Legal

Privacy Notice

Africa Food Systems Forum (AFSF) Summit — Last updated: 2026

Back to Home

1. Introduction

AGRA, acting as the Secretariat of the Africa Food Systems Forum (AFSF), is committed to ensuring that all personal data is processed in accordance with the highest international data protection and privacy standards.

This AFSF Summit Privacy Notice ("Notice") applies to all participants, including delegates, speakers, partners, sponsors, media representatives and government officials attending the Africa Food Systems Forum Summit (the "Event").

2. Categories of Personal Data Collected

AGRA may collect and process the following categories of personal data:

  1. Identification and professional information, including name, title, and organizational affiliation
  2. Government-issued identification details where required for accreditation, security clearance, or protocol purposes
  3. Contact information including email, telephone number, and address
  4. Registration and participation information
  5. Photographs, video recordings, and audio recordings captured during the Event
  6. Sensitive personal data, including dietary information (such as allergies, health-related requirements, or religious considerations), provided voluntarily for catering and safety purposes
  7. Special category data relating to VIPs or government officials where required for protocol, security, or accreditation

3. Purpose of Processing

Personal data will be processed for the following purposes:

  1. Event registration, accreditation, and access control
  2. Security screening, risk management, and protocol coordination
  3. Event administration, logistics, and participant engagement
  4. Catering and health and safety planning, including dietary accommodations
  5. Monitoring, evaluation, and reporting on Event outcomes
  6. Preparation of official reports, publications, and knowledge products
  7. Media coverage, communications, and promotion of the Event
  8. Reporting to sponsors, partners, and stakeholders

4. Legal Basis for Processing

AGRA processes personal data on the following bases:

  1. Consent provided at registration or participation
  2. Legitimate interests in organizing and administering the Event
  3. Compliance with legal and regulatory obligations
  4. Explicit consent for processing of sensitive personal data

5. Media Capture and Publicity Disclaimer

By attending the Event, you acknowledge and agree that photography, video recording, and audio recording will take place throughout the Event.

While AGRA will take reasonable steps to inform participants of media activity and, where practicable, consider requests relating to media preferences, you acknowledge that, due to the scale and public nature of the Event, it may not be possible to avoid incidental capture of your image, voice, or likeness in recordings or photographs.

You further acknowledge and consent that such recordings may be used by AGRA and its partners for legitimate purposes, including but not limited to Event documentation, reporting, communications, and promotional activities across various media platforms, including websites, social media, and publications.

AGRA shall not be liable for any incidental or unintended capture or use of your image, voice, or likeness in accordance with this Notice.

6. Data Sharing and Third Parties

Personal data may be shared with:

  1. Authorized service providers supporting Event delivery
  2. Venues, logistics, security agencies, and protocol teams
  3. Sponsors, partners, and collaborating institutions on a need-to-know basis
  4. Media organizations for Event coverage

All third parties will be subject to appropriate contractual obligations, including confidentiality and data protection requirements. AGRA does not sell or commercially exploit personal data.

7. International Data Transfers

Personal data will be processed and stored using cloud-based systems, which may involve transfers across jurisdictions, including to the country hosting the Event, AGRA's headquarters in Nairobi, Kenya, and to other countries where AGRA's cloud service providers maintain their infrastructure.

AGRA will ensure that all cloud-based service providers implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, or loss. These measures include, but are not limited to, access controls, encryption where appropriate, secure data storage, and processing on a strict need-to-know basis.

All transfers of personal data through such cloud-based systems shall be subject to appropriate safeguards with service providers, and shall be carried out in compliance with applicable data protection laws.

8. Data Security and Classification

AGRA applies robust technical and organizational measures to safeguard personal data.

Data will be classified based on sensitivity and risk, with enhanced protections applied to sensitive personal data, VIP information, and data relating to minors, if applicable.

Access to personal data will be restricted to authorized personnel on a need-to-know basis.

9. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes outlined in this Notice, including reporting and compliance obligations.

Unless otherwise required, data will be retained for a period not exceeding seven (7) years, after which it will be securely deleted or anonymized.

10. Rights of Participants

Subject to applicable law, participants may request to:

  1. Access their personal data held by AGRA
  2. Request correction of inaccurate or incomplete personal data
  3. Request deletion of personal data, where applicable
  4. Object to or request restriction of certain processing activities, where feasible
  5. Withdraw consent at any time for processing based on consent

Participants may exercise certain of these rights directly through the Event registration platform, or by contacting AGRA through the Data Protection Officer at: generalcounsel@agra.org.

All requests will be considered and responded to within a reasonable timeframe, taking into account legal, contractual, and operational requirements.