Alopecia UK - Privacy Policy

1. INTRODUCTION 

1.1       Privacy and Security

Alopecia UK is committed to protecting your privacy and security.  This policy explains how and why we use your personal data, to ensure you remain in control of your information.

You can decide not to receive communications from us or change how we contact you at any time.  If you wish to do so please contact us by emailing [email protected], writing to Alopecia UK, PO Box 341, Shipley, BD18 9EH, or telephoning 0800 101 7025 (lines open 9am – 5pm, Mon – Fri).

We will never sell your personal data, and will only ever share it with service providers we work with (where necessary to allow them to perform a service for us) and if its privacy and security are guaranteed.

1.2       About Us

Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Alopecia UK (Charity no. 1111304 in England & Wales and SCO44702 in Scotland).

For the purposes of data protection law, Alopecia UK will be the controller.

2. WHAT INFORMATION WE COLLECT

2.1       Personal data you provide

We collect data that you provide us.  This includes information you give when enquiring about our services, donating, registering for an event, or communicating with us.  For example:

  • personal details (name, date of birth, email, address, telephone etc.) when you join as a supporter;
  • financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided. Please see section 8 for more information on payment security); and
  • details of your interests and preferences (such as campaigns, the ways you support us or types of events you have attended).

2.2       Information created by your involvement with Alopecia UK

Your activities and involvement with Alopecia UK will result in personal data being created.  This could include details of how you’ve helped us by volunteering and attendance or participation in our events.

If you kindly decide to donate to Alopecia UK then we will keep records of when and how much you give to a particular cause.

2.3       Volunteers

If you are volunteer for Alopecia UK, we may collect extra information about you (eg references, criminal records checks, details of emergency contacts, medical conditions etc).  This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.

3. HOW WE USE YOUR INFORMATION

We only ever use your personal data with your consent. We will not rent, swap or sell your personal information to other organisations. The legal basis that we rely on for processing your data will depend on the circumstances in which it is being collected and used, but in most cases will fall into one of the following categories:

  • Where you have provided consent to allow us to use your data in a certain way
  • Where the processing is necessary to carry out the performance of a contract with you
  • Where the processing is necessary in order for us to comply with a legal obligation
  • Where it is in our legitimate interest to perform our functions, for example processing donations

In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes).

3.1       Marketing

We use personal data to communicate with people, to promote Alopecia UK and to help with fundraising.  This includes keeping you up-to-date with our news, updates, events and fundraising information.  For further information on this please see Section 5 (Marketing).

3.2       Administration

We use personal data for administrative purposes (i.e. to carry on our charity work). This includes:

  • receiving donations (e.g. direct debits or gift-aid instructions);
  • maintaining databases of our volunteers and supporters;
  • fulfilling enquiries;
  • helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this)

4. DISCLOSING AND SHARING DATA      

We will never sell your personal data.  

If we ever partner with other organisations, we may need to share information with them (for example, if you register to attend an event being jointly organised by us and a company).  We will only share information when necessary and we’ll make sure to notify you first.

5. MARKETING

From May 2018, Alopecia UK will ask its supporters to ‘opt-in’ for most communications.  This includes all our marketing communications.

This means you will have the choice as to whether you want to receive these messages and be able to select how you want to receive them (email or post)

You can decide not to receive communications or change how we contact you at any time by getting in touch with us.

5.1       What does ‘marketing’ mean?

Marketing does not just mean offering things for sale, but also includes news and information about:

  • our charity and the work we do
  • volunteering opportunities;
  • appeals and fundraising (including donations, competitions etc
  • our events, activities and local groups;
  • products, services and offers (of third parties which may interest you); and
  • leaving a legacy; 

5.2       Newsletters 

You can choose to unsubscribe from general marketing communications without giving up receipt of our regular monthly email newsletter if you wish.  However, please be aware that newsletters do include advertisements, details of events and fundraising information.

6. RESEARCH AND PROFILING

This section explains how and why we use personal data to build profiles which enable us to understand our supporters, improve our relationship with them, and provide a better supporter experience.

6.1       Analysis and grouping

We may analyse our supporters to determine common characteristics and preferences.  We do this by assessing various types of information including behaviour (e.g. previous responses) or demographic information (e.g. age or location).

By grouping people together on the basis of common characteristics, we can ensure that the group is provided with communications, products and information which is most important to them.  This helps prevent your inbox from filling up, and also means we aren’t wasting resources on contacting people with information which is not relevant to them.

7. CHILDREN, YOUNG PEOPLE & VULNERABLE ADULTS 

7.1       Information for parents/guardians/carers

We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children.  If your child is under 18, we’ll only use his or her personal data with your consent.  This means that, for example, if your child wants to have his or her name or picture featured in one of our newsletters, we’ll need you to confirm you’re happy for us to do so.

7.2       Signing up to our website / mailing list

If you are aged 16 or under, please get your parent / guardian’s permission beforehand whenever you provide us with personal information.

8. HOW WE PROTECT DATA

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised use of, disclosure or access to your personal information.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means).  Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.

8.1       Payment security

All electronic Alopecia UK forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.

If you use a credit card to donate or purchase something on-line via our website we will pass your credit card details securely to our payment provider (Stripe).  Other payment methods are handled in a similar manner.  Alopecia UK complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.

Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.

9. STORAGE    

We will only use and store information for so long as it is required for the purposes it was collected for.  How long information will be stored for depends on the information in question and what it is being used for.  For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).

We continually review the information we hold and we ensure that when information is no longer required we thoroughly delete it.  We never store payment card information.

10. KEEPING YOU IN CONTROL 

We want to ensure you remain in control of your personal data.  Part of this is making sure you understand your legal rights, which are as follows:

  • the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
  • the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • the right to have inaccurate data rectified;
  • the right to object to your data being used for marketing or profiling; and
  • where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format 

Please keep in mind that there are exceptions to the rights above and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

11. COOKIES AND LINKS TO OTHER SITES 

11.1     Cookies

Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online).  

11.2    What is a Cookie

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may either be “persistent” cookies or “session” cookies; a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie will expire at the end of the user session, when the browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored and obtained by cookies.

11.3    Google Analytics

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create report about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/

11.4     Links to other sites

Our website contains hyperlinks to many other websites.  We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by emailing [email protected]

If an external website requests personal information from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by Alopecia UK's Privacy Policy.  We suggest you read the privacy policy of any website before providing any personal information. 

When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with Alopecia UK.

12. OUR WEBSITE PROVIDER

Your data may also be available to our website provider to enable us and them to carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services.  This may include connecting data we receive from you on the website to data available from other sources.  Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are deemed to outweigh their legitimate interests in developing new services for us.  

In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in section 2 above.
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights under section 1 of this privacy policy

13. REVIEW

We will review this Privacy Policy annually to ensure it remains up-to-date and accurately reflects how and why we use your personal data.  The current version of our Privacy Policy will always be posted on our website.