Who we are
Our website address is: http://africanactivities.org.uk.
Privacy Policy
African Activities CIC – Privacy Policy
Last updated: August 2025
We’re African Activities CIC, a UK community interest company (company number 11416278) based at Unit 17, Netley Marsh Workshops, Ringwood Road, Woodlands, Southampton, Hampshire SO40 7GY.
This policy explains how we collect, use, and protect personal information. We aim to be open, respectful, and compliant with UK GDPR and the Data Protection Act 2018.
Who to contact
If you have any questions or would like to exercise your data rights, please email
info@africanactivities.org.uk
and our Data Protection Lead, Lotte Bakoji-Hume, will respond.
What information we collect
We collect information that helps us deliver our activities and keep in touch. This may include:
-
Names, work email addresses and phone numbers of teachers and school staff
-
Information from quote requests, bookings, and feedback forms
-
Names and contact details for workshop participants, volunteers and artists
-
HR and right-to-work records for staff and freelancers
-
Photographs and short video clips taken during workshops or events (with permission)
-
Technical information such as cookies, IP addresses and website analytics (via Google Analytics, HubSpot and Mailchimp)
How we use your information
We use personal data to:
-
Deliver and manage workshops, training, and events
-
Keep in touch with schools, groups and organisations who have worked with us or requested information
-
Send occasional updates or offers (you can unsubscribe at any time)
-
Pay artists, volunteers and staff and meet our legal obligations
-
Share photos and videos of our work (only with permission)
-
Improve our website and communications
We do not sell or trade your information.
Lawful bases for processing
We rely on the following lawful bases under UK GDPR:
-
Contract – to provide and manage bookings, invoices, or employment agreements
-
Consent – for photography and filming, and for optional mailing lists
-
Legitimate interests – to contact schools and educators who have previously shown interest in our workshops.
We have completed a Legitimate Interests Assessment to ensure this is fair and proportionate.
Sharing and storage
We only share data when necessary to deliver our services.
Third-party processors we use include HubSpot (customer management), Mailchimp (mailings), Google Analytics (website analytics), and standard UK payroll and accounting providers.
Some of these companies are based in the USA. Data transferred there is protected by the UK Extension to the EU-US Data Privacy Framework, which provides an approved safeguard.
How long we keep information
We keep information while an active relationship exists or until you opt out.
We review all records every three years to ensure they remain relevant.
Photos and videos are normally kept for up to two years, unless we have ongoing consent to use them for publicity.
Employment, volunteer and financial records are retained as required by law.
Your rights
You have the right to:
-
Access the personal information we hold about you
-
Ask us to correct or delete it
-
Withdraw consent for photos, videos or marketing
-
Object to processing based on legitimate interests
-
Ask for data portability or restriction
To make a request, email info@africanactivities.org.uk.
We will respond within one month.
Cookies and analytics
Our website uses cookies for essential functions and anonymous analytics via Google Analytics and HubSpot.
When you first visit, you can choose to accept or reject non-essential cookies.
Data security and breaches
We store information securely and limit access to authorised staff only.
If a personal data breach occurs that risks your rights or freedoms, we will report it to the Information Commissioner’s Office within 72 hours and notify affected individuals as required.
Updates
We review this policy regularly and will post any updates here.
If there are major changes, we will notify you directly when possible.
2. Data Retention Schedule (internal summary)
| Data type | Purpose | Lawful basis | Typical retention | Notes |
|---|---|---|---|---|
| School & teacher contact details | Manage relationships, marketing | Legitimate interests / contract | Active relationship + 3-year review | Delete on request |
| Workshop participants (adults) | Delivery & safety | Contract / consent | 3 years | Shorter if requested |
| Children’s photos/videos | Publicity, documentation | Consent from responsible adult | 2 years or until withdrawn | Stored securely; deleted on request |
| HR & freelance artist records | Employment & legal compliance | Contract / legal obligation | 6 years after leaving | Payroll, DBS, right-to-work |
| Volunteer records | Management & safeguarding | Legitimate interests / consent | 6 years after leaving | |
| Financial records | Accounting & tax | Legal obligation | 7 years | |
| Website analytics & cookies | Site performance | Legitimate interests / consent | Up to 2 years | Automatically removed |
| Enquiries & mailing lists | Communication | Legitimate interests / consent | Active relationship + 3-year review | Unsubscribe anytime |
Surprised to have Heard From us?
We do contact people based on a Legitimate Interests Assessment. You can request this via email at info@africanactivities.org.uk
If you do no wish to hear from us please just click unsubscribe – this button or link will be found on all emails sent under our LIA.