Privacy Statement

Able Child Africa takes its responsibilities on the confidentiality of your personal information very seriously. We have worked hard to ensure that we are compliant with the General Data Protection Regulations (GDPR) in the way that we collect, use and store your data.

We are committed to our five data protection principles: transparency, security, quality, data minimisation and purpose limitation in everything we do.

We are making a commitment to collect and store the minimum data that we require in our day-to-day activities and improve our systems beyond the scope and size of our organisation to ensure that our data management is robust and efficient.

We are also making a pledge not to share your data with any third party without your permission, nor use your data in a way that you have not consented to.

Please read this notice with care. It describes simply and in detail how we will process your data. If after reading you have any questions or comments, then please contact us on and we will respond as soon as we can.

Your personal information is only used for the purpose for which we collect it:
  • Only information that we need is collected. (Fundraising communication will be limited to a maximum of 5 years if we do not hear from you during this time. Your personal information is only seen by those who need it to do their jobs.)
  • Your personal information is only seen by those who need it to do their jobs.
  • We will keep your information up to date. Inaccurate or misleading data will be corrected as soon as possible.
  • Personal information is retained only for as long as it is required for the purpose collected.
  • We will only disclose data when we have your consent, or where we are obliged to do so by law, or as expressly permitted under the General Data Protection Regulations (through contractual or legal obligation, vital interests; public task; or legitimate interests).
  • Your information will be protected from unauthorised or accidental disclosure and processed in an appropriate manner to maintain its integrity and confidentiality.
  • We will provide you with a copy of your personal information on request and comply with any requests to remove your data from our systems (please see below for information on access rights and requests).
  • These principles apply whether we hold your information on paper or in electronic form.
  • Name
  • Contact details (including telephone number, email address and any social media identities that you provide to us or are publicly available)
  • We do not typically ask for your personal address so we do not store this unless you have given it to us with consent (i.e. to allow us to claim gift aid or send you a gala prize)
  • Employer and Job Title (if applicable)
  • How we came to hear from you
  • Any other personal information that you provide to us with consent.
  • We will also keep notes on any conversations we have that support our ability to manage our relationship with you better. Beyond this we may also collect special categories of personal data (only if we are permitted to do so by data protection law, and we have additional measures in place to protect this data). This includes the following:

    If you are a partner:
  • We hold your application information with us.
  • If you are a funding partner, we hold the financial information you provide with consent.

    If you are a beneficiary of our work:
  • We may hold anonymised gender, nationality, date of birth, ethnicity and disability status that you have provided with consent, as well as pictures or video of you if you have provided informed consent.

  • If you donate to us:
  • We hold your application information with us (historic donations) and information as to whether you are a taxpayer to enable us to claim Gift Aid.
  • If you leave a legacy, any information regarding next of kin with which you may have provided us to administer this is also kept on record.

  • If you attend one of our events:
  • Information relating to your health for health and safety purposes (such as accessibility needs and dietary requirements).
  • We keep an attendance record of people that have attended our events.
  • If you make a pledge or buy a prize at one of our fundraising events we will collect and store all the necessary information needed to fulfil either of these contracts.

  • If you signed up to our newsletter:
  • We only hold the basic information outlined above.

  • If you volunteer with us or apply for a job with us:
  • Information necessary for us to process these applications and assess your suitability. This may include things like employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have.

  • If you supply a service to us:
  • We hold the relevant payment information and organisational details.We also hold the historic record of any services provided.

  • If you visit our website:
  • We collect your IP address and geographical location. We also gather some general non-personal information about how you use our website (such as which pages you visit) through the use of Cookies. Read our Cookies Policy here. You don’t have to disclose any personal information to browse our sites. On every occasion that we require additional personal information about you, we will ask for it specifically and include a consent procedure or fair processing notice as appropriate, so you will always know what your data is used for.
  • We obtain personal information from you in the following ways. When you:
  • Send us an email or contact us online or in person
  • Sign up to our newsletter
  • Make a donation to us
  • Provide us a service (either voluntary or paid)
  • Apply for a role (voluntary or paid)
  • Visit our website
  • Otherwise provide us with personal information, consensually.

  • We never buy or sell personal data or seek it out unlawfully. We ensure that there are appropriate technical and organisational controls (including physical, electronic and managerial measures) in place to protect your personal details. For example, our staff are all trained in data protection, our offices are never freely open to the public, our HR files are secured and our network is protected and routinely monitored.
    We will only ever collect the information that we need and use it for the purpose that it was collected for. The information is either needed to fulfil your request or to enable us to provide you with the best possible service. What your data is processed for will depend on your engagement with us. We have identified the following:
    If you are a partner with us:
  • We hold your organisational data that you have given to us with consent, and that is required for effective management, delivery and control of grants.

  • If you are a beneficiary of our work:
  • We may hold anonymised demographic data to map our impact, both internally and with external donors and stakeholders.

  • If you donate to us:
  • We keep a record of your historic donations to ensure we maintain institutional knowledge.

  • If you attend one of our events:
  • We use your data to process any donations or payments you have made.
  • We also keep you on record to, with consent, invite you to future events.

