Privacy Policy

A legal disclaimer

Effective date: November 12 2025
Who we are: Yukayeke Yamaye Kokuio (“YYK”) is a tribal organization serving the Taíno Kokuio Clan in Hanover, Jamaica and the wider Taíno Diaspora.

1) Scope & Laws That May Apply

We primarily follow Jamaica’s Data Protection Act, 2020 (DPA). Where our activities involve residents of the European Union/UK or California, we also align our practices with the GDPR and CCPA (as amended by CPRA), to the extent applicable. [uwi.edu], [oic.gov.jm], [gdpr.eu], [gdprlocal.com], [oag.ca.gov]

2) What Personal Data We Collect

Identity & contact: name, email, phone, address (when you contact us, volunteer, donate, or register for programs).
Community participation: program preferences, event registrations, membership details.
Technical data: IP address, device/browser info, and cookies or similar technologies for analytics and site performance.
Media & heritage contributions: photos, stories, or materials you submit for cultural archives (processed with your consent and subject to our archival policies).
Under Jamaica’s DPA, personal data includes any information that can identify you; sensitive data (e.g., health, beliefs) receives special protection. [jis.gov.jm], [psoj.org]

3) How We Use Personal Data (Purposes & Legal Bases)

We process data to:

Provide services: manage programs, events, and membership.
Communicate: send notices, updates, and cultural education content (you can opt out).
Preserve heritage: maintain archives with appropriate consent and safeguards.
Improve our site: security, troubleshooting, and analytics.
We rely on consent, legitimate interests, contract, and legal obligations (where applicable). Jamaica’s DPA requires fairness, purpose limitation, data minimization, accuracy, storage limitation, security, and respect for data‑subject rights; GDPR mirrors these principles. [oic.gov.jm], [uwi.edu], [itgovernance.eu]

4) Cookies & Similar Technologies

We use essential cookies (site functionality) and optional analytics cookies (to understand usage). Where required, we provide a cookie banner and obtain consent before setting non‑essential cookies; you can withdraw consent at any time. For California residents, we honor opt‑out signals such as the Global Privacy Control (GPC) for “sale/share” scenarios related to cross‑site tracking. [urmconsulting.com], [silktide.com], [gtlaw.com]

5) Data Sharing

We may share data with:

Service providers (e.g., web hosting, email delivery, analytics) under contracts that require confidentiality and security.
Partners (e.g., museums, universities) only for stated purposes and with your consent when required.
We do not sell personal data. If we “share” data for targeted advertising to California residents, we will provide a Do Not Sell/Share link and honor opt‑out preferences. [oag.ca.gov]

6) International Transfers

If we transfer data outside Jamaica (e.g., to cloud services or partners abroad), we take steps to ensure appropriate safeguards consistent with Jamaica’s DPA and, where applicable, GDPR standards for cross‑border transfers. [uwi.edu]

7) How Long We Keep Data

We retain personal data only as long as necessary for our stated purposes (program delivery, legal obligations, and archival value where consented), then delete or anonymize it. This supports DPA/GDPR storage limitation principles. [oic.gov.jm], [itgovernance.eu]

8) Your Rights

Depending on where you live, you may have rights to:

Access your personal data we hold.
Rectify inaccuracies.
Erase (delete) data in certain cases.
Object or restrict processing (e.g., direct marketing).
Withdraw consent at any time (does not affect prior lawful processing).
Data portability (receive a copy in a usable format).
Under Jamaica’s DPA, citizens have rights to know whether their data is processed, the purposes, categories, and recipients; consent can be withdrawn at any time. GDPR provides similar rights (Articles 12–17). California residents have rights to know/access, delete, correct, and opt‑out of sale/share, including limiting sensitive personal information use. [jis.gov.jm], [uwi.edu], [gdpr.eu], [oag.ca.gov], [secureprivacy.ai]

How to exercise your rights: Email [insert address] or use [insert web form]. We will respond within the timelines required by law (e.g., 30 days under DPA/GDPR, subject to extensions). [psoj.org]

9) Children & Youth

We do not knowingly collect personal data from children without appropriate consent. Under updated CCPA regulations, data of consumers under 16 is treated as sensitive personal information and subject to stricter controls. [lw.com]

10) Security

We implement technical and organizational measures to protect personal data against unauthorized access, alteration, and loss (e.g., HTTPS, access controls, encryption at rest/in transit where feasible, staff training). This aligns with DPA/GDPR security standards. [oic.gov.jm], [itgovernance.eu]

11) Registration & Oversight (Jamaica)

The Office of the Information Commissioner (OIC) oversees Jamaica’s DPA. Where required, data controllers must register and comply with regulations and guidance. We monitor OIC guidance and will update this policy as regulations evolve. [jamaica-gleaner.com], [oic.gov.jm]

12) Cultural Archives & Community Records

As a cultural organization, we may preserve archival materials (stories, photographs, oral histories) that form part of Taíno heritage. We apply consent‑based collection, respectful handling, and access controls; sensitive data is restricted, and public release is assessed case‑by‑case. These practices reflect Jamaica’s DPA standards of fairness, purpose limitation, and rights of data subjects. [oic.gov.jm]

13) Updates to This Policy

We may revise this policy to reflect legal, technical, or operational changes. The “Effective date” will indicate the latest update. For material changes, we will provide a notice on our website. GDPR/DPA emphasize transparency and clear communication in privacy notices. [gdpr.eu], [gdpr.datasumi.com]