This policy explains how The UK Mastocytosis Support Group will collect, use, keep, share and protect your personal data.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘our’ or ‘us’ this refers to The UK Mastocytosis Support Group. Under data protection law we are the ‘data controller’ who processes your personal data.
Our full legal information is: The UK Mastocytosis Support Group, a charity registered in England and Wales (1154007). Our registered charity address is The UK Mastocytosis Support Group, 31 Foxholes Lane, Altofts, WF6 2PD.
What is personal data?
Personal data is personal information that can be used to help identify a living individual, such as your name, postal address, phone number or email address as well as additional information such as your interests or hobbies.
Our promise to you
Our promise to you is that we will never sell your personal data and we will never share it with another company or charity for marketing purposes.
We only share your personal data where we are required to by law, with your consent, or in future we may share your personal data with carefully selected partners who might work for us. Our partners would be required by contract to treat your data as carefully as we do.
Data protection and the law
Data protection law in the United Kingdom is changing.
- Until 24th May 2018 we shall process your personal data in accordance with the Data Protection Act 1998 (DPA).
- From 25th May 2018 we shall process your personal data in accordance with the General Data Protection Regulations (GDPR) – Data Protection Act 2018 in the UK.
This policy complies with requirements under both DPA 2018 and GDPR. Our marketing communications will comply with the Privacy and Electronic Communication Regulations 2003 (PECR).
Your acceptance of this policy
This policy applies to all the websites we operate, including social media sites, as well as purchases you make from us, our events or services and any other methods we use for collecting your information.
It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.
By using our websites, social media sites, or providing your personal data to us in the ways described in this policy, this means you agree that we can collect, keep and use your personal data in the ways set out in this policy. It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are.
If you do not agree to this policy please do not use our websites, social media sites, events or services.
What information might we collect?
We may collect three kinds of information:
- Non-personally identifiable information which is recorded anonymously, such as your IP address (the location of your computer on the internet).
- Personally identifiable information, known as personal data, which is information that can be used to help identify a living individual.
- ‘Sensitive personal data’ or ‘special categories of data’, which is personal data about your racial or ethic identity, physical or mental health (e.g. mast cell disease), or information about any alleged or criminal offences. We will only use this data if you have provided it to us directly or it has been sourced from information we believe you have clearly made public.
The types of information we may collect and process includes:
- Your title and name (including former name or alias)
- Your gender and date of birth
- Your contact information e.g. postal address, telephone number, email address, social media
- Your mast cell disease (if applicable)
- Your business details e.g. positions, organisation, professional memberships and qualifications
- Your outside interests and membership of groups
- Your family details, including spouse or partner and children
- Your relationships with other organisations, supporters and potential supporters
- How you interact with our products and services e.g. events you have registered for and attended, products purchased, services you have subscribed to, your willingness to volunteer
- Financial or payment details if you have made a purchase or donation
- Any other information you choose to share with us
How do we collect information?
We collect information about you in the following ways
- When you give it to us directly
You may give us your information online via our websites or social media sites, over the phone, in writing by email or post, or face-to-face at an event. For example, when you
- Buy a product e.g. Holiday cards or wrist bands
- Complete our surveys or forms e.g. contact preference forms, Gift Aid forms
- Contact us by telephone, email or web forum for advice and guidance
- Donate to us
- Fundraise for us
- Join us as a member e.g. Corporate, Healthcare Professional, Individual or Family
- Register as a volunteer
- Register for an online service
- Register for our events
We will also collect your information where you only partially complete or abandon any information inputted into our websites or other online forms. We may use this information to contact you to remind you to complete any outstanding information or for marketing purposes, with your consent.
- When you give permission to other organisations, known as third parties, to share your information with us
- When the information is available publicly:
We may enhance personal information we collect from you from publicly available sources such as media articles, company and charity filings, social networking posts and the world wide web.
- When we collect it as you use our websites
Depending on whether you are using a desktop computer, laptop or mobile phone to access our websites, the settings on your device may also provide us with information. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
How will we use the information we collect?
