PRIVACY POLICY
Privacy Policy of HOPE for Paediatric Epilepsy: London
HOPE for Paediatric Epilepsy: London understand that your privacy is important and care about how your personal data is used and shared. We respect and value the privacy of everyone who deals with our companies and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.
Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
“Personal Data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us in the normal course of contacting us that is not readily available in the public domain. This definition shall, where applicable, incorporate the definitions provided in the Data Protection Act 1998 OR EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and
“We/Us/Our” means HOPE for Paediatric Epilepsy: London, Registered Charity Number 1192441 whose registered address is:
Oakleigh School,
280 Oakleigh Road North
Whetstone
London
N20 0DH
Telephone: 07516 926703
Our Data Protection Officer (DPO) is Dr Nadine Gurr, and can be contacted by email at info@hopeforepilepsy.org.uk, by telephone on 07516 926703, or by post at Oakleigh School,
280 Oakleigh Road North, Whetstone, London, N20 0DH.
What Does This Policy Cover?
Your Rights
As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
a) The right to be informed about Our collection and use of personal data;
b) The right of access to the personal data We hold about you (see section 12);
c) The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the ‘Contact us’ section below.
d) The right to erasure - this is sometimes called ‘the right to be forgotten’. If you want HOPE for Paediatric Epilepsy: London to erase all your personal data and we do not have a legal reason to continue to process and hold it, please contact Us using ‘Contact us’ section below.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to Us using your personal data for particular purposes.
If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided above and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
What Data Do We Collect?
During the course of our business relationship with you or your organisation we may collect some or all of the following personal and non-personal information about you.
a) name;
b) date of birth;
c) gender;
d) business/company name;
e) job title;
f) contact information such as email addresses, social media details and telephone numbers.
g) demographic information such as post code.
h) financial information such as bank account details if required
i) referring search engines / sites.
How Do We Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will not process and store data that is not required for normal communications. We will comply with Our obligations and safeguard your rights under the Data Protection Act 1998 OR GDPR at all times. For more details on security see section 7, below.
Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by supplying us with your contact details and requesting information), or because it is in Our legitimate interests. Specifically, We may use your data for the following purposes:
a) Replying to e-mails, letters, enquiries and telephone calls from you.
b) We may contact you to capture your feedback
c) Replying to you from information you submit in our web enquiry form.
d) We will perform due diligence in terms of donations if and when required.
e) With your permission and/or where permitted by law, We may also use your data for potentially contacting you by email, telephone, text message AND/OR post with information, news changes in arrangements in which it is reasonable to assume you may have an interest. We will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the Data Protection Act 1998 OR GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.6
f) You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
We will retain information on individuals and families that contact Us or who attend our events, meetings and days out for up to three years or for the length of time they are actively involved with Us.
We will retain information on and records required by funding bodies that have provided Us with grants for three years from the date of the initial grant.
How and Where Do We Store Your Data?
a) We only keep your personal data for as long as We need to in order to use it as described above and/or for as long as We have your permission to keep it.
b) Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).
c) Your data will stored in a secure manner and with minimal numbers of people accessing it – and then only on a need to know basis as described above.
d) Please note that while there are always risks associated with providing personal data, whether in person, by phone or over the Internet, and no system of technology is completely safe, “tamper” or “hacker-proof”, Hope for Paediatric Epilepsy: London will take reasonable and appropriate measures to prevent and minimize risks of unauthorized access to, improper use and the inaccuracy of your personal information.
e) All our information is stored on password protected computers.
Do We Share Your Data?
We will not share any of your data with any third parties for any purposes. Other than:
a) if it is required for activities where tickets must be under specific names. It will only be done when express permission is given for each individual circumstance.
b) In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.
c) We may sometimes contract third parties to supply and deliver products from third parties such as anti-suffocation pillows. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the Data Protection Act 1998, We may require the payment of a small fee which will not exceed £50.00. OR Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge.
Contacting Us
If you have any questions about this Privacy Policy, please contact Us by email at info@hopeforepilepsy.org.uk, by telephone on 07516 926703, or by post at Oakleigh School,
280 Oakleigh Road North, Whetstone, London, N20 0DH.
Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you.
GDPR Complaints
If you are unhappy about our handling of your personal information and our processing of it, please get in contact with us first so we can try to resolve your query using the details in the 'Contacting Us' section above.
If however you feel we have not dealt with your concern and that we are failing to meet our legal obligations, you can raise a complaint with the Information Commissioner's Office ("ICO") in the United Kingdom.
Changes to Our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our website and you will be deemed to have accepted the terms of the Privacy Policy if you enter into a business relationship with us. We recommend that you check this page regularly to keep up-to-date.
Page updated 13th July 2022 – Louise Miller
Checked by Dr Nadine Gurr