Date published: 19 May 2018
At PSC Support, we respect your privacy and take great care with personal information we hold about you. Personal information means information that can be used to identify you, such as your name, email address or phone number.
This policy sets out how we collect and handle information about you when you visit our website, use our services or subscribe to our news bulletins. We are concerned about protecting the privacy of young people and do not knowingly collect personal information from anyone under the age of 16.
Who we are
We’re PSC Support, the UK-based charity dedicated to improving the lives of people affected by primary sclerosing cholangitis (PSC). PSC Support is a charitable incorporated organisation (CIO) (registered charity number 1175427). Principal office: 3 Gary O’Donnell Drive, Didcot OX11 6BT. PSC Support was previously registered with the Charity Commission as an unincorporated association (registered charity number 1115615).
Your rights under data protection laws
Under data protection laws, you have a number of rights relating to data protection which can be found on the Information Commissioner’s Office website: https://ico.org.uk/for-the-public/personal-information/.
How to get in touch with us
You can get in touch about personal information we hold about you or exercise any of your rights by contacting Martine Walmsley, Chair of Trustees of PSC Support:
- by email: firstname.lastname@example.org;
- by phone: 01235 25 35 45; or
- by writing to PSC Support, 3 Gary O’Donnell Drive, Didcot OX11 6BT.
Please include any details that will enable us to find your relevant personal information. We may ask you to provide us with proof of identity before any action is taken or information is disclosed to avoid disclosing information to an imposter. Sometimes, these rights are subject to certain conditions and limitations.
If you are unhappy with our response to a data request you have made, you may contact the Information Commissioner’s Office https://ico.org.uk/for-the-public/personal-information/.
How we collect information about you
We collect information when you interact with PSC Support by email, by phone, in person or online such as when you send us a message, tell us about your fundraising, get in touch for support, apply for research funding, or browse our website.
As a small organisation, we have chosen to use trusted outsourced online services where this will provide a more secure, efficient service. We therefore collect information about you via these online services and as such they may share with us the information you have provided in accordance with their own privacy policies. These outsourced services include: the provision of email services, event management, survey management, e-commerce and payment processing.
We do not conduct automated decision making or profiling activities, including wealth screening, nor do we engage third parties to do so.
Looking after your information
The transmission of information over the internet is never completely secure. Although we do our best to protect your information, we cannot guarantee the security of information transmitted to our website and you do this at your own risk. Once we have received your information, we use strict procedures and security features to try to protect your information and prevent unauthorised access.
We store your personal information using modern up-to-date cloud-based software. Access to your personal information is limited to volunteers or staff of PSC Support who need access for their role in the charity and appropriate security and training is put in place to avoid unauthorised sharing of information.
Some of our service providers operate outside the European Economic Area (EEA). This means that your personal information may be transferred or stored at a destination outside the EEA. We select service providers carefully, seeking web-based services, encrypted communication, and two factor authentication access controls where possible. Where the provider is in the US, we require that they have certified compliance with the EU-U.S. Privacy Shield Framework, meaning they process your personal information according to a strong set of data protection rules and safeguards.
We will not pass on your personal information to other organisations for the purpose of direct marketing without your explicit prior consent. We will not pass on your personal information to clinicians or researchers without your explicit prior consent. In certain circumstances, we will pass on your personal information to the police, regulatory bodies or legal advisors in the case of safeguarding or criminal activity.
Why we process information about you
When you send us a message
When you send us a message for information and support, to provide feedback, to make an enquiry or to complain, we may request your name, address, email address or phone number so that we can deal with and respond to your message or provide you with the information, products or services you have requested. The lawful basis for this processing is our legitimate interest to provide you with a response and/or services as you would reasonably expect following your request for contact. In some cases, such as when you ask for a collection box, our lawful basis for processing your information is our legal obligation to maintain proper records.
When you apply for research funding
If you apply for research funding from PSC Support, we will only use the information you give us to evaluate your application and to monitor funding statistics and administer our accounting records. Your application will be shared only with members of our Expert Panel, under a strict Code of Conduct to maintain confidentiality.
Any information about your research project that we make public is with your specific prior agreement.
The lawful basis for this processing is our legitimate interest to evaluate your funding application fairly and if funding is provided, to process and record the funding efficiently and securely as you would reasonably expect.
When you sign up for our email bulletins
When you sign up for our email bulletins, we may request your name, email address, country of residence and interest in PSC including health information.
Where you have specifically agreed, we use the information you provide to send to you general email bulletins or email bulletins that are relevant to your geographic region or interest in PSC.
We use anonymised data from our mailing list for providing statistics to support our charitable activities.
The lawful basis for sending you our email bulletins is consent. You can withdraw your consent at any time by unsubscribing yourself by clicking on the ‘unsubscribe’ links provided at the end of each news bulletin. Alternatively you can email email@example.com to request that you are unsubscribed and your personal information deleted from the mailing list.
The lawful basis for processing your anonymised data is our legitimate interest to provide statistics to support our work in PSC advocacy, information and research. This supports the charitable activities of PSC Support to improve the lives of people affected by PSC. We only collect details of your interest in PSC with your specific permission at the time you provide it.
When you sign up for Liver Patients’ Transplant Consortium (LPTC) emails
When you sign up for LPTC emails, we may request your name, email address, and patient organisation affiliation. We use this information to send you emails on behalf of the LPTC. You can inform us at any time that you no longer require LPTC emails.
