Privacy and Data Protection Policy
Our organisation and its partners are committed to protecting your personal information and being transparent about what information we hold. It is essential for the success of our project for us to build your trust so that you feel comfortable sharing your experiences, and in turn allowing us to use those stories to influence a positive future.
This policy is designed to explain who we are, and how we collect and use the information you provide to us. We aim to ensure that we are always honest and clear about your privacy and personal information, in accordance with applicable data protection law: being for these purposes the Data Protection Act 2018, Privacy and Electronic Communications Regulations 2003 and the UK General Data Protection Regulation (collectively, data protection law).
1.0 Who are we?
The Brain & Spine Foundation (B&SF) is the Data Controller. B&SF is a UK-wide charity providing information and professional neuro services support for everyone affected by a neurological conditions or symptoms. BS&F has several sub-brands, that it is the data controller for, each has their own specific propositions with Professional Neuro Services delivering support and information, NeuroLifeNow conducting research, NeuroUK campaigning for change and Neuro Changemakers enabling self-care and community. B&SF is the data controller for each of these brands. We are a registered charity no. 1098528 (England and Wales) regulated by the Charity Commission and the Fundraising Regulator.
B&SF is a company limited by guarantee, registered in England (No. 4432677), based at 4th Floor, Canopi, 7-14 Great Dover St, London SE1 4YR. We are registered with the Fundraising Regulator and follow their Code of Fundraising Practice. We are also registered with the Information Commissioner’s Office as a Data Controller (reference Z4759252) for all our activities.
In our policies, ‘we’, ‘us’ and ‘our’ refers to B&SF.
2.0 What is personal and special category data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address. Some categories of personal data are more sensitive and are referred to as special category data. These are recognised under the General Data Protection Regulations (GDPR) as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, health, a person’s sex life and a person’s sexual orientation.
We collect, where appropriate and necessary, personal and special category information to aid communications, provide and develop services, campaign, monitor accessibility of our services, to provide information, to fundraise for our work, for administration, to fulfil research, for profiling and analysis, all to better understand our service users and supporters needs and ensure representation, as well as for legal reasons (for example, in connection with legal claims or preventing or detecting crime).
We only collect the information that we need or that helps us to provide the best possible service and to fulfil our charitable aims and objectives.
3.0 How we collect information about you
3.1 Professional Neuro Services
We run a confidential helpline, provide accessible information, and run online and in person support groups to help individuals affected by neurological conditions. The Professional Neuro Services team collect special category data about your health when you speak, email, or write to them. They will use this information to answer questions and provide suitable information and support. If you wish to have an ongoing relationship with them, we will store your personal data securely so that our staff understand your personal situation; otherwise, we will not retain notes containing any of your information. We will never share your personal information in a form whereby you can be personally identified, unless explicitly agreed with you beforehand. Copies of emails and letters are securely stored for reference for 12 months. After this period, they are permanently deleted.
Some of the data we collect is used for evaluation; this includes, but not exclusively, age, gender, ethnicity, the condition you enquired about, and your location. This is to monitor our services as we strive to reach anyone affected by a neurological condition. This information is securely stored and analysed anonymously in aggregated form. If it is shared with third parties, for example in reports about our work to funders, it is only done in aggregate, so that your individual data will never be identifiable to the third parties.
We don’t record your phone calls to the helpline but from time-to-time other staff may listen in to calls for training or support purposes. This would be explained to you at the start of your conversation, and if you would prefer the other person not to be present, please tell us.
If you request a booklet, or any other information, we will ask you if you would like to stay in touch with us via email or phone so you can receive communications about our work. If you agree, we will record this as a positive opt-in on our database. If you don’t agree, we will record this as an opt-out on our database. To monitor and evaluate our services we will follow up to find out about your experience. You may opt-out of receiving communications from us at any time by emailing us on [email protected].
Any personal and special category data you provide via our services or post on our social media channels will not be passed on to third parties without your express permission or unless the data has been anonymised and aggregated. The only exclusions to this are in the exceptional circumstances in line with our safeguarding policy or to comply with the law. We would only need to say or do something if:
- You directly ask us to pass on information about you to someone else.
