AfriConnect Exchange
HomeMarketplace

Public document

Privacy Policy

How AfriConnect Exchange collects, uses, stores, and protects personal data across the website, marketplace, claims, orders, and account services.

Prepared byAfriConnect Exchange (a product of Africonnect Exchange CIC)
Last updated6 November 2025

1. Who we are

AfriConnect Exchange is a product of Africonnect Exchange CIC, a Community Interest Company registered in Scotland. For the purposes of UK data protection law, Africonnect Exchange CIC is the data controller for the personal data described in this notice unless we tell you otherwise in a specific product flow.

This notice applies when you visit our website, create an account, list or buy marketplace items, claim free listings, contact us, or otherwise interact with the platform. It should be read together with our Cookie Policy and, where relevant, our Terms of Use.

2. The personal data we collect

  • Identity and contact data: your name, email address, phone number, delivery details, and other contact information you choose to provide.
  • Account and profile data: account credentials, display name, profile photo, biography, saved addresses, seller or marketplace profile information, and notification preferences.
  • Transaction and marketplace data: listings, favourites, claims, orders, order history, shipping details, receipts, audit trails, and communications connected to a marketplace transaction.
  • Payment-related data: payment status, payment references, billing country, receipt email, and provider-generated identifiers. We do not store full payment card numbers. Card information is handled by payment providers such as Stripe.
  • Technical and security data: IP address, browser type, approximate device information, session identifiers, login attempts, device trust records, activity logs, and security events.
  • Communications data: messages you send to us, support requests, account emails, notification delivery records, and records of policy or safety reports.

3. How we use personal data and our lawful bases

We use personal data only where we have a valid lawful basis under the UK GDPR. Depending on the context, this will usually be one or more of the following: performance of a contract, compliance with a legal obligation, our legitimate interests in running a safe and effective platform, or your consent.

  • To create and manage your account, sign you in, protect account access, and maintain device and session security. This is usually necessary to provide the service to you and to protect the platform from abuse.
  • To operate the marketplace, publish listings, process claims, support orders, route transaction updates, and maintain records linked to marketplace activity. This is usually necessary for contract performance and our legitimate interests in running the service.
  • To process payments and receipts, confirm payment status, reconcile financial records, and manage refunds or failed transactions. This is usually necessary for contract performance and compliance with accounting and regulatory obligations.
  • To improve reliability and security, investigate suspicious activity, prevent fraud, enforce platform rules, and keep audit records. This is usually based on our legitimate interests and legal obligations.
  • To communicate with you, including operational emails, account notices, delivery or claim updates, legal notices, and responses to support requests. This is usually necessary to provide the service or to pursue our legitimate interests in supporting users.
  • To use optional non-essential features, where a consent-based workflow is required. If we introduce optional analytics, marketing, or similar tracking in future, we will ask for consent where the law requires it.

4. Where the data comes from

Most of the personal data we process comes directly from you when you sign up, complete your profile, create listings, place orders, submit claims, or contact us.

We also generate some information automatically through your use of the service, such as security logs, device and session details, payment status updates, and technical records linked to fraud prevention or troubleshooting.

In some cases we may receive information from service providers or counterparties involved in a transaction, for example payment status updates from Stripe or fulfilment-related details linked to an order or claim.

5. Who we share personal data with

We do not sell personal data. We share personal data only where this is necessary to run the service, comply with the law, or protect the platform and its users.

  • Infrastructure and hosting providers that help us run the website, store files, and support core platform operations.
  • Identity, communications, and security providersthat support account authentication, email delivery, web push, and other operational notices.
  • Payment providers, such as Stripe, when payments, receipts, refunds, or seller onboarding activities are involved.
  • Professional advisers and regulators, including legal, compliance, tax, audit, or insurance advisers where reasonably necessary.
  • Law enforcement or public authorities where we are required to disclose information by law, court order, or to protect users and the platform from serious harm, fraud, or abuse.

6. International transfers

Some of our service providers may process data outside the UK. Where that happens, we take steps to make sure appropriate safeguards are in place, such as adequacy regulations, contractual safeguards, or equivalent protective measures recognised under UK data protection law.

If you want more information about the safeguards relevant to a particular transfer, contact us using the details at the end of this notice.

7. How long we keep personal data

We keep personal data only for as long as we need it for the purposes set out in this notice, including to provide the service, keep security records, resolve disputes, enforce agreements, and meet legal, tax, and accounting obligations.

  • Account and profile information is generally kept while your account remains active and for a reasonable period afterwards if needed for legal, security, or support reasons.
  • Transaction, payment, and accounting records may be kept for up to 6 years after the relevant transaction or relationship ends, or longer where the law requires it.
  • Security and activity logs are kept for limited periods that help us investigate fraud, misuse, or service incidents, after which they are deleted or anonymised where appropriate.

8. When personal data is required

Some personal data is required so that we can create your account, process a payment, deliver an order, manage a claim, or comply with law and fraud-prevention obligations.

If you choose not to provide required information, we may not be able to offer the relevant service or complete the transaction you requested.

9. Your rights

Under UK data protection law, you may have the right to request access to your personal data, ask for inaccurate data to be corrected, request erasure, restrict certain processing, object to processing based on legitimate interests, and request portability where applicable.

Where we rely on consent, you can withdraw that consent at any time. Consent must be as easy to withdraw as it is to give.

Some rights are not absolute and may depend on the legal basis or context of the processing. We may ask for proof of identity before acting on a request.

You also have the right to complain to the Information Commissioner's Office (ICO). Their current published contact details include Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, and the ICO website at ico.org.uk.

10. Cookies, security controls, and automated decisions

We use essential cookies and similar technologies to support secure sign-in, session continuity, and core website functionality. More detail is available in our Cookie Policy.

We may also use rules, signals, and fraud-prevention controls to detect suspicious activity, spam, or security risks. We do not rely on solely automated decisions that have a legal or similarly significant effect on you without appropriate safeguards.

11. Contact us

If you have questions about this privacy notice or want to exercise your data protection rights, contact us using the details below.

Africonnect Exchange CIC
21 Maple Terrace
G75 9EF
Glasgow, Scotland
info@africonnect-exchange.org
Company Number: SC869128

More documents

Related legal pages

Terms of useCommunity guidelinesVendor agreementCookie policyDispute resolution