Sickle Cell Society
A charity registered in England – Charity no. 1046631
Updated 03/07/2018
The purpose of this Privacy Policy is to describe the types of information that we collect from you when you contact us, sign up to our mailing lists or use our services, and to explain how we use that information. This is in line with General Data Protection Regulation (GDPR) which came into effect 25 May 2018. This Privacy Policy refers to the storage and usage of all data, however, it is only personal data not available in the public domain which is covered by the new GDPR legislation – not, for example, work contact details or role information.
What information do we collect about you?
We may collect personal information that you share with us about you or your family when you contact or interact with the Sickle Cell Society.
The personal information we collect may include:
The Sickle Cell Society never buys data nor do we auto enrol people onto our products or services. For details of how you can request all the information we hold on you or how to be removed from our database, email: info@sicklecellsociety.org
What do we use your information for?
We may use your information to:
Data collected when you visit our website
Whenever you browse our website, read pages, or download information, the web server Google Analytics automatically records certain information about your visit from the computer or device you use to access our site. This information does not identify you personally. It just tells us how many visitors come to our site, when they visit, how many pages they access, their internet browser (eg Microsoft Explorer or Firefox), their computer operating system (eg Windows XP) and the site they were on before they linked to ours (eg Google if they found us from a search engine). We also use other software to help us understand how people move around our site, and also to test how accessible our website is to people with disabilities. With this information, we can improve our site for all our visitors and make it more useful for everyone.
Cookies on our website
A cookie is a line of text and numbers that is created by our website and stored on your computer when you visit our site. The cookie does not collect or contain personal information about you and poses no security or virus risk to your computer. When you return to our site, the cookie associates your computer with the information that you gave us when you first visited or registered. It helps us evaluate how often visitors return to the site. Of course, you can still make full use of the site if you specifically choose to delete or not to accept the cookie on your browser.
Social media and other websites
Although our social media channels are monitored regularly by staff, we have no control over information you or others may submit, post or share on social media or other websites – even where we link to them from our own website or they link to our website. When you use these sites you do so in accordance with the separate terms and conditions and policies of these sites.
Where your data is stored
We keep your data stored through the Raiser’s Edge. We also store data on MailChimp, Upshot, and on our website.
For research projects and surveys we store your survey data on a password protected Google account or through Survey Monkey, accessible only by the relevant staff.
Phone calls and emails to the Helpline are monitored through a password-protected Survey Monkey and Google Account accessible only by the Helpline staff.
Keeping your data secure
We take our responsibilities very seriously and we have procedures and security features in place to try and keep your data secure once we receive it.
Access to your information is restricted to staff, formal volunteers, contractors and partners who need it to perform their work and who may only access this data in accordance with our Data Protection Policy. The exception to this is case studies. As part of our policy and public affairs work, we will often contact patients we have an existing relationship with to see if they are open to media or publicly telling their personal story. If you give consent to this, those case studies are kept on file to be used for media. You can withdraw consent for these to be used at any point by contacting anyone in the staff team.
Any personal data provided as part of a research project is only accessible by research team staff.
The Raiser’s Edge is the charities database provider and access to the database is restricted to only relevant staff. Read the Raiser’s Edge security information here.
All staff and volunteers with access to your information are DBS checked and are subject to confidentiality agreements and agree to abide by our confidentiality agreement and code of conduct.
Laptops with access to the shared drive are all encrypted.
Transmitting information over the internet is generally not completely secure, and we can’t guarantee the security of your data in transit. Any data you transmit to us over the internet is at your own risk.
The Sickle Cell Society is accredited with the Cyber Essentials Certificate. You can find out more about Cyber essentials here.
How long do we hold your data?
While we are providing products or services to you, eg e-newsletters, we will store your data in order to provide that service for as long as you want it. If you ask to ‘be forgotten’ and would like all information removed on you, we will do this and provide written confirmation that we have removed all of the information we hold on you (this applies to our own website but we will be unable to remove your information or posts from any social media sites). The only exception to this is where such a request would contravene an existing reason/law that is of higher importance than your own to be forgotten. For example, if you have bought a ticket to an event in the future, and have then asked to be instantly forgotten, it is our duty as a service/product provider to keep you informed of that event – over the right to immediately be forgotten.
Sharing your information
We rely on a number of trusted suppliers and partners working with us to provide a range of services to you. In order to provide you with these services we may need to share some of your personal information with our suppliers and partners from time to time so they can process it for us according to our instructions. We will never share more than is necessary to provide the service in question. For example, to send you a printed copy of a newsletter we may need to give your address details to our print supplier.
In addition, we may also have to pass on your personal information if we have a legal obligation to do so. We will never share your information with any other organisations for commercial purposes or other purposes. For the purpose of communicating with our supporters, members and general public, we use and store data with the following companies.
Online donations and purchases
When you are using our secure online donation page or purchase our merchandise or products online or over the phone, you are going through to a partner company and the information you give such as your credit card number and contact information is provided to them so the transaction can take place. Below are the companies we use for these services. You can click on them to find out how they use and store your data:
Taking part in research
The storage and security of any personal information submitted as a research participant is outlined in earlier sections of this document. In analysing and reporting research findings, we anonymise data and make every effort to minimise the risk of identification e.g. by removing specific clinic names from data.
Data breaches
In accordance with the new GDPR legislation (May 2018), all data breaches of personal data will be reported to the Information Commissioner’s Office within 7 days.
Your rights
You can contact us to request a copy of any information we hold about you, ask us to correct or remove any inaccurate information or ask us to delete some or all of the information we have collected about you and your family at any time, and at no cost.
You have the right to be forgotten – which means Sickle Cell Society will remove all information that it holds on you. The only exception to that is if we have a legal obligation to keep your data in order to fulfil a contract (commercial or service) with you. If you want to be ‘forgotten’ please contact the office on the details below. This cannot apply to social media, you are responsible for posts you have made on our social media site, and therefore must remove them yourself.
It is your right to request any personal information that we hold on you as part of an ‘access request’. This comes at no cost to you and we are committed to providing that information to you within 1 month. Please send your access requests to the office details below.
You can unsubscribe from any of our communications at the bottom of each of our mailings, or by unfollowing us on social media channels. If you want to call us to be unsubscribed manually from anything that we send you, please contact the office and we will do that for you.
It is our commitment that we will only collect relevant information on you. If you have been asked to fill in your details and want to know why we have asked for a specific piece of information, contact us and we will explain why.
It is our policy to ensure that it is clear whenever you interact with us, what you are signing up to receive. If you ever have questions on that, please don’t hesitate to get in touch.
Changes to Our Privacy Policy
We regularly review and update this policy to make sure it is accurate and simple to understand. This policy was last updated on 2nd July 2018.
How to Contact Us
Please contact us if you have any questions about this policy or the information that we hold about you.
info@sicklecellsociety.org
Post
Sickle Cell Society
54 Station Road, London
NW10 4UA
Telephone
0208 961 7795
The Data Protection Officer is currently John James OBE, Chief Executive and can be contacted at: john.james@sicklecellsociety.org