- We believe your life, or someone else’s life is in immediate danger.
- You tell us that you’re seriously harming another person.
- You identify someone who has or says they are going to harm to someone else.
- A terrorist threat is reported.
- We are required to do so by law.
- You compromise the delivery of our service or threaten the safety of our staff.
If there are any incidents in relation to the use of the online groups and service user forums, we will record details and manage these in line with the organisation’s incident management procedures and the group guidelines to support future moderation. These incident records may include your personal details and will be stored securely in line with statutory retention and authority periods.
3.2 Working & Volunteering for the B&SF
If you wish to work for or volunteer with B&SF, you will be asked to give us your personal details on a new staff / volunteer form or in a CV, which may include bank account information to pay staff or for the payment of expenses. An equal opportunities form will also need to be completed that will be anonymised and aggregated for monitoring purposes.
We will use this information to tell you about and organise any staffing and volunteering opportunities, to assist you with any queries you might have regarding your application and ask you about your experience of applying and working for the B&SF in a paid or voluntary capacity. All such information can also be used to support personal development. If you opt-in, we will keep in touch with you through our monthly e-newsletter, to keep you up to date with the charity’s work; you may opt out of this at any time through a link at the bottom of the email.
B&SF will keep your personal information confidential and ensure it is securely stored. This is unless we are required to disclose it in connection with a police investigation and/or we have reason to believe that you may present a risk of harm to yourself or others.
We will provide a reference on request and depending on the role being applied for we will ask a prospective member of staff or volunteer to complete a suitable level Disclosure & Barring Service check.
3.3 Donating, Fundraising and Supporting
Developing a better understanding of our supporters through their personal data allows us to make better decisions, ensure we are as representative as possible, raise income more efficiently and enables us to help more people affected by neurological conditions across the UK. This may include special category data such as Ethnicity, Gender, and Health Information (i.e., diagnosed medical conditions).
When you donate money to, or fundraise for B&SF, we will collect and process information about you. This information may include your financial details, name, email address, postal address, telephone number, date of birth, information about your work and other interests. Some of this information may come from external sources including publicly available information.
We may use your information for several purposes including:
- To process donations, you have made.
- To update you about our work and activities. From time to time these updates may include requests for financial support.
- For administration purposes (for example, we may contact you regarding a donation you have made or the event you have registered for).
- To claim gift aid on your donation if you have agreed that we can do so.
- For internal record keeping, including the management of any feedback or complaints.
- To invite you to participate in surveys or research.
- To send you appropriate communications we may segment data based on the information we hold and develop profiles from this data.
When you donate via our website, the data is stored securely. We also take appropriate measures to ensure the information disclosed to us is kept up to date. You can also donate to B&SF via several online providers for example PayPal, Worldpay, Stripe or Just Giving websites. With any third-party online provider, they will have their own separate privacy statements, and we would recommend that you read these before donating.
3.4 Research – NeuroLifeNow
We collect personal data, including special category data, about you when you use the NeuroLifeNow (NLN) platform.
The personal (name and contact details) and special category data is stored securely on our servers and the servers of third-party infrastructure providers. For us to undertake social research, strive for representation, engage with you effectively and help inform improvements to care and support, it is necessary for us to understand your diagnosis, and special characteristics. Unless explicitly agreed with you, all data you supply for research will only be shared in aggregated form, where you will not be able to be personally identified.
The NLN platform is web-based and uses tracking technology to help us provide you with the best experience we can. The technology anonymously logs how the platform is being used including lengths of time on each page, completion speeds, devices used to access, the times of day people are accessing, from what source people came to the platform from and when people may leave the platform. We use this data to helps us to improve our content and the overall user experience.
The data you provide will be pooled, stored, and analysed securely with access limited to suitable and relevant people working with and for the B&SF, and to provide user support (including external technical support providers).
