GDPR Compliance & Data Protection

Effective Date: March 1, 2026

Akoth Community Foundation (ACF) is committed to protecting the personal data of all individuals, particularly those from the European Union and other jurisdictions with strong data protection requirements.

1. Legal Basis for Data Processing

We process personal data under the following legal bases:

- Consent: You have given explicit consent for donor communications, newsletter subscriptions, and volunteer opportunities - Contractual Necessity: Processing required to execute donations and process payments - Legal Obligation: Compliance with Uganda tax and NGO registration requirements - Legitimate Interests: Operating our programs and understanding our community's needs

2. Your Rights Under GDPR

EU residents have the following rights:

Right of Access (Article 15): You can request a copy of your personal data held by ACF.

Right to Rectification (Article 16): You can request correction of inaccurate or incomplete data.

Right to Erasure (Article 17): You can request deletion of your data, subject to legal retention requirements.

Right to Restrict Processing (Article 18): You can request limitation of how your data is used.

Right to Data Portability (Article 20): You can request your data in a structured, commonly used format.

Right to Object (Article 21): You can object to processing of your personal data for marketing or profiling purposes.

Right to Withdraw Consent: You can withdraw consent for data processing at any time without affecting the lawfulness of prior processing.

3. Data Retention

We retain personal data for the following periods:

- Donors: 7 years (for tax and audit purposes) - Volunteers: 3 years after final engagement - Newsletter Subscribers: Until unsubscription - General Website Users: Until cookie consent is withdrawn

4. International Data Transfers

Since ACF is based in Uganda, your data may be transferred outside the EU. We ensure appropriate safeguards through:

- Standard Contractual Clauses with third parties - Explicit consent for transfers - Technical and organizational security measures

5. Data Processors

We use the following data processors:

- Payment Processor: For secure donation processing (PCI DSS compliant) - Email Service Provider: For newsletter distribution - Hosting Provider: For website and database storage

All processors have signed Data Processing Agreements (DPAs) committing to GDPR compliance.

6. Data Breach Notification

In the event of a personal data breach, we will:

- Notify affected individuals within 72 hours - Notify the relevant supervisory authority - Provide details of the breach, potential impact, and remedial measures

7. Data Protection Officer

ACF designates a Data Protection Officer (DPO) responsible for:

- Monitoring compliance with GDPR - Serving as a point of contact for data subjects and authorities - Conducting Data Protection Impact Assessments (DPIAs)

DPO Contact: dpo@akothcommunityfoundation.org

8. Exercising Your Rights

To exercise any GDPR right, submit a written request to:

Akoth Community Foundation Email: privacy@akothcommunityfoundation.org Phone: +256709910394 Mailing Address: Bugiri District, Uganda

We will respond within 30 days (extendable to 60 or 90 days for complex requests).

9. Complaints

If you believe ACF has violated your data protection rights, you may lodge a complaint with your national data protection authority. For EU residents, this is typically your country's Data Protection Commissioner or equivalent authority.

10. Changes to This Policy

ACF reserves the right to modify this GDPR Compliance Policy to reflect legal changes or organizational updates. Material changes will be communicated to affected individuals.