  • If you signed up to our newsletter:
  • We use your contact information to send you our newsletter.

  • If you volunteer with us or apply for a job with us:
  • We keep a record of the recruitment process to ensure fair and legal protocols were carried out in the process.

  • If you supply a service to us:
  • Your data is used to make payments and to track historic supplier relationships.

  • If you visit our website:
  • We gather general non-personal information to see how you use our website, such as which pages users visit most often, and which are of most interest, via the use of cookies. Read our Cookies Policy here

  • We may also track which pages you visit when you click on links from Able Child Africa newsletters. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website.
  • All staff at Able Child Africa routinely process data as is relevant to their job role within the organisation. For example:
  • Our Fundraising and Communications Executive processes data relevant to our regular donors and event attendees.
  • Our Programmes Officers process data that is relevant to our partner organisations and institutional funders.
  • Your data is primarily stored securely on our internal CRM system (Salesforce) only accessible by internal staff. More sensitive information has restricted access. Due to the nature of communication and office working, some of your data will be on emails as well as in electronic documents stored securely in our network drives.
    Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation. They are as follows:
    Specific consent
    Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example: can we send you our monthly newsletter by email). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
    Legal obligation
    We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, or Information Commissioner, or to use the information we collect about you for due diligence or ethical screening purposes.
    Performance of a contract
    We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance a gala ticket) or are applying to work/volunteer with us.
    Vital interests
    We have a basis to use your personal information where it is necessary for us to protect life or health; for instance, if there were to be an emergency impacting individuals at one of our events which required us to contact people unexpectedly or share their information with emergency services.
    Legitimate interests
    We have a basis to use your personal information if it is reasonably necessary for us to do so and is in your “legitimate interest”. We only rely on legitimate interest where we consider that any potential impact on you and your rights under the data protection law is not caused by our interest to use your information in this way. We consider our legitimate interest to include:
  • Profiling of our supporters using personal information we already hold inviting them to one of our events or asking them to support one of our campaigns.
  • Use of personal information when we are monitoring the use of our website and click rates of our newsletter for the sake of digital development.
  • When we use sensitive personal information we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent, or another route available to us. For example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so.
    We will never sell your information to third parties. We only disclose your information to third parties in connection with the other purposes set out in this policy. These third parties may include:
  • Event venues: who need certain information such as names and dietary requirements to accommodate your needs at our events.
  • Regulatory bodies: such as the Disclosure and Barring services for the completion of a DBS check.
  • Automatic mailing services: such as MailChimp, which we use to design our monthly newsletter. Some of our suppliers run their operations outside the European Economic Area (EEA). This may include a country which may not be subject to the same data protection laws as companies based in the UK (such as MailChimp for example). In these circumstances, we will do our best to ensure they provide an adequate level of protection in accordance with UK data protection law, and appropriate safeguards are in place.
  • Your data will be stored according to our retention schedule and in line with UK and EU regulations. Different types of data have varying rates of retention. Read our retention schedule here.

    Organisations have a duty to maintain records carefully and comprehensively. This document helps to ensure that AbleChildAfrica follows the appropriate guidelines. We must hold on to certain documents temporarily to adhere to our policies, donor requirements, best practice, or to meet our legal requirements. Other documents must be kept forever, for legal reasons or to help preserve the organisation’s history. Under data protection laws, we are also required to make sure that we do not retain personal information for longer than is necessary. The Retention Schedule lists the legal minimum length of time that each type of document should be retained. There may be reasons to keep documents longer than the minimum required period, but in general unless there are operational reasons for keeping the document for longer than the legal minimum, they should be disposed of confidentially. These procedures apply to documents and records held digitally or in paper format.
    Under UK data protection law, you have rights over personal information that we hold about you. We’ve summarised these below:

    Right to access your personal information You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply. If you want to access your information, send a description of the information you want to see by email; or you can post it to our address: Unit 7, Viaduct Business Centre, 360a Coldharbour Lane, Brixton, London, SW9 8PL.

    Right to have your inaccurate personal information corrected You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies. This can be done via the methods outlined above.

    Right to restrict the use of your personal information You have a right to ask us to restrict the processing of some or all of your personal information in the following situations:
  • If some information we hold on you isn’t right
  • We are not lawfully allowed to use it
  • You need us to retain your information in order for you to establish, exercise or defend a legal claim; or
  • You believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.

  • Right to erasure of your personal information You may ask us to delete some or all of your personal information in certain cases; and subject to certain exceptions, you have the right for this to be done.

    Right for your personal information to be portable If we are processing your personal information based on your consent, or in order to enter into or carry out a contract with you; and the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.

    Right to object to the use of your personal information If we are processing your personal information based on our legitimate interests you have a right to object to our use of your information. If you want to exercise any of the above rights, please contact us on 020 7733 6006 or at and we will endeavour to reply to all enquiries within 30 days. For more details, we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO).
    To request a copy of your data email To raise a complaint please email or contact us at: Unit 7, Viaduct Business Centre, 360a Coldharbour Lane, Brixton, London, SW9 8PL.
    Skip to content