Date published: 28 January 2020
At PSC Support, we respect your privacy and take great care with personal information we hold about you. Personal information means information that can be used to identify you, such as your name, email address or phone number.
This policy sets out how we collect and handle information about you when you visit our website, use our services or subscribe to our news bulletins. We are concerned about protecting the privacy of young people and do not knowingly collect personal information from anyone under the age of 16.
1. Who we are
We’re PSC Support, the UK-based charity dedicated to improving the lives of people affected by primary sclerosing cholangitis (PSC). PSC Support is a charitable incorporated organisation (CIO) (registered charity number 1175427). PSC Support was previously registered with the Charity Commission as an unincorporated association (registered charity number 1115615).
2. Your rights under data protection laws
Under data protection laws, you have a number of rights relating to data protection which can be found on the Information Commissioner’s Office website: https://ico.org.uk/for-the-public/personal-information/.
3. How to get in touch with us
You can get in touch about personal information we hold about you or exercise any of your rights by contacting Martine Walmsley, Chair of Trustees of PSC Support:
- by email: email@example.com;
- by phone: 01235 25 35 45; or
- by writing to PSC Support, Unit 23056, PO Box 4336, Manchester, M61 0BW.
Please include any details that will enable us to find your relevant personal information. We may ask you to provide us with proof of identity before any action is taken or information is disclosed to avoid disclosing information to an imposter. Sometimes, these rights are subject to certain conditions and limitations.
If you are unhappy with our response to a data request you have made, you may contact the Information Commissioner’s Office https://ico.org.uk/for-the-public/personal-information/.
4. How we collect information about you
We collect information when you interact with PSC Support by email, by phone, in person or online such as when you send us a message, tell us about your fundraising, get in touch for support, apply for research funding, buy or order a product or browse our website.
As a small organisation, we have chosen to use trusted outsourced online services where this will provide a more secure, efficient service. We therefore collect information about you via these online services and as such they may share with us the information you have provided in accordance with their own privacy policies. These outsourced services include: the provision of email services, event management, survey management, e-commerce and payment processing.
We do not conduct automated decision making or profiling activities, including wealth screening, nor do we engage third parties to do so.
5. Looking after your information
The transmission of information over the internet is never completely secure. Although we do our best to protect your information, we cannot guarantee the security of information transmitted to our website and you do this at your own risk. Once we have received your information, we use strict procedures and security features to try to protect your information and prevent unauthorised access.
We store your personal information using modern up-to-date cloud-based software. Access to your personal information is limited to volunteers or staff of PSC Support who need access for their role in the charity and appropriate security and training is put in place to avoid unauthorised sharing of information.
Some of our service providers operate outside the European Economic Area (EEA). This means that your personal information may be transferred or stored at a destination outside the EEA. We select service providers carefully, seeking web-based services, encrypted communication, and two factor authentication access controls where possible. Where the provider is in the US, we require that they have certified compliance with the EU-U.S. Privacy Shield Framework, meaning they process your personal information according to a strong set of data protection rules and safeguards.
We will not pass on your personal information to other organisations for the purpose of direct marketing without your explicit prior consent. In certain circumstances, we will pass on your personal information to the police, regulatory bodies or legal advisors in the case of safeguarding or criminal activity.
6. Why we process information about you
6.1 Applications for Research Funding
When an application for research funding is submitted to PSC Support, the personal information collected as part of the application may include:
- first name, surname, title;
- address, email address, telephone numbers (personal and institutional); and academic and employment history. The individuals to which this information relates may include:
- the person making the application (the “Awardholder”);
- any person working on the activity for which we are providing funding under the Awardholder’s supervision, including any co-applicant, co-investigator or collaborator, sponsor, supervisor, consultant, sub-contractor, visiting fellow, students or employee of the Recipient (the “Research Personnel”); and
- the Head of Department of the person making the application.
The majority of this information will be provided by the Awardholder as part of his/ her application.
The information collected as part of the application will be reviewed internally, and may also be shared with members of the PSC Support Expert Panel and our Scientific Review Committee. The information may also be shared with external peer reviewers in order for them to review the application.
Processing personal information in this way is necessary for the purposes of our legitimate interests, those being to administer and evaluate the application, to assess eligibility for funding, to monitor funding statistics, and to contact the Awardholder about the application.
When an application for research funding is successful
If the Awardholder’s application for funding is successful in whole or in part, in addition to the information collected as part of the application, we may collect the name and contact details of the Awardholder’s Head of Department and Recipient’s finance/grants personnel, and the following information about the Awardholder and the Research Personnel:
- Award reference, title, period and value and type;
- Research progress information; and
- Outcomes relating to the Research.
