Privacy Policy

Last Updated: June 7, 2025

1 Who We Are

This Privacy Policy applies to the Species Saviour Initiative (SSI) (“we,” “our,” or “us”), a non-profit organization registered in Somalia under Registration Number 0000133, with headquarters at Plot 425/462, Mereysane Road, Halgan Neighborhoods, Garowe, Puntland State of Somalia, and operating the website https://speciessaviour.org/

We are committed to safeguarding your privacy and protecting your personal data in accordance with applicable Somali, regional, and international data protection laws.

For any questions regarding this policy or your personal data, please contact our Data Protection Officer (DPO):

  • Name: Abdullahi Wacane
  • Email: wacane@speciessaviour.org
  • Privacy Contact Email: privacy@speciessaviour.org
  1. Types of Data We Collect
  2. a) Personal Data
    Name, email, phone, organization/affiliation.
    b) Technical Data
    • IP address, device info, cookies, analytics.
    c) Special Category Data
    • Health data (e.g., allergies for fieldwork volunteers) Ethnicity data, when collected for clan-partnered conservation programs, is immediately anonymized and aggregated to protect individual identities.

d) Data We Never Collected:

Political/religious views, biometrics.
Children’s Data. We do not process data from individuals under 16 without parental consent.e) How We Collect Data

  • Directly from you via forms (e.g., contact form, membership application, newsletter signup, event registration).
  • Automatically through cookies and analytics when you visit our website.
  • Through third-party integrations such as payment processors (e.g., PayPal, Sahal EVC, E-dahab, Zaad) or social media embeds.

3. Purpose and Legal Basis for Processing

a) Purpose: We process personal and technical data only for purposes that are lawful, transparent, and necessary for advancing our biodiversity conservation mission. Specifically:

  • We process personal information to respond to inquiries, relying on our legitimate interest in engaging with individuals who contact us.
  • We process payment-related information to manage donations and memberships, as required for contractual purposes and to comply with the Financial Reporting Centre (FRC) regulations in Somalia.
  • We send newsletters and organizational updates only with the explicit consent of recipients.
  • We process participant information for event coordination and volunteer programs, relying on consent and legitimate interest where applicable.
  • We use website analytics in an anonymized format to improve our site’s performance and accessibility, based on legitimate interest.

b) Legal Basis for Processing (in accordance with GDPR where applicable):

  • Consent — when you subscribe to our newsletter or register for events.
  • Contractual Necessity — processing donations or event registrations.
  • Legitimate Interest — ensuring website security, improving services, and promoting our biodiversity conservation mission.

4. Third Parties and Data Sharing

We share data only with trusted service providers who process information on our behalf under strict confidentiality and security obligations. These include:

  • Payment processors In line with Somali law, anti–money laundering checks are conducted in accordance with Financial Reporting Centre (FRC) guidelines. Payment processors such as Zaad and E-Dahab operate under the Somalia Anti-Money Laundering Directive 2021 issued by the Central Bank of Somalia. We share only transaction identifiers with these providers; no behavioral or contact data is exchanged.
  • Analytics providers such as Google Analytics, which receive anonymized and masked IP addresses to help us understand website traffic and improve services.
  • Secure hosting providers, which store encrypted data in accordance with industry best practices.
  • Clarify International Data Transfers. Where data is transferred internationally, we use legally recognized safeguards. Data transferred outside the EU/EEA (e.g., to U.S.-based tools like Google Analytics) is protected by Standard Contractual Clauses (SCCs) or adequacy decisions. Somali mobile money transaction data remains within Somalia’s domestic banking infrastructure.
  • Embedded content from third-party sites (e.g., YouTube, social media, articles) behaves as if the user visited the other site, and may involve data collection/tracking per that site’s own privacy policy.

We maintain strict prohibitions on the misuse of data:

  • We do not sell personal information to advertisers.
  • We do not share data with commercial entities for marketing or unrelated purposes.

4. Cookies & Tracking Technologies

a) We use cookies and similar tracking technologies to:

  • Enable essential website functionality.
  • Improve user experience and navigation.
  • Collect analytical data to enhance our services.

b) Types of cookies used:

  • Essential Cookies — Required for the website to function.
  • Functional Cookies — Remember your preferences.
  • Analytical Cookies — Help us understand visitor interactions.
  • Marketing Cookies — Used only if you consent.

You can manage or disable cookies through your browser settings. Some features of the website may not work properly if cookies are disabled.

c) Third-Party Embeds:
Social media widgets (e.g., Facebook Like button) follow their policies. Disable via browser extensions.

6. Data Retention and Storage

a) Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, meet legal requirements, and protect our legitimate interests.

