Success After Stroke respects your privacy. We are committed to protecting your personal information and to being transparent about the information we hold about you. This privacy notice explains how we keep your personal information safe, tells you about your privacy rights and how the law protects you.
Purpose of this privacy notice
This notice explains what personal information we collect about you, how we use it and how long we will keep it for. You might give us your personal information when you request a service, sign up to an event, fundraise for us, or even simply by using our website.
When we collect your personal information, there is always a reason behind it. In addition, we will only ask you for sensitive personal data (also known as special category personal data), for example, health information, when there is a clear reason for doing so and we will tell you what that reason is.
Success After Stroke is a registered charity, registration number 111056, and is the controller and responsible for the use of your personal information for the purposes set out in this notice.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please get in touch with us through our email address firstname.lastname@example.org
The information we collect about you
Personal information’ means any information about an individual from which they can be identified. The personal information we collect allows us to provide services to people affected by stroke. It also helps us to better understand our supporters and improve how we engage, communicate and fundraise, for the benefit of all those affected by stroke.
We strongly believe your personal information needs to be safeguarded and protected. As long as you share it with us, we are its guardian. We take steps to collect only what is necessary and we do this for different purposes, but all with one goal in mind: to improve the lives of stroke survivors and their families. Here is a list of the type of personal information we currently use:
- Identity Information you give to us – this will include your full name and title, date of birth, gender, address and email address (if relevant).
- Transaction History of your interactions with us. This will include any donations, Gift Aid, events you have participated in, the services you requested, your interests, preferences, feedback and survey responses and how you use our website and services.
- Health Information necessary for providing support services for individuals affected by stroke or to enable you to participate in events which will help you to reduce your risk of a stroke to your health.
- Technical Information which allows us to confirm what browser you are using, the internet protocol (IP) address and computer operating systems that are being used, your login data and other technology on the devices you use to access our website.
- Marketing and Communications Preferences for receiving information from us about our support services, research, campaigning, volunteering and fundraising activities (including ways to donate) and how you would like us to communicate with you.
If you don’t want to share your personal information with us
If you don’t want to share your personal information with us, you don’t have to. We will only keep any personal information we are required to keep in accordance with legal requirements or tax and accounting rules, but we will otherwise respect your decision. However, please be aware that if you do not share your personal information with us we may have to stop providing you with our support or other services, and you may not be able to engage with us or participate in our activities (such as campaigning, volunteering and fundraising activities (including donating)). We will let you know if this is the case.
Keeping your information accurate
It is important to us that the personal information we hold about you is accurate and up-to-date. Please tell us if there are any changes to your personal information during your relationship with us.
Why we use your personal information – the purposes
We will use your personal information only for specific purposes and where we have taken steps to ensure we respect your privacy. We will never sell your personal information to other organisations.
Here are the main reasons why we use your personal information:
When we provide a service to you
If you engage with our services, helpline or need us to support you in any way, we use your personal information to:
- provide you with care, information and support and details about events, which is provided by phone, post, email and social media channels.
- contact or provide your nominated carer, emergency contact, relative or next of kin with relevant information and support
- comply with our legal obligations such as our safeguarding duty where we have a concern about your welfare
We will also use your personal information to comply with our legal obligations, for example, our obligations relating to health and safety and safeguarding.
When you provide a service to us
- support your fundraising
- receive and process your donations (including gift aid donations, legacy gifts, in-kind and regular donations for which you may have set up a direct debit)
- manage the relationship with us when you support us as a volunteer
- manage our relationship with philanthropy givers and trust organisations
- manage events you take part in and provide you with relevant updates
- manage your legacy gift to us
- provide you with information about us, how you can get involved through volunteering, donating or fundraising for us. We only give you the information you have asked for and we only contact you with this information by email, text message or telephone if you have given us your consent. However, if you have provided us with your postal address, we may send you the information unless you have told us that you would prefer us not to. We do this on the basis of our legitimate interests. You can update your communication preferences at any time or tell us to stop giving you the information, by contacting us.
