This Privacy Notice applies to Achisomoch Aid Company Ltd (AAC), who we also refer to throughout as “we”, “us” or “our.”. Achisomoch is a Data Controller for the purposes of all relevant Data Privacy and Data Protection legislation.
Our contact details for data protection purposes are as follows:
Telephone Number (+44) 0208 731 8988
Email address data@achisomoch.org
Address Enterprise House, 2 The Crest, London, NW4 2HN
Please contact us or our Data Protection Officer, Matti Fruhman by post, email or telephone if you have any questions about this Privacy Notice or any information we hold about you.
We regularly review this Privacy Notice and will place any updates on our website. This Privacy Notice was last updated in September 2024 and will next be reviewed in August 2025.
Purpose of this Privacy Notice
This Privacy Notice outlines what to expect when Achisomoch processes your personal information due to your visit to this website. It applies to information about general visitors to this website, such as fundraisers, donors, or other AAC service users. It tells you the purposes for which we may process your personal information and the legal basis for these processing activities.
If you are a user of the Achisomoch Client Login then you are subject to the general Terms of Business of Achisomoch and the purpose of this Privacy Notice is extended to cover the use of that Client Login. As such, we may collect more and different types of personal data in order to fulfil our Service to you.
Why do we collect and store personal information?
This website stores the basic information necessary to allow your chosen web browser to display and run the site as intended. This may include your IP address, device type, screen size, and other technical session information used to display the website on your device. We also collect information that you voluntarily submit to us, such as when you send an enquiry or sign up for a mailing list.
Legal basis for processing
We rely on different legal bases for processing personal data, depending on the circumstances and purposes of processing:
No sensitive category data is processed through this website unless you are a user of the Client Login; in which case we may also collect personal details such as your passport photo in order to validate your identity.
Information we may hold and how we use it
How we manage your personal information
We process your personal information in accordance with the principles of the UK Data Protection Act 2018. We ensure that information is:
Access to personal information is restricted to authorised individuals on a need-to-know basis. You are encouraged to inform us of any required changes to ensure your data is kept accurate and up-to-date.
Periods for which we will store your personal information
We retain your data for the minimum statutory period necessary in accordance with data minimisation principles. Email and contact information you provide through this website will be retained for at least two years, or longer if you continue interacting with us unless you request its deletion via a Subject Access Request.
Sharing your personal information
Normally, only Achisomoch staff will access and process your personal information. However, we may share information with third parties under the following circumstances:
When sharing personal information, we comply with all aspects of the Data Protection Act and other relevant legislation, such as the Privacy in Electronic Communications Regulation (PECR). We also ensure that in the event of any cross-border data transfers these are only carried out where data adequacy agreements exist (e.g. the EU) and appropriate transfer mechanisms such as the Standard Contractual Clauses (the USA) are in place.
In the course of providing our Services, we may also receive personal data and send personal data to relevant third parties. The sources we may also collect Personal Information from include:
What Cookies and Analytics Does This Website Use?
We use a number of “session” Cookies to enable our Website to run properly, and Google Analytics to collect and aggregate information about visitors to our Website. This information includes pages visited and content searched.
Please note that you are able to delete your Cookies using your browser settings, or you can set your browser to delete cookies as soon as you close the page or shut down the browser. Even though this website only sends anonymised data to Google, you are still able to opt out of personalised Ads via your Google account settings. This website uses the following Cookies:
AEC
The AEC cookie is for security and user session management. It helps prevent malicious activities like cross-site request forgery (CSRF) and click fraud by ensuring that requests made during a session come from legitimate users.
C (from google.com):
This is an authentication cookie used by Google to store session-related information. It helps to maintain a consistent user session across different Google services.
APISID, SAPISID, SSID, SID, HSID:
These cookies store your preferences and information if and when you are logged into a Google account. They are used for security purposes and help to protect you from unauthorised access.
HSID and SID also help with your session management and protecting against unauthorised access by storing encrypted records of your Google account ID and the time of your login.
NID:
This is a Google cookie used to store preferences and also for advertising purposes. It stores your preferences and is also used for customising ads on Google services and across the web.
The long string contains encoded information about your preferences, which Google uses to show you personalised ads. Please note that you can use Chrome and other browsers, plugins, and also software like a VPN in order to prevent Google from tracking you across the Web.
OTZ:
This is a Google Analytics cookie that tracks anonymised website traffic information and aggregates site visitor data across the web. OTZ is used to aggregate data about website visitors for Google Analytics, particularly in relation to the traffic that originates from Google services, like Google Search or YouTube. The OTZ cookie tracks only non-personally identifiable information such as page view stats, bounce rates, and click events.
SIDCC and SIDTS:
SIDCC and SIDTS are security-related cookies that protect user data and ensure session integrity. They work with other cookies like SID to authenticate users and protect against malicious activities like phishing or data tampering.
Secure-1PAPISID, Secure-3PAPISID, Secure-1PSID, Secure-3PSID:
These cookies are security measures for Google’s authentication and account-related services. They help Google ensure that your session and interaction with their services are secure.
The prefix “Secure-” indicates that these cookies are required to be sent over a secure connection (HTTPS) and provide extra security.
Secure-ENID:
This cookie is used for encrypted ID management on Google services. It plays a role in personalising user experience and maintaining secure logins and preferences.
amp_aac71e:
This cookie is part of Google’s AMP (Accelerated Mobile Pages) system, which is used to speed up content loading on mobile devices. It helps in tracking user interactions on AMP pages.
cf_clearance:
This is a Cloudflare cookie used for bot management and security purposes. It verifies that visitors to our website are not bots and ensures that they pass security checks (e.g., CAPTCHA).
Your rights under the Data Protection Act 2018 (DPA)
You have several rights under UK GDPR legislation as well as the data protection laws outside of the UK if you are not UK-based.
Access to personal information (Subject Access Request – SAR)
You have the right to ask us what personal information we hold about you. SARs must be made in writing (we have a subject access form for this purpose), and you must include proof of identity. We acknowledge SARs within 72 hours and provide requested information within 30 days.
Rectification
If there are inaccuracies in the personal data we hold about you, you have the right to request corrections.
Erasure
You have the right to request the deletion of your data under certain conditions, such as if the data is no longer necessary for the purpose it was collected, or if you withdraw consent.
Restriction of processing
You have the right to request that we stop processing your personal data in certain circumstances, such as if you contest the accuracy of the information.
Objection to processing
You may object to the processing of your data if you believe it is not in your legitimate interest. We must stop using your data unless we can demonstrate a legitimate basis to continue processing.
Withdrawal of consent
You can withdraw your consent for processing at any time. If consent is the legal basis for processing, we must stop using your data. We may continue processing if another legal basis applies.
Right to data portability
You can request to move, copy, or transfer your personal data to another IT system. This applies only to data you have provided, based on your consent or for contractual purposes, and when processing is automated.
Further Information
For more information on how to request your personal information or to understand how we process your data, please contact us via the contact details at the top of this Privacy Notice.
The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the GDPR.
You have the right to complain to the ICO if you think we have breached the GDPR or other relevant laws. You can contact the ICO via:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113 | http://www.ico.org.uk/