The General Data Protection Regulation (GDPR) is a piece of EU legislation that came into force on 25th May 2018. The core intent of GDPR is to give individuals more control over the use of their personal data and how data is stored. This legislation along with the Data Protection Act 2018 (DPA), gives more rights to you as an individual and more obligations to organisations holding your personal data.
One of the rights is a right to be informed, which means we have to give you more information than previously about the way in which we use, share and store your personal information.
Cystinosis Foundation UK is the Data Controller, please see below our full contact details:
Cystinosis Foundation UK
℅ Executive Business Support
Registered Charity No: 1074885
How we collect your personal information
We collect your information when you decide to interact with us, sign up to our mailing list, make a donation, undertake fundraising efforts and receive support services and products. We also collect information about your device to look at how our audience use our website, so that we can offer the best possible experience. Information collected includes your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths.
Purpose and lawful reasons for processing your data
For all goods and services donated by Cystinosis Foundation UK to patients or carers, we will process your data to ensure the correct delivery of those goods and services. The lawful reason for processing data in these cases is contractual and will include:
- Products or services provided to you by Cystinosis Foundation UK
- Received donations
We may process your data for emotional support requests and general enquiries. We will only process your data in this regard and contact you if we have obtained your consent to do so. The lawful reason for processing data in this case is consent and will include:
- Emotional support
- General enquires – such as donating and fundraising information
- Information and advice requests
We may contact you from time to time regarding information you may be interested in from the Cystinosis Foundation UK or related organisations. We will only process your personal data in this regard and contact you if we have obtained your consent to do so. The lawful reason for processing data in this case is consent and will include:
- Health, research and medication news
- Cystinosis Foundation UK news
We may process data which falls within the special categories of data. The below list details the data which are processed that falls in that category:
- Health information – for any product or services requests. This information will only be used with your consent and to ensure we are able to deliver any special requirements you may have. The lawful reasons for processing these data are consent and explicit consent as given by you, the data subject.
Cystinosis Foundation UK will never share, sell or trade your personal information to any third parties for marketing purposes.
We currently use other organisations to manage our activities: Executive Business Support (EBS) for our administrative support. EBS has access to your data in order to perform services on our behalf. We make sure anyone who provides a service for us enters into an agreement with us and meets our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
We may share your data with representatives or volunteers of Cystinosis Foundation UK for the purposes of providing a product or service request approval. The data shared with these individuals is limited only to individuals that meet our standards for data security. Regular training and auditing is conducted to ensure that these aims are met.
The Cystinosis Foundation UK does not share your information with any third parties without your permission. The only exception is through use of our on-line donation facilities where your information is passed to PayPal to enable them to process your donation. Please see Just Giving (www.justgiving.co.uk) for a list of their terms and conditions.
If you have applied to Cystinosis Foundation UK for funding, your data will be shared with selected suppliers that provide such product or service, however, your data will only be shared with your explicit consent. All suppliers have a signed agreement with the Cystinosis Foundation UK ensuring their data security is to Cystinosis Foundation UK’s security standards.
Types of information we collect
We only collect the information that is necessary to carry out our business and provide a particular service that you have requested, and to keep you informed. This includes:
- Demographic information (Name, address, contact details, e-mail address)
- Health information
- Equipment, merchandise and service requests
- Funding decisions
- Fundraising activity
- Donation activity
- Support needs
- Communication records
How your information is stored
Your information either will be stored on our website, in a restricted secure server environment or on cloud-based software that we have verified as suitable and which meets our security requirements. Only individuals that need to will be allowed to access your data and this access is limited to the requirements of the individual’s task. We ensure that all individuals, volunteers and staff members of any third party have been trained to understand their requirements in keeping your data safe. Any sensitive hard copy paper records which may be sent to the organisation, such as medical diagnosis, are transferred into electronic format and is securely deleted or returned once acknowledged.
How long is your information kept
We will only keep your data for as long as it is necessary, the majority of information will be retained for 7 years to coincide with financial requirements. For areas that you have withdrawn your consent or asked for your data to be removed, it will be destroyed as soon as possible within 1 month. If we decide not to destroy your data, we will inform you as to why we have made this decision.
You should find it easy to access and amend the personal information that we hold on you. If you wish to update information or communication preferences please contact us by telephoning 01543 442140 or emailing email@example.com.
You have the following rights as an individual:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you have any queries or concerns regarding the use of your data and the above rights, please contact us by telephone on 01543 442140 or by email firstname.lastname@example.org
The supervisory authority is the ICO and comments and concerns can be raised with them Further information on data protection regulations and laws can be found: https://ico.org.uk/for-the-public