1. Introduction to GDPR
Under the EU General Data Protection Regulations (GDPR) African Health Policy Network is required to comply with applicable data protection legislation (which includes the GDPR, the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR) which shall be replaced by the ePrivacy Regulation).
African Health Policy Network will obtain, hold and process all personal data in accordance with the GDPR regulation.
2. What do we consider to be ‘personal data’?
Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
We process personal data for numerous purposes, and the means of collection, use, disclosure, and retention periods are set out in the relevant sections below.
3. Whose data do we access?
Our primary charitable activity is that of a membership organisation, with information stored primarily involving members who have ‘opted in’ to the African Health Policy Network communications. We also store email addresses of organisations who sign up to receive our newsletter. We collect data from civil society applicants which apply for funds.
Below is the data that we collect:
• Names of applicants (and potentially staff)
• Contact details (including addresses, emails, phone numbers)
• Organisational turnover
• Information about beneficiaries – communities that the organisation seeks to serve
• Information about previous funding
4. Website data
5. Storing personal data
Here are the places where African Health Policy Network stores its data:
• Database – contact details of members and organisations that African Health Policy Network has close links with are stored securely on Salesforce.
• Newsletters – we store email addresses of organisations which have opted into our communications on Mailchimp.
• Websites – applicant details from funds are stored by our software supplier, Wix.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies we use, and the reasons for them are listed below:
Google Analytics - Google sets these performance cookies, which these cookies are used to collect information about how visitors use our site. Google stores the information collected on servers in the United States. Google has stated that they will not associate your IP address with any other data held by them.
Your Choices and Preferences We sometimes use ‘pop up’ messages (like the one that tells you about the cookies on this site) to make sure our visitors are aware of important information. If you choose to acknowledge the message, the pop up will no longer appear when you visit the site.
7. Who has access to my personal data?
On a day-to-day member and newsletter information is only accessible to African Health Policy Network staff.
Fund applicant data can be viewed by all participating funding organisations in pooled/aligned funding pots. This is made clear to applicants when they apply for funds.
The only third-party organisation that might otherwise access our data is our software supplier’s Salesforce and Wix. We may share basic information on the attendees at an event, but attendees always retain the right to ‘opt-out’ of this.
8. Legitimate Interest
We believe that African Health Policy Network has, what is termed, a legitimate interest in staying in contact with its members and grant recipients to keep them updated on our progress and activities. We will, therefore, continue to do this. If, however at any time, you would like us to stop contacting you, we will immediately respect your request.
We will not retain your information for longer than is necessary. Members will be kept on our database indefinitely unless they ‘opt out’ of African Health Policy Network membership.
9. Individuals’ Rights
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
• Individuals may request access to their personal data held by us as a data controller.
• Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
• Individuals may request that we erase their personal data
• Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
• Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
• Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
We hope that you will not ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will investigate and respond to any complaints we receive.