African Association of Safety, Health and Environmental Professional Association (ASHEPA) (“we”, “us”, “our”) is the data controller for the personal information we collect and use. That means we decide how and why your personal information is processed.

We take privacy and data security seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you may have under applicable data protection laws.

1) What information we collect

The personal information we collect depends on the services you request (for example, training and certification, membership registration, consultancy, events, partnerships, volunteering, or enquiries).

We may collect:

1. Information you provide to us

• Identity details: full name, date of birth (where needed), gender (optional), nationality (optional)
• Contact details: email address, phone number, postal address, country/city
• Membership details: membership category, employer/organization, job title, professional interests
• Training & certification details: education, qualifications, work history, attendance records, assessment results, certificates issued, CPD logs
• Payment details: billing address, payment status, transaction references (note: we typically do not store full card details if payments are handled by a payment provider)
• Communications: messages you send to us, requests, feedback, complaint records
• Documents you submit: copies of IDs (only when necessary), certificates, letters, forms, photos for badges (if applicable)

1. Information we collect automatically (website & systems)

• Device and usage data: IP address, browser type, pages visited, timestamps, referral links
• Cookies/analytics data: depending on your cookie settings (see Section 10)

1. Information we may receive from others

• Referrers/partners who introduce you to ASHEPA (with appropriate permissions)
• Employers or training sponsors (where they register you for a program)
• Public sources (e.g., professional profiles) where relevant and lawful
• Anti-fraud and verification sources (only when needed)

Email and communications monitoring

We may keep records of emails and other communication channels used to contact us (for quality assurance, record-keeping, and security).

2) Why we need your information (our purposes)

We use personal information to:

• Provide services you request (membership, training, certification, consultancy, events)
• Verify identity where necessary (e.g., certification integrity, membership validation)
• Administer accounts (registrations, renewals, payments, and confirmations)
• Deliver training and certification (enrolment, attendance, assessments, issuing certificates)
• Communicate with you (service messages, updates, responses to enquiries)
• Improve our services (feedback, quality checks, program development)
• Prevent fraud and protect security (system monitoring, access controls)
• Meet legal and regulatory obligations (finance, audit, record retention, compliance requests)
• Manage complaints and disputes
• Send relevant information about ASHEPA programs and opportunities (where permitted)

3) Our legal basis for processing (where applicable)

Depending on the situation and applicable law, we rely on one or more of the following:

• Contract: to provide membership, training, certification, or consultancy you request
• Legal obligation: to comply with laws (e.g., financial record-keeping)
• Legitimate interests: to operate and improve ASHEPA, secure our systems, prevent fraud, and maintain accurate records (balanced against your rights)
• Consent: where required (e.g., certain marketing messages, optional data collection, cookies)
• Vital interests / public interest: only in rare circumstances where permitted by law

4) Sensitive or special-category data

Sometimes we may need additional information (for example, accessibility needs for training participation). We only collect and use sensitive information when:

• it is necessary for the service,
• it is lawful to do so, and
• we apply additional safeguards.

You can choose not to provide optional sensitive information, but it may limit what we can offer (for example, accommodations).

5) Automated decision-making and profiling

ASHEPA may use limited automated tools (for example, to detect duplicate registrations or suspicious payment activity). If we use automated processing that significantly affects you, we will provide information about it and, where required, offer a way to request human review.

6) How long we keep your information

We keep personal information only for as long as necessary for the purposes described in this policy, including legal, accounting, certification integrity, and dispute-handling needs.

Typical retention examples (can be adjusted):

• Membership records: while you remain a member and for a reasonable period after your membership ends
• Training/certification records: for as long as needed to verify credentials and meet audit/quality requirements
• Finance records: as required by applicable financial and tax laws
• Enquiry communications: for a limited period after resolution

When no longer needed, data is securely deleted, anonymized, or archived with restricted access.

7) How we protect your information

We use administrative, technical, and organizational measures such as:

• access controls and role-based permissions
• secure storage and encryption where appropriate
• staff confidentiality expectations
• secure backups and monitoring
• vendor due diligence for service providers

Email security notice: Email is not always secure. Please avoid sending highly confidential information by email. While we take reasonable steps to protect messages we receive, we cannot guarantee confidentiality during transmission.

8) Who we share your information with

We may share personal information only when necessary, including with:

• Service providers that support our operations (IT hosting, email systems, learning platforms, certificate tools, payment processors)
• Trainers, assessors, and moderators involved in delivering programs
• Partner organizations (only where you register through a partner or where required to deliver a joint program)
• Professional verification requests (e.g., verifying a certificate’s validity, with appropriate safeguards)
• Regulators, courts, law enforcement, or authorities where legally required
• Fraud prevention and security providers where appropriate to protect ASHEPA and its members

We do not sell your personal information.

9) International transfers

ASHEPA may store or process information in countries other than where you live (for example, if our IT providers host systems abroad). Where required, we use appropriate safeguards such as contractual protections and security controls.

10) Cookies and website tracking

Our websites may use cookies and similar technologies to:

• make the site work properly,
• remember preferences,
• understand usage (analytics),
• improve performance.

Where required by law, we will request your consent for non-essential cookies. You can also control cookies through your browser settings.

11) Your rights

Depending on applicable data protection laws, you may have rights such as:

• Right to be informed about how your data is used
• Right of access to your personal information
• Right to correction of inaccurate or incomplete information
• Right to deletion (in certain circumstances)
• Right to restrict processing (in certain circumstances)
• Right to object to processing (including direct marketing)
• Right to data portability (where applicable)
• Rights relating to automated decisions (where applicable)
• Right to withdraw consent (when processing is based on consent)

To exercise your rights, contact us using the details in Section 13. We may need to verify your identity before responding.

12) Complaints

If you are unhappy with how we handle your personal information, please contact us first so we can try to resolve the issue. You may also have the right to complain to your local data protection authority or regulator, depending on your country.

Contact ASHEPA

If you have questions about this Privacy Policy or how we process your personal information, contact us:

• Email: support@ashepa.org
• website: www.ashepa.org

Last updated: 20 December 2025