To influence change and build a sense of shared experience, the insights from the research will be shared anonymously with other NLN users, charities, clinicians, researchers and the public on our websites, social media, printed literature (unless explicitly stated otherwise) and other forms of media. This will be in the form of anonymised aggregated data and/or unattributed contributions you have made, such as via questionnaires, case study or quotations (unless explicitly stated otherwise).
3.5 – Campaigning – NeuroUK
We collect personal data about you (Name and Email address) when you register to receive the NeuroUK newsletter and when you submit an enquiry via the website or by email.
Your name and email address are stored securely on our servers and the servers of third-party infrastructure providers. This data is only accessed by B&SF staff and volunteers, and if a media or press enquiry a third-party agency that supports us in the running of the NeuroUK campaign. The third-party agency is a data processor in this regard, with appropriate agreements to ensure your data is handled in the strictest confidence, and to ensure it is not shared any way with other third parties.
The NeuroUK has its own website and uses tracking technology to help us provide you with the best experience. The technology anonymously logs how the platform is being used including lengths of time on each page, completion speeds, devices used to access, the times of day people are accessing, from what source people came to the platform from and when people may leave the platform. We use this data to helps us to improve our content and the overall user experience.
3.6 – Self-Care & Community – Neuro Changemakers
Neuro Changemakers does not currently have its own website, the programme is defined and managed through the main B&SF website.
We collect personal data, including special category data (if you share your story), about you when you register to take action, join the community and be a Changemaker. The personal (name and contact details) and special category data is stored securely on our servers and the servers of third-party infrastructure providers. For us to represent and engage with you, it is necessary to understand your diagnosis, and personal experience. Unless explicitly agreed with you, all data you supply will only be shared externally in aggregated form, where you will not be able to be personally identified.
You can sign up to receive our monthly e-newsletters to receive information about B&SF services and events, the latest research into neurological conditions, other neuro news and fundraising information. You can sign up in a variety of ways including through our websites, when donating, at events or via other methods (i.e., phone, email, written letter, and various registration forms). We will ask you to provide your name and email address and we may ask for other personal data depending on the context, at which point we will state why we are asking for that additional data.
We will only send you marketing communications by phone or email, if you have consented to receive these.
Your contact data is stored securely with our third-party email service provider, on our database, and on the NLN database.
B&SF uses a web-based email service provider, to send out mass emails such as our e-newsletters. Emails sent by the service provider uses email tracking technology to help provide you with the best experience we can. The technology places an invisible single pixel gif image (also called a web beacon) in emails to detect when they have been opened and when links within emails have been clicked. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type and other similar details. We use this data to create reports about who has or hasn’t opened emails or clicked links and this information helps us to improve our email content, so you receive more useful and relevant information from us.
If your personal details change, please help us to keep your information up to date by contacting us on [email protected] to let us know.
3.7 Service & Performance Evaluation
B&SF may ask you to complete a survey to evaluate our services and our performance; these will be completed through a third-party online service, or through NLN.
We will only contact you following a survey if you have given us your consent and will only display your responses publicly (for example in funding applications or on our website) if you have told us that we can do so.
3.8 Social media
The Charity uses various social media channels to communicate with you and share information about campaigns or events. We do this through advertising on your social media or through posting messages and information on our own social media pages which you may choose to “like”, “follow” or interact with.
We work with these social and business media platforms to bring you targeted advertising and communications about our work and to improve your experience of engaging with us online. This may be via Social Plugins (e.g., Like and Share buttons) or using ‘Custom Audience Lists’.
For our supporters who are also social media users, we work with the business media platforms to use tools that they make available to us to advertise to you. These tools enable our communications to appear on news feeds, and this is called a “custom audience”. We will only do this if you have already consented to us sending you marketing via email and where we believe the marketing communication may be of interest to you. Where this is the case, your name and e-mail address will be uploaded in an encrypted format to the respective platform. The platform will determine if you have an account and then place the marketing directly on your news feed. We may also use the same tool in a slightly different way to ensure you don’t receive unnecessary marketing communications. The contract terms under which they function as our processor for this purpose does not allow them to make any further use of the details we provided. Data is deleted once it is no longer in use.
