Africa Advocacy Foundation – Privacy Notice
This Notice was last updated on 21 July 2022.
Africa Advocacy Foundation (UK registered charity number 1164778), is committed to protecting your privacy and keeping your information safe. Our programming is designed to respect any personal information you share with us, or that we receive from other organisations, and to keep it secure.
This Privacy Notice (“Notice“) sets out our data processing practices and your rights regarding the ways in which your personal information is stored and used.
For the purposes of this Notice, we are acting as the data controller as defined by the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679.
1. We collect personal information about you:
a. When you give it to us directly
For example, personal information that you submit through our website by signing up for our email newsletter or filling in a form to register for an event or any of our programmes, or personal information that you give to us when you communicate with us by email, phone, text message or letter.
b. When we obtain it indirectly
For example, your personal information may be shared with us by third parties including, for example, our business partners; sub-contractors in technical, payment and delivery services; advertising networks; analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
d. When you visit our website
When you visit our website, we automatically collect anonymised data on user activities and interactions. We use Google Analytics to compile anonymised data about site traffic and site interactions in order to offer better experiences, tools and programmes in the future. These cookies are considered “Performance Cookies” as defined by the International Chamber of Commerce’s Cookie Guide. For additional information, please see our Cookie Notice.
In general, we may combine your personal information from these different sources for the purposes set out in this Notice.
2. What personal information do we use?
We may collect, store and otherwise process the following kinds of personal information:
a. your name and contact details (including emergency contacts), including postal address, telephone number, email address and, where applicable, social media identity.
b. your date of birth and gender.
c. your financial information, such as bank details and/ or credit/ debit card details, account holder name, sort code and account number.
d. information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and geographical location.
e. biography and photographs.
f. details of your qualifications/ experience.
g. immigration/ emigration information.
h. information about our services which you use/ which we consider may be of interest to you; and/ or
i. any other personal information which you choose to share with us as per clause 1.
Do we process special categories of data?
The EU General Data Protection Regulation (“GDPR“) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity, and political opinions.
In certain situations, AAF may collect and/or use these special categories of data (for example, to provide our services to you if you are a beneficiary since we need to know your health information). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so.
3. How and why will we use your personal information?
Your personal information, however provided to us, will be used for the purposes specified in this Notice. We may use your personal information:
a. to provide you with services, products or information you have requested.
b. to provide services to our beneficiaries.
c. to provide further information about our work, services, activities or products (where necessary, and only where you have provided your consent to receive such information);
d. to answer your questions/ requests and communicate with you in general.
e. to manage relationships with our supporters and beneficiaries.
f. to further our charitable aims in general, including for fundraising activities.
g. to analyse and improve our work, services, activities, products or information (including our website), or for our internal records.
h. to report on the impact and effectiveness of our work.
i. to run/ administer our website, keep them secure and ensure that content is presented in the most effective manner for you and for your device.
j. to register, administer and personalise online accounts.
k. to register and administer your participation in events.
l. to process your application for a job or volunteer role with us when you apply through our Join Us page.
m. to administer your employment/ other working relationship with us (for example, to pay your salary);
n. to provide references or letters of support, for example to lawyers and employers.
o. for training and/ or quality control.
p. to audit and/ or administer our accounts.
q. to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);
r. for the prevention of fraud or misuse of services; and/or
s. for the establishment, defence and/ or enforcement of legal claims.
4. Lawful bases
The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:
Where you have provided your consent for us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you newsletters by email, and we may ask for your explicit consent to collect special categories of your personal information for our resource directory).
Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to work for/ volunteer with us).
Where it is in your/ someone else’s vital interests (for example, in case of medical emergency suffered by a beneficiary).
Where there is a legitimate interest in us doing so.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In broad terms, our “legitimate interests” means the interests of running AAF as a charitable entity and pursuing our aims and ideals; for example, providing information about current humanitarian crises, processing donations, administering events and taking applications for volunteers.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
5. Communications for marketing/ fundraising
We may use your contact details to provide you with information about our work, events, services and/ or programmes which we consider may be of interest to you (for example, about services you previously used, or updates about campaigns and/or volunteering opportunities via our newsletter).
Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).
Where you have provided us with your consent previously but do not wish to be contacted by us about our projects and/or services in the future, please let us know by email at email@example.com. You can opt out of receiving emails from AAF at any time by clicking the “unsubscribe” link at the bottom of our emails.
When you use our secure online donation function you will be directed to a specialist payment services provider who will receive your financial information to process the transaction. We will provide your personal information to the payment services provider only to the extent necessary for the purpose of processing your donation.
7. Children’s personal information
When we process children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent/ guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care.
8. How long do we keep your personal information?
In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see Section 13 below), we will remove it from our records at the relevant time.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
9. Will we share your personal information?
We do not sell or rent your personal information to third parties for marketing purposes and we will not share your personal data with any other company or organisation without your explicit consent. Typically, data is only shared when conducting joint projects, such as projects run collaboratively with other organisations.
10. Security/ storage of and access to your personal information
AAF is committed to keeping your personal information safe and secure and we have appropriate security policies and organisational and technical measures in place to help protect your information.
Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorised access.
11. Your Rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time.
In accordance with the GDPR regulations, you also have the following rights and for all of these rights, we can be contacted using the details at the bottom of this Notice:
a. Right of access — you can make a Subject Access Request in order to request a copy of the personal information we hold for you.
b. Right of erasure — at your request we will delete your personal information from our records as far as we are required to do so.
c. Right of rectification — if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
d. Right to restrict processing — you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
e. Right to object — you have the right to object to processing of your personal data by contacting us. If we are unable to fulfil your requests, we will provide you with a written explanation.
f. Right to data portability — to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because it falls under contract obligations, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you — or another data controller – in a machine-readable format.
g. Rights related to automated decision-making – We do not run automated decision making or profiling.
h. Right to withdraw consent – For the processing of activities where we have asked you for consent, you have the right to withdraw this at any time by clicking the unsubscribe link in any newsletter we send or by contacting us.
You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. In the UK, the data protection authority is the Information Commissioner’s Office — www.ico.org.uk. For further information on how to exercise this right, please contact us using the details below.
12. Changes to this Notice
We may update this Notice from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update notice on our website.
13. Links and third parties
We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
14. How to contact us
Please let us know if you have any questions or concerns about this Notice or about the way in which AAF processes your personal information by contacting us at the following channels:
Telephone: +44 (0)208 698 4473
Post: Africa Advocacy Foundation, 76 Elmer Road, Catford, London SE6 2ER