Privacy Policy

OCIA is committed to protecting your personal data as we rely on the generosity and support of individuals like you to carry out our vital work to ensure that no child is forgotten. We work to ensure that any data we hold on our supporters and beneficiaries is securely protected and used appropriately.

References to “we”, “us” or “our” in this policy are to OCIA.

We collect information that helps us make informed decisions, fund-raise more efficiently and give you the best possible experience on our website and from our communications.

This privacy policy is written in accordance with relevant data protection legislation including the Data Protection Act 1998 & Privacy Act  2019, and Electronic Communications Regulations 2011 and the General Data Protection Regulation. OCIA is registered with the Information Commissioner as a Data Controller at the ministry of ICT and National Guidance.

This policy explains how OCIA collects, uses and stores your personal data. By using our website, or providing us with any personal data, you agree to your personal data being used and disclosed in the manner set out in this policy.

Who we are

OCIA is a registered charity in Uganda and a registered private company. The processing of your personal data is carried out by or on behalf of OCIA.

When do we collect your information?

We collect information:

  • When you give it to us directly. You may give us personal information when you donate, sign up for one of our events, register as a supporter, communicate with us, request a speaker, sign up for email newsletters and leave a comment on our social media accounts.We may get your personal information if you are supporting OCIA via a fundraising organisation or platform (e.g. Just Giving, Virgin Money Giving, CAF) and with your consent. Please check their privacy policies when you give them your information.

  • When you give it to us via social media. We may get information about you from your social media accounts (e.g. Facebook, Twitter). We can do this if you’ve set your account settings to give us permission. Please check your settings and their privacy policies for more details.

  • When you use our website. We use “cookies” to help us improve the performance of our OCIA websites and campaigns (see Cookies section below). If you enter your details onto one of our online donation forms, and you don’t complete the donation, we may contact you via email to see if we can help with any problems you may be experiencing.

  • From information in the public domain. We may supplement what we know about you with information that is available to the public. For example, in order to ensure that our communication with you is relevant and tailored to your background and interests, we may collect information about you from publicly-available sources either directly or through third-party subscription services or service providers. See ‘How we combine and analyse the information we collect about you’ section for more detail. We may also carry out research using publicly available information to identify individuals who have an affinity to our cause but with whom we are not already in touch.

  • We also collect aggregated or anonymised information such as statistics about most watched video on our YouTube channel, most popular posts on our social media channels, or emails we sent (e.g. open rate, click rate). We collect this information so we can see which stories are popular and which aren’t. This data is not used to identify you personally.


What information do we collect?

The information we collect from you directly or from third parties with whom we work may include:

  1. Name.

  2. Address.

  3. Email address.

  4. Phone number.

  5. Contact preferences.

  6. Your social media channels, blogs or websites if relevant.

  7. Bank account details for setting up a regular direct debit.

  8. Credit card details for processing payments (which are stored under Payment Card Industry Compliance regulations).

  9. Employer details for processing a payroll gift or in case of corporate partnerships.

  10. Taxpayer status for claiming Gift Aid.

  11. Gender, where appropriate (e.g. where registering for an event, such as a race).

  12. Information about your health, if it affects your ability to donate (e.g. if you’re hard of hearing we need to make sure we contact you in a way that suits you). This is with your consent only.

  13. What your interests are (e.g. specific country we work in) or your affiliations with other charities and community groups.

  14. Age bracket (if doing a supporter survey or if required to confirm you are over 18 to take part in an event).

  15. When donating on behalf of a group, school or club, further details about the organisation you belong to will be collected.

  16. If you are a minor, we may collect the name and contact details of a parent or guardian.


We do not usually collect ‘sensitive personal data’(e.g. race, political opinions or sexual preferences) about our supporters unless there is a clear reason for doing so, such as participation in a marathon or similar fundraising event or where we need this information to ensure that we provide appropriate facilities or support to enable you to participate in an event. For job applicants, see the section below.

As explained above, we may supplement what we know about you with information that is available to the public. This allows us to better understand your interests, preferences, and level of potential engagement and/or donation, so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications. The information we collect and process about you from publicly-available sources may include demographic information associated with your postcode or your address.