We take your privacy and rights seriously but still deem your interest to us important. For this reason, we use our legitimate interest to use your information and communicate with you in this way. Therefore, we will not ask for your permission to market to you through social media, but you are always free to inform us that you do not want us to contact you in in this way by emailing [email protected]. You can also change your settings on the social media platform to stop this kind of targeting from specific or from all advertisers.
Please note that we recommend that users read and understand the T&C’s and Privacy Policies of the respective social media platforms they are signed up to.
4.0 How we keep your information safe
We do our utmost to keep personal information as secure as possible, including authentication and encryption technology on all our websites and applications.
We only share personal data in limited lawful circumstances, such as:
- under a strict contract required by data protection law, where trusted partners and carefully selected suppliers need to process data securely on our behalf to do work for us (for example, an e-mailing firm who send out our newsletter, where you have agreed to receive this); or
- where we are required by law, including to prevent abuse, crime, or fraud, or with courts or other authorities.
We do not share your personal data with other companies or charities for any purpose except unless explicitly agreed with yourself in advance or unless the data is anonymised and unattributable to you.
5.0 What personal information we collect
We collect information when you interact with us for our core purpose, to build a world where people living with neurological conditions have the best possible standards of care and experience the best quality of life.
We collect four broad types of information:
- Technical information such as IP addresses (the location of the computer on the internet), device identifiers, pages accessed, and files downloaded. This helps us to understand how many people use our apps and websites, how many people visit on a regular basis and how popular/useful our web pages are. This information doesn’t tell us anything further about who you are.
- We will ask for personal information to provide you with services and to conduct research; inform decision making that helps us meet our core aims (for example identifying underrepresented demographics); send you details of our activities; or to raise awareness of neurological conditions.
- We may ask you for sensitive personal information or special category data, about your health or living situation. Examples include, if you have a diagnosis, live alone, marital status, financial status, and what ethnicity or gender you identify yourself as. We do this so we can provide you with relevant information, to support you and to ensure we can understand your reality. We also do this to ensure we are representative and reaching everyone in the community we serve. We do this in fulfilling our legitimate activities as a not-for-profit organisation, as permitted by data protection law, but do not share such information with third parties except as agreed to by you.
- We may also collect sensitive or special category data if you make the information public, or to use with your consent for a particular purpose (for example, if you agree to share your story with us).
6.0 Under 16’s
We are committed to protecting the privacy of the young people that engage with us. If you are under 16 and would like to get involved, please ensure you have consent from a parent or guardian before you provide your personal information to us.
7.0 How we use your data
We will ask you for a positive opt-in to say how you would like us to stay in touch – by telephone or email – to keep you up to date with our fundraising activities and the work of the charity.
If you have given us your postal address, we may send you communications by post. You can update your preferences at any time by emailing us at [email protected].
To improve our communications with you and the information we provide to you through our website, services, and products, we may use profiling and screening methods to increase our understanding of our supporters and provide a better service and experience for you.
We may carry out targeted fundraising activities using profiling techniques based on the information we hold about you. We may work with third party organisations who provide additional insight, this may include wealth screening information or identifying general information about you that is publicly available.
We include this in our records so that we can make appropriate requests to you based on what may interest you and what is appropriate to ask you.
We work with event/challenge organisers and fundraising platforms that collect your personal information as part of the registration process (e.g., London Marathon, and Just Giving). If you have consented to contact from B&SF as part of registration, your contact details will be passed to us, and we will contact you as referenced by the third-party supplier.
From time to time, B&SF works with fundraising agencies and data analytics experts, which provide data processing services. For example, this may be a company that provides printing and postage services to send postal communications to our supporters.
In such cases we may share your personal information with these suppliers. When we do this, we do not give these organisations any rights to use your personal information (or to contact you) except in accordance with our instructions. We also require these third parties to comply with Data Protection legislation, and we make sure that appropriate safeguards are in place.
