Privacy
Statement

Our Commitment

Twogere ("we," "us," or "our") is committed to protecting the privacy and absolute confidentiality of the young people, partners, and donors we work with. This policy explains how we collect, use, and protect personal data in strict accordance with the Data Protection and Privacy Act (Uganda) and international digital health standards.

​

What Information We Collect

We collect information strictly necessary to deliver mental health interventions, measure impact, and manage operations:

• Beneficiary Data: Names, ages, school details, and mental health assessment notes or screening scores. Note: Clinical and psychological notes are classified as Special Category (Sensitive) Data.

• Donor & Volunteer Data: Contact information and secure transaction details for processing applications or donations.

• Digital Data: Anonymized IP addresses and cookies to optimize our website performance.

 

How We Use Your Data

Twogere uses collected data to:

• Deliver and track school-based mental health interventions.

• Generate completely anonymized aggregates for impact reporting, academic research, and donor updates (ensuring no individual student or school can ever be identified).

• Fulfill legal or safeguarding obligations under the Uganda Children Act.

 

Consent & The "Power of Choice"

• Informed Youth Consent: We believe in the agency of young people. We explain how their data is used in age-appropriate language before any support session.

• Institutional & Guardian Consent: For school-based mental health first aid, we operate under the institutional consent frameworks established with our partner schools and the Ministry of Education. For deep or specialized psychological interventions, explicit guardian consent is secured.

• Right to Withdraw: Beneficiaries or their legal guardians have the right to withdraw consent at any time, halting further data processing.

 

Data Security, Access, & Storage Boundaries

We enforce rigid security measures to protect sensitive health data:

• The School Boundary: Twogere’s confidential beneficiary case files are independent of standard school academic records. School administrations and teachers do not have access to private assessment notes unless a specific safeguarding threshold is met.

• Technical Safeguards: All mental health data is stored in encrypted, password-protected cloud systems with multi-factor authentication.

• Data Minimization: We only retain personal data for as long as necessary to fulfill our care obligations or as legally mandated by Ugandan health and data frameworks.

 

Sharing of Information

We do not sell, rent, or trade your data. Information is only shared under strict exceptions:

• Safeguarding Emergency: If a young person is deemed to be at immediate risk of self-harm, suicide, or severe abuse, confidentiality is bypassed to share life-saving data with designated safeguarding leads, medical professionals, or the Uganda Police Child and Family Protection Unit.

• Legal Mandate: Only when explicitly compelled by a court of law.

 

Your Legal Rights

Under the Data Protection and Privacy Act, our data subjects (and their legal guardians) have the right to:

• Request access to a copy of the data we hold about them.

• Request immediate rectification of inaccurate or outdated information.

• Request the complete deletion of their personal records (The "Right to be Forgotten"), subject to legal data retention overrides.

 

Governance & Contact

Twogere is committed to regulatory compliance. If you have questions regarding your data privacy, or wish to exercise your rights, contact our Data Protection Officer: Email: privacy@twogereug.org

Regulatory Oversight: Compliant with the National Information Technology Authority Uganda (NITA-U) Personal Data Protection Office guidelines.