Privacy Policy
Ataxia UK is committed to protecting your privacy. We use the information we collect about you to manage your donations, event participation, process orders and to help you enjoy a more personalised experience.
Developing a better understanding of our supporters through their personal data enables us to make informed communications; market communications with you and others appropriately, fundraise more efficiently and ultimately, help us reach our vision of living in a world where no one develops an ataxia.
This policy describes how this personal data may be used to meet the company’s data protection standards and to comply with the law. If you have any requests concerning your personal information or any queries with regards to these practices please contact:
The Data Protection Lead
Ataxia UK
12 Broadbent Close
London
N6 5JW
Tel: 020 7582 1444
Email: fundraising@ataxia.org.uk
How do we obtain your personal information?
Ataxia UK needs to gather and use personal information on individuals for the purposes of our charitable and business objectives. These individuals include:
- Friends of Ataxia UK
- One off cash/Direct Debit donors
- Business contacts
- Employees/Job applicants
- Researchers/Medical health professionals
- Other people the organisation has a relationship with or may need to contact
We collect information in the following ways (this is more fully described in What information we collect):
When you give to us directly
You may give us your information in order to sign up for one of our events, when you contact us to ask about our activities, to tell us your story, order products from us, seek assistance, make a donation to us, fundraise on our behalf, or when you apply to work for Ataxia UK.
When you give permission to other parties to share it with us
Your information may be shared with us by independent event organisers, for example the London Marathon or fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do so with your consent when you have indicated that you wish to hear from us.
You should check their privacy policies when you provide your information to understand fully how they will process your information.
We may also obtain information about you from a family member or friend who contacts us on your behalf, or if a volunteer or fundraisers passes on your details to us. In these circumstances, we will always let you know who provided your information to us.
What information do we collect?
The term ‘personal information’ applies to personal data, as is identified in Data Protection Law 2018. It means data:
(a) Relating to a living individual
(b) From which he or she can be identified (from the data alone or with other information that we hold are likely to hold).
It can include information such as your name, date of birth, email address, postal address, telephone number, IP address, credit/debit card details, and information relating to your health and personal circumstances.
Data protection law recognises that certain categories of personal information are more sensitive. These are known as 'special category data' and include information relating to health, race, ethnic origin, political opinions, religious beliefs, trade union membership, genetics, biometrics (where used for ID purposes), sex life and sexual orientation. Criminal offence data is also subject to extra safeguards.
When you join the Friend of Ataxia UK programme, we will usually ask you to provide information on the type of ataxia you have. This information is used to provide ataxia-specific health information; signpost you to a local neurologist or clinic, for the purposes of our research programmes and to tailor our communications with you. These details are always stored securely.
You provide Ataxia UK with personal information when you:
- Participate in a fundraising event
- Sign up as a Friend of Ataxia UK
- Make a donation with us
- Apply for a job
- When you call the Ataxia UK Helpline
- Register onto our professional medical and health professionals registry
- Submit a case story
Participate in a fundraising event
We will collect the following types of information:
- Title
- Name
- Postal address
- Email address
- Telephone number
- T-shirt size
- Date of Birth
- Bank details if there is a fee to enter the event
We use this information to:
- Confirm your place
- To send event information
- To send you an Ataxia UK T-shirt if you requested one
- To claim Gift Aid
We will share this information with:
HMRC if you consent to Gift Aid.
We rely on legitimate interest to process your information to enable you to take part in the event, and to send charitable communications to you by post or phone.
Sign up as a Friend of Ataxia UK
We will collect the following types of information:
- Title
- Name
- Postal address
- Email address
- Telephone number
- Date of birth
- Bank details if making a donation
- Health information
We use this information to:
- To post you a free copy of the Ataxia UK Magazine and send the Ataxia UK e-Newsletter
- To conduct anonymous medical surveys on ataxia
- To claim Gift Aid
We will share this information with:
- HMRC if you consent to Gift Aid.
We rely on consent to process your information to send you our free Ataxia UK Magazine and e-Newsletter. We rely on legitimate interests for marketing to you by post or phone, and consent for other types of marketing.
