Privacy Policy

Personal Identification Information:

• Name: First name and last name
• Contact Information: Email address and phone number
• Professional Details: Designation/role and state of assignment
• User Account: User ID and role-based access permissions

Project-Related Data:

• Project Assignments: Projects assigned to users
• Activity Logs: Login attempts, system usage, and data submissions
• Performance Data: Project indicators, targets, and achievements

Technical Information:

• Device Information: IP address, browser type, and operating system
• Session Data: Login timestamps and activity tracking
• Security Logs: Authentication attempts and security events

Primary Purposes:

• User Authentication: To verify your identity and provide secure access
• Project Management: To assign and track project responsibilities
• Data Collection: To gather project performance indicators and achievements
• Reporting: To generate reports for stakeholders and development partners
• Communication: To send important updates and notifications

Legal Basis for Processing:

• Contract Performance: Processing necessary for your role and project assignments
• Legitimate Interest: Improving system security and user experience
• Legal Obligation: Compliance with government reporting requirements
• Consent: For optional communications and data processing

• Government Authorities: As required by law or government regulations
• Development Partners: World Bank and other partners for project monitoring and evaluation
• Service Providers: IT service providers who assist in system maintenance (under strict confidentiality agreements)
• Legal Requirements: When required by court order or legal process

Security Measures:

• Encryption: All data transmitted over HTTPS with TLS encryption
• Access Controls: Role-based access with strict authentication requirements
• Password Security: Strong password policies and secure hashing
• Session Management: Secure session handling with automatic timeout
• Audit Logging: Comprehensive logging of all system activities
• Regular Updates: Security patches and system updates

Retention Periods:

• Active User Data: Retained while account is active
• Project Data: Retained for 7 years for audit and reporting purposes
• Login Logs: Retained for 2 years for security monitoring
• Inactive Accounts: Deleted after 2 years of inactivity

Data Deletion:

• Automatic Deletion: Inactive accounts and expired data are automatically removed
• Manual Deletion: You can request deletion of your personal data
• Backup Retention: Backups are retained for 30 days then securely destroyed

Essential Cookies:

• Session Cookies: Required for system functionality and security
• Authentication Cookies: Store login status and user preferences
• Security Cookies: CSRF protection and session validation

No Third-Party Tracking: We do not use third-party cookies, analytics, or tracking tools.

Cookie Management: You can control cookies through your browser settings, though disabling essential cookies may affect system functionality.