From 25th May 2018 the processing of personal data will be governed by the General Data Protection Regulation (GDPR).
Africa on the Ball (AOTB) will comply with its obligations under GDPR by:
- using personal data lawfully and transparently
- collecting personal data only for specified, express and legitimate purposes
- ensuring the data we collect is adequate, relevant, limited, accurate and kept up to date
- keeping data for no longer than is necessary
- processing data in accordance with the subject’s rights
- ensuring appropriate security
Who are we?
Africa on the Ball (AOTB) is a registered Scottish Incorporated Charitable Organisation (SCIO – SC044499). Our registered address is 2 Allan Walk Court, Bridge of Allan, Stirling, FK94PG.
What is personal data?
Personal data means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as:
- a name
- an identification number
- location data
- online identifier
What is sensitive data?
Under GDPR sensitive data uses the term ‘special categories of personal data’ meaning personal data that reveals:
- racial or ethnic origin
- political opinions,
- religious or philosophical beliefs,
- trade union membership.
- genetic data,
- biometric data,
- data concerning health
- data concerning a person’s sex life or sexual orientation.
What is data processing?
Data processing includes:
What data do we hold?
We hold contact details (names, addresses and email address) for donors of our work and email addresses for people that receive our newsletters.
How do we collect this data?
We collect this data from the signup forms on our website (MailChimp) and our payment processors.
Where do we hold this data?
We hold this data securely in a file hosting service called Dropbox (cloud based) and via Mailchimp.
Which payment processors do we use?
We use GoCardless (www.gocardless.com) to process donations, Charity Checkout to process donations (www.charitycheckout.co.uk) and PayPal (www.paypal.com) for the processing of ad hoc online payments.
Which communication processors do we use?
What legitimate interest do we have in holding and processing your personal data?
We use your personal data to:
- inform you of news, surveys, events and to collect donations
Who do we share your personal data with?
We do not share your personal data with anyone.
Will your data be processed outside the UK or EU?
Your data will not be processed outside the UK or EU.
How long do we hold your personal data for?
We will hold your personal data for as long as you continue to be a subscriber/member/donor.
What are your rights under GDPR?
You have the following rights with respect to your personal data under GDPR:
- the right to be informed
- the right of access to a copy of the information comprised in your personal data
- the right to object to processing that is likely to cause or is causing damage or distress
- the right to prevent processing for direct marketing
- the right to object to decisions being taken by automated means
- the right to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to be forgotten
- the right to data portability
- the right to withdraw consent
What is our Data Breach Policy?
A data breach is a breach of security leading to:
- the accidental or unlawful destruction of
- alteration of
- unauthorised disclosure of or access to
personal data transmitted, stored or otherwise processed.
In the event of a security breach AOTB (data controller) will make a report to the Information Commissioner’s Office (ICO) without delay and at the latest, within 72 hours of becoming aware of it if it presents a risk to the rights and freedoms of the data subjects.
How do you contact us?
You can contact us by email at firstname.lastname@example.org
Or by writing to us at:
Africa on the Ball, 2 Allan Walk Court, Bridge of Allan, Stirling, FK94PG