1. Who we are
The APSU '93 Portal (the Portal) is a private, members-only professional network operated by the APSU 1993 Year Group (we, us, our) for alumni of St. Augustine's College, Cape Coast, Ghana, Class of 1993.
We are the data controller for the personal data processed through the Portal. You can reach us at privacy@apsu93.org.
2. Personal data we collect
We collect the following categories of personal data:
- Identity data: first name, middle names, last name, date of birth.
- Contact data: email addresses, phone numbers, postal addresses.
- Professional data: current and past employers, job titles, professional headline, biography, current projects, availability for collaboration, skills, and interests.
- School data: house, entry and exit form year, graduating stream — as they were at St. Augustine's College.
- Media: profile photo, cover image, school-era photos (Form 1 and teenage), and gallery images you choose to upload.
- Authentication data: your Google account identifier and profile information (name, email address, profile picture) when you sign in with Google; your phone number when you use WhatsApp OTP authentication.
- Technical data: IP address, browser type, session identifiers, and activity timestamps generated during your use of the Portal.
3. How we collect it
- Directly from you when you complete or update your profile.
- Via Google OAuth when you choose "Continue with Google". We receive only your name, email address, and profile picture from Google — we do not access your contacts, calendar, or any other Google data.
- Via WhatsApp OTP when you choose "Continue with WhatsApp". Your phone number is used solely to deliver a one-time login code. We do not retain WhatsApp message content or delivery metadata beyond confirming a code was issued.
- From our alumni roster when an administrator seeds your Member profile using the association's existing records. You will be notified when your profile is created.
4. Why we process your data
We process your personal data for the following purposes and on the following legal bases:
- Providing the membership service — displaying your profile to other verified members, enabling directory search and discovery, and delivering authentication codes. Legal basis: performance of our membership agreement with you and legitimate interests of the alumni association in operating a professional network for its members.
- Verifying your identity — confirming you are an eligible alumnus before granting access. Legal basis: legitimate interests in maintaining the Portal as a private, verified-members-only community.
- Security and fraud prevention — rate-limiting, CAPTCHA verification, and session management. Legal basis: legitimate interests in protecting members and the Portal from abuse.
- Improving the Portal — analysing usage patterns to fix bugs and improve features. Legal basis: legitimate interests. We use only aggregate, anonymised data for this purpose.
5. Who we share your data with
- Other verified members — your profile is visible to other verified members of the Portal. Contact details (email addresses, phone numbers, postal addresses) are shown only if you have explicitly marked them as public in your privacy settings. School data, skills, and interests are visible to all verified members.
- Google LLC — processes your authentication data when you use "Continue with Google", under Google's own Privacy Policy.
- Meta Platforms Ireland Ltd — processes your phone number to deliver WhatsApp OTP messages, under Meta's own Privacy Policy.
- Google Cloud (hosting) — the Portal's infrastructure runs on Google Compute Engine. Data at rest and in transit is protected by Google Cloud's security controls.
- We do not sell, rent, or trade your personal data to any third party.
6. How long we keep your data
- Member profiles are retained for the life of the association unless you request deletion (see Section 7) or an administrator removes your record.
- One-time authentication codes are stored in encrypted form and automatically deleted within 5 minutes of issuance, whether or not they are used.
- Server access logs are retained for 90 days and then purged.
- Session data is deleted when you sign out, or after a period of inactivity.
7. Your rights
Depending on where you are located, you have the following rights regarding your personal data. Members in the United Kingdom have these rights under the UK GDPR. Members in Ghana have these rights under the Data Protection Act 2012.
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data. You can update most profile information directly within the Portal.
- Erasure — request deletion of your personal data. We will action this within 30 days. Note that data that forms part of the association's historical record (e.g. an anonymised attendance entry) may be retained in aggregate form.
- Restriction — request that we restrict processing of your data in certain circumstances.
- Objection — object to processing based on legitimate interests.
- Portability — request your data in a structured, machine-readable format.
To exercise any of these rights, email privacy@apsu93.org. We will respond within 30 days. We may need to verify your identity before processing your request.
UK members who are unsatisfied with our response may lodge a complaint with the Information Commissioner's Office (ICO). Ghanaian members may contact the Data Protection Commission.
8. Cookies
The Portal uses a single session cookie to keep you signed in. This cookie is strictly necessary for the Portal to function and does not require your consent. We do not use advertising, analytics, or tracking cookies.
9. Data security
We implement appropriate technical and organisational measures to protect your personal data, including TLS encryption in transit, encrypted storage for authentication credentials, and access controls that limit who can view your contact information. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at privacy@apsu93.org.
10. Changes to this policy
We will notify members of any material changes to this policy via an announcement on the Portal dashboard at least 14 days before the change takes effect. The current version of this policy is always available at apsu93.org/privacy.
11. Contact
For any questions about this Privacy Policy or how we handle your personal data, please contact:
APSU 1993 Year Group
Email: privacy@apsu93.org