GDPR

GDPR: Privacy & Data Protection Policy (GDPR Compliant)

Effective Date: 2025.01.14
Last Updated: 2025.02.23

1. Introduction

Africans Arise is committed to protecting personal data in compliance with the General Data Protection Regulation (GDPR) (EU 2016/679) and Swedish data protection laws. This policy outlines how we collect, process, store, and protect personal data while ensuring transparency and accountability.

2. Scope & Applicability

This policy applies to all personal data collected from:

  • Employees, volunteers, donors, beneficiaries, and partners.
  • Website visitors and event participants.
  • Any individual engaging with Africans Arise programs or services.

3. Data Collection & Purpose

We collect personal data for the following purposes:

Type of Data

Purpose

Legal Basis

Name, Email, Phone

    Event registration, newsletters

  Consent

Address, ID details

  Membership verification

  Legitimate Interest

Payment details         

Donations, funding                             

Legal Obligation

Photos/Videos

Awareness campaigns

Explicit Consent

4. Data Storage & Security

  • Data is stored securely in encrypted databases and GDPR-compliant cloud services.
  • Access is restricted to authorized staff members only.
  • We implement multi-factor authentication (MFA), access control, and regular security audits.

5. Data Sharing & Third Parties

Africans Arise does not sell or trade personal data. Data may be shared with:

  • Funders & partners (only when necessary and with a Data Processing Agreement).
  • Legal authorities (if required by law).
  • Service providers (e.g., payment processors, cloud storage providers – all GDPR-compliant).

6. Data Retention & Deletion

  • General data: Retained for 5 years after last interaction.
  • Event registrations: Deleted after 1 year unless consent is renewed.
  • Financial records: Retained for 7 years (legal compliance).
  • Data deletion is performed securely and permanently upon request or expiration.

7. Your Rights Under GDPR

You have the right to:
 Access your data.
 Request corrections or updates.
 Withdraw consent at any time.
 Request deletion of your data.
 Object to processing or request data portability.

To exercise these rights, contact: info@africansarise.org

8. Data Breach Handling

  • In the event of a data breach, we will notify the Swedish Data Protection Authority (IMY) within 72 hours.
  • Affected individuals will be informed if the breach poses a high risk.
  • Our Incident Response Plan ensures immediate mitigation and prevention.

9. Policy Review & Compliance

  • This policy is reviewed annually to ensure GDPR compliance.
  • Staff members undergo regular GDPR training to uphold data protection standards.

10. Contact Information

Data Protection Contact:  info@africansarise.org
 Website: africansarise.org/gdpr