We use different methods to collect this data, including through:
- information provided by the Awardholder as part of the application and Grant Start Form;
- information provided by the Awardholder as part of the interim, final and outcome reporting.
- the following third parties:
a) the university, institution, research council or other body by which the Awardholder is employed or at whose premises some or all of the activity funded by us will be carried out (the “Recipient”);
b) Researchfish; and
c) the Research Personnel.
The information will be used internally and may also be shared with members of our Expert Panel or external peer reviewers, our Scientific Review Committee, other research organisations or funding bodies (including the Association of Medical Research Charities (AMRC) and Researchfish.
It is necessary for the purposes of our legitimate interests to process the information in this way to administer and manage the performance of the award, administer our accounting records, monitor funding statistics, measure the outcome of our awards and the impact of funding, informing our future funding plans and to collaborate with other funders and research organisations to articulate and improve research outcomes.
We may publish information (including the information contained within the “Public Research Award Information” and “Lay Summary” sections in our Award Letter and Reports, and any material about the findings or outcome of the Awardholder’s research) on our website, news bulletins, annual report, promotional material and publications.
Publicising the information in this way is necessary for the purposes of our legitimate interests in supporting and developing our fundraising activities. It educates people affected by PSC and potential donors about our work and further publicises the Awardholder’s research.
6.2 When you send us a message
When you send us a message for information and support, to provide feedback, to make an enquiry or to complain, we may request your name, address, email address or phone number so that we can deal with and respond to your message or provide you with the information, products or services you have requested. The lawful basis for this processing is our legitimate interest to provide you with a response and/or services as you would reasonably expect following your request for contact. In some cases, such as when you ask for a collection box, our lawful basis for processing your information is our legal obligation to maintain proper records.
6.3 When you sign up for our email bulletins
When you sign up for our email bulletins, we may request your name, email address, country of residence and interest in PSC including health information.
Where you have specifically agreed, we use the information you provide to send to you general email bulletins or email bulletins that are relevant to your geographic region or interest in PSC.
We use anonymised data from our mailing list for providing statistics to support our charitable activities.
The lawful basis for sending you our email bulletins is consent. You can withdraw your consent at any time by unsubscribing yourself by clicking on the ‘unsubscribe’ links provided at the end of each news bulletin. Alternatively you can email firstname.lastname@example.org to request that you are unsubscribed and your personal information deleted from the mailing list.
The lawful basis for processing your anonymised data is our legitimate interest to provide statistics to support our work in PSC advocacy, information and research. This supports the charitable activities of PSC Support to improve the lives of people affected by PSC. We only collect details of your interest in PSC with your specific permission at the time you provide it.
6.4 When you sign up for Liver Patients’ Transplant Consortium (LPTC) emails
When you sign up for LPTC emails, we may request your name, email address, and patient organisation affiliation. We use this information to send you emails on behalf of the LPTC. You can inform us at any time that you no longer require LPTC emails.
We use anonymised data from the LPTC mailing list to provide statistics (on behalf of the LPTC) to support the activities of the LPTC. Access to LPTC mailing list information is limited to volunteers and staff of PSC Support and the current elected Chair(s) of LPTC.
The lawful basis for processing this information is PSC Support’s legitimate interest to send you LPTC emails on behalf of the LPTC to further the joint goals of the partnership of LPTC members. You can unsubscribe at any time by unsubscribing yourself by clicking on the ‘unsubscribe’ links provided at the end of each LPTC email. Alternatively you can email LPTC@pscsupport.org.uk to request that you are unsubscribed and your personal information deleted from the LPTC mailing list.
6.5 When you make a donation or payment to us
When you use our website to make a donation or payment, you provide your card information or bank details to our third party payment processors, who specialise in the secure online capture and processing of online financial transactions. The third party payment processors send information about your donation to PSC Support. We have access to the information needed to prepare our accounting records and in some cases, provide confirmation of receipt of donation and thanks and/or process Gift Aid claims and we do not have access to any personal financial information such as credit card numbers or bank account details.
If you donate to us by BACS or direct transfer, the information received by us is only what the bank identifies, which is usually your name, amount and date donated, and a reference number.
The lawful basis for this processing is our legitimate interest to administer your payment or donation and our legal obligation to maintain adequate accounting records.
If you indicate that you would like us to claim Gift Aid with your donation, we will pass your name, address and donation details to HMRC for processing.
The lawful basis for processing your personal information for Gift Aid is our legal obligation to process and maintain Gift Aid records.
6.6 When you set up an online fundraising page
To enable you to collect sponsorship money and donations easily, PSC Support is registered with online fundraising platforms. The use of the personal information that you provide to these platforms is governed by their own privacy policies.
