Approach to privacy

Your personal information is only used for the purpose for which we collect it:

Only information that we need is collected. (Fundraising communication will be limited to a maximum of 5 years if we do not hear from you during this time. Your personal information is only seen by those who need it to do their jobs.)

Your personal information is only seen by those who need it to do their jobs.

We will keep your information up to date. Inaccurate or misleading data will be corrected as soon as possible.

Personal information is retained only for as long as it is required for the purpose collected.

We will only disclose data when we have your consent, or where we are obliged to do so by law, or as expressly permitted under the General Data Protection Regulations (through contractual or legal obligation, vital interests; public task; or legitimate interests).

Your information will be protected from unauthorised or accidental disclosure and processed in an appropriate manner to maintain its integrity and confidentiality.

We will provide you with a copy of your personal information on request and comply with any requests to remove your data from our systems (please see below for information on access rights and requests).

These principles apply whether we hold your information on paper or in electronic form.

We obtain personal information from you in the following ways. When you:

Send us an email or contact us online or in person

Sign up to our newsletter

Make a donation to us

Provide us a service (either voluntary or paid)

Apply for a role (voluntary or paid)

Visit our website

Otherwise provide us with personal information, consensually.

We never buy or sell personal data or seek it out unlawfully. We ensure that there are appropriate technical and organisational controls (including physical, electronic and managerial measures) in place to protect your personal details. For example, our staff are all trained in data protection, our offices are never freely open to the public, our HR files are secured and our network is protected and routinely monitored.

We will only ever collect the information that we need and use it for the purpose that it was collected for. The information is either needed to fulfil your request or to enable us to provide you with the best possible service. What your data is processed for will depend on your engagement with us. We have identified the following:
If you are a partner with us:

We hold your organisational data that you have given to us with consent, and that is required for effective management, delivery and control of grants.

If you are a beneficiary of our work:

We may hold anonymised demographic data to map our impact, both internally and with external donors and stakeholders.

If you donate to us:

We keep a record of your historic donations to ensure we maintain institutional knowledge.

If you attend one of our events:

We use your data to process any donations or payments you have made.

We also keep you on record to, with consent, invite you to future events.

If you signed up to our newsletter:

We use your contact information to send you our newsletter.

If you volunteer with us or apply for a job with us:

We keep a record of the recruitment process to ensure fair and legal protocols were carried out in the process.

If you supply a service to us:

Your data is used to make payments and to track historic supplier relationships.

If you visit our website:

We gather general non-personal information to see how you use our website, such as which pages users visit most often, and which are of most interest, via the use of cookies. Read our Cookies Policy here

We may also track which pages you visit when you click on links from Able Child Africa newsletters. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website.

All staff at Able Child Africa routinely process data as is relevant to their job role within the organisation. For example:

Our Fundraising and Communications Executive processes data relevant to our regular donors and event attendees.

Our Programmes Officers process data that is relevant to our partner organisations and institutional funders.

Your data is primarily stored securely on our internal CRM system (Salesforce) only accessible by internal staff. More sensitive information has restricted access. Due to the nature of communication and office working, some of your data will be on emails as well as in electronic documents stored securely in our network drives.

Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation. They are as follows:
Specific consent
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example: can we send you our monthly newsletter by email). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
Legal obligation
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, or Information Commissioner, or to use the information we collect about you for due diligence or ethical screening purposes.
Performance of a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance a gala ticket) or are applying to work/volunteer with us.
Vital interests
We have a basis to use your personal information where it is necessary for us to protect life or health; for instance, if there were to be an emergency impacting individuals at one of our events which required us to contact people unexpectedly or share their information with emergency services.
Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us to do so and is in your “legitimate interest”. We only rely on legitimate interest where we consider that any potential impact on you and your rights under the data protection law is not caused by our interest to use your information in this way. We consider our legitimate interest to include:

Profiling of our supporters using personal information we already hold inviting them to one of our events or asking them to support one of our campaigns.

Use of personal information when we are monitoring the use of our website and click rates of our newsletter for the sake of digital development.

When we use sensitive personal information we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent, or another route available to us. For example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so.

We will never sell your information to third parties. We only disclose your information to third parties in connection with the other purposes set out in this policy. These third parties may include:

Event venues: who need certain information such as names and dietary requirements to accommodate your needs at our events.

Regulatory bodies: such as the Disclosure and Barring services for the completion of a DBS check.

Automatic mailing services: such as MailChimp, which we use to design our monthly newsletter. Some of our suppliers run their operations outside the European Economic Area (EEA). This may include a country which may not be subject to the same data protection laws as companies based in the UK (such as MailChimp for example). In these circumstances, we will do our best to ensure they provide an adequate level of protection in accordance with UK data protection law, and appropriate safeguards are in place.

Your data will be stored according to our retention schedule and in line with UK and EU regulations. Different types of data have varying rates of retention. Read our retention schedule here.

Organisations have a duty to maintain records carefully and comprehensively. This document helps to ensure that AbleChildAfrica follows the appropriate guidelines. We must hold on to certain documents temporarily to adhere to our policies, donor requirements, best practice, or to meet our legal requirements. Other documents must be kept forever, for legal reasons or to help preserve the organisation’s history. Under data protection laws, we are also required to make sure that we do not retain personal information for longer than is necessary. The Retention Schedule lists the legal minimum length of time that each type of document should be retained. There may be reasons to keep documents longer than the minimum required period, but in general unless there are operational reasons for keeping the document for longer than the legal minimum, they should be disposed of confidentially. These procedures apply to documents and records held digitally or in paper format.

Under UK data protection law, you have rights over personal information that we hold about you. We’ve summarised these below:

Right to access your personal information You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply. If you want to access your information, send a description of the information you want to see by email info@ablechildafrica.org.uk; or you can post it to our address: Unit 7, Viaduct Business Centre, 360a Coldharbour Lane, Brixton, London, SW9 8PL.

Right to have your inaccurate personal information corrected You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies. This can be done via the methods outlined above.

Right to restrict the use of your personal information You have a right to ask us to restrict the processing of some or all of your personal information in the following situations:

If some information we hold on you isn’t right

We are not lawfully allowed to use it

You need us to retain your information in order for you to establish, exercise or defend a legal claim; or

You believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.

Right to erasure of your personal information You may ask us to delete some or all of your personal information in certain cases; and subject to certain exceptions, you have the right for this to be done.

Right for your personal information to be portable If we are processing your personal information based on your consent, or in order to enter into or carry out a contract with you; and the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.

Right to object to the use of your personal information If we are processing your personal information based on our legitimate interests you have a right to object to our use of your information. If you want to exercise any of the above rights, please contact us on 020 7733 6006 or at info@ablechildafrica.org.uk and we will endeavour to reply to all enquiries within 30 days. For more details, we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO).

To request a copy of your data email info@ablechildafrica.org.uk. To raise a complaint please email complaints@ablechildafrica.org.uk or contact us at: Unit 7, Viaduct Business Centre, 360a Coldharbour Lane, Brixton, London, SW9 8PL.