top of page

Privacy Notice

We value your privacy

 

We are committed to ensuring your personal data is kept safe and secure. 

 

This notice outlines the purposes for collecting and storing your data, how we process your data, who we share it with (if applicable) and what rights you have to your information. We will never sell or trade your details. 

 

If you have any questions about the processing of your personal information or would like to exercise any of your rights at any time please email us at info@digdeep.org.uk

​

Who we are

 

“We” and “Us”  refers to Dig Deep (Africa) & Dig Deep Challenges.

 

Dig Deep (Africa) is a UK registered charity (No. 1148745) and a registered company limited by guarantee (No. 8034496) in both the UK and Kenya under Section 366 of the Companies Act. Dig Deep Challenges is a registered company limited by guarantee (No. 8591740) and is a wholly owned trading subsidiary of Dig Deep (Africa).

 

We are an international development charity securing clean water and sanitation for the one million people of Bomet County, Kenya - through planning, projects and partnerships. Dig Deep Challenges organises fundraising challenge event opportunities for the purposes of raising funds for the charity's mission.

 

How we process your information

To understand how we process your information, please refer to the relevant section below based on your relationship to us.

 

Section 1: Challenge Event Participant

Section 2: Donors and Supporters

Section 3: Beneficiaries

Section 4: Human Resources

Section 5: Website visitors

Section 6: General information

 

Changes to this Privacy Notice

 

We aim to keep this privacy notice regularly updated and is reviewed annually as standard. 

 

Last updated: October 2025

​

Section 1: Challenge Event Participant

 

How and when do we collect information from you?

We collect your personal data directly from you when you register your interest in one of our challenge events, complete an application form or register for one of our events. 

 

This information is collected from a number of different channels including forms on our website, social media channels, information sessions (online and in person), in person fairs and online registration portals for signing up to an event e.g. Enthuse or Eventbrite.

 

Once you have registered for one of our events we may also collect further information from you via health questionnaires, pre-departure logistics forms and direct communication to collect the information we need to support your participation in the event. 

 

What types of data is collected?

We may collect the following regular and special category data from you:

  • Name

  • Contact details (email, phone number)

  • Address

  • Demographics (sex, age, ethnicity)

  • Social Media Profiles (Instagram, LinkedIn)

  • Medical & Health (pre-existing medical conditions, allergies, dietary requirements)

  • Identification document (passport no., nationality, expiry date) 

  • Emergency contact

  • Communications (notes from fundraising support conversations, travel bookings)

  • Photos or videos of your fundraising activities or challenge event participation

 

What is the purpose of collecting this data?

This information is necessary in order for us to 

  • Ensure your safe and effective participation in the event

  • Most effectively support you in your fundraising efforts and activities

  • Communicate to you the impact of your fundraising to the charity’s beneficiaries

  • Monitoring and improving our future offering 

 

What is the lawful basis for processing this data?

Once you have registered your interest in one of our challenges we rely on legitimate interests to use your personal information to respond to you and ensure you have all the information you need to make an informed decision on whether to participate. 

Once you have registered for the event and we collect further information from you for the purposes of your safe and effective participation in the event, e.g. special category Medical and Health data, we rely on legitimate interests as well as vital interests to ensure your safety and wellbeing on the event.

We rely on legitimate interests to process photos of your fundraising activities or challenge event participation for the purposes of future marketing and promotion. We rely on consent for personal testimonials. You are free to opt out of this at any time to prevent us using any media of you in our marketing or promotion by contacting us on the details provided above.

 

Who can this data be shared with?

If you are participating in the event then your data will be shared with your local Tour Operator (e.g. Kilimanjaro climb suppliers) and applicable health professionals (e.g. Volunteer Expedition Medic(s)) for the purposes of the safe and effective delivery of your event. In these instances restricted user access control measures and/or passwords are taken with datafiles so your data is only shared with those who need access. 

We undertake Transfer Risk Assessments (TRAs) for our international transfers outside of the EEA and have data processor agreements with all parties to ensure your data is kept safe and secure.

 

How is this information stored and for how long?

Your information is stored securely in our CRM system with limited user access and multi-factor authentication measures applied so only those who are required to access your data can do so. 

We retain your personal data in line with our retention periods and how long we require your data. For example, we keep health and medical data specific to your safe participation in the event for 8 years after event completion to aid medical indemnity purposes. Your contact details are retained until you change your preferences so we can communicate the charity impact to you and keep you aware of future opportunities to support. Your preferences will be checked with you every 2 years as a minimum. 

If you’d like further information on our data retention periods please get in touch using the contact details above.

 

Section 2: Donors and Supporters

 

How and when do we collect information from you?

We collect information directly from you when you make a donation to support Dig Deep (Africa). This can be in the form of an online donation made through one of our online fundraising and donation platforms, e.g. Enthuse, JustGiving (you should check their Privacy Notices for information on how they will process your data and what they might share with us); through a posted cheque and accompanying letter or via a formal grant agreement. If applicable we may also ask you to complete a Gift Aid declaration form.

We may also collect your information if you enquire about volunteering with us or signing up to receive our newsletters.

 

What types of data is collected?

We may collect the following regular data from you:

  • Name

  • Address

  • Contact Details (email, phone number)

  • Donation History (donations made, gift aid declaration)

 

What is the purpose of collecting this data?

We collect this information for the purposes of:

  • Financial records and fulfilment of audits

  • Providing donation receipts

  • Communicate to you the impact of your support to the charity’s beneficiaries

  • Communicate to you upcoming opportunities or events to support the charity

 

So we can tailor our communications and fundraising efforts most effectively to you, we may use minimal donor profiling or segmentation to ensure our communications are relevant and appropriate to you. We do not use any automated decision-making for this. 

 

What is the lawful basis for processing this data?

Once you have made a donation we rely on legitimate interests to process and store your personal information and to contact you to communicate the impact of your donation or upcoming opportunities or events. You are free to change your contact preferences at any time.

 

We also rely on legal obligation in order to process and share your data, e.g sharing Gift Aid information with HMRC or during financial audits. 

 

Who can this data be shared with?

If you make a donation through one of our online fundraising platform partners, e.g. Enthuse or JustGiving, then your data will be processed by them for the purposes of accepting your donation. You should check their Privacy Notices for information on how they will process your data and what they might share with us.

 

We have a legal obligation to share Gift Aid information with HMRC.

 

How is this information stored and for how long?

Your information is stored securely in our CRM system with limited user access and multi-factor authentication measures applied so only those who are required to access your data can do so. 

We retain your personal data in line with our retention periods and how long we require your data. For example, we retain data for 7 years after the last donation was made for financial records and so we can communicate the charity impact to you. 

If you’d like further information on our data retention periods please get in touch using the contact details above.

 

Section 3: Beneficiary

 

How and when do we collect information from you?

We collect information directly from our beneficiaries during a variety of interactions including water/sanitation access surveys, household surveys, schools assessments, testimonial requests. The information is collected through the mWater platform and is stored securely on cloud servers managed by mWater.

 

What types of data is collected?

We may collect the following regular and special category data from you:

  • Name

  • Address/Location (household location, school name and location)

  • Contact information (email, phone number)

  • Demographics (gender, age)

  • Family Structure

  • Medical & Health

  • Behavioural (water access, sanitation access)

 

What is the purpose of collecting this data?

We use this data to:

  • Monitor WASH (Water, Sanitation, and Hygiene) access across Bomet County.

  • Support decision-making and implementation of the Bomet WASH Masterplan.

  • Track progress toward achieving universal access to clean water, safe sanitation, and hygiene.

  • Evaluate the impact of Dig Deep projects and improve service delivery.

 

What is the lawful basis for processing this data?

We rely on consent to process this personal data. Data subjects are informed about the purpose of data collection and provide consent before participation.

 

We also rely on public task as the data collected supports the planning and delivery of public health services alongside the County Government of Bomet. 

 

When processing special category data we rely on the Not-for-profit bodies condition of the UK GDPR Article 9 as a legitimate activity in connection with our purpose, with the data subjects consent and appropriate safeguards in place to retain data security.

 

Who can this data be shared with?

Data is shared with a limited number of authorized Dig Deep staff, trained community health volunteers and data enumerators and with approved partners of the WASH Hub where necessary and appropriate. Strict user access controls and permissions are applied to ensure only those authorised can access the data.

 

Some data is also shared publicly for the purposes of monitoring and planning.

Data that is shared publicly includes

  • infrastructure locations

  • public infrastructure functionality surveys

  • indicators which show aggregated data that can’t be traced to household level

Data that is not shared publicly but with approved WASH Hub partners where necessary and appropriate includes

  • GPS locations of beneficiaries

  • contact information on beneficiaries

  • medical information on household members

  • any financial information

We never share personally identifiable information without explicit consent unless required by law. 

 

How is this information stored and for how long?

