In this privacy statement, whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the Chilterns Neuro Centre and its trading subsidiary Oakwood Wellbeing Limited.
How we use your personal information
Your personal information is important to us, and we respect the trust it represents.
The law says we must use one of these reasons whenever we process or share your personal data:
- Contract – when we process your personal information to fulfil a contractual or potential contractual arrangement. For example, a grant application.
- Consent – where you agree to us using your information. For example, so we can send you marketing emails and SMS. Whenever we process your information on the basis of your consent, you are free to change your mind and withdraw this consent. Find more information on this page, in the ‘Your information rights’ section.
- Legitimate interest – where we use your data in a way we think you would consider to be appropriate because of our relationship. For example, to monitor and improve our services, or send information about fundraising by post. In each case where we use your data based on our legitimate interests, we carefully balance your rights and expectations to make sure processing is fair to you. We will never process your health data or other sensitive personal information on this basis.
- Legal obligation – where there is a statutory or other legal requirement to process or share the information. For example, to claim Gift Aid.
Our processing about you if you are a supporter or member:
- Handling the administration of your gift or donation when received by cash, cheque, credit/debit card, direct debit, standing order and charity vouchers, or any other means. Our lawful basis is contractual.
- Administering Gift Aid and Gift Aid declaration forms. Our lawful basis is a legal obligation.
- Providing you with campaign information and requests on issues that are important to people affected by MS Parkinsons and stroke. Our lawful basis is consent for email and SMS and a legitimate interest in campaigning to support our mission for other communications.
- Keeping you informed of fundraising opportunities. Our lawful basis is consent for email and SMS and a legitimate interest to generate funds to support our mission for other types of communications.
- We may analyse your personal information to create a profile of your interests and preferences so we can better understand the people who support us and keep records of your gifts and engagement with our work. This helps us make appropriate requests to supporters who may be able and willing to do more than they already do. It means we can raise more funds, sooner, and more cost-effectively. Our lawful basis is a legitimate interest to generate funds to support our mission.
- Processing your equality and diversity information to understand our supporters and members and improve our reach. Our lawful basis is consent.
Our processing about you if you use our services and support:
- Providing you with the service or information you’ve requested. Our lawful basis is contractual or legitimate interest, so we can help you efficiently.
- Processing your health data including diagnosis and symptoms to provide you with relevant information and signpost appropriate service and support. Our legitimate interest is consent.
- Effectively managing events and conferences and providing you with information about them. Our lawful basis is consent (email and SMS) and legitimate interests (other) to send you direct marketing.
- Informing you of enhancements to our support and services. Our lawful basis is consent (email and SMS and legitimate interest (other) in improving the reach of our services
- Monitoring the appropriate use of our information, products, services and support. Our lawful basis is a legitimate interest in improving user interactions, safeguarding, security of data, systems and services.
Processing about you if you’re a supplier or contractor:
Managing and monitoring personal, contractual, performance and financial information. Our lawful basis is contractual.
Our processing about you if you are a volunteer, employee, contractor or applicant:
- Assessing your application for an employment or volunteering position including references. Our lawful basis is contractual (staff) and legitimate interest (volunteers) so we can process your application efficiently.
- Processing the outcome of Disclosure and Barring Service or Access NI criminal record searches (where appropriate for the role) to verify declarations at application and protect our members and our organisational interests. Our lawful basis is a legal obligation.
- Managing personal records including performance and disciplinary information and financial information of volunteers. That includes expenses and emergency contacts. Our lawful basis is legitimate interest in efficient management of our relationship.
- Managing personal records including performance and disciplinary information. And financial information of staff including payroll, PAYE, leave and other terms and benefits associated with contract of employment, as well as sickness and occupational health records. Our lawful basis is contractual.
- Safeguarding our members, volunteers, staff and people who use our services. Our lawful basis is legal obligation.
- Passing your details, when required, to the Health and Safety Executive (HSE) and, where appropriate, our insurers and our solicitors if you are involved in an accident or incident while on our premises, or when taking part in one of our events or activities. Our lawful basis is lawful obligation (HSE) and legitimate interests in facilitation of our legal interests.
- Providing references. Our lawful basis is consent.
- Processing your equality and diversity information to make sure our recruitment processes are fair and to monitor workplace diversity. Our lawful basis is a legal obligation (at recruitment) or consent for ongoing processing.
Processing relating to all contact types.
- Improving our website and the range of services and products we provide. Our lawful basis is consent (cookies) and legitimate interest (other) in improving our offering.
- Understanding your perspective and requirements through surveys you participate in. Our lawful basis is a legitimate interest in improving our offering.
- Contacting you with appropriate marketing messages. Our lawful basis is consent(email and SMS) and legitimate interests (other marketing) in direct marketing.
- Detecting, investigating and reporting a financial crime. Our lawful basis is a legitimate interest in the efficient use of donated funds.
- Setting up and managing your account. Our lawful basis is a legitimate interest in efficient and effective management of our relationship.
- Maintaining network and data security. Our lawful basis is legitimate interest in making sure your information is safe and confidential.
- Responding to your comments or complaints. Our lawful basis is legitimate interest in efficient management of our relationship.
- Maintaining CCTV footage, visitor registration and access control systems on premises. Our lawful basis is legitimate interest to protect the safety of people and the security of our assets.
When we process any of your information on the basis of your consent you may change your mind and withdraw this consent. Find out more in the Your information rights section on this page.
What personal information we hold about you
We only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
- your name
- your contact details.