We will collect the following types of information:
- Title
- Name
- Postal address
- Bank details
- Gift Aid submission (If UK Taxpayer)
- Information about why you are choosing to donate which may include health data if you choose to share it with us
If you choose to give it to us we also collect email, and phone/mobile number.
We use this information to:
- Process your donation
- Add you to our marketing lists so that we can inform you about other ways to get involved with us including other fundraising initiatives, volunteering and research opportunities.
- To claim Gift Aid.
We rely on legitimate interest to process your information to enable you to donate.
We rely on legitimate interests for marketing to you by post or phone, and consent for other types of marketing.
HMRC are legally obliged to process your name address and tax status for Gift Aid. For high value donations we rely on legal obligation to conduct additional due diligence on donors to ensure compliance with money laundering law and to ensure that there are no reputational or ethical risks associated with the donor or the donation.
We will collect the following types of information:
- Name
- Address
- Email address
- Telephone number
- Eligibility to work in the UK
- Your CV/ work experience
- Emergency contact details
- Bank details
- Equal opportunities disclosure
We will use this information to:
- Assess if you are suitable for the role,
- Decide if we need to make reasonable adjustments for your interview,
- To pay you if successful.
- We collect details about race/ ethnicity, religion beliefs, sexual orientation for monitoring and inclusion and to enable us to identify trends. We keep this information separate from your application.
We initially rely on legitimate interest to process your information as a job candidate. We are legally obliged to process information about your right to work in the UK and we will take a copy of your passport as evidence of your right to work if we interview you. We are legally obliged to make reasonable adjustments for you if you have a disability.
We collect the following types of information:
- Name
- Details about you are calling us
- Health data relating to your ataxia
- Postal address
- Email address
- Phone/mobile number
With your consent, we will also send you information that may be of help to you, such as our Ataxia UK information booklet, or notify you of other services in your area that could help you.
We will not share your information with anyone without your consent. We rely on your consent to provide us with information to enable us to advise you. If we feel we need to break confidentiality, we will rely on legal obligation and safeguarding law.
Register onto our professional medical and health professionals’ registry
We collect the following types of information:
- Name
- Country
- Email address
- Job information including specialisms and contact details
We rely on consent to send you information by email.
Some people provide us with information about themselves to be used as case studies for the Ataxia UK Magazine or website. In such instances, we obtain your consent to use these.
How long do we hold your information for?
We have a records retention policy which sets out how long we will keep you information for. In some cases the retention periods are governed by law, in other cases it is best practice.
|
Ataxia UK Retention Policy |
|||
|
Fundraising and events |
|||
|
Record Type |
Length held |
Reason |
|
|
Change of address |
2 years |
Best practice |
|
|
Consent to Direct Mail |
We will hold for 7 years |
For compliance with data protection law and privacy law |
|
|
Correspondence about donations |
We will hold for 7 years from the end of the fiscal year |
For compliance with Companies Act/Charities Act |
|
|
Gift Aid claims |
We will hold for 7 years from the end of the fiscal year in which the last payment under the declaration was made |
This evidence is required by HMRC inspections/Limitations Act 1980 |
|
|
Gift Aid declarations |
We will hold for 7 years from the end of the fiscal year in which the last payment under the declaration was made |
For compliance with the Finance Act 1988 Sch 18 (Declarations continue in force until revoked or cancelled) |
|
|
Image consent forms |
Although image consent has no time limit, in practice we no longer use photos after 5 years. We review our photo library every 6 months |
||
|
Legacies |
We will hold for 7 years after the estate has been wound up for legal and contract reasons |
||
|
Health declarations |
Indefinitely |
Retained for statistical purposes |
|
|
Raffles/Lottery returns |
We will hold for 3 years after the draw |
In accordance with Best Practice |
|
|
Registration forms |
7 years |
For contract law purposes and public liability |
|
|
Requests to be removed from Direct Mail lists |
7 years |
To demonstrate compliance with data protection and privacy law |
|
|
Requests for information from Data Subjects |
7 years |
Best practice |
|
|
Event sponsorship forms |
7 years from end of fiscal year |
To comply with the Finance Act 1988 |
|
|
Supporter credit card number |
We do not retain these in accordance with Payment Card Industry Data Security Standards (Requirement 3) |
||
|
Supporter credit card verification codes |
We do not retain these in accordance with Payment Card Industry Data Security Standards (Requirement 3) |
||
|
For Recruitment and volunteering information |
|||
|
Bank details of future employees |
Length of employment for the purposes of paying salary |
To comply with the Data Protection Act 1998 |
|
|
Consent to process special category data |
