Privacy Notice

Last updated: 15 June 2026

1. Who we are

This Privacy Notice explains how personal data is handled on the website of True-Development / True Development Turkana Campus.

The controller responsible for the processing of personal data is:

Humphry Gafire Lomuria
Email: info@true-development.org
Website: https://www.true-development.org

No Data Protection Officer has been appointed at this stage. For all data protection enquiries, please contact us at:
info@true-development.org

2. Scope of this Privacy Notice

This Privacy Notice applies to the website https://www.true-development.org and to communication with us through email, contact forms, or other direct communication channels connected to the True-Development project.

The True-Development website is primarily an information website. We do not use the website to create visitor accounts, sell products, process online payments, run behavioural advertising, or track visitors for marketing purposes.

3. Personal data we process

We only process personal data when it is necessary for the operation of the website or when you actively contact us.

3.1 Technical access data

When you visit the website, technical data may be processed automatically by the website server or hosting provider. This may include:

• IP address
• Date and time of access
• Requested page or file
• Browser type and version
• Operating system
• Referrer URL, if available
• Access status or error messages

We process this data to make the website available, maintain security, prevent misuse, and diagnose technical problems.

Legal basis: Article 6(1)(f) GDPR, legitimate interests. Our legitimate interest is the secure and reliable operation of the website.

3.2 Contact and communication data

If you contact us by email, contact form, telephone, or another communication channel, we may process the personal data you provide. This may include:

• Name
• Email address
• Telephone number, if provided
• Organisation, institution, or company, if provided
• Country or location, if provided
• Message content
• Attachments, if provided
• Communication history

We use this data to respond to your enquiry, communicate with you, evaluate partnership or funding opportunities, coordinate project-related communication, and maintain records of relevant project communication.

Legal basis:

Article 6(1)(b) GDPR, where communication is necessary to take steps before entering into a contract, cooperation, donation agreement, partnership, or other formal arrangement.

Article 6(1)(f) GDPR, where processing is necessary for our legitimate interest in responding to enquiries and managing project communication.

Article 6(1)(c) GDPR, where we are legally required to retain certain records.

4. Fonts

This website uses the typefaces Fraunces and Inter. Both fonts are self-hosted on our own server and loaded directly from this website. No external font requests are made and no font-related data is transmitted to any third party.

5. No analytics, tracking, or advertising cookies

We do not use analytics cookies, advertising cookies, tracking pixels, behavioural advertising, or profiling tools.

We do not use personal data to create visitor profiles.

If we introduce analytics, embedded third-party content, marketing tools, newsletter tools, donation tools, or non-essential cookies in the future, we will update this Privacy Notice and, where legally required, request consent before activating such tools.

6. Purposes of processing

We process personal data for the following purposes:

• Operating and securing the website
• Responding to enquiries
• Communicating with potential partners, donors, institutions, researchers, community representatives, and supporters
• Preparing and managing project-related cooperation
• Documenting relevant communication
• Protecting our legal rights
• Complying with legal, accounting, reporting, or governance obligations, where applicable

We do not sell personal data.

We do not use personal data for automated decision-making or profiling.

7. Who receives personal data

Personal data may be accessed by people or organisations only where necessary for the purposes described in this Privacy Notice.

Possible recipients include:

• Members of the True-Development team
• Hosting and IT service providers
• Email and communication service providers
• Legal, accounting, compliance, or advisory service providers
• Project partners, where necessary to respond to your enquiry or coordinate project-related communication

Service providers who process personal data on our behalf are required to protect the data and process it only according to our instructions, where legally required.

8. International transfers

The True-Development project may involve communication with people or organisations in the European Union, the United Kingdom, Kenya, and other countries.

Where personal data is transferred outside the European Economic Area, we will only do so where permitted under the GDPR. This may include transfers based on an adequacy decision by the European Commission, appropriate safeguards such as EU Standard Contractual Clauses, or another lawful transfer mechanism under the GDPR.

Where communication with project partners in Kenya or another non-EEA country is necessary to respond to your enquiry or coordinate project-related work, we will limit the shared data to what is necessary for that purpose.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected and for as long as there is a lawful reason to retain it.

Technical server logs are normally kept only for the period necessary for security, troubleshooting, and technical operation, unless longer retention is required to investigate misuse, attacks, or legal claims.

General enquiries are kept for as long as necessary to respond to the enquiry and manage the related communication. If there is no ongoing relationship, project relevance, legal obligation, or justified accountability reason, the data will be deleted or anonymised when it is no longer needed.

Partnership, donor, institutional, or project-related communication may be kept for a longer period where necessary for project documentation, governance, reporting, accountability, legal, or funding purposes.

Where statutory retention periods, limitation periods, accounting duties, reporting duties, donor accountability duties, or legal defence requirements apply, we may keep the relevant data for the longest period legally permitted and necessary for the specific purpose.

We review retained communication data periodically and delete or anonymise personal data when there is no longer a lawful reason to keep it.

10. Your rights

Under the GDPR, you may have the following rights, depending on the situation:

• Right of access to your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure of your personal data
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent, where processing is based on consent
• Right to lodge a complaint with a data protection supervisory authority

To exercise your rights, contact us at:
info@true-development.org

We may need to verify your identity before responding to your request.

11. Right to object

Where we process personal data based on Article 6(1)(f) GDPR, legitimate interests, you have the right to object to this processing on grounds relating to your particular situation.

If you object, we will stop processing the relevant personal data unless we can demonstrate compelling legitimate grounds for the processing, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.

12. Providing personal data

You are not legally required to contact us or provide personal data through the website.

However, if you contact us and do not provide the information necessary to respond, we may not be able to answer your enquiry or continue communication with you.

13. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

However, no website or email communication can be guaranteed to be completely secure. Please avoid sending highly sensitive information unless it is necessary.

14. Changes to this Privacy Notice

We may update this Privacy Notice when the project develops, when the website changes, or when legal requirements change.

The latest version will be published on this website.