1. What Personal Information we collect and why
2. How we may obtain your personal information
3. How we will use your information and who we share it with
4. Your choices regarding the information we hold
It also explains the rights you have in connection with your Personal Information, including how to contact us or to make a complaint.
NPUK is registered as a data controller with the Information Commissioner’s Office, which is the UK’s independent body set up to uphold information rights. As a data controller we are responsible for ensuring that when we process Personal Information we comply with EU and UK data protection law and use it in accordance with your instructions.
If you have any questions about this policy please get in touch with the NPUK Central Office Team by email email@example.com or telephone 0191 415 0693
Key terms used within this policy:
|We, us, our, NPUK|| |
Registered Charity in England and Wales 1144406 and in Scotland SCO45407
|Personal Information|| |
Also referred to as ‘personal data’. Personal information is any information about a living person by which that person can be identified. For example, it can include information such as your name, date of birth, email address, postal address, telephone number and credit/debit card details, as well as information relating to your health or personal circumstances.
Some information will identify the individual directly, for example by giving their name and email address. It may also be possible to identify someone indirectly, from information in which their name is not given, for example by using another form of identifier such as their IP address.
|Special Category: Personal Information|| |
Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership.
Genetic and biometric data.
Data concerning health, sex life or sexual orientation.
1. Who we are
Niemann-Pick UK (NPUK) is a charitable organisation dedicated to making a positive difference to the lives of those affected by Niemann-Pick disease and their families, from diagnosis to bereavement and beyond. We raise much needed awareness, provide practical and emotional support, advice and information and facilitate research into potential therapies.
We aim to support and empower patients and their families, and to ensure that all those affected by, or connected to this disease, are able to access the best possible care, support and information appropriate to their needs.
We undertake a wide range of activities in the three key areas of Care and Support, Information and Research. In carrying out our work we collect and use personal information about individuals. We recognise the trust placed in us by individuals whose information we use. It is important to us that we are open and honest about the way we use information and we are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
Niemann-Pick UK is a registered charity in England and Wales (114406) and Scotland (SC045407) and is a company limited by guarantee (07775835).
You can change how we contact you at any time, by sending an email to firstname.lastname@example.org or calling us on 0191 415 0693.
2. What information we collect and why
The type of Personal Information we collect and process depends on our relationship with you and the context in which we obtain and use it.
The information we collect may include:
– Your name, address and telephone number
– Information to enable us to check and verify your identity, e.g. your date of birth or passport details for our employment or DBS process
– Electronic contact details, e.g. your email address and mobile phone number
– Information relating to the matter in which you are seeking our advice
– Details of your spouse/partner and dependants or other family members
– Health, gender, genetic and other special category personal information as necessary to provide relevant support and services
– Your financial details so far as relevant, e.g. your bank or building society details if you wish to make a donation to us or if we need to transfer money to you.
When we provide services to you, we may hold and use Personal Information about you, your spouse/partner and dependants or other family members, or relevant third parties.
In personal matters you may be providing other third party data to us, for example details of your family members. You must have the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.
In relation to third parties, you must confirm that you have any necessary permission or authority to share their personal information. You are also responsible for ensuring that the provision of that Personal Information complies with data protection and other applicable law.
Special Category Personal Information
Data protection law recognises that certain categories of personal information are more sensitive. This is known as Special Category Personal Information and covers health information, racial or ethnic origin, religious beliefs or other beliefs of a similar nature, political opinion and trade union membership. We will only collect Special Category Personal Information where there is a clear need to do so, such as to ascertain which of our services are relevant to you or to provide other services and support to you. Before collecting any Special Category Personal Information about you we will make it clear to you what information we are collecting and why.
Personal data of children
In order to provide information and services to you and your family, we may need to hold and process the personal data of children. Children must be represented by their parents or legal guardians. We will clearly explain why we need any Personal Information relating to children and how it will be used, when we first collect the data and during the provision of our services.
3. How we may obtain your personal information
You may give us your information directly, including:
– when you sign up for one of our events e.g. Our Annual Family Conference
– when you contact us to ask about our activities or services
– when you seek support or assistance from our team
– when you make a donation or hold a fundraising event in support of NPUK
– when we meet in person, e.g. at an event or clinic day
– or through correspondence with you in relation to a query
We may receive information about you indirectly, including:
– we may also obtain information about you from a family member or a friend who contacts us on your behalf
– if a fundraiser passes on your details to us
– from other external sources, dependent upon your privacy settings e.g. social media and messaging services
– we may also obtain information about you where it is publicly available e.g. Companies House or HM Land Registry, or that published in articles and newspapers
– our information technology systems, e.g. automated monitoring of our website, communications systems and social media platforms *
* To understand how we use information about the communications devices you use, such as IP address (the location of the computer on the internet) and cookies, please see section 5.
