CHILDREN’S HEART SURGERY FUND PRIVACY & DATA PROTECTION NOTICE  

Children’s Heart Surgery Fund

Privacy

This privacy notice tells you how we look after and use your personal information.  It explains how we do this and what protection you have from British and EU law as well as what your privacy rights are.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

Last updated 4th June 2018.

Contents

  1. Data Protection Law
  2. Who we are and Help You Can Get About Data Protection
  3. Our Promise Regarding the Use of Your Personal Information
  4. How the Law Helps You with Your Privacy
  5. Personal Data
  6. When You Contact Us
  7. Details of Your Visits to Our Website
  8. Cookies
  9. How Long We Keep Your Information For
  10. Where and How We Store Your Personal Data
  11. How We Use Your Information to Make Automated Decisions
  12. Marketing
  13. Disclosure of Your Information
  14. Links to Third-Parties
  15. Your Rights and Access to Your Information
  16. Changes to Our Privacy Policy

 

  1. Data Protection Legislation

Your rights and our responsibilities when using your personal information are covered by the EU General Data Protection Regulations (known as GDPR) and the Data Protection Act 2018 (DPA).

The GDPR has a direct effect across all EU member states. After exiting the European Union GDPR will remain in force as the UK government has committed to this. This means organisations will still have to comply with this regulation and we will still have to look to the GDPR for most legal obligations. However, the GDPR gives member states limited opportunities to make provisions for how it applies in their country. One element of the DPA 2018 is the details of these. It is therefore important the GDPR and the DPA 2018 are read side by side.

This notice sets out what your rights are and what our responsibilities are under the current data protection legislation and the General Data Protection Regulations.

  1. Who We Are and Help You Can Get About Data Protection

We are Children’s Heart Surgery Fund (CHSF). For the purposes of the General Data Protection Regulations, we are regarded as a “data controller”. Our address is Children’s Heart Surgery Fund, 3 Oxford Place, Leeds, West Yorkshire LS1 3AX.

If you need to ask a question about how we use your personal information please write to us at the above address. Alternatively, you may wish to contact us by email, on [email protected]. We will not charge you a fee to answer your questions.

You can also find information from the government body that regulates and oversees matters related to data protection. This body is called the Information Commissioner’s Office (known as the “ICO”) and can be found at www.ico.org.uk. You can also call their helpline on 0303 123 1113 (calls to this number are local rate calls and cost the same as calls to 01 or 02 numbers).

 

  1. What We Promise to Do with Your Personal Information

We promise to keep your personal data safe and secure

We promise to keep your information private

We promise to only use your personal information for the purposes stated in this Privacy Notice

We promise to only keep your personal data for as long as it is needed

We promise to give you ways to control how we use your personal information, including your marketing preferences

We promise to act in an open and clear way when using your personal information

We promise not to sell your personal data to any third party

We promise to ensure that all companies, organisations and services we work with will also respect the security of your personal information and be compliant with current data protection law

 

  1. How the Law Helps You with Your Privacy

Data Protection legislation sets out what we are allowed to do with the personal information we collect from you. It says that we have to have a legitimate reason to use your information. There are five main reasons to use your data and we need to have one or more of them. The reasons to use your personal data are:

  1. We have your consent;
  2. It is our legal duty to use the information;
  3. A contractual obligation, and;
  4. We have a legitimate business or commercial interest in using your information. Even if we think we have a legitimate interest reason to use your information it cannot go against your wishes or what is fair for you.

 

  1. Personal Data

The types of personal data collected from you

The following personal information may be collected from you: Full name, including any aliases; Title; Gender; Marital status; Full postal address, as well as any alternative contact addresses such as business or care of address; Telephone contact numbers, including home, mobile, business, alternative numbers; Contact email addresses; Spouse’s and family member’s details; Bank account details;   Fundraising, donations or pledging history; Tax status; Your contact preferences; Employment or business details.

What we use your information for

To keep our records up to date as well as ensuring that we run our business operations efficiently and effectively. To manage our relationship with you professionally and in a positive way. To help us develop new ways to meet the needs of our stakeholders and interests.

Our reasons for using your personal data

You have given your consent to collect the information. We need the information to fulfil our contractual obligations. It is within our business interest and we have a legitimate interest to collect the data. We have a legal duty to collect the information.

Our legitimate reasons for collecting the information

To keep our records up to date. Being efficient as a business. Help work out how our campaigns and services may interest you and to tell you about them. Help in developing products, campaigns and services that are beneficial to Children’s Heart Surgery Fund’s normal business function. In addition, the information helps us to define types of stakeholders for new campaigns, products or services. If we need to seek your consent when we need to contact you. Meeting our legal duties and complying with regulations that apply to us.

 

  1. When You Contact Us

When you contact us by post, telephone, email, text, social media, mobile applications or any other means, we may keep a record of that correspondence.

What we use this information for

To keep our records up to date as well as ensuring that we run our business operations efficiently and effectively. That we manage our relationship with you professionally and in a positive way. To help us develop new ways to meet the needs of our stakeholders and interests.

Our reasons for using this personal data

You have given your consent to collect the information. We need the information to fulfil our contractual obligations. It is within our business interest and we have a legitimate interest to collect the data. We have a legal duty to collect the information.

Our legitimate reasons for collecting the information

To keep our records up to date. Being efficient as a business. Aid us to work out how our campaigns and services may interest you and to tell you about them. If we need to seek your consent when we need it to contact you. Meeting our legal duties and complying with regulations that apply to us.

