, and provide transparency on collective funds to the community.
  • Consent — for optional features such as showing your PMI on the public donor wall, marketing emails, or non-essential analytics. You can withdraw consent at any time.
  • Legal obligation — to keep financial records for the period required by applicable tax and non-profit law.

4. Who can see what

  • Public — your PMI and first name only (never your name, phone, email, village, ID, or GIN) unless you explicitly opt in to more.
  • Other members — the same public view plus your association affiliation when relevant (e.g. voter roll).
  • Org admins / verifiers — enough profile detail to approve membership and operate their association; access is logged.
  • Auditors — read-only access to financial ledgers and audit logs; cannot see individual ballots.
  • Super admins — full access, strictly for platform administration; every privileged action is written to audit_logs.

5. Where your data is stored

Data is stored on managed EU/US infrastructure operated by our hosting provider. Files (ID documents, receipts, scholarship documents, committee documents) are stored in private object-storage buckets and are not publicly accessible. All traffic between your device and our servers is encrypted in transit (TLS 1.2+), and databases and object storage are encrypted at rest by the provider.

6. How long we keep it

See the data retention policy for concrete periods.

7. Your rights (GDPR & similar laws)

  • Access a copy of your personal data.
  • Correct data that is inaccurate.
  • Delete your account (subject to legal retention for financial records).
  • Port your data to another service in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw any consent you previously gave.
  • Lodge a complaint with a supervisory authority (e.g. your national data-protection authority in the EU).

To exercise any of these, sign in and use the request form on the contact page, or email the address listed there. We respond within 30 days.

8. Cookies and analytics

We use strictly necessary cookies for sign-in and security. If we add analytics beyond that, we will ask for your consent first and never sell your data.

9. Children

EYASU Global is intended for adult members of the community. Youth Council participation for members under 18 requires the consent of a parent or legal guardian.

10. Changes to this policy

We will announce material changes in the news feed and, where required by law, ask for renewed consent.