100px

CBA FOR AFRICA STARTS IN

D
H
M
S

Privacy Policy

Last Updated: 27th October, 2025

INTRODUCTION

This Privacy Policy explains what information we collect, why we collect it, and how you can update, manage, export, and delete your information. Our aim is not just to comply with privacy law, it’s to earn your trust.

This Privacy Policy (“Policy”) describes how the Africa Music and Entertainment Development Initiative (AMEDI), operating under the Creative Talent Foundation (CTF), an incorporated foundation in Nigeria, collects, uses, shares, and protects personal data of participants, visitors, and partners (“you”) who access or use our website, learning management systems, or other digital services (collectively, the “Services”).

AMEDI operates as part of CTF’s mission to empower Africa’s creative industries through structured learning, professional development, and access to opportunities. Our Services include the Talent Pipeline Engine, which comprises the following stages:

  1. The Questionnaire – What Do You Know About The Music Business (Awareness)
  2. The Bootcamps (Foundation)
  3. The Creative Business Academy for Africa Programme (Intensive Development)
  4. The Master’s Programme (Leadership)
  5. The Network (Ecosystem)

 

We are committed to compliance with applicable privacy and data protection laws, including the Nigeria Data Protection Act (NDPA 2023) and, where applicable, the General Data Protection Regulation (GDPR). Our aim is not just to comply with privacy law, it’s to earn your trust.

INFORMATION WE COLLECT 

We collect personal information from you in several ways. This includes information you provide to us, data we collect automatically, through forms, interactions with our Services, automated technologies, and third-party platforms we integrate with.

 

Information you provide to us

We may collect information that you voluntarily share with us, including:

  • Contact information: such as your name, email address, phone number, and country of residence when you sign up for newsletters, register for programmes, complete surveys, or contact us.
  • Account Information: such as username, password, and login credentials if you create an account on our learning management system (LMS) or related platforms. 
  • Profile and Application Data: information submitted through forms, such as your professional background, skills, interests, questionnaire responses, and application materials for any AMEDI stage.
  • Correspondence: any messages, inquiries, or feedback you send to us via email, website forms, or social media.
  • Search Queries and Engagement: where our Services include search functions or discussion forums, we may collect the queries you enter and your engagement (e.g., pages viewed, lessons completed, links clicked, and quizzes attempted).
  • Payment Information: While CTF does not directly collect or store your payment details, we use secure third-party payment processors (such as Paystack) for registration fees, donations, and sponsorships. These third parties process your financial information in accordance with their own privacy policies and security standards.

 

Information We Collect Automatically

When you use our Services, we may automatically collect certain technical and usage data, such as:

  • Device identifiers, browser type, and operating system.
  • IP address and general location data.
  • Date and time of your interactions with our Services.
  • Clickstream data, referring websites, and time spent on pages.
  • Progress metrics from our LMS (e.g., quiz completion, modules accessed, performance data).

We use this information to improve user experience, monitor system performance, and enhance our content delivery.

 

Information We Receive from Third Parties

We may receive information about you from third-party platforms we integrate with, such as:

  • Learning Management Systems (LMS): used to host courses, quizzes, and assignments.
  • Email and Marketing Platforms: such as Mailchimp and Brevo, which help us manage newsletters, communications, and event updates.
  • Analytics and Social Media Tools: which provide aggregated data on engagement and performance metrics.

We ensure all third-party partners process your data in compliance with applicable privacy regulations and data protection standards.

HOW WE USE THE INFORMATION WE COLLECT

Under data protection laws such as the Nigeria Data Protection Act (NDPA) 2023 and the General Data Protection Regulation (GDPR), we must have a lawful basis for processing personal information. AMEDI relies on one or more of the following legal bases: consent, performance of a contract, compliance with legal obligations, protection of vital interests, and legitimate business interests.

We use the information we collect to provide, maintain, and improve our programmes and digital experiences. Specifically, we use your information to:


Provide and Manage Our Services

We use your information to deliver our Services across the AMEDI ecosystem, including the Questionnaire, Bootcamps, CBAA Programme, Master’s Programme, and Alumni Network. This includes:

  • Creating and managing your account on our learning management system (LMS).
  • Facilitating your participation in training sessions, workshops, or quizzes.
  • Processing applications, registrations, and payments (through third-party processors like Paystack).
  • Maintaining participant records and progress tracking.
  • Issuing certificates, communications, or access to alumni opportunities.
  • Enabling communication with mentors, facilitators, and peers through integrated platforms.


Communicate with You

We use your information to communicate with you about your account, participation, or programme updates. This includes:

  • Sending administrative emails, notifications, or reminders about course progress, assignments, or schedules.
  • Contacting you for verification, authentication, or password recovery.
  • Informing you about policy changes or important updates to our programmes or systems.
  • Sending newsletters, surveys, and promotional materials (where permitted by law).
  • You may opt out of non-essential marketing communications at any time.


Provide Customer Support and Resolve Issues

We use your information to respond to your inquiries, troubleshoot technical issues, and provide general assistance regarding your participation, application status, or use of our Services.