When you set up a fundraising page, each platform may give PSC Support access to details of your fundraising and your contact details. We may use the information they provide about you to get in touch with you about your fundraising, for example to thank you for your fundraising efforts and for administrative purposes.
The lawful basis for this processing is our legitimate interest to record and support your fundraising.
6.7 When you ‘Tell Us Your Story’ or take part in a survey
The information you provide when you respond to our ‘Tell Us Your Story’ feature may include you voluntarily providing sensitive personal information relating to your health and family life in addition to some biographical and contact information. You can decide if you want to remain anonymous or if you are happy to share your personal details. To help further our work, we may make some of the information (including photographs and video) you provide public when you specifically agree. This may include publishing it on our website, in social media, in presentations at conferences and meetings, in our news bulletins and in materials promoting our advocacy and fundraising work, or in documents such as our Annual Report.
If you take part in a survey, we will only collect personal information if it is necessary for the purposes of that survey, and always describe the purpose of each survey and how the information will be used at the time you take part.
Our lawful basis for processing personal information when you complete a survey is our legitimate interest to collect and analyse survey data to help improve the lives of people affected by PSC.
Where we collect and use sensitive personal information, your email address or photo in a survey, our lawful basis is your specific consent. You can withdraw your consent at any time by emailing email@example.com.
6.8 When you appear in a video recording
When you appear in a video we may make that recording available to the public with your specific consent for the purposes of raising awareness of our condition and issues that affect people with PSC. This may include publishing it on our website, on YouTube, in social media, in presentations at conferences and meetings, in our news bulletins and in materials promoting our advocacy and fundraising work, or in documents such as our Annual Report. We will also collect your contact details so that we can keep in touch with you about the recording.
We use your specific consent as our lawful basis for using a recording of you. You can withdraw your consent at any time by emailing firstname.lastname@example.org.
6.9 When you buy or order something from us
PSC Support uses third party e-commerce services to sell products such as ‘eBay for Charity’. When you buy something from us via eBay, eBay provides us with details of your purchase and your contact details. We use your contact details to send you your purchase(s). We share your delivery address with the courier or postal service we use to send you the item. The lawful basis for this processing is performance of contract and we only use the information about you as you’d expect.
When you buy or order a product from our website, we collect details of your purchase and your contact details. We may collect financial information where you make a payment, such as bank details or credit/debit card details, although we don't store credit or debit card details (see section 6.5). We use your contact details to send you your purchase(s). We share your delivery address with the courier or postal service we use to send you the item. The lawful basis for this processing is performance of contract and we only use the information about you as you’d expect.
6.10 When you register for an event
When you register for an event we may ask you to provide your name, interest in PSC (health information), dietary requirements and other information relating to your attendance at the event.
The lawful basis for this processing is our legitimate interest to manage an event and we only ask you to provide the information necessary for us to organise and communicate with you about the event. We only use the information about you as you’d expect.
We use your specific consent as our lawful basis for processing your health information. You can withdraw your consent at any time by emailing email@example.com.
6.11 When you use our message boards or a social networking site
If you contact us directly via social media, then we will use the personal information you reveal to us for the purposes of responding to your message. The lawful basis for doing this is our legitimate interest to respond to your message.
6.12 When you use our website
When you use our website, we collect information about your use, including your IP address, how much time you spend on our site and what you like to view.
The lawful basis on which we process your personal information, strictly necessary for you to use to our website, is our legitimate interest in providing a website. For other cookies, we rely on your consent to provide you with the best possible communications and website we can. See PSC Support’s Cookie Declaration at https://www.pscsupport.org.uk/cookies/ for information on the cookies we use and to change or withdraw your consent to the cookies used at any time.
Links to other websites
7. How long we retain information about you
We will keep your personal information only for as long as it is reasonable to do so or in accordance with our legal obligations. We may ask you to renew your consent periodically. If you ask us to stop contacting you, to stop processing your information or unsubscribe, we will keep a limited record of your contact information to ensure we comply with your request.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information, we will promptly assess the risk to your rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
9. Changes to this policy
|Ref||Date of change||Details|
|PP07||26 March 2019||Correspondence address updated|
|PP08||03 May 2019||
Updated cookie information and signposted to Cookie Declaration
|PP09||06 Sep 2019||
1. Addition of numerical references to section headings
2. Deletion of ‘When you apply for research funding’ section
3. Addition of Section 6.1 ‘Applications for Research Funding’
4. Update details for online financial transactions in Section 6.5.
|PP10||28 Jan 2020||
1. Addition of clause to reflect option to order or purchase products from our website.
2. Clarification of lawful basis for processing data when registering for an event.