We use anonymised data from the LPTC mailing list to provide statistics (on behalf of the LPTC) to support the activities of the LPTC. Access to LPTC mailing list information is limited to volunteers and staff of PSC Support and the current elected Chair(s) of LPTC.
The lawful basis for processing this information is PSC Support’s legitimate interest to send you LPTC emails on behalf of the LPTC to further the joint goals of the partnership of LPTC members. You can unsubscribe at any time by unsubscribing yourself by clicking on the ‘unsubscribe’ links provided at the end of each LPTC email. Alternatively you can email LPTC@pscsupport.org.uk to request that you are unsubscribed and your personal information deleted from the LPTC mailing list.
When you make a donation or payment to us
When you use our website to make a donation or payment, you provide your card information or bank details to our third party payment processors, Stripe and GoCardless, who specialise in the secure online capture and processing of credit/debit card and direct debit transactions. The third party payment processors send information about your donation to PSC Support. We have access to the information needed to prepare our accounting records and in some cases, provide confirmation of receipt of donation and thanks and/or process Gift Aid claims and we do not have access to any personal financial information such as credit card numbers or bank account details.
If you donate to us by BACS or direct transfer, the information received by us is only what the bank identifies, which is usually your name, amount and date donated, and a reference number.
The lawful basis for this processing is our legitimate interest to administer your payment or donation and our legal obligation to maintain adequate accounting records.
If you indicate that you would like us to claim Gift Aid with your donation, we will pass your name, address and donation details to HMRC for processing.
The lawful basis for processing your personal information for Gift Aid is our legal obligation to process and maintain Gift Aid records.
When you set up an online fundraising page
To enable you to collect sponsorship money and donations easily, PSC Support is registered with online fundraising platforms. The use of the personal information that you provide to these platforms is governed by their own privacy policies.
When you set up a fundraising page, each platform may give PSC Support access to details of your fundraising and your contact details. We may use the information they provide about you to get in touch with you about your fundraising, for example to thank you for your fundraising efforts and for administrative purposes.
The lawful basis for this processing is our legitimate interest to record and support your fundraising.
When you ‘Tell Us Your Story’ or take part in a survey
The information you provide when you respond to our ‘Tell Us Your Story’ feature may include you voluntarily providing sensitive personal information relating to your health and family life in addition to some biographical and contact information. You can decide if you want to remain anonymous or if you are happy to share your personal details. To help further our work, we may make some of the information (including photographs and video) you provide public when you specifically agree. This may include publishing it on our website, in social media, in presentations at conferences and meetings, in our news bulletins and in materials promoting our advocacy and fundraising work, or in documents such as our Annual Report.
If you take part in a survey, we will only collect personal information if it is necessary for the purposes of that survey, and always describe the purpose of each survey and how the information will be used at the time you take part.
Our lawful basis for processing personal information when you complete a survey is our legitimate interest to collect and analyse survey data to help improve the lives of people affected by PSC.
Where we collect and use sensitive personal information, your email address or photo in a survey, our lawful basis is your specific consent. You can withdraw your consent at any time by emailing firstname.lastname@example.org.
When you appear in a video recording
When you appear in a video we may make that recording available to the public with your specific consent for the purposes of raising awareness of our condition and issues that affect people with PSC. This may include publishing it on our website, on YouTube, in social media, in presentations at conferences and meetings, in our news bulletins and in materials promoting our advocacy and fundraising work, or in documents such as our Annual Report. We will also collect your contact details so that we can keep in touch with you about the recording.
We use your specific consent as our lawful basis for using a recording of you. You can withdraw your consent at any time by emailing email@example.com.
When you buy something from us
PSC Support uses third party e-commerce services to sell products such as ‘eBay for Charity’. When you buy something from us via eBay, eBay provides us with details of your purchase and your contact details. We use your contact details to send you your purchase(s). We share your delivery address with the courier or postal service we use to send you the item. The lawful basis for this processing is performance of contract and we only use the information about you as you’d expect.
When you register for an event
When you register for an event we may ask you to provide your name, interest in PSC (health information), dietary requirements and other information relating to your attendance at the event.
The lawful basis for this processing is our legitimate interest to manage an event and we only ask you to provide the information necessary for us to organise and communicate with you about the event. We only use the information about you as you’d expect.
We use your specific consent as our lawful basis for using your email to communicate with you about the event and using your health information. You can withdraw your consent at any time by emailing firstname.lastname@example.org.
When you use our message boards or a social networking site
If you contact us directly via social media, then we will use the personal information you reveal to us for the purposes of responding to your message. The lawful basis for doing this is our legitimate interest to respond to your message.
When you use our website
When you use our website, we collect information about your use, including your IP address, how much time you spend on our site and what you like to view. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website. We may also track which pages users visit when they click on links in our email bulletins to improve our email bulletins and website.
The lawful basis on which we process your personal information in these circumstances is our legitimate interest to provide you with the best possible communications and website we can and to ensure that our website is kept secure.
Use of 'cookies'
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. For further information on how to control cookies visit the Information Commissioner’s Office. https://ico.org.uk/for-the-public/online/cookies/ Turning cookies off may result in a loss of usability when using websites.
Links to other websites
How long we retain information about you
We will keep your personal information only for as long as it is reasonable to do so or in accordance with our legal obligations. We may ask you to renew your consent periodically. If you ask us to stop contacting you, to stop processing your information or unsubscribe, we will keep a limited record of your contact information to ensure we comply with your request.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information, we will promptly assess the risk to your rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
Changes to this policy