Privacy Policy

International Voice of Tomorrow (iVOT) is the data controller in respect of all personal data processed through its website, membership registration platform, election monitoring programmes, management consultancy engagements, humanitarian partnerships, and any other service or programme operated under the iVOT brand. As data controller, iVOT determines the purpose and means of processing your personal data and bears full responsibility under the Nigeria Data Protection Act, 2023 for ensuring that such processing is lawful, fair, and transparent.

iVOT is a non-partisan, civic organisation dedicated to promoting democratic governance, peace, human rights, economic stability, and sustainable development — nationally and globally. Where iVOT engages data processors on its behalf, it ensures that appropriate data processing agreements are in place to safeguard the rights of data subjects at all times.

Pursuant to Section 25 of the Nigeria Data Protection Act, 2023, iVOT processes personal data only where a lawful basis exists. iVOT relies on the following lawful bases, depending on the nature and context of the processing activity:

iVOT collects only the personal data that is necessary, relevant, and proportionate to the purposes for which it is collected, in accordance with the data minimisation principle under Section 24(1)(c) of the NDPA. The following categories of personal data may be collected:

iVOT processes personal data strictly for the following defined, explicit, and legitimate purposes, in accordance with the purpose limitation principle under Section 24(1)(b) of the NDPA. Personal data shall not be further processed in a manner incompatible with these stated purposes.

• Membership Registration and Management: To register, verify, manage, and communicate with iVOT members, field agents, civic ambassadors, and volunteers across Nigeria and internationally — including the issuance of membership credentials and official identification.
• Election Monitoring Operations: To coordinate, deploy, and communicate with election observers and field agents at polling units across all 36 states and the FCT; to collect, verify, and collate election results and incident reports; and to compile credible election intelligence for advocacy and legal purposes.
• Civic Education and Voter Empowerment: To design, deliver, and evaluate civic education programmes; to identify and reach target communities for voter education initiatives; and to track programme participation and outcomes.
• Management Consultancy Services: To provide management consultancy, strategic advisory, and operational improvement services to client organisations — including the administration of consultancy engagements, invoicing, and communications.
• Partnership and NGO Collaboration: To process partnership enquiries, manage formal partnership agreements, and communicate with domestic and international partner organisations, NGOs, government bodies, and academic institutions.
• Donation and Financial Management: To process donations, issue receipts, maintain donor records, comply with financial reporting obligations, and communicate with donors about iVOT's programmes and impact.
• Humanitarian and Development Programmes: To administer scholarship applications, mentorship programmes, and humanitarian aid coordination, including the identification and support of beneficiaries.
• Website Operation and Security: To operate, maintain, and improve the iVOT website; to ensure network and information security; to detect and prevent fraud, abuse, and unauthorised access; and to analyse website usage for continuous improvement.
• Legal Compliance and Regulatory Obligations: To comply with applicable Nigerian laws and regulations, respond to lawful requests from competent authorities, and enforce iVOT's legal rights where necessary.
• Stakeholder Communication: To send newsletters, programme updates, event invitations, and advocacy communications to members, supporters, and partners who have consented to receive such communications.

iVOT processes personal data through both automated and manual means, employing appropriate technical and organisational measures to ensure security and compliance at every stage of the data processing lifecycle, as required by Section 38 of the NDPA.

• Online Collection: Personal data is collected through secure web-based forms on www.ivot.org.ng — including the membership registration form, partnership enquiry form, donation portal, and newsletter subscription form. All web forms are transmitted via encrypted HTTPS connections.
• Offline and Field Collection: Personal data may also be collected offline by authorised iVOT field agents and coordinators during election monitoring operations, civic education programmes, and community engagement activities. Offline data is subsequently digitised and transferred to iVOT's secure management systems.
• Automated Processing: iVOT's website and digital platforms use automated tools to collect technical and usage data (such as cookies, IP logs, and analytics), to validate submitted data, and to trigger automated communications (such as registration confirmations). Significant decisions affecting data subjects are not made solely by automated means without human review.
• Manual Processing: iVOT staff and authorised personnel manually review, organise, and process personal data in the discharge of their organisational and operational responsibilities, subject to internal data access controls.
• Data Storage: Personal data is stored on secured servers — either hosted in-country in Nigeria or with internationally recognised cloud service providers that maintain equivalent data protection standards. Data storage is subject to defined retention schedules and is not kept longer than necessary for the stated purpose.
• Data Transmission: Where personal data is transmitted electronically — including to authorised third parties — iVOT employs industry-standard encryption (TLS/SSL) and secure file transfer protocols to protect data in transit.
• Data Retention: iVOT retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Membership data is retained for the duration of active membership and for a period not exceeding three (3) years after membership lapses, unless a legal obligation requires longer retention. Donor records are retained for a minimum of six (6) years in compliance with financial record-keeping obligations. Technical and usage data is retained for no longer than twelve (12) months.
• Data Destruction: Personal data that is no longer required is securely deleted, anonymised, or physically destroyed in a manner that prevents reconstruction or unauthorised recovery.

iVOT does not sell, rent, or transfer personal data to third parties for commercial gain. However, in the discharge of its civic, humanitarian, consultancy, and operational mandate, iVOT may share personal data with the following categories of authorised third parties, strictly on a need-to-know basis and subject to appropriate contractual data protection safeguards:

The specific purposes for which authorised third parties are permitted to access personal data processed by iVOT are strictly defined and limited as follows:

• Service Delivery Support: Technology and platform service providers access personal data solely to host, maintain, and operate iVOT's digital infrastructure on iVOT's behalf. They are contractually prohibited from using the data for any independent purpose.
• Joint Programme Implementation: International NGO and civil society partners may access relevant participant or beneficiary data only for the purpose of jointly delivering the specific programme, mission, or activity for which iVOT and the partner have a formal agreement — and for no other purpose.
• Legal and Regulatory Compliance: Government and regulatory authorities receive data only where required by applicable Nigerian law, court order, or formal regulatory demand — and only to the minimum extent necessary to satisfy the legal requirement.
• Financial Transaction Processing: Payment and banking partners access financial data strictly for the purposes of processing, settling, and reconciling donation and membership payment transactions — and for fraud detection and anti-money laundering compliance.
• Professional Advisory Services: Legal, audit, and compliance advisors access personal data strictly to the extent required to provide the professional advice or service engaged — subject to professional confidentiality and data protection obligations.
• Anonymised Research and Policy Analysis: Academic and research partners access data in anonymised or pseudonymised form for the purpose of producing electoral research, policy analysis, and civic reports that contribute to public knowledge and democratic improvement — without identifying individual data subjects.
• Vital Interest Protection: In exceptional circumstances — such as a security incident during election monitoring field operations — limited personal data may be disclosed to relevant authorities strictly for the purpose of protecting the physical safety of iVOT agents or members of the public.

In every case of third party access, iVOT ensures through contractual, technical, and organisational measures that the third party processes personal data only for the stated purpose, retains it only for as long as necessary, and implements appropriate security measures to protect it. Third parties are not authorised to further disclose or sub-process the data without iVOT's explicit written consent.

Under the Nigeria Data Protection Act, 2023, you — as a data subject — have the following rights in respect of your personal data processed by iVOT. iVOT is committed to facilitating the exercise of these rights promptly, transparently, and free of charge, in accordance with Sections 34–43 of the NDPA.

iVOT is committed to resolving data protection concerns, complaints, and disputes raised by data subjects promptly, fairly, and transparently — without requiring formal external intervention wherever possible. If you have a concern about how iVOT has processed your personal data, or you believe that your data protection rights have been infringed, you are encouraged to seek internal remediation through the following process:

• Step 1 — Submit a Complaint: Submit your written complaint or concern to iVOT's Data Protection Officer (DPO) using the contact details below. Your complaint should clearly describe the nature of your concern, the personal data involved, and the outcome you are seeking. iVOT will acknowledge receipt of your complaint within 24 hours.
• Step 2 — Investigation: The DPO will conduct a fair and thorough investigation of your complaint, reviewing all relevant processing activities and records. You may be contacted during this process for further information or clarification.
• Step 3 — Decision and Response: iVOT will provide a written decision and response to your complaint within 14 working days of the acknowledgement date for routine complaints, or within 30 calendar days for complex matters. The response will include the outcome of the investigation, any remedial action taken or proposed, and your right to escalate to the NDPC if dissatisfied.
• Step 4 — Remediation: Where iVOT finds that a data protection concern is valid, it will take immediate and proportionate remedial action — which may include correction of inaccurate data, deletion of unlawfully processed data, restriction of ongoing processing, review of third party data sharing arrangements, or notification to affected parties as required by law.

iVOT encourages all data subjects to use this internal remediation channel as a first step, as it is often the fastest and most effective route to resolution. However, using the internal process does not prejudice your right to lodge a complaint directly with the Nigeria Data Protection Commission at any time.

Pursuant to Section 45 of the Nigeria Data Protection Act, 2023, every data subject has the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if they believe that the processing of their personal data by iVOT has infringed the provisions of the NDPA or any applicable data protection regulation. This right exists independently of, and is not affected by, the internal remediation process described in Section 9 above.

You may lodge a complaint with the NDPC at any time — including where you are dissatisfied with the outcome of iVOT's internal complaint process, or where you prefer to submit your complaint directly to the regulator without first engaging iVOT.

When lodging a complaint with the NDPC, you are advised to: (a) clearly describe the nature of the alleged data protection infringement; (b) identify iVOT (International Voice of Tomorrow, www.ivot.org.ng) as the relevant data controller; (c) provide details of any steps already taken to resolve the matter directly with iVOT; and (d) attach any relevant correspondence or evidence. The NDPC will investigate complaints in accordance with its statutory mandate and may impose sanctions on data controllers found to be in breach of the NDPA.

iVOT reserves the right to update or amend this Privacy Policy from time to time to reflect changes in our data processing activities, applicable law, or regulatory guidance. The most current version will always be published at www.ivot.org.ng/privacy. Material changes will be notified to registered members via email or prominent notice on the iVOT website. The date of the last update is indicated at the top of this Policy. Continued use of iVOT's website and services following notification of a material change constitutes acceptance of the updated Policy.

If you have any questions about this Privacy Policy or wish to understand more about how iVOT processes your personal data, please contact our Data Protection Officer at privacy@ivot.org.ng.