 

  1. Details of Your Visits to Our Website

When you visit our website at www.chsf.org.uk we may collect information about your computer, including where available your IP address, operating system and browser type. This includes, but is not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.

Our reasons for using this personal data

You have given your consent to collect the information. We need the information to fulfil our contractual obligations. It is within our business interest and we have a legitimate interest to collect the data. We have a legal duty to collect the information. This information is needed for system administration and to report aggregate information to any advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

Our legitimate reasons for collecting this information

Your consent. For system administration and to report aggregate information to our third-party service providers such as advertisers. It also helps us to be efficient as a business organisation.  As well as aiding us to work out how our campaigns and services may interest you and to tell you about them.

 

  1. Cookies

When you visit our website, through any device or platform, we obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer or the device used. Cookie files, also known as a Cookie or cookies, contain information that is transferred to your computer’s hard drive.

For more information about our Cookie Policy, to find out how to manage cookies and the cookie types we use, please visit https//chsf.org.uk/terms-conditions/cookies-policy/

 

Our reasons for using this type of information

You have given your consent to collect the information. We need the information to fulfil our contractual obligations. It is within our business interest and we have a legitimate interest to collect the data. Cookies help us to improve our site and to deliver a better and more personalised service.

Our legitimate reasons for using cookies

Your consent. For system administration and to report aggregate information to our third-party service providers such as advertisers. It also helps us to be efficient as a business organisation.

 

  1. How Long We Keep Your Information For

We only keep personal information for as long as we need too or we have your permission to use the information for how long the law tells us too.  We will keep your personal information for as long as you have an active account with Children’s Heart Surgery Fund. We usually regard somebody as being an active account holder if they have donated within five years of their account being set up.

After you stop being an account holder, we may keep your data for up to 10 years for one of these reasons:

  • To respond to any questions or complaints
  • For auditing purposes
  • To show that we treated you fairly
  • To maintain records according to regulations that apply to us

We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.

 

  1. Where and How We Store Your Personal Data

All information you provide to us and collected by Children’s Heart Surgery Fund is stored on our secure servers by our Managed Service Provider, Mansys UK Limited, who provide all our IT support services. Mansys have many years’ experience as a Managed Service Provider. They are audited each year and their business and security processes are reviewed by a regulated auditor. Mansys is ISO:9001 and ISO:27001 accredited.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. We recommend that your own security software is up to date. Once we have received your information, we will use strict procedures and protocols to try to prevent unauthorised access.

We are planning to move to a Cloud-based infrastructure in the near future. This will be held by Mansys in their tier-3 data centre.

Any payment transactions will be encrypted, using SSL technology.

 

  1. How We Use Your Information to Make Automated Decisions

Children’s Heart Surgery Fund does not use automated decision making or profiling software, or marketing consultants in any of its strategies or campaigns.

 

12) Marketing

We may use your personal information to tell you about relevant services, goods, campaigns and funding opportunities. This is what we mean when we say ‘marketing’.

The personal information we have for you is made up of what you tell us and data we collect when you use our services.

We study this to form a view on what we think you may be of interest to you. This is how we decide which campaigns, offers, services, goods and information that may be relevant to you.

We can only use your personal information to send you marketing messages if we have either your consent or there is a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time, either in writing to the address on our contact details or by emailing [email protected]

Whatever you choose, you’ll still receive important information such as changes to your account, how we operate or our legal obligations that may affect you.

From time to time we may ask you to confirm or update your marketing and personal data use choices. We will also ask you to do this if there are changes in the law, regulations, or to our business.

If you change your mind you can update your choices at any time by contacting us via post, telephone or email.

If you are an existing account holder we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.

 

  1. 13. Disclosure of Your Information

Your personal information will be treated with the utmost confidence and we will not normally disclose the information we hold. In some circumstances, we may have to disclose your personal information to third parties. This will only happen in the following circumstances:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or cooperating with criminal investigations
  • In order to enforce or apply our terms of website use or terms and conditions of supply and other agreements
  • If we have to disclose required personal information to suppliers or organisers of events, experiences, encounters, occasions, etc. For example, providing age, health and weight information to the organisers of a skydiving experience
  • To protect the rights, property, the safety of the Children’s Heart Surgery Fund, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or asset
  • If the Children’s Heart Surgery Fund or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets

 

  1. Links to Third-Parties

Our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Likewise, we are not responsible for the collection of personal data by social media platforms, i.e. Facebook, WhatsApp, Twitter, etc., where we have a presence. You are advised to read carefully the relevant Privacy Policies to all websites you access or you are directed in the course of your interactions with Children’s Heart Surgery Fund.

 

  1. Your Rights and Access to Your Information

Accessing the information we hold on you

The General Data Protection Regulations gives you the right to access information held about you. Your right of access can be exercised in accordance with the Regulations. Any access request is free unless the request is regarded as an onerous request. Requests for information access will be actioned within one month of receiving your request. To gain access to the information we have for you please write in the first instance to Children’s Heart Surgery Fund, 3 Oxford Place, Leeds, West Yorkshire, LS1 3AX.

Letting us know if your personal information is incorrect

You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this.

If you do, we will take reasonable steps to check its accuracy and correct it.

 

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.

There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

  • It is not accurate
  • It has been used unlawfully but you don’t want us to delete it
  • It not relevant any more, but you want us to keep it for use in legal claims
  • You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it

If you want to object to how we use your data or ask us to delete it or restrict how we use it or, please contact us.

 

  1. Changes to Our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or post.