24th April 2018
This policy is to inform you about our data protection practices and your rights in accordance with the requirements of the new General Data Protection Regulation (GDPR). (Regulation (EU) 2016/679).
How we treat the information we gather
We are a registered charity number 1165651.
We process all data ourselves and do not outsource any processing.
This policy applies to information collected from you by phone, correspondence or electronic means. We only collect information about you that:
- helps us make our services work better for you
- lets us contact you if we need to
- lets us signpost you and medical professionals to information about the symptoms, causes and treatments for Ring Chromosome 20 Syndrome
- helps us understand which family members have Ring Chromosome 20 Syndrome and why you support our work, so we can better meet your needs and find more people like
We may ask for more information so that you can use services or complete transactions for such purposes as fundraising. This information will only be used for the purposes stated.
Lawful basis for processing
Our charity has the bases of Legitimate Interests and Consent underpinning its requirement to process your data.
The Legitimate Interest requirement arises from the objects of our charity which are: The preservation and protection of health and the relief of need in particular by:
- Providing support and information to Ring Chromosome 20 Syndrome patients and their families
- Assisting in the provision of general information to the public about the condition
- Supporting medical professionals in their understanding of Ring Chromosome 20 Syndrome, its diagnosis, prognosis and treatment
- Supporting research into the condition and the means to improve the outcomes for those suffering with the condition and promoting the dissemination of the useful results of such research
We process certain Special Category (health) data requiring your Consent related to patients’ health for two principal reasons:
- To provide a Global Reference network enabling families to connect with each other with mutual Also to populate our PUBLIC r(20) map for inclusion on our charity literature, for display at conferences/events and to aid grant funding applications.
- If we sponsor future research into the Ring Chromosome 20 Syndrome we may contact you to ascertain your interest in participating in such a project. We would not pass on your personal information to the research body or related organisation without first obtaining your specific consent (positive opt – in consent).
The information we collect
We collect (via Mailchimp) the following information only direct from you, not third-party sources for the following purposes:
General Mailing List:
To inform you of our relevant services and to provide you with support and information, we collect:
- phone numbers
- name of organisation (only for Health Professionals/related organisations)
- connection to Ring20 R&S UK
Global Reference Network List:
To operate our Global Reference Network and to signpost you to any relevant research projects in which you may choose to participate, we collect:
- phone numbers
- parent of r(20) patient
- r(20) patient
- friend or relative of r(20) patient; and
- Special Category Data:
- patient name
- date of birth
- diagnosis date, mosaic/non-mosaic
- treatment centre
- lead medical professional
Ring20 Research and Support UK CIO does not knowingly collect personal information from anyone under the age of 18 unless it is accompanied by written parental consent. Otherwise we can accept your details from a parent or guardian. If we become aware that the sender is under 18 we will delete all information immediately unless we have received parental consent for the information to be processed by us.
If you send us feedback, your message will be kept securely.
How we store and manage your personal data
All electronic information you provide to us is stored on personal computers/laptops and in the case of the information we collect above, on Mailchimp. Access is controlled by passwords changed regularly, protected by anti-virus software and data is backed up on secure cloud servers.
Paper correspondence is filed under lock and key.
Training and support is given to any personnel involved in the processing of personal data. Payment transactions are received over secure payment processing systems.
The transmission of information over the internet is never completely secure. We will do our best to protect your personal data, but cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
How we use your information
Any information we collect is used to:
- maintain and improve the quality of the services we provide to you
- contact you, with your permission
We do not share your information with other organisations for marketing or commercial purposes or outside the EU.
If we sponsor research into the Ring Chromosome 20 Syndrome we would not pass on your personal information to the research body without first obtaining your specific consent (positive opt – in consent).
We will retain personal data for no longer than is necessary.
Disclosure of your information
Normally we do not have statutory or contractual reasons to disclose your personal data but we may disclose your personal information:
- if we are under a duty to disclose or share personal data to comply with a legal obligation
- for law enforcement purposes
Under the GDPR you have the right to:
- be informed about the data we hold about you, its purpose and our lawful basis for its processing. We hold this data only for as long as is necessary to carry out lawful processing. We do not normally accept data about you from other organisations.
- access on request (normally free of charge) to the data we hold about you and the basis of its lawful We have to verify your identification.
- rectification of inaccurate data unless we are satisfied such data is accurate in which case we will inform you of your right of appeal to the Information Commissioner’s Office.
- erasure on request of personal data, particularly when it relates to a child aged under 18. Such data under limited circumstances may continue to be held on our files if for example it is part of a research study or for legal reasons.
- restrict processing of your data on your request particularly where its accuracy is contested in which case we will store it in a separate inactive file.
- portability of any personal data we hold about you on request. This will be transferred to you by secure means for your use with another organisation.
- object, based on grounds relating to your particular situation, against your data being used for our legitimate interests. In this case we would comply unless the data is required for example for legal purposes.
We intend to answer your requests regarding the data we hold about you under the above paragraphs within one month.
The above rights also apply to children aged 13 and above, for whom their parents may have provided us with Special Category Data with their child’s consent.
For a copy of the personal information we hold about you, write to or contact Allison Watson, Ring20 Research and Support UK CIO, 26 Headley Chase, Warley, Brentwood, Essex CM14 5BN, tel 07512 753544, email firstname.lastname@example.org.
When we are satisfied of your identity we will send you a copy of your personal information that we are legally required to disclose.
If you are dissatisfied with the way in which we handle your complaint or request, you can write to the Information Commissioner’s Office via their website https://ico.org.uk/concerns/handling/ or telephone (tel 0303 123 1113).
We may update this notice from time to time. Any changes we may make to our privacy notice in the future will be posted on our website and sent directly to members and correspondents.
Signed by Trustee.