Friends of the Sick (Chevrat Bikkur Cholim)

Privacy Policy effective April 2018

Friends of the Sick (Chevrat Bikkur Cholim) is committed to safeguarding your privacy. At all times we aim to respect any personal data you give us or that we receive from other organisations, and keep it safe and secure. This Privacy Policy sets out our data collection and processing practices and your options regarding the ways in which your personal information is used.

This Privacy Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this policy from time to time without notice to you, so please check it regularly.

1.      Information we may collect about you

We may collect and process the following data about you:

(a)     information you give us DIRECTLY. You may give us your personal data when (i) you contact us by phone, email or post or via our website, (ii) you donate money to us or (iii) you apply for our services or for employment with us; and

(b)    information we receive INDIRECTLY. Your information may be shared with us by others, including users of our services and supporters of our organisation.

2.      What information do we collect?

We may collect, store and use the following kinds of personal data:

(a)     typically your name and contact details, including physical address, telephone number and e-mail address. However, we may request and hold other information where it is appropriate and relevant, for example, details of why you have decided to contact us or, in the case of clients, medical information. We do not hold your bank details or debit/credit card details;

(b)     information about your computer and about your visits to and use of our website, including your IP address, geographical location, browser type, referral source, length of visit and number of page views;

(c)     information about the services you use, services of interest to you and/or communication preferences you give; and/or

(d)     any other information shared with us directly.

The law recognises certain categories of personal information, including medical information, as sensitive and therefore requiring more protection. We only collect sensitive personal data if there is a clear reason for doing so, for example, in the case of clients, and we will only do so with your explicit consent.

3.      How and why we use your personal data

Personal data, however provided to us, will be used for the purposes specified in this Privacy Policy, which may include:

(a)     to send you information about our work and the services that we provide;

(b)     to carry out fundraising activities, including handling the administration of any donation or other payment you make via credit/debit card, cheque, standing order or BACS transfer;

(c)     to provide you with the services or information you have requested;

(d)     to collect payments from you and send statements and/or receipts to you;

(e)     to handle the administration of your employment and/or volunteering application; and

(f)      to deal with enquiries and complaints made by or about you relating to our website or us in general and to comply with any legal or regulatory obligation or request if we are under a duty to disclose or share your personal data in order to do so.

We may also disclose your personal information to third parties performing services on our behalf but only on the basis that they may use such information solely to provide services that we have requested and not for any other purpose.

4.      How will we communicate with you

Where you have provided us with your physical address, we will contact you by post. Where you have provided appropriate consent, we may also contact you by telephone and/or e-mail.

5.      Donations

All donations made via our website are handled through Worldpay (UK) Limited (Worldpay), a third party payment services provider. We recommend that you read Worldpay’s privacy policy (available at https://www.worldpay.com>privacy-policy) before effecting any transactions with us. We will provide your personal data to Worldpay only to the extent necessary for the purposes of processing payments for transactions you enter into with us. We do not store your financial details.

6.      Children’s data

We do not knowingly process data of any person under the age of 16. If we discover, or have reason to believe, that you are under 16 years of age and we are holding your personal information, we will delete that information within a reasonable period and withhold our services.

7.      Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this Privacy Policy, we will disclose your information to regulatory and/or government bodies and/or law enforcement agencies on request but only when required to do so in order to satisfy legal obligations which are binding on us.

8.      Security of and access to your personal data

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information. Your information is only accessible by appropriately trained staff and contractors. Where we use external service providers to process data on our behalf, we are responsible for ensuring that such processing complies with appropriate security measures.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our website. Any transmission that you make is therefore made at your own risk. However, once we have received your data, we will use strict procedures and security features to try to prevent any unauthorised or unlawful access to the same and all information you provide to us is stored securely.

Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.

9.      Your rights

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. You can do this by contacting us as set out in paragraph 14 below.

You also have the following rights:

(a)     Right to be informed: You have the right to be told how your personal information will be used. This Privacy Policy and other information on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used. You can check the personal data we hold about you and ask us to update it where necessary, by contacting us as set out in paragraph 14 below.

(b)     Right of access: You have the right to access certain information held about you. You can write to us at the address in paragraph 14 below to ask for confirmation of what information we hold on you, why we are holding it and to whom it could be disclosed and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have confirmed your identity, we have 30 days to comply.

 (c)     Right to rectification: If you believe our records of your personal information are inaccurate or incomplete, you have the right to ask for those records to be corrected.

(d)     Right to erasure: You can ask us to delete your personal information from our records, for example if you withdraw your consent. In many cases we would propose to stop further communications with you, rather than delete it.

(e)     Right to restrict processing: You have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.

(f)      Right to data portability: To the extent required by the General Data Protection Regulation (the GDPR), where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract or (iii) by automated means, you may ask us to provide it to you (or another service provider) in a machine readable format.

To exercise these rights, please send a description of the personal information in question using the contact details in paragraph 14 below. Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we reserve the right to ask for personal identification and/or further information.

Please note that some of these rights only apply in limited circumstances. For more information, you should consult the guidance issued by the Information Commissioner’s Office (the ICO), which can be found by searching for “Individual rights” on the ICO’s website https://ico.org.uk.

You can also make a complaint about us or the way we have processed your data to the ICO. For further information on how to exercise this right, please search “Report a concern” on the ICO’s website.

10. Lawful basis for processing

Under the GDPR we are required to have a lawful basis for processing your personal information. We process personal information on the basis of your consent. We will ask for your consent to use your information to send you written and electronic communications such as fundraising letters and emails and information about our activities. In the case of clients who give us sensitive personal information, we will ask for their explicit consent.

Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities so long as its use is fair, balanced and does not unduly impact individuals’ rights. We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent.

Most of our interactions with donors and users of our website are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter into contractual relationships with people, for example, if you apply for employment with us.

Sometimes we will be obliged to process your personal information in order to comply with legal obligations that are binding on us. We will only ever do so when strictly necessary.

When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.

11.    Data retention

In general, we may retain personal information collected from you for a period of 7 years after the last communication we have received from you. However, if (a) your personal information is no longer required in connection with the purpose(s) for which it was collected, (b) we are no longer lawfully entitled to process it or (c) you validly exercise your right to erasure, we will remove it from our records at the relevant time.

In the event that you ask us to stop sending you fundraising or other communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.

12.    Third party websites

Our website has links to the websites of other organisations. If you follow a link to any of these websites, please note that these websites, and any services that may be accessible through them, have their own privacy policies. We do not accept any responsibility or liability for those policies (and how they may be applied) or for any personal data that may be collected through those third party websites or services, such as contact and location data. Please check the privacy policies of any external websites you visit via links on our website before you provide any personal data to those websites or use their services.

13.    Changes to our Privacy Policy

We keep our Privacy Policy under regular review and we reserve the right to update it from time to time, for example, to reflect changes we might make to our services or to reflect changes in the law or best practice. Any changes we may make to our Privacy Policy in the future will be posted on this page. We recommend that you check this Privacy Policy regularly to ensure you remain happy with it. This version of the Privacy Policy is effective as from April 2018.

14.    Contacting us

If you have any comments or concerns regarding our Privacy Policy or the way in which we handle your personal data, please feel free to contact us by writing to the General Secretary, Friends of the Sick, Suite 69, 137-139 Brent Street, London NW4 4DJ or emailing us at info@ukfos.org. We are not required by law to have a Data Protection Officer.

 

Friends of the Sick (Chevrat Bikkur Cholim)

Suite 69, 137-139 Brent Street,

London NW4 4DJ

www.ukfos.org

Registered with the Charity Commission No. 210472