4. How we will use your information and who we share it with
Under data protection law, we can only use your Personal Information if we have a proper reason for doing so, for example:
– to comply with our legal and regulatory obligations
– for our legitimate interests (see below) or those of a third party
– for the performance of our services as agreed by you
– you have given consent
A legitimate interest is when we have a reason to use your Personal Information in ways you would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification forus to use your personal information. For instance, to contact you about important changes to our services, a new clinical study or the availability of a treatment or therapy for Niemann-Pick disease.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We will keep a record of our legitimate interests’ assessment to demonstrate compliance if required.
How we use your information largely depends on why you are providing it. We will always store your personal information securely and will only use it to provide the service(s) that you have requested and communicate with you in the way(s) you have agreed to, which may include:
4.1 Care and Support Team
NPUK offers a wide range of information and support services to families and those affected by Niemann-Pick diseases, their families and the professionals who work with and care for them.
To enable this work, we will store your contact details and preferences, and any other data that is relevant to delivering the service to you.
This information will only be used for the purposes of the service and not for any other purpose unless you give us permission to do so.
We will hold the data for up to two years after the end of the service, at which time it will be deleted.
NPUK runs an information and support helpline.
We only record personal data that is needed to help your enquiry. This data is not shared in any way and will not be used to contact you about other services or offers from NPUK unless you give us permission to do so.
We will store any personal data for up to one year after you contact us.
4.3 Patient and family stories and case studies
Patient and family stories and experiences help us to demonstrate the impact of living with Niemann-Pick diseases in our information booklets, fundraising and campaigns. They also assist us in lobbying for change and improvement to the wider care and services available to our community. We will record the details of your story and your contact details, and explain when, where and how the information will be used.
We will keep this information for three years and we will contact you for an updated approval each time we wish to use it.
Patients, families and supporters kindly let us use images and video content of them to help bring our social media, campaigns and activities to life.
We keep these images stored in a secure location and only use them with the subject’s permission.
We keep these images for three years after we have been given them, unless you ask otherwise.
4.5 Volunteers and Supporters
If you volunteer with us, or enquire about our volunteering opportunities, we will usually collect your name, contact details, emergency contact details, bank details, contact preferences, ethnicity, gender, availability to volunteer, disability (including physical and mental conditions) and criminal convictions.
We collect this data so that we can contact you about volunteering opportunities that come up; so that we ensure the safety of our volunteers, staff and customers; can pay expenses; carry out our awards programme; and to help us anonymously measure our inclusion and accessibility across our volunteering programmes.We will keep this data for two years after you stop volunteering for us.
If you support us, for example by signing up to an event, donating or signing up to a campaign, we will usually collect your name, contact details, and if/how you would like to be contacted. We use this information to thank you for supporting us and to provide you with further communications about our activities according to your preferences and interests. We also use it to fulfil our legal responsibilities for financial and Gift Aid reporting.
We will keep your data only for as long as necessary. If you have kindly donated to us, we are required to keep this data for seven years. If you have not donated to us, we will only keep your data for three years.
4.6 Professionals (Health, Social Care, Education and Advocacy)
NPUK offers a wide range of information and support services to the professionals who work with our community members.
We will collect your contact details and preferences, and any other data that is relevant to delivering the service to you.
This information will only be used for the purposes of the service and not for any other purpose unless you give us permission to do so. Where you have given consent, we will use the information to send you updates on our work, including events and publications that may be of interest to you.
We will keep your details for up to two years after the end of the service.
4.7 Ways in which we may use your personal information
We may use your personal information in the ways set out below:
– To provide you with the information, advice, support or services you have requested
– To gain a full understanding of your situation, so we can develop and offer you the best possible personalised service
– To keep a record of your relationship with us and for internal administrative purposes (such as our accounting and records), and to let you know about changes to our services or policies
– To look into, and respond to, complaints, legal claims or other issues.
– To claim Gift Aid on your donations
– To carry out statistical analysis and research in order to help us to understand how we are performing and how we can improve our services and better meet the needs of our community
– For other purposes, i.e. clinical or social research studies or surveys, which we will specifically notify you about and, where appropriate, obtain your consent
– To send you communications about our work and how you can help us to help you, for example, information about our campaigns, volunteering and fundraising activities and how you can donate to us
– To contact you about the services and events which we think may be of interest to you, and to provide you with news and updates regarding relevant topics, e.g. research and clinical trials
– To conduct checks to verify identity e.g. during the employment or DBS process
– Other processing necessary to comply with professional, legal and regulatory obligations that apply to our work e.g. under health and safety regulation or rules issued by HMRC, the Charities Commission for England and Wales or the Information Commissioner’s Office
4.8 Sharing information
We will not pass on your details to anyone else and we will only share then if required to do so by law. Your information may be shared internally with the appropriate members of our staff team, with your prior consent and with the aim of effectively providing the service you have requested. Our staff team are bound by our professional confidentiality obligations.
With your specific consent, we may share your details with a third party service provider, to provide you with a service such as advocacy.
