Privacy Policy


Effective Date: November 08, 2025
Last Updated: November 08, 2025

Bloodlines Foundation (“Bloodlines,” “we,” “us,” or “our”), a registered non-profit organization in Nigeria dedicated to voluntary blood donation and community lifesaving initiatives, respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://www.bloodlinesfoundation.org (the “Website”), make a donation, register as a blood donor, or interact with our services in Nigeria.

We may update this Policy at any time. Changes will be posted here with a new “Last Updated” date. Your continued use of the Website after changes constitutes acceptance of the revised Policy.

1. Information We Collect

A. Information You Provide Directly

  • Personal Information: full name, email address, phone number, home address, blood group, genotype, date of birth, BVN (for verification), next-of-kin details, and any other information submitted via donor registration forms, donation records, volunteer sign-ups, or contact forms.
  • Health Information: blood type, screening results (HIV, Hepatitis B/C, syphilis, etc.), weight, hemoglobin level, and donation history (collected only with explicit consent during drives).
  • Payment Information: bank account details, card number (processed securely via Paystack, Flutterwave, or Interswitch — we never store full card data).
  • User Contributions: photos from donation drives, testimonials, or success stories you share.

B. Information Collected Automatically

  • Usage Data: IP address, browser type, device type, operating system, pages viewed, time spent, and referring URLs.
  • Cookies and Tracking Technologies: We use cookies and pixels for site functionality, analytics, and remarketing (see Section 7).

C. Information from Partners

  • Hospitals & Blood Banks: donation confirmation data from Lagos State Blood Transfusion Service (LSBTS) or partnered hospitals.
  • Payment Gateways: transaction IDs and status from Paystack/Flutterwave.
  • Analytics: aggregated data from Google Analytics and Meta Pixel.

2. How We Use Your Information

We use your data solely for our mission to save lives through voluntary blood donation:

  • Register and verify eligible donors (age 18–65, ≥50kg, etc.).
  • Schedule and remind you of donation drives via SMS/WhatsApp/email.
  • Match donors to urgent patient requests (emergency blood alerts).
  • Issue donor certificates and recognition badges.
  • Process donations and issue tax-relief receipts (where applicable via CAC-registered status).
  • Share anonymized statistics with LSBTS and NBTS for national reporting.
  • Improve campaigns and Website experience.
  • Prevent fraud (e.g., multiple donations within 56 days).

3. Legal Basis (Nigeria Data Protection Act 2023)

We process your data based on:

  • Consent: explicit opt-in during donor registration.
  • Legitimate Interest: sending lifesaving alerts to registered donors.
  • Legal Obligation: reporting notifiable data to LSBTS/NBTS.
  • Vital Interest: emergency release of blood group/location to hospitals.

4. How We Share Your Information

We never sell your data. We share only when strictly necessary:

  • Hospitals: blood group and phone number (with your prior consent) during emergencies.
  • LSBTS/NBTS: anonymized or mandatory donor data.
  • Service Providers: Paystack, Flutterwave, Twilio (SMS), Mailchimp, Google Cloud — all bound by NDPA-compliant Data Processing Agreements.
  • Law Enforcement: only when required by Nigerian law or court order.

5. Data Security

  • All data encrypted in transit (SSL/TLS) and at rest (AES-256).
  • Hosted on secure Nigerian/EU servers (compliant with NDPA).
  • Access limited to authorized staff via 2FA.
  • Regular penetration testing and LSBTS audits.

6. Data Retention

  • Donor records: 10 years (NBTS requirement).
  • Financial records: 7 years (CAC/FIRS).
  • Marketing subscribers: until you unsubscribe.
  • Deleted upon request (unless legally required to retain).

7. Your Rights Under NDPA 2023

You have the right to:

  • Access your data free of charge.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Restrict processing.
  • Object to direct marketing.
  • Withdraw consent anytime.
  • Lodge a complaint with NITDA.

Submit requests to privacy@bloodlinesfoundation.org
We’ll respond within 7 working days (faster than the 30-day legal requirement).

8. Cookies & Tracking

  • Essential: login sessions, form submissions.
  • Analytics: Google Analytics (anonymized IP).
  • Marketing: Meta Pixel for campaign reach.

Manage preferences via the Cookie Banner or contact us to opt out completely.

9. Children’s Privacy

We do not collect data from persons under 18 without parental consent. Donors must be 18+.

10. Third-Party Links

Links to LSBTS, Paystack, or WhatsApp groups are not covered by this Policy.

11. Data Transfers

Your data may be processed in Nigeria or EU (Google Ireland). All transfers comply with NDPA cross-border rules.

12. Contact Us & Data Protection Officer

Data Protection Officer:
Name: Ogunkoya Oluwamuyiwa
Email: admin@bloodlinesfoundation.org
Phone: +234 8179617254
Address: Lagos, Nigeria

Complaints: You may also contact
National Information Technology Development Agency (NITDA)
Email: dpr@nitda.gov.ng

13. Changes to This Policy

Material changes will be communicated via:

  • Pop-up banner on website
  • Email to registered donors
  • WhatsApp broadcast

Join Us Now!

Do you have the skills that can help us drive this vision to fulfilment?

Volunteer Now