www.protect-erns.eu is owned and operated by Genetic Alliance UK
Registered in England and Wales Company Ltd by Guarantee No. 05772999
A charity registered in England and Wales (no. 1114195) and in Scotland (no. SC039299).
Updated: 24 May 2018
What information do we collect about you?
We may collect personal information that you share with us about you or your family when you contact or interact with Genetic Alliance UK.
The personal information we collect may include:
- Information that is relevant to the product or service you are signing up for when registering with Genetic Alliance UK, SWAN UK (as a family/individual) and/or Rare Disease UK.
- Questions, queries or feedback you send us via email, post or the website.
- Phone calls to us.
- Any personal information that you disclose in the course of participating in our research or surveys (see also Participating in Research section).
- Personal data you share with us when you place orders for merchandise or make a donation via email, over the phone on our website.
- Information you have posted via social media – this includes counting your name for our engagement statistics. SWAN UK operate private Facebook Groups and often ask questions to gather feedback or additional information to help improve services or monitor issues within the community. Wherever we plan to in some way save this information in our database, we will put this as part of the post. Information given in person during an event or meeting with a member of staff or volunteer. This only applies to personal information given at the registration of an event, or in the event of a safeguarding disclosure which requires our action in line with UK law.
- Your IP address, details of how you use the website and of which version of web browser you used when you visit the websites geneticalliance.org.uk, raredisease.org.uk, undiagnosed.org.uk and other microsites for campaigns such as undiagnosedchildrensday.uk and rarediseaseday.uk. We cannot personally identify you using this data.
- Information on how you use the above mentioned websites, using cookies and page tagging techniques to help us improve the website. We cannot personally identify you using this data.
Genetic Alliance UK never buys data nor do we auto enrol people onto our products or services. For details of how you can request all the information we hold on you or how to be forgotten see section: Your rights.
What do we use your information for?
We may use your information to:
- Administer your membership, product or the service you have signed up for.
- Provide information to you.
- Inform you of news and events in the field of genetic, rare and undiagnosed conditions.
- Offer you the opportunity to take part in research or to inform you of related research taking place.
- Inform you of member patient organisations work or related businesses.
- Ask for your opinion or feedback.
- Promote fundraising activities.
- Promote campaigns we are running.
Specifically for SWAN UK members to:
- Connect you with your Regional Parent Rep.
- Connect you with other families in your area (we wouldn’t do this without your express consent).
- Invite you to local events.
- Send you the quarterly newsletter and e-news.
- Offer you the opportunity to take part in research or policy work.
- Advertise a media opportunity we have.
Data collected when you visit our website
Whenever you browse our website, read pages, or download information, the web server Google Analytics automatically records certain information about your visit from the computer or device you use to access our site. This information does not identify you personally. It just tells us how many visitors come to our site, when they visit, how many pages they access, their internet browser (eg Microsoft Explorer or Firefox), their computer operating system (eg Windows XP) and the site they were on before they linked to ours (eg Google if they found us from a search engine). We also use other software to help us understand how people move around our site, and also to test how accessible our website is to people with disabilities. With this information, we can improve our site for all our visitors and make it more useful for everyone.
Cookies on our website’s
A cookie is a line of text and numbers that is created by our website and stored on your computer when you visit our site. The cookie does not collect or contain personal information about you and poses no security or virus risk to your computer. When you return to our site, the cookie associates your computer with the information that you gave us when you first visited or registered. It helps us evaluate how often visitors return to the site. Of course, you can still make full use of the site if you specifically choose to delete or not to accept the cookie on your browser.
Social media and other websites
Although our social media channels and Facebook groups are monitored regularly by staff, we have no control over information you or others may submit, post or share on social media or other websites – even where we link to them from our own website or they link to our website. When you use these sites you do so in accordance with the separate terms and conditions and policies of these sites.
Where your data is stored
We keep your data stored through Google Suite and using Salesforce. A copy of this data is automatically stored on our staff computers if saved on a spreadsheet or google sheet. All staff computers and google suite access is password protected.
We also store data on MailChimp, and on our website (stored on UK surveys that adhere to GDPR standards).
For research projects we store your survey data on a password protected SurveyMonkey account, accessible only by research staff. Audio recordings of interviews and focus groups, accompanying handwritten notes, and paper copies of survey responses, are stored in a locked cupboard in a secure office.
Keeping your data secure
We take our responsibilities very seriously and we have procedures and security features in place to try and keep your data secure once we receive it.
Access to your information is restricted to staff, formal volunteers, contractors and partners who need it to perform their work and who may only access this data in accordance with our Data Protection Policy. Sensitive information you give us is kept separate from other information and access is restricted to only members of staff working specifically on the SWAN UK project. The exception to this is case studies. As part of our policy and public affairs work, we will often contact patients we have an existing relationship with to see if they are open to media or publicly telling their personal story. If you give consent to this, those case studies are kept on file for up to 5 years to be used for media. You can withdraw consent for these to be used at any point by contacting anyone in the staff team.