Where personal information is passed from B&SF to our contracted suppliers, this is transferred securely and is only used for the specific purpose as confirmed by our agreement with them and they agree to delete your information after they have completed this work.
If you have made a Gift Aid declaration, we may disclose the information you have provided as part of the declaration to HMRC for the purpose of reclaiming Gift Aid on your donation(s).
We do not ever share or sell personal information to third parties for marketing purposes.
If you have indicated that you do not wish to be contacted, we will retain your details on a suppression list to help ensure that we do not continue to contact you.
8.0 The legal basis for processing
The law requires us to set out the lawful grounds on which we collect and process your personal information as described in this policy. Depending on the purposes for which we use your data, one or more of the grounds listed below may be relevant.
8.1 Legitimate interests
In certain instances, we collect and use your personal information relying on the legitimate interest legal basis. In broad terms, ‘legitimate interests’ means our interest in being able to run B&SF (and associated projects like NLN and Neuro Changemakers) effectively in pursuit of our aims as a charitable organisation. This includes fundraising and marketing uses of personal data, including direct marketing and research, as well as broader engagement with our community.
However, ‘legitimate interests’ can also include your interests, those of third parties, or those of society, where our services support these interests. If we rely on the ‘legitimate interests’ basis to use your personal information, we will only use the information in accordance with the purposes described in this policy, or purposes otherwise notified to you.
When we process your personal information in this way, we also consider and balance any potential benefits and impact on you with your rights under data protection laws. We will not use your personal information for activities under legitimate interests where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (although other grounds may apply, such as a legal obligation).
8.2 Legal Obligation
We may need to collect, process, and disclose personal information to comply with a legal obligation. For example, where we are ordered by a court or regulatory authority, or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes. We may also use personal information to cross check and prevent known malicious activities on B&SF websites.
In certain instances, we will rely on obtaining your consent to our use of your personal information in a certain way: for example, asking for your consent to use your personal information to send you marketing information by email.
8.4 Special category data
Additionally, we may need to process your special category or sensitive personal data within the meaning of data protection law: for example, your ethnicity, gender, or details of your neurological condition. We will do this for one of the following reasons:
- where you have explicitly consented to the use, for example when choosing to contribute data to inform research or for an ongoing support relationship with our services.
- where you have manifestly made the information public.
- where we process the information only within our organisation during our legitimate activities in connection with our core aims as a not-for-profit organisation with a focus in brain, spine, and neurological conditions, with appropriate safeguards. This legal condition enables us to operate effectively with service users, supporters, beneficiaries, and donors who may typically have such special category characteristics, including within NeuroLifeNow and Neuro Changemakers.
Data protection law does not restrict our ability to share aggregated and/or anonymised data, including where related to health or ethnicity, where you cannot be identified.
9.0 Understanding our supporters and working more effectively
We are committed to providing everyone who gets in touch with us with the very best experience, providing you with timely and relevant communications and using our resources effectively.
This information is compiled by our employees, volunteers or occasionally a third-party insights company, using publicly available data in combination with information that you have already provided to us.
Publicly available information may come from places such as Companies House, the Charity Commission, LinkedIn, listed Directorships, census data, typical earnings in each area or published in the media and data accessible from the Office of National Statistics. This allows us to understand the background of the people who support us and helps us to make the right requests. Importantly, it helps us to raise more funds sooner, and more cost-effectively, than we otherwise would.
Safeguarding is everyone’s responsibility, and therefore we have a duty, wherever possible, to share any concerns (including with names and contact details where necessary, and with or without notice or reference to you) that we have about conversations, emails, posts, messages, replies, questions, or comments that indicate you or someone else might be at risk, with the relevant authorities. This includes reference to or indication of abuse or neglect.
Though we will always look to notify our concerns and/or decisions affecting individuals, we reserve the right to share information with external agencies without checking first with you; especially if it is thought that by sharing our concerns with an individual this might put others at risk, or increase the risks identified, or interfere with a police process, and/or where we are under a legal reporting obligation.