Length of employment + 7 years after the end of employment |
To comply with the Data Protection Act 1998 |
|
|
Contracts of employment, written particulars of employment and any changes |
Length of employment + 7 years after employment ceases |
Bets Practice |
|
|
Job applicants |
If unsuccessful we will hold for 1 year after notification then destroyed |
To demonstrate compliance , if necessary, with the Equalities Act |
|
|
Job descriptions |
We will hold for 3 years after employment ceases |
In accordance with Bets Practice |
|
|
References |
We will hold for 7 years after employment ceases |
In accordance with the Limitations Act 1980 |
|
|
For other records |
|||
|
Complaints Correspondence |
We will hold for 7 years from completion of action |
Best Practice |
|
|
Subject Access Requests |
We will hold 7 years after last action |
For contract purposes and in accordance with the Data Protection Act 1998. |
|
|
Health declarations |
Indefinitely |
Retained for historical and statistical purposes until no longer necessary |
|
|
Helpline queries |
Indefinitely |
Retained for historical and statistical purposes until no longer necessary |
|
Where your data is held.
All information you provide to us is stored securely and treated with care and respect.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") such as the United States. It may also be processed by persons operating outside the EEA. If we do send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information. By submitting your details you agree to this transfer.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access
How do we use your information?
How we use your information would largely depend on why you are providing it (See What information do we collect).
As an overview, we may use your information in the ways set out below:
- We use your personal information to give you the information, support, services, or products you ask for.
- We use your information to gain a full understanding of your situation so we can develop and offer you the best possible personalised services.
- We use your information to keep a record of your relationship with us and for internal administrative purposes (such as our accounting and records), and to let you know about changes to our services or policies. We use your personal information to look into, and respond to, complaints, legal claims or other issues.
- We use your personal information to claim Gift Aid on your donations.
- We use personal data to carry out statistical analysis and research in order to help us to understand how we are performing and how we can improve our services and meet the needs of people that require our help.
- We may also use your personal information for other purposes which we specifically notify you about and, where appropriate, obtain your consent.
Profiling and Analysis
Like many organisations operating in the charitable sector we may use the data you provide, sometimes together with data obtained elsewhere, to conduct profiling of our supporters or potential new supporters. This helps us manage our fundraising and communications efficiently and effectively so we can raise more to spend on finding a cure for ataxia and supporting those affected by ataxia. It also helps ensure you receive communications and requests for support that are relevant and of interest to you.
There are five main components of our profiling and analysis activity;
- Data Matching
We may combine the personal information you have provided to us with publicly available information. This means we can better tailor our communications and services towards you and those with a similar profile as yours.
Please see the external data sources list below for where we might obtain publicly available information about yourself.
- Segmenting
We conduct analysis of supporters by group (including interest areas, ataxia type, giving history, etc),post code or particular area where supporters may be based. This is to ensure that campaigns or mailings are sent to those who will be most interested or likely to respond. For example, if you have told us you are interested in medical research then you may be selected as part of segment of supporters who have told us the same thing who would receive information on research where a different segment who weren’t interested in research may not.
- Major Donor Analysis
We may carry out research to determine whether an individual could be a potential major donor. We may use publicly available information from third party sources such as listed below. The type of information we collect can include:
- career overview
- gift capacity
- areas of interest
- history of giving to us and others
- how the individual is connected with us and others
- public information on any philanthropic activities.
- High value event planning
We may also use publicly available information to produce short biographies of people who are due to meet with our leadership or attend an event that we may be hosting.
This helps our people to understand more about those we engage with, and their interests or connection to us.
- Ethical screening and minimising risk
As a registered charity, we are subject to a number of legal and regulatory obligations and standards. The public naturally expect charities to operate in an ethical manner and this is integral to developing high levels of trust and demonstrating our integrity. Ataxia UK is an organisational member of the Institute of Fundraising and is registered with the Fundraising Regulator. We ensure all our fundraising is compliant with the Code of Fundraising Practice.