But we may request other information where it’s appropriate and relevant, for example:
- your bank details
- your profession
- how you would like us to contact you
- age or date of birth, where relevant to your participation in an event or activity
- accessibility or medical information where relevant
- details of any accident or incident you may have been involved in while on our premises or while taking part in our events or activities.
Special category data
We recognise some sensitive ‘special category’ data needs more protection. This includes data on: health, race or ethnicity, political opinions, religion, trade union membership, sexuality, biometric and genetic data. Our processing of special category data includes:
- information about your suitability or eligibility for a service – for example: information about your MS, Parkinson’s or stroke or the treatments you receive, to help us provide relevant information or support and tailor our services to meet your needs. Or information about your financial circumstances, in relation to a hardship fund application
- accessibility or medical information where relevant to your participation in an event or activity
Sometimes we ask for extra information about your relationship with your condition, quality of life, socio demographic information and other sensitive personal information. This helps us develop insights into our representation and reach, raise more money and improve our services for everyone affected by neuro conditions.
Where we collect your personal information
We collect personal information about you in several ways:
- on our website when you: support us through making a donation, volunteering, being part of our local groups or other services, joining a campaign, pledging a gift in your will, create a personal profile or use our social forums
- when you contact our team by mail, phone, email or live chat
- when you register to attend one of our in-person or online events
- when you contact us about one of our services – for example if you ask us to send you a publication, or speak to one of our staff or volunteers about how we can support you
- when you complete one of our online or paper-based surveys
- when you have used a social media platform to contact us – Facebook, Twitter, LinkedIn or Instagram
- through an accident and incident form when you have been involved in an accident or incident on one of our premises or when attending one of our events or activities.
- when you visit our premises
We may collect your personal information from other organisations. For example:
- if you take part in an event run by another organisation we partner with, like the London Marathon
- when you raise funds through JustGiving, Give As You Live or similar websites.
- through social media platforms like Facebook, Twitter, LinkedIn or Instagram.
We always check that third parties and other organisations have consent from you to pass your information on to us. We sometimes use data from:
- the electoral roll
- reputable organisations you’ve given your permission to for your data to be shared or sold.
Who we share your data with
We do not share or sell your data to any other charity or company for their marketing purposes.
However, there are some situations where we use privacy-assessed suppliers to help us administrate the services we supply to you, for example:
- IT companies to help us deliver our range of services
- website hosting companies we use to administer our website content
- online hosting companies to facilitate events, meetings and webinars
We also use trusted suppliers to help us with marketing:
- mailing houses to send our newsletters, appeals and raffles or invitations for our events and fundraising materials
- email service providers to send our emails and manage your marketing permissions
- telemarketing agencies to contact you by phone or SMS
- organisations which help us keep your information accurate and up to date
Under some circumstances we may disclose or share your information without your consent, for example if we are required by the police, the courts, or for other legal reasons, including:
- sharing accident and incident information with the Health and Safety Executive, our insurers and our solicitors
- to report safeguarding concerns
How we keep your personal information safe
We take our obligation to keep your personal data safe and secure very seriously. Within the centre, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members and our nominated volunteers are only allowed access to your personal data if they have been sufficiently trained in data handling.
We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected from unauthorised access.
Our suppliers are not allowed to use your information for their own business purposes. We require these companies to have sufficient organisational and technical measures in place to make sure they can keep your data safe and follow our processing instructions.
How long we keep your personal information.
We keep your personal information no longer than necessary for our processing purposes.
In certain circumstances we have a statutory obligation to keep your personal information for a set period of time (normally six to seven years). This mainly concerns financial information including your donations or Gift Aid contributions.
Your information rights.
We respect the rights you have over the personal information that we hold about you.
To withdraw consent
When we process any of your information on the basis of your consent you may change your mind and withdraw this consent.
You can easily withdraw the permissions you have given us at any time either by using our contact details in this policy, or by using the methods we tell you about in our communications. For example. using the ‘unsubscribe’ link on our emails.
For access to your personal information
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and correct any inaccuracies.
To restrict the use of your personal information
You have a right to ask us to restrict the processing of some or all of your personal information in the following situations if:
- some information we hold on you isn’t right
- we’re not lawfully allowed to use it.
- you need us to retain your information in order for you to establish, exercise or defend a legal claim
- you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
To erase your personal information
You may ask us to delete some or all of your personal information. We will follow your instructions unless we have a legal reason to retain the information.
For your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
To object to our use of your personal information
If we are processing your personal information based on our legitimate interests or for scientific or historical research or statistics, you have a right to object to our use of your information. If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible and within 28 days.
If you want to exercise any of the above rights, please contact Liz Tubb at firstname.lastname@example.org
We may need to ask for more information or evidence of identity. We will do our best to respond fully to all requests within one month of receipt, however if we are unable to, we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will apply in all circumstances. Find more information in the guidance published by the UK’s Information Commissioner’s Office (ICO).
What to do if you have a complaint
If you have a complaint please contact our Data Protection Officer by email at email@example.com
If you are not satisfied with the we handle it, you can refer your complaint to UK Information Commissioner’s Office.
Links to other websites
We link our website directly to other sites, including sites that provide information, services, resources and fundraising opportunities that are not directly associated with us.
This privacy notice does not cover the links within our site to other websites and organisations.
We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
This Privacy Notice describes the main personal data processing we do. It doesn’t provide every detail of all the ways we collect and use personal information. If you need any extra information or have any questions, please contact us on 01296 696 133
We review our privacy notice regularly.
We last updated this privacy notice on: 3 July 2023