Where we have identified that you may have the capacity or affinity to support OCIA at a higher level, we may use the information we hold about you to identify connections between you and our existing circle of key supporters. We may review other information about you that is available to the public through internet searches, social networks, such as LinkedIn, subscription services, news archives or public databases (e.g. Companies House, electoral and property registers), such as information about corporate directorships, shareholdings, published biographic information, employment and earnings, philanthropic interests and networks, charitable giving history and motivations and relevant media coverage so that we can engage with you in a more personalized way.

How do we use your information?

We use your data in a number of ways, including:

  • To deal with your inquiries and requests.

  • To process and acknowledge your donations.

  • To keep a record of your engagement with us.

  • To send you marketing information about our projects, fundraising activities and appeals where we have your consent or are otherwise allowed to.

  • To fulfill contractual obligations entered into with supporters (e.g. online purchases).

  • To contact you about your support (e.g. regular giving).

  • To understand how we can improve our services and information.

  • To analyse our fundraising and marketing activities.

  • For administrative purposes, e.g. to contact you regarding an event you registered to or with a query regarding a donation you may have made to us.

  • To analyse the personal information we collect and use publicly available information to better understand your interests and level of potential donations so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications.

  • To contact you where you have been identified as the contact for an organisation, such as a school (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organization).

  • Where it is required or authorized by a regulator or law enforcement or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect OCIA, for example in cases of suspected fraud or defamation, or in order to comply with any other applicable legal obligation.


We won’t sell your details to any third parties or other charities.

How we use your data depends on why you’re providing it:

  • Donations: we use your information to process and keep a record of your donation. We also use it to claim Gift Aid if you’ve selected this option. We may also send you service communications via email or text, for example where you place an order on our website, or you have made a donation by text.

  • Direct marketing: We use direct marketing to let you know what OCIA is doing and how your support makes a difference. We may use it for fundraising appeals or to ask for other support. We will always respect your preferences and endeavor to send you information that you may find interesting, in the format you prefer.


We will send you direct marketing by post unless you indicate that you don’t want to hear from us this way. We send these communications on the basis of it being within our legitimate interests to do so or if you’ve consented to receive this. See the “Legal basis for processing data” section below for more information.

We may also send you direct marketing by email, SMS and phone if you’ve consented to hear from us this way.

The types of marketing that you can expect to receive from us include:

  • Our donors’ magazine twice a year

  • Email updates every 4-8 weeks

  • Fundraising appeals every couple of months

  • Event invites, whenever relevant

  • Exceptional fundraising campaigns (e.g. match funding campaign).

Our email direct marketing has ways to opt-out or update your preferences in the footer of each email. You can opt-out at any time.

If you don’t want to hear from us, see the “How to contact us” section.

  • Online forms and feedback: we will use your personal information to respond to your questions, requests or register you for events.

  • Surveys: We may, from time to time, use surveys to understand better our supporters and website visitors, helping us to create better content for you, send you more relevant communications or make our website easier to use. We may ask for your email address if you’re happy to be involved in future surveys. We will only use this to ask you to help us with these types of requests.

  • Social media: we may use publicly available information from your profile to target you with specific posts that may interest you. We will never ask for personal or sensitive information on social media. We may re-post or share your posts on social media if it relates to OCIA. We may respond to questions, queries or comments left on our social media channels, using information found on your profile to help us answer these. Check your social media accounts if you want to change the information you make public. Our websites use sharing buttons which share our web pages to social media platforms. Use these buttons at your own discretion. Social media platforms may track these shares through your accounts.

  • Events: we may need to follow up on event registrations for administrative and insurance purposes.


Who has access to your data?

Your information is only accessible by trained staff, volunteers and contractors. We regularly review who has access to your information and endeavor to keep the number of people with access to your data to the strict minimum.

We do comprehensive checks on any contractors before we work with them. We always put a contract in place that sets out how they manage the personal data they collect or have access to.

We use other companies to help us manage and store personal data and to carry out certain activities on our behalf.  Our main data processors are listed below, but we may enlist the services of others from time to time:

  • Advanced – our fundraising database provider

  • Mail Chimp – our email marketing platform

  • World Pay and PayPal – our credit card processing providers

  • Rapidata – our direct debit processing provider

  • Doshi Accountants Ltd – our payroll processor

  • NEST – our pension provider

We’ll only disclose your personal data to third parties, without your consent, when we have to by law, for example to authorized statutory agencies or authorities.

How we protect your personal information?

We take appropriate physical, technical and organisational measures and precautions in order to protect your personal data and to prevent the loss, misuse or alteration of your personal data.