This means that we may carry out background checks and appropriate due diligence on donors and potential donors or check donations to help protect the charity from abuse, fraud and/or money laundering and/or terrorist financing.
To comply with our obligations as a charity, we must take reasonable and appropriate steps to know who our donors are, particularly where significant sums are being donated. This means that we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support whether that is from an individual or organisation. This will help to give assurance that the donation is not from an inappropriate source and to safeguard our reputation. This does not mean that we will question every donation, nor that we will research lots of personal and other details about every donor. Any information we do collect for this purpose will only consist of what is necessary for us to meet these requirements and will be processed in line with your rights
External Data Sources
External data sources include publicly available information such as Google, Companies House, Charity Commission and other charity registers, Who’s Who and Debrett’s guides, Electoral Roll, reputable newspaper articles, publications, company websites and biographies on professional networking sites as well as geographic and demographic information based on your postcode.
Direct Marketing
We use your information to send you communications about our work and how you can help us, for example, information about our campaigns, volunteering, fundraising activities and how you can donate to us.
Occasionally, we may include information from partner organisations or organisations who support us in these communications. Our forms have clear marketing preference questions and we include information on how you can say no to such marketing.
We rely on your consent for marketing communications by electronic means – including text, email and social media. We rely on legitimate interests for other means of marketing including post and live calls.
You can let us know if you would prefer not to receive these communications at any time by emailing fundraising@ataxia.org.uk calling us on 020 7582 1444, or writing to our Data Protection Lead at: Ataxia UK, 12 Broadbent Close, London, N6 5JW.
Who do we share your information with?
We will not sell your details to any third parties, but in many cases we share your information with our trusted service providers who are authorised to act on our behalf, and associated organisations who work on our behalf, or whom we work with in partnership to deliver and improve services for people affected by ataxia. This includes organisations who fundraise on our behalf.
Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
- Your data will be made available to our website provider
- The data that may be available to them include any of the data we collect as described in this policy.
- Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
- They will store your data for a maximum of 7 years.
- This processing does not affect your rights as detailed in this privacy policy.
Facebook Marketing.
We may participate in Facebook’s ‘Custom Audience’ program, which enables us to display adverts to our existing supporters when they visit Facebook. We may provide your email address, mobile number and address to Facebook, so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook.
Your data is sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account.
For more information please see Facebook Business and Facebook’s Data Policy.
Cookies, web beacons and other similar technology.
“Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. Find out more about cookies at www.allaboutcookies.org
We use cookies to identify you when you visit this website and to keep track of your browsing patterns and build up a demographic profile. Our cookies do not contain any personally identifying information, but they do enable us to provide additional features on this site. Most web browsers automatically accept cookies, but you can usually change your browser to prevent that, if required. Even without a cookie, you can still use most of the features on the Ataxia UK website.
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browse, or look at the instruction on www.allaboutcookies.org. You can also use the following link to help you opt out of any remarketing pixels and technologies http://optout.networkadvertising.org/?c=1
Please note, however, that turning off cookies will restrict your experience of our website.
Facebook Pixel
Conversion tracking helps us measure the return on investment of Facebook ads to ensure we are spending money as efficiently as possible. We install the Facebook Pixels on pages where conversions happen and then track conversions back to ads they are running on Facebook.
No personal information is contained in or collected as a result of these pixels.
You can read more about Facebooks privacy policy here https://www.facebook.com/about/privacy
Cookies used on our site:
Cookies used by our service providers Our service providers use cookies and those cookies may be stored on your computer when you visit our website. We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. This data may be stored outside the EU, under a EU-US Privacy Shield agreement. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/
If you're 18 or under
The protection of minors is very important to us, so we won’t actively seek opportunities to collect personal information from under-18s. However, we don’t want to exclude under 18s from opportunities to support our work either (with the exception of donations), so we may sometimes need to store their personal information. Where appropriate, we’ll ask under-18s for their date of birth to make sure they’re completely excluded from our fundraising activities.
Minors should always ask a parent or guardian for permission before sending personal information to anyone online.