We will use your information when we have a contractual or legitimate business interest to do so or with your consent. We will mainly use your data to:
- Provide you with the services, products or information you asked for
- Administer sales transactions, donations, or other payments and verify financial transactions, including processing gift aid
- Ensure we know how you prefer to be contacted
- Keep a record of your relationship with us including any communications we send to you
- To verify your account and provide a personalised experience for you on our websites
- Monitor, measure, improve and protect our services, products or information
- Prevent or detect fraud or abuses
- Provide you with any information that we are required to send you to comply with our regulatory or legal obligations
- To provide, with your consent, targeted marketing communications about information that we think may be of interest to you
- Raise awareness about our charitable aims and activities through use of case studies or quotes
Building profiles of supporters and targeting communications:
- To ensure that we do not make inappropriate requests, we may carry out research to assess your likely ability and willingness to engage with our products and services. We will use your information to help us plan our activities and determine if we should contact you with certain communications.
- This research helps ensure our communications are relevant and of interest to you. It also helps us identify how you are involved with our work and identify which of our user activities are most popular.
- This research may include collecting and storing data relating to you that is in the public as well as data that has been provided by you, including your interests, and any activities you have previously been involved with. This research is sometimes known as prospect research or wealth profiling.
- For further information please see our Ethical Fundraising Policy.
With your consent, we will contact you via telephone, email, text or post with targeted marketing communications about information that we think may be of interest to you such as
- Ways we can help you through our information, training and support services such as membership, online training courses, support group meetings and/or
- Ways you can engage with us through fundraising, campaigning and volunteering which support our charitable aims and activities and/or
- Offers or opportunities from third-party partners who support us including competitions, discounts or surveys which support research into mast cell diseases.
Our forms have clear marketing preference questions and we include information on how to opt in or opt out when we send you marketing communications.
You have the right at any time to stop us from contacting you for marketing purposes and can unsubscribe from any email marketing using the links provided in the messages we send to you. To manage your communication preferences online contact our Data Protection Officer.
Storing your information
Information is stored by us on computers located in the UK, secure servers that are subject to the GDPR requirements or securely locked within our offices in paper files. We have security measures in place to attempt to protect against loss, misuse or alteration of the personal data under our control. For example, only authorised personnel such as employees, volunteers and contractors who receive data protection training can access user information.
We may transfer your information to other reputable third-party organisations. As explained above, we will only pass personal data to them if they have signed a contract that requires them to abide by the requirements of UK data protection law.
If a company is situated outside the European Economic Area, they may not be subject to the same data protection laws as companies based in the UK. However, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law.
Unfortunately, the transmission of data across the internet is not completely secure and we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
Where you have a password enabling you to access parts of our websites, it is your responsibility to keep this confidential.
How will we keep your information up to date?
We will update the data we hold on you from time to time. For example, if you provide us with new contact details or change your details on our website.
How long will we retain your information?
We will keep your information for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, inform our research, update your communications preferences or to comply with the law.
If you decide that you no longer wish to receive communications from us we may need to retain a minimal amount of personal data so we can keep a record you have asked us not to contact you.
Records of financial transactions which may include personal data are retained for 6 years. We will plan to remove records 6 years after last contact. When we no longer need your information, we will always dispose of it securely.
What rights do you have under law?
Under GDPR you have the right to:
- to be told how we will use your information
- to ask to see the information we have about you
- to correct anything that is wrong or inaccurate
- to ask us to remove your information from the systems we use to process personal data
- to ask us to stop processing your personal data
- to ask us for a copy of your data in a commonly used electronic form so you can move, copy or transfer it
- to object to us using your data in certain ways, including for direct marketing purposes
- and various rights regarding automated decision making or profiling
Please see https://ico.org.uk for further information on the above rights.
If you wish to exercise any of these rights please contact our Data Protection Officer in writing. You have the right to be provided with a copy of the information we hold free of charge. However, we reserve the right to charge a reasonable fee to comply with requests for further information, based on the administrative cost of providing you with the information.
We do not make automated decisions (decisions made with no human involvement in the decision-making process) that have a legal or similarly significant effect on individuals.
We are not a ‘public authority’ as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this act.
We have the right to continue processing your data
- to exercise the right of freedom of expression and information
- for public health purposes or archiving purposes in the public interest
- to comply with legal obligations and exercise or defend legal claims
Children’s personal data
Some of the services we offer are aimed specifically at families who have children with mast cell diseases. To deliver these services safely it is necessary for us to collect personal data and ‘sensitive personal data’ or ‘special categories of data’ and store it on our database. Before we collect data from anyone aged under 18 we will always ask them to directly obtain the permission of a parent or guardian. We do not knowingly contact children aged 16 or under with targeted marketing communications. We manage the information we collect in a way which is appropriate to the age of the child and ensure any communications or advertising likely to be viewed by children are age appropriate.
Changes to this policy