Privacy Policy

Future Health (GHP-SD) — formally registered as Global Health Programs for Sustainable Development — is a non-profit public health organization incorporated in Burundi (RC n° 0074380/25 · NIF 4003183623). Our registered office is located at Avenue de l'Université, Hôtel de Ville, Bureau n°9, Zone Bwiza, Commune MUKAZA, Bujumbura, Burundi.

We operate the website www.futurehealth-ghpsd.org (the "Site") as a public information resource about our programs, clinical services, research, and organization. For the purposes of applicable data protection law, Future Health (GHP-SD) is the data controller responsible for your personal information.

If you have any questions about this policy or how we handle your data, you may contact us at any time using the details provided in Section 12.

We collect information in two ways: information you provide to us voluntarily, and information collected automatically when you use the Site.

Information You Provide Voluntarily

• Contact form submissions — your name, email address, organization, and the message you send us through forms on the Site.
• Partnership inquiries — organization name, organization type, contact person name, and email when you complete the partner inquiry form.
• Newsletter subscriptions — your email address when you subscribe to our quarterly newsletter.
• Job applications and volunteer expressions of interest — your name, contact details, and CV or supporting documents when you apply for a position or fellowship.
• Media and press inquiries — your name, media outlet, and the nature of your request.

Information Collected Automatically

• Usage data — pages visited, time spent, referring website, and navigation path, collected via Google Analytics 4 in anonymized, aggregated form.
• Device and browser data — browser type and version, operating system, and screen resolution used to ensure the Site displays correctly.
• IP address — recorded in server logs for security and fraud-prevention purposes; not linked to your identity.

We process personal data only for the specific purposes listed below and only where we have a valid legal basis to do so.

• To respond to inquiries — when you contact us through a form, we use your name and contact details to reply to your message. Legal basis: legitimate interest.
• To send newsletters — with your explicit consent, we send quarterly updates on our programs and research. You may unsubscribe at any time. Legal basis: consent.
• To process partnership proposals — to evaluate and follow up on collaboration requests from organizations. Legal basis: legitimate interest in fulfilling our mission.
• To improve the Site — anonymized analytics data helps us understand which pages are most useful and identify technical issues. Legal basis: legitimate interest.
• To maintain security — server logs and IP addresses are retained for a limited period to detect and prevent unauthorized access or abuse. Legal basis: legitimate interest.
• To comply with legal obligations — where Burundian law or another applicable legal framework requires us to retain or disclose information. Legal basis: legal obligation.

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

Patients seeking clinical services at the Ubuntu Medical Center, or those enrolled in our community health programs, have their health data managed under a separate, dedicated clinical information management system governed by applicable healthcare data protection regulations and our internal clinical governance policies.

Research participants whose data forms part of our published studies have provided separate, informed consent under Institutional Review Board (IRB) protocols. Anonymized, aggregated research datasets may be published in academic journals or shared with verified partners — no individual can be identified from such data.

If you are a research partner or academic institution requesting access to anonymized datasets, your request will be handled under our formal data-sharing agreement process, which requires IRB approval documentation. Contact us at healthfuture682@gmail.com with the subject line "Research Data Request."

Cookies are small text files placed on your device when you visit a website. We use a minimal set of cookies to make the Site function properly and to understand how visitors use it.

Essential Cookies

These cookies are necessary for the Site to function. They enable core features such as security, navigation, and session management. They cannot be disabled without breaking the Site.

Analytics Cookies (Google Analytics 4)

We use Google Analytics 4 with IP anonymization enabled to collect aggregated, anonymized data about how visitors use the Site — such as which pages are visited most frequently and how long visitors stay. This data is processed by Google LLC on our behalf. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

No Marketing or Tracking Cookies

We do not use advertising networks, retargeting pixels, social media tracking scripts, or any form of cross-site behavioral tracking on this website.

You can control and delete cookies through your browser settings at any time. Please note that disabling analytics cookies does not affect your ability to use the Site.

We use a small number of trusted third-party services to operate the Site. Each processes data only as necessary and under binding data processing agreements:

• Google Analytics 4 (Google LLC, USA) — anonymized website usage analytics. Data is processed in the EU/USA under Google's data processing terms.
• Google Fonts (Google LLC, USA) — font files served from Google's CDN. Your IP address may be logged by Google when fonts are loaded.
• WhatsApp Business (Meta Platforms, Inc., USA) — our contact forms open a pre-filled WhatsApp message in your browser. No data is sent to us until you actively send the message from your own WhatsApp account. WhatsApp's Privacy Policy governs that interaction.
• Vercel Inc. (USA) — our website hosting provider. Vercel processes request logs and performance data to deliver the Site securely and reliably.

We do not share your personal information with third parties except as described above, as required by law, or with your explicit consent.

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law.

• Contact form inquiries — retained for up to 2 years to allow for follow-up correspondence, then deleted.
• Newsletter subscriptions — retained until you unsubscribe. Upon unsubscription, your email address is removed from active lists within 30 days.
• Partnership proposals — retained for up to 3 years for organizational record-keeping, then securely deleted.
• Server access logs — retained for 90 days for security purposes, then automatically purged.
• Analytics data — retained in anonymized, aggregated form in Google Analytics for up to 14 months per Google's standard retention policy.

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with any individual.

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Right to access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate or incomplete data.
• Right to erasure — you may ask us to delete your data where there is no compelling reason for us to continue processing it.
• Right to restrict processing — you may ask us to pause processing while a dispute is resolved.
• Right to data portability — you may request that we provide your data in a structured, machine-readable format.
• Right to object — you may object to processing based on legitimate interest, including direct communications.
• Right to withdraw consent — where we process data based on consent (e.g., newsletter), you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at healthfuture682@gmail.com with the subject line "Data Rights Request." We will respond within 30 days. We may ask you to verify your identity before processing your request.

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption (TLS) for all data transmitted between your browser and our servers.
• Access controls limiting who within our organization can access personal data.
• Regular security reviews of our hosting infrastructure.
• Staff awareness of data protection obligations.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law.

This website is not directed at children under the age of 16, and we do not knowingly collect personal data from children through the Site. Our clinical and community programs that involve minors operate under separate child safeguarding policies and parental consent frameworks that are entirely distinct from this website.

If you believe a child under 16 has submitted personal information through this Site, please contact us immediately at healthfuture682@gmail.com and we will take prompt steps to delete that information.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify users via a notice on the Site homepage or by email.

We encourage you to review this policy annually or whenever you interact with the Site in a new way. Continued use of the Site after changes are posted constitutes your acceptance of the updated policy.

Previous versions of this policy are available upon request by contacting us at the address below.

For any questions, concerns, or requests relating to this Privacy Policy or to your personal data, please reach out to us through any of the following channels: