Privacy policy.
How Coffee Afrik handles personal information. We collect the minimum needed to do our work, and we keep it safe.
Who we are
Coffee Afrik CIC is a Community Interest Company registered in England and Wales. Our registered address is Charterhouse Club, London. The data controller for the purposes of UK GDPR is Coffee Afrik CIC.
What information we collect
We only collect information we genuinely need. That includes:
- Information you give us when you fill in our contact or referral forms, name, email, the message itself.
- Information from referrals, service required, borough, any supporting context.
- Anonymous analytics about how the website is used (pages visited, country, device type). We do not use third-party tracking pixels.
How we use information
We use the information you give us only for the purpose you provided it:
- To respond to your message or referral.
- To match you with the right hub or service.
- To follow up after an event you attended, if you opted in.
We never sell, rent, or share your data with third parties for marketing. The only times we share information with another organisation are when (1) you have given us consent, (2) we are legally required to (e.g. safeguarding), or (3) we are working with an NHS or local authority partner on a referral, with your consent.
How long we keep information
Contact form messages are kept for 12 months. Referral records are kept for 7 years, in line with social care record-keeping requirements. You can request earlier deletion at any time.
Your rights
Under UK GDPR you have the right to:
- Access the personal information we hold about you.
- Correct anything that's wrong.
- Ask us to delete information (subject to legal obligations).
- Object to how we're using your information.
- Complain to the Information Commissioner's Office (ICO).
To exercise any of these rights, email info@coffeeafrique.co.uk.
Security
Form submissions are transmitted over HTTPS and stored on Formspree's UK/EU servers. Internal records are stored in encrypted systems with access limited to staff who need it. We review our security practices annually.
Children and young people
Many of our services support children and young people. For under-13s, we require a parent or guardian's involvement before sharing personal data with us. For under-18s in safeguarding contexts, we follow statutory guidance.
Cookies
This site uses no third-party tracking cookies. We may use a single first-party cookie to remember your preferences (e.g. a reduced-motion choice). That cookie is not shared.
Changes to this policy
We will update this page if anything material changes. The date at the bottom shows when it was last revised.
LAST UPDATED · May 2026