11.0 Storing your data
When you give us your details, you agree to us recording your details on our secure database, so we can provide you with the best possible service every time you contact us.
We hold your personal information so that we can fulfil your interest in being part of our community, to provide you with the information or services you have requested, to administer your relationship with us, to inform our research, to inform our supporters’ preferences, to comply with the law or to ensure we do not communicate with people who no longer wish to hear from us.
We have developed a data retention policy that sets out the different periods we retain your personal information for in respect of these relevant purposes. The criteria we use for determining these retention periods are based on various legal requirements on us a charity; the purpose for which we hold data, and whether there is a legitimate reason for continuing to store it (such as to know the history of the people who kindly leave B&SF gifts in their Will or deal with any potential future legal disputes); and guidance issued by relevant regulatory authorities including, but not limited to, the Information Commissioner’s Office (ICO) and Charity Commission.
Some personal information may be retained by us in archives for statistical or historical research purposes although we will do this in a manner that complies with applicable data protection law.
We continually review what personal information and records that we hold and delete what is no longer required. We never store payment card data after a transaction has been completed.
12.0 Third party supplier hosting
B&SF digital files are stored on either a file server hosted by B&SF IT support providers based in the UK or on Microsoft Azure servers provided to the organisation under our Microsoft 365 Licensing. Access to this data centre is restricted.
NLN is run on web-based platform called Typeforms, who act as data processors for B&SF and hold the data that is captured. When the data is downloaded from Typeforms for analysis it is stored on the B&SF servers stated above.
We endeavour to ensure that third-party suppliers store data in the UK. Where we engage with organisations based or that store data outside of the UK, we will ensure that the processing of your data is subject to appropriate security measures and suitable lawful mechanisms to protect your data.
We strive to keep the use of paper records to a minimum, securely storing information in digital form. When paper records are used, they are stored at B&SF offices based in the UK. These offices are securely locked when no members of staff are present, and access is restricted and monitored during the working day.
Offline backs up of our systems are completed periodically by our IT support provider with the hard drives securely stored at their UK offices, or B&SF office. This is to ensure minimise any potential service interruption and is a requirement of our insurance providers.
In line with the principles defined in data protection law, B&SF will ensure that personal data will be processed in ways that are:
- Lawful, fair, and transparent.
- Collected for specific explicit and legitimate purposes.
- Adequate, relevant, and limited.
- Accurate and up to date.
- Not kept for longer than necessary. Secure.
- Essential cookies – these are required for the operation of our website, for example to enable you to log in to secure areas of the website or make use of a shopping cart and e-payment services.
- Analytic/performance cookies – these allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies – these are used to recognise you when you return to our website so that we can personalise our content for you and remember your preferences, e.g., whether you are signed up to email alerts.
- Targeting cookies – these record your visit to our website, pages you have visited and links you have followed. We may use this information to make our website and the advertising displayed to you more relevant to your interests and may share this information with third parties for this purpose.
Some of the content on our website is provided by third parties. This includes but is not limited to: Google Maps for interactive mapping, YouTube or Vimeo for hosted video and Flickr for images. When you visit a page containing content from one of these sites a cookie may be set. We do not have any control over these cookies, and they will be set pursuant to the third party’s own policies on privacy and cookies.
Communication, engagement, and actions taken through external social media platforms that we take part on are subject to the terms and conditions as well as the privacy policies held with each social media platform, respectively.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those services, for example when you publicly tag us in an event photo.
To find out more about cookies, please visit allaboutcookies.org.
14.0 Your rights
Under data protection law, you have rights over personal information that we hold about you. These are summarised below.
14.1 Right to be informed
You have the right to be told how your personal information will be used. This policy and other disclaimers, policies and statements used on our websites, in the NeuroLifeNow App and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
14.2 Right to access your personal information
You have a right to access certain personal data being kept about you, either physically or digitally. Anyone who wishes to exercise this right should apply, in writing, to the Data Protection Officer at B&SF. Please include details of the information you wish to access. We will respond within one calendar month, providing that the request includes appropriate contact details, proof of identity from the individual and we can validate the request. We may need to confirm these details with you or seek further clarification of your request before we can process it.
