Our website address is: http://drcef.org.uk.
The purpose of this notice is to give you a clear explanation of how DR Congo Education Foundation collects and uses the personal information you provide us with. At DRCEF, we take the security and privacy of your data seriously. We are committed to processing data in accordance with our responsibilities under the EU’s General Data Protection Regulation (GDPR), The Data Protection Act 2018 and other applicable laws.
This notice applies to all personal data processed by DR Congo Education Foundation. Our (figure out who will be responsible) shall take responsibility for the ongoing compliance with this policy, which shall be reviewed at least (figure out how often policy shall be reviewed – annually?).
Article 5 of the GDPR (Articles 35-40 of The Data Protection Act 2018) requires that personal data shall be:
In this privacy notice, we provide information about how we manage our data privacy and security obligations according to the above principles.
All data we process must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
Where consent is relied upon as a lawful basis for processing data, we keep evidence of opt-in consent together with your personal data. Where communications are sent to you based on your consent, you will always have the option to revoke your consent. Such option will be clearly available and systems should be in place to ensure such revocation is reflected accurately in our systems.
To ensure that personal data is kept for no longer than necessary, we have an archiving policy for each area in which personal data is processed and review this process annually. The archiving policy shall consider what data should/must be retained, for how long, and why.
DRCEF shall take reasonable steps to ensure that personal data is accurate. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
We ensure that personal data is stored securely using modern software and systems that are kept up-to-date. Access to your personal data is limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information. When personal data is deleted this is done safely such that the data is irrecoverable.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will promptly assess the risk to people’s rights and freedoms and inform promptly any relevant parties.
To the ICO within three days and in certain circumstances to the individuals who will be affected.
If you have any questions about how we collect or process your data, you can send us an email to .
If you are unhappy with how we collect or process your data, you can contact the Information Commissioner’s Office (which is responsible for upholding information rights in the UK) or the Fundraising Regulator (which is responsible for overseeing fundraising activities carried out by charities and similar organisations in the UK).