HOW WE USE YOUR DATA
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘BPC, it refers to Behçet’s Patients Centres. (Our ICO registration number is Z3628738).
What personal data do we collect?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need.
We collect personal data in connection with specific non-medical support via your contact with the Behçet’s Patients Centres Support Coordinators.
This personal data you give us may include name, title, address, date of birth, age, gender, employment status, email address, telephone numbers.
Personal data provided by you
This includes information you give when interacting with us, for example during meetings and conversations with a Behçet’s Patients Centres Support Coordinator. For example:
Personal details (name, date of birth, email, address, telephone, and so on) when you contact a Behçet’s Patients Centres Support Coordinator.
Financial information (income and expenditure when assessing claims for income benefits and other grants).
Information we generate
We conduct feedback research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your feedback received via online feedback surveys, we may be able to recommend other services and support that could be of benefit to you and other patients.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in our fair processing notice in a transparent manner at the time of collection where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us deliver our charitable activities.
Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our services;
· to support benefit applications and appeals
· to signpost you to other agencies for alternative support
· to carry out our obligations arising from any discussions between you and us;
· seek your views or comments on the services we provide via online feedback surveys;
· improve our services;
· report on the service and support provided to NHS England
send you communications which you have requested and that may be of interest to you. These may include information about benefits, grant aid, support groups, promotions about the services of our associated organisation, the Behçet’s Syndrome Society.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data please contact us via email at email@example.com, or write to us at Data Controller, Behçet’s Patients Centres c/o Critchleys LLP, Beaver House, 23-38 Hythe Bridge St, Oxford OX1 2EP
Your data protection rights (DPO)
Where we are using your personal data on the basis of consent, you have the right to withdraw that consent at any time.
Tell us by using the contact details above.
Subject access rights
If you would like further information on your rights or wish to exercise them, please write to us at Data Controller, Behçet’s Patients Centres c/o Critchleys LLP, Beaver House, 23-38 Hythe Bridge St, Oxford OX1 2EP or email firstname.lastname@example.org.
You will be asked to provide the following details:
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
How we secure and store your data
Information system and data security is imperative to us to ensure that we are keeping our patients and employees safe.
When you trust is with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure.
Behçet’s Patients Centres operations are based in the UK and we store most of our data within the European Union (EU). Some organisations which provide services to us may transfer data outside the European Economic Area, but we’ll only allow this if your data is adequately protected.
Any information is encrypted and protected and stored using cloud-based technology. We utilise the services of Salesforce http://www.salesforce.com/uk/company/ who delivers its service in the cloud via datacentres in the United Kingdom, France and Germany. Salesforce is the name of the Salesforce cloud computing Customer Relationship Management(CRM) service. Non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Disclosing and sharing information
We do not allow third parties access to your information and we do not sell or share your personal information for other organisations to use.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Behçet’s Patients Centres. This includes exchanging information with other companies and organisations for the purposes of fraud protection.