We will not use your personal information to send you information about our services or fundraising activities if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you for these purposes.
The legal bases which allow us to use your personal information
The legal basis that we rely on for using your personal information will depend upon the circumstances in which we collect and use it, but will in most cases be because:
- you have provided your consent to allow us to use your personal information in a certain way
- it’s necessary to carry out for the performance of a contract with you
- it’s necessary in order for us to comply with a legal obligation
Recipients of your personal information
Rest assured, we take steps to keep your personal information safe, and we never share, sell or swap your personal information with any third parties for the purposes of their own marketing or to monetise your personal information.
Sharing your information with third parties we work with
However, we sometimes share your personal information with third parties we work with. When we share your personal information with organisations that act for us as service providers, we take the following steps to keep your personal information safe and protect your privacy:
- we provide them with only the personal information they need to perform their specific services;
- we require them to only use your personal information for the exact purposes we specify;
- we require them to keep your personal information secure; and
- if we stop using their services, we require them to delete or anonymise.
Examples of the kinds of service providers we work with are those who provide us with advertising, marketing, research or IT administration services. If you would like more information about the third parties we currently use, who, in providing us with their services, will process your personal information as part of their contracts with us, please get in touch with us.
Sharing your information with third parties for their own purposes
We may also need to share your personal information with third parties for their own purposes. We will only do this in specific circumstances. For example, we may need to share your information with:
- our professional advisors including our lawyers, bankers, auditors and insurers; and ticketing businesses.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to those employees, volunteers, agents, and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to confidentiality obligations.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal information for?
We will only use your personal information for as long as is necessary to fulfil the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from its unauthorised use or disclosure; the purposes for which we process it and whether we can achieve those purposes through other means; and the applicable legal requirements.
If you would like more information about the retention periods we apply to different aspects of your personal data, please contact us.
In some circumstances you can ask us to delete your personal information: see ‘request erasure’ below for further information.
In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this anonymous information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information. You have the right to:
- request access to your personal information and receive a copy as well as check we are processing it lawfully.
- request correction of any incomplete or inaccurate information we hold about you. However, we may need to verify the accuracy of the new data you provide to us.
- request erasure of your personal information where there is no longer a good reason for us to hold it. This may also apply where you have successfully exercised your right to ‘object to processing’ (see below); where we may have processed your information unlawfully; or where we are required to erase your personal data to comply with local law. Please note however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). This applies where there is something about your particular situation which makes you want to object to as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes or where we process your personal information for research purposes. In some cases, we will be able to demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.
- request a restriction on processing of your personal information. This applies in the following scenarios: (a) if you want us to establish the accuracy of your personal information; (b) where our use of it is unlawful but you do not want us to erase it; (c) where you need us to hold the personal information, even if we no longer require it, to enable you to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to do so.
- request us to report your personal information to you or to a third party. We will provide to you, or your chosen third party, your personal information in a structured, commonly used, machine-readable format. Please note this right only applies to automated information for which you initially provided consent for us to use or where we used the information to perform a contract with you.
- withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of processing carried out prior to this withdrawal. If you do withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights
If you wish to exercise any of the rights set out above, please contact us using the details on the next page
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please do contact us in the first instance.
No fee usually required
There is no fee to access your personal information (or to exercise any of your other legal rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to safeguard your personal information. We may also contact you to ask for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Our contact details
- Addressee: Data Protection Officer
- Full name of legal entity: Success After Stroke
- Email address: email@example.com
- Postal address: The Stevenson Centre, Stevenson Approach, Great Cornard, Sudbury. CO10 0WD
- Telephone number: 07434 931 962
Website Third-Party Links
When using our website, there may be links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share information about you. We do not control these third-party websites, plug-ins or applications, and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Changes to this Privacy Notice
This Privacy Notice was last updated on 24 May 2018 and will be reviewed and updated from time to time. Older versions can be obtained by contacting us.