Where possible, information that is shared for any reason will be anonymised or pseudo-anonymised.
With your explicit consent, we may sometimes share your information with trusted service providers who are authorised to act on our behalf, or with whom we work in partnership to deliver and improve care, treatment or services for people affected by Niemann-Pick disease. We use third-party organisations to help us collect donations such as Just Giving, Virgin Money Giving, Facebook Donations, PayPal Giving and Square.
We use trusted third-party providers including Lamplight, MailChimp and Survey Monkey, to provide database services and to deliver our e-newsletters, communications and surveys. We collect statistics using industry standard technologies to help us monitor and improve our communications. For more information, please see the respective privacy notices of Lamplight, MailChimp and Survey Monkey.
Where we use external companies to collect or process data on our behalf, we carry out comprehensive checks on these companies, and put in place contracts and data sharing agreements to control how they manage the data they may collect or have access to.
If you have made a gift aid declaration we will share your name, address and donation details with HMRC.
Our IT support and service providers may also access your Personal Information as a consequence of them providing support to us. We only allow our service providers to handle your Personal Information if we are satisfied they take appropriate measures to protect your Personal Information.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
4.9 Storage and Security
We are committed to ensuring that your personal information is secure. Keeping information secure is a key part of data protection compliance. We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees or other third parties who have a need to know and they are subject to a duty of confidentiality.
Your personal information may be held at our Central Office, or those of our staff team members. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and store.
When we collect your personal information, we use strict procedures and security features to prevent unauthorised access. Our database provider Lamplight, may process your personal data in line with our contract, data sharing and confidentiality agreements which govern use of the data we hold.
All reasonable technological and operational measures put in place to safeguard it from unauthorised access. However, no data transmission over the Internet is 100% secure. As a result, while we try to protect your personal information, NPUK cannot guarantee the security of any information you transmit to us and you do so at your own risk.
4.10 What happens in the event of a data breach
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so or where we have otherwise agreed with you that we will. If you would like more information about how we maintain information security, please contact us to request a copy of our Data Security Statement.
5. Your choices regarding the information we hold
We will always treat your Personal Information with the utmost respect and we will never sell or share it with other organisations for marketing purposes.
You have the right to change your preferences or to opt out of receiving our communications at any time.
If you change your mind about your choices, or you wish to unsubscribe completely, you can update your preferences at any time by contacting us:
– Call us: 0191 415 0693
– Email us: email@example.com
– Write to us: NPUK, Suite 2 Vermont House, Washington, NE37 2SQ
We may ask you to confirm or update your communication preferences if you ask us for information or to provide further services in the future, or if there are changes in the law, regulation, or the structure of our organisation.
5.1 You can request access to any information we hold about you
You are entitled at any time to ask us for a copy of the personal information we hold about you, this is known as ‘a data subject access request’. You are also entitled to ask that any information we hold about you is updated, removed or restricted. Please note that if you ask for your data to be removed or restricted, this may affect the ways in which we can provide services or information to you/and or your family.
We will aim to respond to your request within one month.
If you wish to request a copy of the information that we hold about you or wish to update or delete any information, please write to NPUK Chief Executive: Toni Mathieson at: Niemann-Pick UK (NPUK), Suite 2, Vermont House, Concord, Washington, Tyne and Wear, NE37 2SQ, or email: firstname.lastname@example.org.
For further information about your rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation: www.ico.org.uk
5.2 How long your Personal Information will be kept
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When it is no longer necessary to retain your Personal Information, we will delete or anonymise it. In some circumstances we may anonymise your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Like most websites, our server gathers limited information about you during a session, including the IP address and domain name from which you are accessing the server and your browser configuration. This information is only used to help us improve the content, design and performance of the site, and is not linked to the identity of any individual user.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
NPUK uses permanent cookies to enable basic web traffic analysis using Google Analytics.
We use Google Analytics to analyse the use of this website. This analysis shows us which areas of the site are popular and those that are not often visited which helps us to use our website resources in the most effective way.
These will remain stored on your computer until deleted, or until they reach a specified expiry date.
In no circumstances do we collect any data that is not directly related to the use of the website (for example, we do not record other sites that you have visited).
The log files or any information they contain about your use of the site will not be made available to any third parties other than as anonymous usage statistics.
You can choose to accept or decline cookies upon first use of the website. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We also must stress that you as an individual have a right to complain to the ICO (The Information Commissioner’s Office) if you have an issue with how your data may have been handled.
6.2 Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
6.3 How to complain
We hope that we can resolve any query or concern you may raise about our use of your information. If you want to complain about how we have handled your Personal Information, please follow the procedure in our Complaints Policy which is available on our website www.npuk.org
We will investigate your complaint but if you are not satisfied with our response or believe we are processing your Personal Information unlawfully; you can complain to the UK Information Commissioner’s Office. Further information is available on the ICO website www.ico.org.uk