Which personal data do we keep and why?

Backup Uganda collects, stores and protects personal data in compliance with the EU’s GDPR (2018) and Uganda’s Data Protection & Privacy Act (2019).

At Backup Uganda we only collect data that are reasonable or necessary to achieve the goal of interaction with the organization. This only includes basic personal information. We only keep your personal data when you have shared these with us yourself. For example, this happens when you sign up for our newsletter through the website. We also receive and keep your data when you make a donation to us, directly to our bank account, via Mobile Money or through GlobalGiving. If you make an anonymous donation through GlobalGiving, of course we will not receive and keep your personal data. In addition, our website does not collect any data from visitors through cookies.

When you subscribe to our newsletter, we save your name (if you filled it out) and your email address, so we can share our newsletter with you every month. When you make a donation to us, we save – unless you have done this anonymously – your name and email address and/or phone number, so we can send you a message to thank you. We also use these data to keep you updated on possible new campaigns. When you set up an ANBI agreement with us, we keep this written agreement for administrative purposes. When you donate through GlobalGiving, your data (name and email address) are saved for one extra purpose: to send you a quarterly update on the project you donated to.

When you apply for a voluntary or paid position at Backup Uganda, we will ask for your personal information including names, nationality, date of birth, contact information, educational level and qualifications and professional/employment-related information. If you are hired, we will also ask for your bank account name and number, your NIN/passport, TIN and NSSF numbers.

When you participate in any of our project activities, we may ask for your name, age and contact information, primarily for reporting purposes. If you agree to be included in a photo, video or audio recording, that means we will also have sensory data of you. Please know that we will never take these without your permission and we will only share it in ways that you have agreed with.

When you are a parent or learner who has requested our support, we will also collect education information and details on disabilities, behavior, attitudes, learning abilities and learning needs. These will help us develop Individualized Support Plans (ISPs). 

When you visit our office, we will ask you to sign our visitors book, where you can share your names and contact information. Please know that you are not obliged to write in it if you do not want to.

Of course you are always welcome to request us to share with you your personal data, to adjust them, to stop using them and/or to no longer keep them. The simplest way to do this is by sending an email to Please keep in mind that we need at least your email address to share the newsletter with you. If you no longer want to receive it, you can unsubscribe through the link at the bottom of the newsletter in your inbox.

Who are keeping and protecting your data?

All personal data that we keep are only accessible for the Treasurer to our Board and our internal team in Uganda. They are responsible for protecting these data on the computers and external storage devices that they use. The Uganda Country Director also serves as the Personal Data Protection Officer within the organization. Our current Data Protection Officer is Annemaaike Kruisselbrink, our Co-Founder & Uganda Country Director. You can reach her with your questions and concerns via

How do you know which data we keep?

This privacy statement is available for everyone on our website. This way, you can find out exactly which personal data we keep and how we handle these. When you subscribe for our monthly newsletter, you will automatically receive a confirmation email with a link to this privacy statement. When you make a donation through GlobalGiving, this platform also receives and saves your personal data. If you want to know how they use and protect your data, you can take a look at their website.

How do we save and protect your data?

When we save your personal data, we intend to do this in the safest way possible. That is why we only save your data in encrypted/password protected files that are not accessible for anyone who is unauthorized to do this. We also make sure that we keep these files on encrypted external storage devices, just in case something happens to our computers. We do not store any data on servers other than our own computers. We choose our passwords with care and change them regularly.

Since we use MailChimp and GlobalGiving, we are not always the only ones who save your data when you are having an interaction with us. MailChimp and GlobalGiving have their own privacy policies that you can access on their websites. In addition, we have signed a data processing agreement with MailChimp, which states exactly who is responsible for what. Know that your data are not just there to be found by anyone; they are always stored within a safe online environment. Your data are not used by other third parties.

Generally, we do not print the documents that contain your personal data. If we do need a printed version or if we have a document containing your personal data that you wrote down yourself, we make sure we keep these in files that are only accessible to the authorized team members. Since ANBI agreements are processed through hard copy documents, we save the related forms in files that are only accessible to the Treasurer of our Board.

We keep your data as long as necessary  to continue a specific interaction with us. When this interaction ends, we will keep your data for a maximum of 5 years, unless you request us to remove these earlier.

Of course we are doing the best we can to prevent data breaches – like we mentioned, by encrypting files with personal data. In the unfortunate event of a data breach that includes the likelihood of unauthorized individuals being able to access personal data, we will report this to the Dutch Data Protection Authority or the Personal Data Protection Office in Uganda within 72 hours. We will also inform all individuals who are possibly involved.


If changes take place in the way we do our work that have an effect on the way we collect and keep your personal data, we will include this in our privacy policy immediately. We will inform you about this through our website, our social media pages and email.

If you are not happy with the way we handle your personal data, we would love to hear this immediately through In addition, you have the right to file a complaint with any authority that is authorized to receive complaints like this. The Dutch Data Protection Authority and the Personal Data Protection Office in Uganda are examples.

Last updated: 13 July 2023