Policy

Privacy Policy

This policy explains how ICTAZ MU Chapter collects, uses, secures, and retains personal data across the public website, member portal, and admin workspace.

Scope

Who this applies to

This policy applies to members, leadership, election candidates, and visitors who submit forms on the ICTAZ MU Chapter platform. It aligns with chapter governance under the ICTAZ-MU Chapter Constitution and operational requirements for membership, elections, learning, events, and payments.

Data we collect

  • Identity and profile details: names, student number, NRC, date of birth, gender, phone, email, address, and profile image.
  • Account and security data: password hash, reset tokens, login history, and audit logs.
  • Membership and billing records: package selection, subscriptions, payment method, references, and approval status.
  • Participation records: votes, course activity, CTF activity, event registration, badges, rewards, and notifications.
  • Communications data: contact form submissions, admin broadcasts, and delivery status of email notifications.

How we use your data

  • To authenticate users, protect accounts, and maintain system security.
  • To manage chapter membership, subscriptions, renewals, and onboarding windows.
  • To run elections, verify eligibility, enforce one-person-one-vote controls, and support audits.
  • To provide learning services, resources, events, CTF rankings, and merit-based recognition.
  • To send important chapter communications, reminders, policy notices, and account updates.

Sharing and processors

  • Payment processing can involve external providers such as LencoPay for supported channels.
  • Email delivery is processed through configured SMTP providers and chapter mailboxes.
  • We do not sell personal data. Access is limited to authorized chapter administrators and role-based staff.

Retention and protection

  • Data is retained for operational, financial, election-audit, and governance continuity needs.
  • Passwords are stored as secure hashes, not plain text.
  • Sensitive access is governed by role permissions, audit logging, and constrained administrative controls.
  • You should keep your credentials private and report unauthorized account activity immediately.
Your Rights

Data access and correction

You may request profile correction, communication preference updates, or account review through the chapter contact channels. Some records (for example voting logs, finance records, and audit trails) are preserved where required for constitutional compliance, transparency, and accountability.

Policy effective date: April 12, 2026. This policy may be updated as chapter systems and governance obligations evolve.