14.3 Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information, we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies.
14.4 Right to restrict use of your personal information
You have a right to ask us to restrict the processing of some or all of your personal information in the following situations: if some information we hold on you isn’t right; we’re not lawfully allowed to use it; you need us to retain your information in order for you to establish, exercise or defend a legal claim; or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
14.5 Right to erasure of your personal information
You may ask us to delete some or all of your personal information, but please be aware that the right is subject to certain exceptions (i.e. if we have to hold on to it to meet a legal obligation) and is only applicable in certain specific scenarios (such as where you have withdrawn a consent that we were relying on, or where we no longer have a relevant lawful purpose for which the data is necessary).
14.6 Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or to enter or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
14.7 Right to object to the use of your personal information
If we are processing your personal information based on our legitimate interests or for social research or statistics, you have a right to object to our use of your information. If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.
14.8 Right to depart your consent
Where you have consented to our use of your data, including but not limited to communications, you may withdraw it at any time by emailing [email protected]
If you want to exercise any of the above rights, please contact our team. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one calendar month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be absolute or applicable in all circumstances. For more details we recommend you consult the guidance published by the Information Commissioner’s Office in their ‘Your Data Matters’ guidance for individuals.
We reserve the right to refuse or charge reasonable fees to fulfil requests which are manifestly excessive, unfounded, or subject to a research or statistical use exemption; or where we can demonstrate that we are not able to identify you in relation to the data requested. If we no longer require you to be identified for the purposes of how we process your data, we are not obliged by data protection law to maintain the means to re-identify you for the purposes of your exercising a right under data protection law.
15.0 Vulnerable circumstances
The Charity recognises the importance of protecting individuals who may be in vulnerable circumstances and follows the sector best practice on, including that issued by the Institute of Fundraising, Treating Donors Fairly.
We believe that this guidance helps to support our staff and fundraisers who come into contact with supporters in providing high quality customer care, ensuring anyone donating to the Charity can make a free and informed decision.
16.0 Keeping your information up to date
We use publicly available sources to keep your records up to date so we can stay in touch, for example, the Post Office’s National Change of Address database, the electoral roll, and the National Bereavement Register. We only use sources where we are confident that you’ve been informed of how your information may be shared and used.
We do this so we can continue to contact you where you have chosen to receive marketing messages from us and contact you if we need to make you aware of changes to our terms or assist you with problems with donations.
This activity also prevents us from having duplicate records and out of date preferences, so that we don’t contact you when you’ve asked us not to. We’re committed to putting you in control of your data and you’re free at any time to opt out from this activity.
We really appreciate it if you let us know if your contact details, preferences, or circumstances change. Just contact our team and we will update our records.
17.0 How to change the way we contact you
Your personal preferences and keeping your data accurate are of utmost importance to us.
If at any stage you do not want to hear from us, want to change your contact preferences or want to update your details, you can email us on [email protected] or call us on 020 3096 7880.
Any marketing email we send you will contain information about how to unsubscribe from email communications. During any phone, email, or conversation you have with us, please feel free to let us know how you prefer to be contacted.
18.0 What to do if you have any concerns
If you are unhappy at any time about the way we process and/or use your personal information, please contact the B&SF’s data protection team at [email protected] who will investigate your concerns.
We appreciate the opportunity your feedback gives us to learn and improve. If you are unhappy with the way your data, (or that of a child or adult that you have legal guardianship or care of) is being processed, and we have been unable to satisfactorily resolve your concern, you have the right to complain to the Information Commissioner’s Office (ICO).
B&SF aims to always support our service users to the highest possible standard. To help achieve this, we encourage anyone who is not completely happy with the service they have received in any aspect of our work to let us know immediately, using the complaints policy which is available on the website or by contacting the office.
It is important that you give as much information as possible to fully investigate your complaint. Your information will not be passed on to anyone outside of B&SF unless necessary, in which case we will let you know before we do so.