Improve and Personalise Our Services

We continually seek to enhance user experience and learning outcomes. We therefore use the collected information to:

  • Analyse engagement patterns, quiz performance, and participation metrics.
  • Improve course design, teaching methods, and digital tools.
  • Personalise your learning experience by recommending relevant courses, events, or opportunities.
  • Develop insights and reports on the performance of our programmes and ecosystem.


Maintain a Safe and Compliant Environment

We use your information to ensure that our platforms and community remain safe, positive, and compliant with our internal policies and applicable laws. This may include:

  • Monitoring for misuse, fraud, or suspicious activity.
  • Enforcing our Terms of Service, Community Guidelines, or code of conduct.
  • Investigating complaints or incidents reported by users or third parties.
  • Protecting the rights, property, and safety of participants, staff, and the public.
  • Taking necessary action in cases of misconduct or violations.


Comply with Legal Obligations

We may retain and process your information where necessary to comply with applicable laws, regulations, or court orders, including for audit, tax, or regulatory reporting purposes.

We may also use your information to establish, exercise, or defend legal claims, and to respond to lawful requests from government or regulatory authorities.


Rely on Consent Where Applicable

Where required by law, we process personal data only after obtaining your explicit consent, such as when you subscribe to marketing updates, participate in voluntary surveys, or agree to promotional use of testimonials.
You may withdraw your consent at any time without affecting the lawfulness of prior processing.


Protect Vital Interests

In rare and exceptional cases, we may process or share personal data to protect an individual’s vital interests — for example, to respond to an urgent medical situation during one of our programmes.


Pursue Legitimate Business Interests

We process data where it is necessary for the legitimate interests of AMEDI and CTF, such as to:

  • Ensure the security and integrity of our systems.
  • Evaluate and report on programme performance, outreach, and community impact
  • Plan strategic initiatives, funding opportunities, and partnerships.
  • Manage relationships with donors, sponsors, and alumni
  • Promote our Services responsibly, both online and offline.

Where we rely on this basis, we take care to balance our legitimate interests against your rights and freedoms.

 

HOW IS THE INFORMATION STORED AND PROTECTED

AMEDI, under the Creative Talent Foundation (CTF), takes the security and integrity of your personal information seriously. We implement a combination of administrative, technical, and organisational measures designed to safeguard your data against unauthorised access, alteration, disclosure, or destruction.


Data Storage and Retention

We store personal information using secure, cloud-based systems managed by trusted service providers that comply with applicable data protection laws. These may include learning management systems, communication platforms (such as Mailchimp and Brevo), and payment processors (such as Paystack).

We retain your information only for as long as necessary to fulfil the purposes for which it was collected, including providing our Services, complying with legal obligations, resolving disputes, enforcing agreements, and maintaining accurate program and alumni records.

Where we no longer need your data, it will be securely deleted, anonymised, or archived in accordance with our data retention policies and regulatory requirements.


Security Measures

We take several steps to help protect your personal information:

  • Access Controls: Access to personal data is restricted to authorized personnel and contractors who require it to perform their official duties. These individuals are bound by confidentiality obligations and undergo training on data protection and information security.
  • System Safeguards: Our third-party providers employ industry-standard firewalls, intrusion detection systems, and monitoring tools to prevent unauthorized access.
  • Regular Reviews: We periodically review our security practices and perform audits to ensure our systems remain robust and compliant with current standards.


Data Handling and Third-Party Security

When we engage third-party processors, we ensure they maintain appropriate data protection and security measures consistent with the NDPA, GDPR, and other applicable laws. Each provider processes data strictly in accordance with our written instructions and for legitimate purposes connected to our Services.

Your Role in Protecting Your Information

While we take extensive measures to secure your data, no system or method of online transmission can be guaranteed to be 100% secure. We therefore encourage you to:

  • Use strong, unique passwords for your accounts.
  • Avoid sharing login credentials.
  • Log out of shared devices after accessing your account.
  • Contact us immediately if you suspect unauthorized access or misuse of your information.


Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the appropriate regulatory authorities in accordance with applicable data protection laws.

 

HOW WE DISCLOSE YOUR INFORMATION

We value your trust and only share your personal information in limited circumstances and for legitimate purposes. We never sell your personal data. Any disclosure of personal information is made in accordance with applicable data protection laws and with appropriate safeguards in place.


When You Authorise Us To Do So

We may share your information or make certain content available to others when you intentionally provide consent or take actions that require such disclosure. For example:

  • When you register for an AMEDI programme or interact on our learning management platform, your name and profile details may be visible to facilitators, mentors, or fellow participants for collaboration and community engagement.
  • When you connect or interact with third-party platforms (e.g., through embedded content, forms, or tools such as Mailchimp, Brevo, or Google Workspace), we may share relevant data necessary to enable those integrations.
  • When you submit testimonials, participate in interviews, or contribute creative works as part of our programmes, you may authorise us to use that content publicly (for example, on our website, reports, or social media) for promotional or educational purposes.
  • We may also share information as otherwise instructed by you or with your explicit consent.


