World Afro Day

Revised Privacy Policy (GDPR)

May 2020

With reference to the guidelines that have been issued by the Information Commissioner’s Office (https://ico.org.uk), World Afro Day CIC can confirm the following:

1) Levels of Awareness
As the key decision makers, the Company Directors for World Afro Day CIC are aware that the law has changed regarding privacy and GDPR. It is understood that the impact of these changes affects how it records, stores and processes any data that it captures as an organisation on an ongoing basis.

2) Information that is held
(The type of data World Afro Day CIC holds, where it came from and who it is shared with). The personal data that we hold include:

• The names and email addresses of everyone who has purchased a ticket or registered to attend a WAD event from 15th September 2017 onwards. This information was volunteered by individuals (either on behalf of themselves or for a group of people and/or children that they are affiliated with who either purchased a ticket (or submitted a registration to attend) before (and on) 15th September 2017 until the present time.
  
  This information is currently stored via another party – Eventbrite (www.eventbrite.com). This is information is not shared outside the remit of the Company Directors (unless permission is given). EventBrite has been used (and will continue to be used where appropriate) for all WAD branded events until further notice.
   
• The names, email addresses and contact numbers of key contributors and partners. This information was volunteered by each contributor/ partner and is currently recorded via secure email accounts (including personal worldafroday.com emails and gmail accounts of each Company Director, WAD’s central email address – [email protected], Dropbox and Google Docs, all of which are accessible via various passwords known only to the Company Directors and verified WAD volunteers).
   

3) Privacy Notice
(How your data is used) World Afro Day CIC is the Data Controller, i.e. the organisation that is control of processing any data that is requested/captured. The personal data that World Afro Day CIC capture from you will be used in relation to the following:

• Asking you to subscribe to WAD communications e.g. newsletter or branded publications such as “WADzine” (or a similar publication – TBC).
   
• Asking you to participate in the use of WAD educational services/events: branded lessons, assemblies etc. that can be used within any registered educational setting and at home.
   
• WAD competitions conducted with or without public votes and/or your details as a competition entrant or contestant. This also applies to any parents, carers or guardians who may be submitting information on behalf of a child aged under 18.
   
• The purchase of tickets for WAD branded events and WAD branded merchandise.
   
• Contact you directly about upcoming updates/ news (but only if you have specifically opted in to do so).
• Publicity and Promotion. Any personal request to be involved in the media and or the promotion of World Afro Day Activities, will require explicit permission from the individual. Any person under 18 will require specific permission from a parent or guardian.

4) Your individual rights
If you have submitted your personal data to World Afro Day CIC electronically via email and/or via a direct message using social media such as Facebook, Twitter, Instagram etc and you would like us to delete this information please:

• Email your request to delete or remove any personal data about you (such as your first name, surname, email address, contact number(s), social media handles etc) to [email protected]. Please clearly state “Request for personal data to be deleted” in the subject heading; your first and surname; what information you would like us to delete and the areas and/or platforms that your personal data should be deleted from.
   
• We will endeavour to delete this information within 40 calendar days of receiving your request.
   
• Please note that we do not have control of how third party partners process and/or hold your data, but we will endeavour to follow all available guidelines from the 3rd party platforms (such as www.eventbrite.com and www.squarespace.com).

5) Subject Access Requests
You have the right to ask World Afro Day CIC: Whether any of your personal data is being processed;

• For a description of the personal data we have about you, the reasons it is being processed, and whether it will be given to any other organisations or people.
   
• For a copy of the information comprising the data; and given details of the source of the data (where this is available).

Please note: We would normally provide direct information to you electronically by email.

If you would like us to confirm what personal data we hold about you (stored either via any password protected email accounts connected to World Afro Day CIC and/or via any 3rd party platforms that World Afro Day CIC use), then please:

• Email your request to ask about any personal data that we may have about you (such as your first name, surname, email address, contact number(s), social media handles etc) to [email protected].
   
• Please clearly state “Request to confirm what personal data you hold about me”; what information you would like us to confirm and the areas and/or platforms that your personal data is currently stored on.

We will endeavour to respond to your request for this information within 40 calendar days of receiving your request.
 

6) Lawful basis for processing personal data
According to Article 6 of the GDPR, World Afro Day CIC must apply at least 1 of the following areas whenever we process personal data. Therefore, World Afro Day CIC will endeavour to:

• ask you for your consent to process your personal data for a specific purpose such as subscribing to WAD communications e.g. newsletter or branded publications like WADzine or to receive free sources e.g. the Big Hair Assembly Resource Pack.
   
• request and/or use your personal data within the remit of drafting and/or finalising a contract/agreement for work to be delivered and or regarding a mutual partnership.
   
• request and/or use your personal data if it is necessary to comply with the law (e.g. bank details must be captured in order for the purchase/transaction of WAD branded merchandise to be complete whether manually or electronically/ online).
   
• request and/or use personal data if it is needed to protect someone’s life.
   
• request and/or use personal data to perform a task within the public interest or for official WAD branded events/ functions.
   
• request and/or use personal data which is necessary when legitimately using a third party to aid and/or provide a service or platform for WAD related activities.

7) Consent
World Afro Day CIC will endeavour to offer individuals choice and control regarding why we are allowed to contact you using your personal data. For e.g. we will always clearly display your options to subscribe and/or to opt-in or out of something (subject to relevance).

8) Children
To ensure that World Afro Day CIC can verify the ages of individuals that engage with us via WAD branded competitions, events etc, you will be asked to confirm your age and this information must be completed. If you are entering a WAD branded competition, purchasing a ticket(s) for a WAD branded event for persons under 18, parental and/or guardian consent will be requested which must be completed. You may also be asked to provide proof of identity for you and the person under 18.

9) Data Breaches (Articles 32 to 34 of GDPR)

• World Afro Day CIC understands that it must report personal data breaches to the Information Commissioner’s Office (ICO) as its relevant supervisory authority by doing this online at: https://ico.org.uk/for-organisations/report-a-breach/ . We will do this within 72 hours of becoming aware of the breach.
   
• If a data breach occurs where World Afro Day CIC are certain that the personal data of individuals is potentially at risk, we will inform individuals by email and/or direct messages via text and/or WAD branded social media.

10) Data Protection by Design and Data Protection Impact Assessments (PIAs)

• World Afro Day CIC will endeavour to maintain the protection of personal data to ensure that the privacy of individuals is implemented when using new electronic platforms, starting a new project, partnership and/or service.
   
• We will endeavour to refer to these codes of practice – ICO Codes of Practice.

11) Data Protection Officers
Until a specific individual is recruited, the Company Directors for World Afro Day CIC are currently the Data Protection Officers, who are responsible for the collection and the processing of personal data.

12) International
World Afro Day CIC has determined that the Information Commissioner’s Office (ICO) is its lead data protection supervisory authority.