Any personal data provided as part of a research project is only accessible by research team staff.
Salesforce is the charities database provider and is currently only used for SWAN UK membership. Access to the database is restricted to only SWAN UK members of staff. Read Salesforces security information here.
All staff and volunteers with access to your information are DBS checked and are subject to confidentiality agreements and agree to abide by our confidentiality agreement and code of conduct. Third party contractors (such as mailing houses), who are given your data in order to fulfil a service for Genetic Alliance UK have also signed agreements to state that your data will only be used for the purposes outlined by Genetic Alliance UK and will be destroyed on completion of that work.
Transmitting information over the internet is generally not completely secure, and we can’t guarantee the security of your data in transit. Any data you transmit to us over the internet is at your own risk.
How long do we hold your data?
While we are providing products or services to you, e.g e-newsletters, we will store your data in order to provide that service for as long as you want it. If you ask to ‘be forgotten’ and would like all information removed on you, we will do this and provide written confirmation that we have removed all of the information we hold on you (this applies to our own website and related microsites, we will be unable to remove your information or posts from any social media sites). The only exception to this is where such a request would contravene an existing reason/law that is of higher importance than your own to be forgotten. For example, if you have bought a ticket to an event in the future, and have then asked to be instantly forgotten, it is our duty as a service/product provider to keep you informed of that event – over the right to immediately be forgotten. See Your Rights section for more information.
If you have taken part in a research project, your research information will generally be kept for 3 years after the end of the project (subject to approval by a research ethics committee) and then securely destroyed or as otherwise stated in the participant information sheet. See Taking part in research section for more information.
Sharing your information
We rely on a number of trusted suppliers and partners working with us to provide a range of services to you. In order to provide you with these services we may need to share some of your personal information with our suppliers and partners from time to time so they can process it for us according to our instructions. We will never share more than is necessary to provide the service in question. For example, to send you a printed copy of a newsletter we need to give your address details to our print supplier.
In addition we may also have to pass on your personal information if we have a legal obligation to do so. We will never share your information with any other organisations for commercial purposes or other purposes. For the purpose of communicating with our supporters, members and general public, we use and store data with the following companies. You can view the way that they handle your data by clicking on them:
Online donations and purchases
When you are using our secure online donation page or purchase our merchandise or products online or over the phone, you are going through to a partner company and the information you give such as your credit card number and contact information is provided to them so the transaction can take place. Below are the companies we use for these services. You can click on them to find out how they use and store your data:
Taking part in research
The storage and security of any personal information submitted as a research participant is outlined in earlier sections of this document. In analysing and reporting research findings, we anonymise data and make every effort to minimise the risk of identification e.g. by removing specific clinic names from data. These arrangements are also detailed for each research project in the participant information sheet and approved by national research ethics committees where appropriate.
In accordance with the new GDPR legislation (May 2018), all data breaches of personal data will be reported to the Information Commissioner’s Office within 7 days.
You can contact us to request a copy of any information we hold about you, ask us to correct or remove any inaccurate information or ask us to delete some or all of the information we have collected about you and your family at any time, and at no cost.
You have the right to be forgotten – which means Genetic Alliance UK will remove all information that it holds on you. The only exception to that is if we have a legal obligation to keep your data in order to fulfil a contract (commercial or service) with you. If you want to be ‘forgotten’ please contact the office on the details below. This cannot apply to social media, you are responsible for posts you have made on our social media site, and therefore must remove them yourself.
It is your right to request any personal information that we hold on you as part of an ‘access request’. This comes at no cost to you and we are committed to providing that information to you within 1 month. Please send your access requests to the office details below.
You can unsubscribe from any of our communications at the bottom of each of our mailings, or by unfollowing us on social media channels. If you want to call us to be unsubscribed manually from anything that we send you, please contact the office and we will do that for you.
It is our commitment that we will only collect relevant information on you. If you have been asked to fill in your details and want to know why we have asked for a specific piece of information, contact us and we will explain why.
It is our policy to ensure that it is clear whenever you interact with us, what you are signing up to receive. If you ever have questions on that, please don’t hesitate to get in touch.
We regularly review and update this policy to make sure it is accurate and simple to understand. This policy was last updated in 24 May 2018
How to Contact Us
Please contact us if you have any questions about this policy or the information that we hold about you.
+44 (0)20 7831 0883
The Data Protection Officer is currently Emma Damian-Grint, Director of Fundraising and Communications, and can be contacted at: firstname.lastname@example.org / 0207 883 0883