This information is stored securely on mWater cloud servers managed by mWater and with restricted role-based user access and password-protection measures so only those who are required to access your data can do so. We also conduct regular audits and reviews of access logs.

We retain your personal data in line with our retention periods and how long we require your data for the purposes described. If you’d like further information on our data retention periods please get in touch using the contact details above.

 

Section 4: Human Resources

 

How and when do we collect information from you?

We collect information directly from you during both the recruitment period before you start your employment with us by way of you submitting an application and subsequently during the course of your employment. We may also collect information about you from third parties e.g. collecting references from a former employer

 

What types of data is collected?

We may collect the following regular and special category data from you:

  • Name

  • Contact details (email, phone number)

  • Address

  • Right to work (identification document, national insurance number, bank details)

  • Next of Kin

  • Employment history (CV, references)

  • Information relating to employment (job title, salary, contract, sickness record, performance appraisals, disciplinary record etc)

  • Medical & Health you have disclosed/is relevant to your employment (pre-existing medical conditions, allergies, dietary requirements, occupational health assessments)

  • Criminal record/Safeguarding checks

 

What is the purpose of collecting this data?

We collect this information for the purposes of:

  • Legal and operational administration of your employment

  • Contractual Obligations

 

What is the lawful basis for processing this data?

We have both a contractual obligation and legal obligation for the processing of your personal data for employees. We also rely on legitimate interests for the processing of information relating to employment e.g. performance appraisals. 

 

Special category data such as Medical and Health records and Criminal records is processed in line with the employment, social security and social protection law condition of the UK GDPR Article 9 and an appropriate policy document (APD) is regularly reviewed.

 

Who can this data be shared with?

We have a legal obligation to share financial information with HMRC. We may also share your personal data with other third parties who are involved in the administration of payroll, pensions, HR functions as is necessary for your employment.

 

How is this information stored and for how long?

Your information is stored securely on our shared drive in designated HR folders with limited user access and multi-factor authentication measures applied so only those who are required to access your data can do so. 

We retain your personal data in line with our retention periods and how long we require your data. For example, we retain data for all active employees and for up to 7 years following the end of employment. 

If you’d like further information on our data retention periods please get in touch using the contact details above.

 

Section 5: Website Visitors

 

How and when do we collect information from you?

We use cookies on our website to help us deliver a better website experience to you. 

 

What types of data is collected?

Depending on your engagement with the site, we may process the following types of data:

  • Analytical information about site usage from website cookies

 

If you engage with any of our website forms e.g. challenge registered interest, donation, sign up to newsletter etc, then we will collect the applicable information as referenced in Section 1 or Section 2.

 

What is the purpose of collecting this data?

We may use information from cookies to analyse our website performance and improve our website. We will use the information gathered from any website forms to process your requests.

 

What is the lawful basis for processing this data?

We rely on legitimate interests for both use of cookies and any information gathered from website forms. 

 

Who can this data be shared with?

To understand who the data collected from website forms is shared with please refer to the relevant information in Section 1 - Challenge Event Participant or Section 2 - Donors and Supporters based on your engagement. 

 

How is this information stored and for how long?

Your information is stored securely in our CRM system with limited user access and multi-factor authentication measures applied so only those who are required to access your data can do so. 

We retain your personal data in line with our retention periods and how long we require your data. For example, we retain data for 7 years after the last donation was made for financial records and so we can communicate the charity impact to you. 

If you’d like further information on our data retention periods please get in touch using the contact details above.

 

Section 6: General Information

 

What are your rights as a Data Subject?

As a Data Subject you have the following rights

  • To be informed about how we plan to use your data

  • To have your data rectified or amended if it is incorrect

  • To have your data erased (if no legal obligations) from our records

  • To object to us using your personal data

  • To access the personal data we hold about you

  • To restrict, change or stop the processing of your personal data

  • To say no to direct marketing

  • To withdraw your consent

  • To not be subject to automated decision making

  • To lodge a complaint about the handling of your personal data

 

Complaints Procedure

If you have concerns or are unhappy with how your personal data is being processed, please contact us via the contact details mentioned at the top of this notice so we can investigate and aim to resolve it for you.

 

You can also make a complaint to the Information Commissioner’s Office (ICO), which regulates the use of information in the UK. You can find details for this on the ICO website (www.ico.org.uk/make-a-complaint). 

​

Challenge Event Participant
Donors and Supporters
Beneficiaries
Human Resources
Website Visitors
General Information
bottom of page