Privacy Policy

How we respect privacy when we deal with personal information collected by our charity

This Privacy Policy applies to information we, the Swindon Down’s Syndrome Group (SDSG), collect about individuals who interact with our charity. It explains what personal information we collect and how we use it.

If you have any comments or questions about this notice, feel free to contact us at secretary@swindondownsgroup.org.uk.

Personal data that we process

We use your personal information in a number of ways to:

• provide you with the service or information you’ve requested.
• handle the administration of your donation or fundraised monies when received via cash, cheque, credit/debit card, standing order or via our online fundraising partners.
• handle the administration of Gift Aid and Gift Aid declaration forms.
• provide you with useful information about events, conferences and the services we provide.
• produce surveys for you to participate in.
• keep you informed of fundraising opportunities.
• contact you with appropriate marketing messages, where you have given us permission to do so.
• process your membership application and keep you informed of member related events.

What personal information we hold about you?

We only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:

• your name and/or your child’s name
• your contact details

Depending on the nature of your request, we may ask you for other information, where it’s appropriate and relevant, for example:

• your address
• your profession
• your reasons for supporting Swindon Down’s Syndrome Group e.g. if you have a family member with Down’s syndrome
• information that is relevant to the support that we provide to you through one of our core services, for example: information about your personal circumstances and/or interactions with statutory services/medical professionals, to help us provide relevant information or support and tailor our services to meet your needs.
• information that is relevant to volunteering opportunities
• how you would like us to contact you
• age or date of birth, where relevant to the person with Down’s syndrome.
• details of any accident or incident you may have been involved in while participating in one of our events or activities.

Where we collect your personal information from

We collect personal information about you in several ways:

• via our website collected through cookies, it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.
• when you contact us by mail, phone or email.
• when you contact us about one of our services.
• when you complete one of our online or paper-based surveys or purchase or order
  an item from eBay.
• when you submit an application as a Trustee or voluntary position with us.
• when you register to take part in a information evening, workshop or event.
• when you have used a social media platform to contact us – Facebook, Twitter, LinkedIn or Instagram.

We may collect your personal information from other organisations and sources. For example, when you raise funds via JustGiving or PayPal Giving or sign up to an event through third party providers. When providing information to us via these channels you should check these companies’ privacy policies and settings to understand how they use your personal information.

How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table at the top of this policy.

For example, we may use your personal information to:

• reply to enquiries you send to us;
• handle donations or other transactions that you initiate;
• where you have specifically agreed to this, send you marketing communications by
  email relating to our work which we think may be of interest to you.

When we share your data

We will only pass your data to third parties in the following circumstances:

• you have provided your explicit consent for us to pass data to a named third party;
• we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
• we are required by law to share your data.

Who we share your data with

We do not share or sell your data to any other charity or company for marketing purposes.

However, there are some situations where we use trusted suppliers to help us with administration of the services you have asked us to supply to you for example:

• mailing houses to despatch our newsletters.
• agencies who handle your donations on our behalf or administer an online booking.
• organisations or individuals who work with us to provide services for you e.g. medical and education professionals.
• website hosting companies which we use to administer our website content.
• a database company who support us in keeping all our records in order.

We also use trusted suppliers to help us with marketing:

• email service providers to send our emails and manage your marketing permissions.
• mailing houses to send out marketing by post.

Some of our suppliers may operate outside the European Economic Area (EEA). This requires us to ensure they provide an adequate level of protection in accordance with UK data protection law, for example the EU-US Privacy Shield Framework. By submitting your personal information to us you agree to this transfer, storing or processing at locations outside the EEA.

Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required by the police, the courts or for other legal reasons.

How long we keep your data

We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.

Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.

Rights you have over your data

Anyone who is the subject of personal information held by SDSG has the right to make a subject access request. We respect your right to control your data. Your rights include:

Right of access – you have the right to access and obtain a copy of the personal data that we hold about you.

Right to rectification – you have the right to request that we correct any inaccuracies in the personal data stored about you.

Right to erasure – in certain circumstances, you have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances:

• your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us
• where you withdraw consent and no other legal ground permits the processing
• where you object to the processing and there are no overriding legitimate grounds for the processing
• your personal data have been unlawfully processed
• your personal data must be erased for compliance with a legal obligation

Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.

Right to restriction – you have the right to restrict our processing of your personal data where any of the following circumstances apply:

• where you feel that the personal data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal data
• where the processing is unlawful and you do not want your personal data be erased and request the restriction of its use instead
• where we no longer need to process your personal data (e.g. any of the purposes outlined above have been completed or expire), but we require it in connection with legal proceedings
• where you have objected to our processing of your personal data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.

Where you exercise your right to restrict our processing of your personal data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.

Right to data portability – you have a right to receive and transfer the personal data that you provide to us in a structured, commonly used and machine-readable format where we process your personal data on the legal bases of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your personal data on your behalf to another controller of your choice (where it is feasible for us to do so).

Right to withdraw consent – you have a right to withdraw your consent, at any time, to our processing of your personal data which is based on your consent. Where you exercise this right, our processing of your personal data prior to your withdrawal of consent will remain valid.

Right to object to processing – In certain circumstances, you have a right to object to our processing of your personal data where we process it on the legal bases of our legitimate business interest or your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your personal data which override your interests, rights and freedoms or where the processing of your personal data is required for compliance with a legal obligation or in connection with legal proceedings.

If you would like to make a personal data access request, please email the Secretary at secretary@swindondownsgroup.org.uk with the subject title ‘Data request’ including the following required Information:

• your full name
• a description of your data access request

We will deal promptly with subject access requests and will normally respond within 30 days. If there is a reason for delay, the person making the request will be informed accordingly. Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as
many services to you as possible.

How we keep your information safe

SDSG shall ensure that personal data is stored securely using modern software that is kept-upto-date. The charity take appropriate technical and security measures to safeguard personal information. The following measures will be taken:

• Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
• Password protection on personal information files
• Setting up computer systems to allow restricted access to certain areas
• Not allowing personal data to be taken off site (as hard copy, on laptop or on memory stick)
• Password protected attachments for sensitive personal information sent by email
• When personal data is deleted this should be done safely such that the data is irrecoverable.
• Appropriate back-up and disaster recovery solutions shall be in place.

How we keep your personal information up to date

SDSG has a legal obligation under data protection legislation to keep the personal information it collects accurate and up to date. Among other things, it helps us ensure that we do not contact you with inappropriate information and marketing messages and also prevents us from wasting valuable funds on print and postage. We keep your information accurate as follows:

• by giving you the opportunity at any time to contact us to correct or change your information.
• by using information publicly available to us.
• if you contact us we may ask you to confirm certain details.
• when we receive undelivered mail or email.

Modifications

We may modify this Privacy Policy from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at complaints@swindondownsgroup.org.uk

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

We keep our privacy notice under regular review.
This privacy notice was last updated on: 8 May 2022