For instance, we encrypt our online forms and we use industry SSL certificates and PCI compliance.

While we make sure to keep your data safe, no data transmission over the Internet is 100% secure. We do our best to protect personal information, but we cannot guarantee the security of any information you send us, so any transmission is at your own risk.

How long do we keep your information?

We keep your information for as long as it’s necessary, e.g. we keep your financial data for at least seven years to comply with HMRC rules.

If you use your credit or debit card to donate to us or buy something, we pass your card details securely to World Pay, our payment processing partner, and never store your card details on our website or databases.

If you request to receive no further contact from us, we’ll keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

Legacy income is vital to OCIA. We may keep data you provide to us indefinitely to carry out legacy administration, if you have pledged a legacy to us or to communicate effectively with the families of people leaving us legacies.

How will we combine and analyse the information we collect about you?

We are committed to communicating with you using an approach that is right for you. This means that we carefully manage the communications we send you to ensure that we are contacting you in the most appropriate way and that we are not sending you unwanted communications.

To do this, we may combine the information that we collect about you and analyse what we know about your interests, preferences and level of potential engagement or donation. We may also use statistical analysis to analyse this data and understand the likelihood that you will be interested in or responsive to a campaign or message.

Where we have identified that you have the capacity or affinity to support OCIA at a higher level, we may collect additional information about you (see ‘What information do we collect?’) and combine and analyse that information in a profile of you that will assist us in engaging with you in a more personalized way.

You can opt-out of your data being combined and analysed for marketing purposes by contacting our Supporter Care Team or our Data Protection Officer. However, this may mean that you stop receiving marketing communications from us more generally, as we will be unable to determine their relevance to you.

In accordance with our legal and regulatory obligations and our internal policies and procedures, we may also use personal information to carry out due diligence on potential or actual donors. If you opt-out of an analysis of your data for due diligence purposes, we may not be able to accept donations from you.

Our legal basis for processing personal data

Organisations need a lawful basis to collect and use personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that Ocia Organisation carries out. This includes information that is processed on the basis of:

  • A person’s consent (e.g. to send you emails or SMS).

  • A contractual obligation (e.g. if you purchased goods or event tickets from us).

  • Complying with a legal obligation (e.g. to process a Gift Aid declaration).

  • Our legitimate interests.

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned.

Our legitimate interests include:

  • Charity Governance, including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes;

  • Administration and operational management, including responding to solicited inquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements.

  • Fundraising and Campaigning, including administering campaigns and donations, and sending direct marketing and thank you letters by post.

If you’d like to change our use of your personal data in this manner, please get in touch with us.


Job and volunteer applicants and current and former employees

If you apply for a job or volunteering opportunity at OCIA, we will only use the information you give us to process your application and to monitor recruitment statistics. Our Diversity form collects sensitive data in an anonymised way, and only to measure diversity within our organisation. Individual diversity forms are destroyed once statistical information on all applicants has been established.

If we want to disclose information to someone outside OCIA – for example, if we need a reference, plan to use an external supplier to run background checks or need to get a ‘disclosure’ from the Disclosure and Barring Service (DBS) – we will make sure we tell you beforehand, unless we are required to disclose this information by law.

When recruiting for a post based outside of the European Economic Area, OCIA may need to transfer your personal information to that country to progress the recruitment. In such cases, personal data will be encrypted to ensure its safety.

If you are unsuccessful in your job application, we will hold your application for 6 months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information.

If you are employed by us, we will put together a file about your employment which will be kept secured in a password-protected drive and locked cupboard. Only information directly relating to your employment will be kept.

Once you stop working for us, we will keep this file for six years (or indefinitely for senior managers).


How to contact us or change/access your information

If you want to update the information we hold for you, or you think any information we have about you is incorrect or incomplete, or you want to change your contact preferences, please get in touch by:

  1. Emailing

  2. Calling us on +256772087266, or

  3. Writing to Supporter Care, OCIA INC, Haven House, Wakiso, Uganda




We cannot be held responsible for the privacy of data collected by websites not owned or managed by OCIA, including those linked through our website.

Emails terms of use

Emails aren’t always secure, and they may be intercepted or changed after they’ve been sent. OCIA doesn’t accept liability if this happens.

Please do not send OCIA any financial data through email.

The information in emails is confidential, so if you’ve received one by mistake, please delete it without copying, using, or telling anyone about its contents.