Privacy Policy

1. Introduction

Kenyans in South Wales ("we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

This policy applies to all information collected through our website, platform, and any related services (collectively, the "Services").

2. Information We Collect

2.1 Information You Provide

We collect personal information that you voluntarily provide when you:

• Register for membership
• Register for events
• Make payments
• Contact us

This information includes:

• Contact Information: First name, last name, email address, phone number
• Account Credentials: Password (securely hashed)
• Membership Information: UK arrival date, how you heard about us
• Emergency Contact: Next of kin name, phone number, and email address
• Payment Information: Processed securely through Stripe (we do not store card details)

2.2 Automatically Collected Information

• Usage Data: IP address, browser type, device information
• Cookies: Session cookies for authentication and functionality

2.3 Consent and Compliance Data

To comply with UK GDPR and demonstrate accountability, we maintain a detailed audit trail of all consent decisions, including:

• Consent Records: Which privacy preferences you selected and when
• Audit Information: IP address and browser information at the time of consent
• Source Tracking: Which page you were on when giving consent, referrer information
• Version History: Document versions you agreed to
• Timestamps: When you gave or withdrew consent

This data is kept for compliance purposes and to honor your data protection rights, such as proving consent was given or processing withdrawal requests.

3. How We Use Your Information

We process your personal information for the following purposes:

• Membership Management: To create and manage your membership account
• Service Delivery: To provide access to events, resources, and community features
• Payment Processing: To process membership fees and event registrations
• Emergency Situations: To contact your next of kin in case of emergency during events
• Required Communications: To send essential updates about your account status, event confirmations, payment receipts, and membership-related notifications (sent to all members)
• Optional Communications: If you opt in to receive "updates", we will send newsletters, event announcements, and community news. You can unsubscribe from these at any time using the link in our emails
• Consent Management: To track and honor your privacy preferences, including marketing opt-ins and unsubscribe requests
• Security: To protect against fraud and unauthorized access
• Legal Compliance: To comply with legal obligations and demonstrate GDPR accountability

4. Legal Basis for Processing

We process your personal data based on:

• Consent: You have given clear consent for processing (e.g., membership registration)
• Contract: Processing is necessary to fulfill our membership agreement with you
• Legitimate Interests: For emergency contact purposes and fraud prevention, balanced against your rights
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: Trusted third parties who assist in operating our platform (Supabase for database hosting, Stripe for payment processing)
• Legal Requirements: When required by law or to protect our legal rights
• Emergency Contacts: Your next of kin information will only be used in genuine emergencies

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Secure password hashing
• Access controls and authentication
• Regular security assessments

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to:

• Active Members: Duration of your membership and for 12 months after termination
• Pending Accounts: 90 days if registration is not completed
• Financial Records: 6 years in compliance with UK tax regulations
• Consent Records: Permanently retained for GDPR accountability. We maintain a complete audit trail of all consent decisions (including when you subscribed, unsubscribed, or changed preferences) to demonstrate compliance and honor your data protection rights
• Deleted Accounts: 30 days in backup systems, then permanently removed

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise these rights, please contact us using the details in Section 12.

9. Cookies

We use essential cookies to provide our Services. These include:

• Authentication Cookies: To keep you logged in securely
• Session Management: To maintain your session across pages

These cookies are strictly necessary for the platform to function and do not require consent under PECR regulations. You can manage cookies through your browser settings, but disabling them may affect functionality.

10. International Data Transfers

Your information may be transferred to and stored on servers located outside the United Kingdom. We ensure that appropriate safeguards are in place through:

• Standard Contractual Clauses with our service providers
• Adequacy decisions by the UK government
• Other lawful transfer mechanisms under UK GDPR

11. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Kenyans in South Wales

Email: kenyansinsouthwales@gmail.com

13. Complaints

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113

Website: ico.org.uk

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our Services after such changes constitutes acceptance of the updated policy.