Subject access requests
All individuals who are the subject of personal data held by the charity are entitled to be:
- Told whether any personal data is being processed
- Given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people
- Given a copy of the information comprising the data; and given details of the source of the data (where this available).
If an individual contacts the charity requesting this information, this is called a subject access request. Subject access requests from individuals can be made by mail or by email, or by social media channels, addressed to the Data Protection Lead.
The Data Protection Lead must always verify the identity of anyone making a subject access request before handing over any information.
- If they are the data subjects then examples of proof of identity would be a recent bank statement or utility bill, driving licence or passport (photocopies are acceptable).
- If they are acting on behalf of the data subject with their express permission or with the appropriate legal authority, this must be evidenced in writing, together with the reason why the individual cannot make the request themselves.
In this scenario they are asked if they wish to be removed from further communications from the charity, if they do so then communications preferences will be updated.
The following guidance will assist in recognising a subject access request:
- It is in writing.
- States the name of the applicant and address for correspondence.
- Describes the information requested.
This request will be sent immediately to the data protection officer. By law we need to respond promptly and at the latest within 30 days and if we fail to handle a subject access request properly this could give rise to a complaint to the Information Commissioner’s Office, so all staff needs to follow the correct process.
Your Rights.
You can request access to any information we hold about you by contacting our Data Protection Lead at Ataxia UK, 12 Broadbent Close, London, N6 5JW, email fundraising@ataxia.org.uk, or telephone 020 7582 1444.
You can also let us know if you would no longer like to receive marketing communications from us by emailing fundraising@ataxia.org.uk, calling us on 020 7582 1444 or writing to our Data Protection Lead at the address above.
You have a right to:
- Access your information. This is called a Subject Access Request. Whether you are requesting information about yourself or on behalf of someone else.
- Correct any information that we hold about you.
- Erase any of your information that we no longer have a right to hold about you.
- Ask us to stop us doing anything with your data unless we must by law or a contract.
- Stop any automated decision making. This is where a computer makes a decision about you. It should be noted that we do not do this.
To exercise any of these rights please contact our Data Protection Lead:
- Email: office@ataxia.org.uk
- Written enquiries: Ataxia UK, 12 Broadbent Close, London, N6 5JW
If we rely on consent as the legal basis for processing (as set out in What information do we collect?) you can withdraw your consent to the processing. However, we often rely on different legal bases for different aspects of processing. This means that we may not be able to act on your request if we have a compelling legal reason not to. For example, if we originally collected your data with your consent, but we later need to investigate a complaint, we may be able to rely on legitimate interests to continue processing your information.
Make A Complaint.
The Information Commissioner’s Office (ICO) is an independent body responsible for making sure that organisations comply with General Data Protection Regulation. The ICO also deals with concerns raised by members of the public about the way in which organisations look after personal information and deal with subject access requests.
You can complain to the ICO if Ataxia UK:
- Fails to respond to your request for disclosure
- Refuses your request
- Fails to send you all of the information you asked for
- Fails to comply with the 30 day time limit for disclosure
The ICO will always expect you to have raised your concern with Ataxia UK before submitting a complaint.
The ICO has a form on its website which you can use to make your complaint. When you send the form to the ICO, include all the communications you’ve had with the organisation about your request for disclosure, including copies of the documents raising your concerns.
- If you have this saved electronically, you can submit the form and the correspondence by email to casework@ico.org.uk
- If you only have paper copies of the correspondence, you will need to send it along with the form to Customer Contact, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- You can call the ICO helpline on 0303 123 113 (local rate)
You should make a complaint to the ICO within three months of your last proper contact with Ataxia UK.
Changes To Our Policy.
Any changes we make to our privacy policy in the future will be posted on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. Ataxia UK welcomes your questions and comments about our privacy policy and procedures. Please email office@ataxia.org.uk.
This policy was last updated in May 2019
Contact.
Queries regarding this policy or data protection law can be directed to the Data Protection Lead at fundraising@ataxia.org.uk or write to us at:
Data Protection Lead
Ataxia UK
12 Broadbent Close
London
N6 5JW
Subscribe To Our Newsletter
LATEST NEWS
- All
- Ataxia research conferences
- Cerebellar ataxia
- Friedreich's ataxia
- Research News
- SCAs
- Uncategorised
- Your Blog