  • Donation records are retained for seven (7) years in accordance with best practices under Somalia’s Data Protection Act (2023) and internal accountability standards
  • Newsletter subscription data is stored until the subscriber withdraws consent.
  • Event registration data is retained for two (2) years after the event concludes for operational and reporting purposes.
  • Anonymized website analytics data is retained for 14 months in line with Google Analytics’ retention policy.

b) Storage and Security
All personal data is stored on AES-256 encrypted servers located in Garowe, Somalia. Our headquarters at Halgan HQ is protected by biometric access controls. We also implement rigorous data protection measures, including annual penetration testing and mandatory staff training based on the Puntland Data Protection Guidelines.

c) Secure Deletion
When data is no longer needed, it is permanently destroyed using NIST 800-88 compliant cryptographic erasure, ensuring that no data can be reconstructed or recovered.

 

7. User Rights

Your Rights Under Somali & International Law. You have the following rights:

  • Access — Request a copy of your personal data we hold.
  • Rectification — Request corrections to inaccurate or incomplete data.
  • Deletion — Request that we delete your personal data.
  • Data Portability — Request a copy of your data in a portable format.
  • Withdraw Consent — Withdraw consent for data processing at any time.

How to exercise your rights:
Please contact us at privacy@speciessaviour.org with your request.
We may require proof of identity before processing your request to ensure your privacy and security. We will respond within 30 days of receiving your request.

Appeals: Rejected requests may appeal to Somalia’s National Communications Authority (NCA).

8. Data Security & Breach Notification

a) Protective Measures
We employ a multi-layered security approach to safeguard all personal and organizational data. All data in transit is protected using TLS 1.3 encryption, while data at rest is secured with AES-256 encryption. Access to personal data is strictly controlled through role-based permissions, ensuring that only authorized personnel can view or edit sensitive information. We maintain a proactive vulnerability management program, including quarterly security scans and an active bug bounty program to identify and resolve potential weaknesses before they can be exploited.

b) Breach Response
In the event of a suspected or confirmed data breach, our Data Protection Officer (DPO) is alerted within 24 hours. Where applicable, incidents are reported to the relevant regulatory authorities—such as the Somalia National Communications Authority (NCA) for all breaches, and the appropriate EU Data Protection Authority where GDPR applies. If a breach poses a risk to individual rights and freedoms, we notify affected individuals within 72 hours. For incidents with potentially high public impact, we also issue a public disclosure notice via a banner on our website.

c) Conflict-Sensitive Data Practices
Recognizing the unique security challenges in our operational context, we apply conflict-sensitive data handling protocols. These include disabling GPS data logging in high-risk areas to prevent the identification or targeting of vulnerable communities. Such measures are integral to our commitment to both privacy and the safety of those we serve.

9. Automated Decision-Making & Profiling

We do not engage in automated profiling intended to evaluate personal aspects such as behavior, preferences, or personality traits. No artificial intelligence systems are used for such purposes.

Where automated processes are applied, they operate under clearly defined, rule-based parameters:

  • Fraud Prevention: Transactions originating from countries or individuals subject to sanctions by the Office of Foreign Assets Control (OFAC) are automatically blocked.
  • Communication Management: Newsletter distribution lists may be organized through manual tagging (e.g., identifying donors who have contributed over USD 100) to ensure recipients receive content relevant to their level of engagement.

All significant decisions that may affect an individual are subject to human oversight. Our staff reviews each case to ensure fairness, accuracy, and compliance with applicable laws before any final action is taken.

 

10. Policy Updates, Contact & Governing Law

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

a) Modifications
Version control: v1.2 (current), archived at privacy@speciessaviour.org.
• Notification: Registered users alerted via email 30 days before changes.
• Effective date: Posted conspicuously on policy header.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information

b) Complaints
First contact: DPO (wacane@speciessaviour.org).
• Escalation paths:

c) Governing Law
Primarily: Somalia Data Protection Act
• Supplementary: GDPR (for EU donors), CCPA (for Californian donors)

About

SSI is an indigenous-led conservation organization in Somalia, founded on the principle of regenerosity—a reciprocal relationship between people and nature. We partner with local communities to protect biodiversity through a unique model that blends traditional knowledge with modern science. By empowering those who have safeguarded these lands for generations, we create lasting solutions where both ecosystems and communities thrive together.

Somalia Office (Head Office)
Mereysane Rd, Halgan, Garowe, Puntland, Somalia
Tel: +252 905 543 895
E: info@speciessaviour.org

Kenya Satellite Office    Unicity Building, Off Thika Rd, P.O. Box 12898-00400 Nairobi, Kenya.
Tel: 254724 409540

EU Liaison Office
Hazelburry Park, Clonee, Dublin 15, Ireland
Tel:- +353 87 035 1219
E: info@speciessaviour.org

Useful Links

What We Do
Programs
Get Involved
Publications
Safeguarding
Jobs
FAQs
Donate to Us

In Partnership With

Government of Puntland

©2025 {SSI.} All Rights Reserved

Terms & Conditions

Privacy Policy

Follow us