The British Polio Fellowship takes your privacy extremely seriously. This policy sets out how we collect and process any personal data you may provide to us when you use our services as a fellowship, sign up to charity events or become a member, and when you use our website https://britishpolio.org.uk/.
This policy applies where The British Polio Fellowship (referred to as “we”, “us” or “our” in this privacy notice) identify as the data controller and where we are responsible for your data.
The British Polio Fellowship has appointed a Data Protection Officer, who will be responsible for privacy matters and the protection of personal data we hold as an organisation, their details are below: Name: Kripen Dhrona Email Address: firstname.lastname@example.org. Telephone number: 01923 884 628 The British Polio Fellowship is registered in England and Wales registration number (1108335) and Scotland (SC038863) A company limited by guarantee and registered in England and Wales No. 5294321. Central Office Address The British Polio Fellowship, CP House, Otterspool Way, Watford Bypass, Watford, WD25 8HR.
If you are unhappy with the way we collect or process your personal information, you have the right to complain with the Information Commissioner’s Office (ICO) who are the UK’s supervisory authority for data protection. Complaints and concerns can be lodged with the ICO via this link: https://ico.org.uk/concerns/
We kindly ask that before any complaints are lodged with the ICO, that you contact us first to try and resolve any issues you may have.
2. What data do we collect?
Personal information we may collect from you and process includes:
· Identity and contact info – such as your name, date of birth, address, email addresses, phone numbers and photographs
· Payment data – credit card or direct debit details when you become a member to our fellowship
· Health information – such as your NHS number, details to your medical history, medical notes and information from carers and third-party healthcare providers (Only if needed)
· Next of kin information (with their consent)
· Your gender, ethnicity, race and religion
· Cookies and IP address information when you use our website
Under the General Data Protection Regulation/Data Protection Act (2018), sensitive personal data is data which includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
The British Polio Fellowship does collect sensitive personal data as part of our fellowship and care services. Our lawful purposes for obtaining this data are set out in section 5.
3. How do we use your data?
We will only use your data for the following reasons:
· To provide you with the care and support we offer as a fellowship
· To liaise with other healthcare professionals and organisations regarding your treatment or ongoing care, if required
· To improve the quality of our services and charity
· To inform donors and potential donors of The British Polio Fellowship news, events and fundraising efforts
· To sign you up for any events we may be organising
· Defending a claim if we need your information to defend a legal claim against us by you or by another party
4. How do we obtain your data?
We obtain your data in several ways:
· From relevant healthcare agencies, organisations and professionals
· From yourself or your next-of-kin when you are referred to the fellowship for your care
· Via paper and online forms when you sign up to be a supporter, sign up to our digital marketing or to attend one of our events
· When you use our website https://britishpolio.org.uk/
5. Our lawful purposes for collecting and processing your information
We have identified that we will use your information for the following reasons:
· With your explicit consent
· To protect your vital interests
· In the performance of a contract
· Where it is necessary for our legitimate interests (or those of a third party, with your consent) and your interests and fundamental rights do not override those interests
· We have identified that we will use your sensitive personal information for the following reasons:
· With your explicit consent
· To protect your vital interests
· Where it is necessary for reasons of public interest in the areas of public health
· Where we rely on consent as a lawful purpose for processing your data, you have the right to withdraw consent (where applicable) at any time by contacting our Data Protection Officer.
6. Who do we share your information with?
· We may need to share your information with third parties to provide you with our services or to help us raise funds for our charity, these third parties include:
· The National Health Service (NHS)
· Healthcare professionals (such as doctors, consultants and nurses)
· Pharmacists and other third-party organisations involved in your care
· Any other person involved in providing services relating to your direct general healthcare, including mental health professionals, other charities or non-NHS health care professionals
· Local authorities, Commissioners, Clinical Commissioning Groups and the Care Quality Commission
· Organisations such as the Police, solicitors, courts and insurance companies to comply with the law.
· Services providers who host our website and systems
· Payment card providers who handle transactions on our behalf (for donors)
· Third-party marketing organisations we work with when you sign-up to our marketing as a charity
7. International transfers
Where possible, we ensure that your data is stored within the European Economic Area (EEA), however, some of our storage locations and service providers may be hosted outside of the EEA. When we do need to transfer your data out of the EEA, we ensure one of the following safeguards are in place to provide a similar level of security of your data:
· Your data has been transferred to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission; or
· The hosting environment we use has specific contracts, codes of conduct or certification mechanisms in-place which have been approved by the European Commission; or where we transfer data to the United States, we ensure our providers are certified as part of the EU-US Privacy Shield programme.
If none of these safeguards is available, we will only transfer your data with your explicit consent – which can be removed at any time by contacting us. Please contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your data out of the EEA.
8. Retention periods
Your personal information will be retained following our data retention policy which categorises all the data assets held by us and specifies the appropriate retention period for each data asset. These periods are based on the requirements to keep the data for as long as necessary to fulfil the purpose for which it was collected, to meet any legal requirements or to satisfy any reporting, accounting or contractual needs. Please contact our Data Protection Officer if you would like further information on our retention periods.
9. Your rights
Under the General Data Protection Regulation/Data Protection Act (2018), you have certain rights regarding your data, these include the right to:
· Request access to your data
· Request correction of your data
· Request erasure of your data
· Object to processing of your data
· Request restriction of processing your data
· Request transfer of your data
· Withdraw consent
You may exercise any of these rights by raising a subject access request with us. You can do this by contacting our Data Protection Officer.
We will not charge you for making a request and we will make all reasonable efforts to respond to you within 30 days. Sometimes it may take longer than 30 days to gather all the information we may hold on you, in this situation we will keep you updated at all times.
You can instruct us at any time to stop processing your data for marketing.
We may refuse your request or withhold any personal information that you request if there is an overriding legal reason for us to do so.
10. Information security
The British Polio Fellowship takes the security of your information extremely seriously. To protect your data, we implement a risk-based approach to adopt the strongest organisational and technical controls to protect the confidentiality, integrity and availability of your data.
11. Website and Cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
The cookies we use
· Forms related cookies:
When you submit data to us through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
· Site preferences cookies:
To provide you with a great experience on our websites, we provide the functionality to set your preferences for how this site runs when you use it. To remember your preferences, we need to set cookies so that this information can be recalled whenever you interact with a page to meet your preferences.
· This site uses Google Analytics, which is an analytics solution on the web, for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. We might also use Google Analytics, which is a similar service, to ensure we have the best information possible to improve our service.
For more information on Google Analytics cookies, see their official web page.
· From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
Most browsers allow you to refuse to accept cookies and to delete cookies. The method for doing so differs with each browser, the following guides for the most common internet browsers detail the processes for doing this:
· https://support.google.com/chrome/answer/95647?hl=en (Google Chrome)
· https://support.apple.com/kb/PH21411 (Safari)
· https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Microsoft Edge)
Blocking cookies may impact your experience on our website as you may not be able to make full use of the features on it.
We keep this policy under regular review. Any questions about this policy can be directed to our Data Protection Officer via the details set out in section 1 of this policy.
13. Information in other formats
If you would like this notice in another format (for example audio, large print, braille) please contact our data protection officer via the email address above).