With Our Service Providers and Partners

We engage third-party vendors and service providers who perform specific functions on our behalf, such as:

  • Payment Processors (e.g., Paystack) to process registration fees, sponsorship payments, and donations.
  • Cloud and Hosting Providers that store or process our data securely.
  • Learning Management System (LMS) Providers that deliver our training content, track progress, and host quizzes.
  • Communication and Marketing Platforms (e.g., Mailchimp, Brevo) used to send programme updates, newsletters, and engagement campaigns.
  • Analytics and Measurement Partners who help us understand user engagement and measure the performance of our services and outreach campaigns.
  • These providers are only given access to the information necessary to perform their contractual duties and are bound by confidentiality and data protection obligations consistent with this Policy.


Within the CTF Group and Related Entities

As AMEDI operates under the Creative Talent Foundation (CTF), we may share data internally between AMEDI and CTF-related entities to support programme delivery, reporting, joint initiatives, or operational efficiency. All such sharing is conducted under strict access and confidentiality controls.


To Comply with Legal Obligations

We may disclose personal information if we believe in good faith that such disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes.
  • Respond to lawful requests from public authorities, law enforcement, or government bodies.
  • Fulfil regulatory or audit obligations, including donor reporting requirements.

Where permitted and feasible, we will make reasonable efforts to notify you before disclosing your information in response to such requests.


To Protect Rights, Safety, and Prevent Harm

We may disclose information if we believe in good faith that it is necessary to:

  • Prevent or respond to potential threats to life, health, or safety.
  • Detect, prevent, or address fraud, abuse, or illegal activities.
  • Enforce our Terms of Service, Code of Conduct, or other policies.
  • Protect the rights, property, or safety of AMEDI, CTF, our participants, partners, or the general public.


In the Event of Organisational Changes

In the event of a reorganisation, merger, acquisition, or transfer of assets involving AMEDI or CTF, your personal information may be transferred as part of that process. We will ensure that any successor entity continues to process your data in accordance with this Policy.


Aggregated or De-Identified Information

We may share or publish aggregated or anonymised data that cannot reasonably identify you. For instance, we may share statistics or insights to demonstrate programme reach, participant outcomes, or impact metrics with sponsors, donors, or the public.

 

USE OF COOKIES, LOG FILES AND TRACKING

We use cookies and similar technologies to improve your experience when you visit our websites or use our services. These tools help us remember your preferences, such as your login details, notification settings, and language, and allow us to provide a smoother and more personalized experience.

 

Cookies are small data files stored on your device that can be read during future visits. We may expand how we use cookies as new features are added to our platforms. In addition to cookies, we may use web beacons or single-pixel GIFs to collect information such as email open rates or system activity logs.

 

We may also use trusted third-party analytics tools, such as Google Analytics, to understand how visitors engage with our website and services. These tools may use cookies to collect information like your IP address, browser type, and pages visited. You can manage or disable cookies through your browser settings. 

 

As with most websites, we automatically collect and store certain technical information in log files. This may include your IP address, browser type, internet service provider (ISP), referring or exit pages, files viewed, operating system, date and time stamps, and clickstream data.

 

We use this information to analyze trends, manage and improve our website performance, understand how users interact with our platforms, and generate demographic insights to better serve our creative community.

USER RIGHTS/ HOW A USER CAN OPT OUT OF DATA COLLECTION/USAGE

Users have rights over their personal data, including the right to access, correct, delete, or withdraw consent for its collection and use, in line with the NDPA and GDPR.

  • Sharing with third parties for marketing: We may share limited information with third parties for their direct marketing purposes. To opt out, please contact info@creativetalentfoundation.org OR cbaforafrica@ciif.africa.
  • Email marketing: To stop receiving newsletters or marketing communications from CTF or AMEDI, use the “unsubscribe” link provided in the message or send an email to info@creativetalentfoundation.org OR cbaforafrica@ciif.africa with the necessary details to process your request.
  • Direct mail: To stop receiving physical mail from us, send an email to info@creativetalentfoundation.org OR cbaforafrica@ciif.africa with “DIRECT MAIL OPT OUT” as the subject.
  • Service-related announcements: Occasionally, we may send important service-related emails (e.g., maintenance or updates). These are not marketing communications and do not require a response.

INTERNATIONAL DATA TRANSFERS

We are based in Nigeria, and we process and store information on servers located in Nigeria. We may also store information on servers and equipment in other countries, depending on a variety of factors, including the locations of our users and service providers. These data transfers allow us to provide our services to you. By accessing or using our services or otherwise providing information to us, you understand that your information will be processed, transferred and stored in Nigeria and other countries, where different data protection standards may apply and/or you may not have the same rights as you do under local law.

NOTIFICATION OF POLICY CHANGES

CTF may update this Privacy Policy from time to time. Updates will be communicated through our website, email, or other appropriate channels. Continued use of our services after such updates means you accept the revised Policy. You may opt out of marketing communications at any time by contacting us.

CONTACT INFORMATION

For questions or concerns about this Policy or our data practices, please contact info@creativetalentfoundation.org, attention: Legal and Business Affairs Officer.