Privacy Policy

1. INTRODUCTION

Haemophilia Scotland is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.

Due to changes in rules which govern how we can communicate with you and a new regulation on personal data (the General Data Protection Regulation) coming into force in May 2018, we are introducing a new approach that relies on you giving us your consent about how we contact you. This means that you will have the choice as to whether you want to receive these messages and be able to select how you want to receive them (email, post etc.).

You can decide not to receive communications or change how we contact you at any time. If you wish to do so, please contact us,

by emailing hello@haemophilia.scot, or writing to

Haemophilia Scotland
Fourth Floor, Hayweight House
23 Lauriston Street
Edinburgh EH3 9DQ

or telephoning 0131 281 7366 (Lines open Monday-Friday, 9:00am-5:30pm)

We will never sell your personal data, and will only ever share it with organisation we work with where necessary and if its privacy and security are guaranteed.

Questions?

If you have any questions about this policy, please contact,

Chief Executive Officer
Haemophilia Scotland
Fourth Floor, Hayweight House
23 Lauriston Street
Edinburgh EH3 9DQ

or email hello@haemophilia.scot

2. ABOUT US

We are a Scottish Charitable Incorporated Organisation, Charity Number SC044298. We provide information, support, and advocacy services for individuals and families with inherited bleeding disorders in Scotland.

Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Haemophilia Scotland.
For the purposes of data protection law, Haemophilia Scotland will be the Controller.

3. WHAT INFORMATION WE COLLECT

Personal data

We hold the following personal data to enable us to provide membership, information, support, and advocacy services. This includes information you give when joining or communicating with us. For example:

  • Names
  • Addresses
  • Emails
  • Telephone Numbers
  • Family Relationships
  • Dates of Birth
  • Interests (such being interested in any of our groups or projects).
  • Financial situation
  • Political Constituencies
  • Donation records
  • Gift Aid amounts and status
  • Employer
  • Photographs
  • Online Identifiers, such as IP addresses
  • Social Media accounts
  • Notes of conversations or correspondence

Your activities and involvement with Haemophilia Scotland will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our campaigns and activities. If you decide to donate to us then we will keep records of when and how much you give to a particular cause.

Sensitive personal data

We store sensitive personal data (such as information relating to health) about our members. We take extra care to ensure your privacy rights are protected.
Where it has been provided to us we also hold special/sensitive personal data, such as information about health.

  • Diagnoses (including viral status where applicable).
  • Treatment Centre(s).
  • Records of accidents and incidents at our offices or events.

Volunteering

If you are a volunteer (whether for specifically Haemophilia Scotland, or if you are helping us for other reasons – for example you work for another organisation which is running an event with us) then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an  insurance or legal claim) and for safeguarding purposes.

4. HOW WE USE INFORMATION

Marketing

We use personal data to communicate with people, to promote the Haemophilia Scotland and to help with fundraising. This includes keeping you up to date with our news, updates, campaigns and fundraising information.

Administration

We use personal data for administrative purposes. This includes:

  • receiving donations (e.g. direct debits or gift-aid instructions);
  • maintaining databases of our volunteers, members and supporters;
  • performing our obligations under membership rules;
  • helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).

Internal research and analysis

We carry out research and analysis of our supporters, donors and volunteers, to determine the success of campaigns and appeals, better understand behaviour and responses and identify patterns and trends. This helps inform our approach towards campaigning and make Haemophilia Scotland a stronger and more effective organisation. Understanding our supporters, their interests and what they care about also helps us provide a better experience (e.g. through more relevant communications).

Supporter research and profiling

We evaluate, categorise and profile personal data in order to tailor materials, services and communications (including targeted advertising) and prevent unwanted material from filling up your inbox. This also helps us understand our supporters, improve our organisation and carry out research.

What is the legal basis for processing your personal data?

For most of the personal data we hold our legal basis for processing it is the contract or implicit contract between us and you. For example, if you are member then we hold the data we need to fulfil our obligation to provide membership services. We also ask for explicit consent to hold personal data, in particular the more sensitive date which relates to health and diagnosis. In some cases we process data to on the basis of vital
interest, for example if you attend one of our events and tell us you have a severe nut allergy. Processing is necessary for the legitimate interests of Haemophilia Scotland to ensure we can provide a reliable and targeted support service for our members.

Data processing is also necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement and in these cases our legal basis for processing data is to fulfil our legal obligations.

5. DISCLOSING AND SHARING DATA

We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our partners, or third party products and services, but these communications will always come from Haemophilia Scotland and are usually incorporated into our own materials (e.g. advertisements in magazine or newsletters).

Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another charity). We’ll only share information when necessary and will notify you first.

6. MARKETING

We will ask our members to “opt-in” for most communications. This includes all our marketing communications (the term marketing is broadly defined and, for instance, covers information about the Inquiry and our events programme).

This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (post, phone, email, text).

The proper governance of a Scottish Incorporated Charitable Organisation, and our constitution, requires us to contact our members from time to time, for example to notify the date and time of our Annual General Meeting.

You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing hello@haemophilia.scot, writing to

Haemophilia Scotland
Fourth Floor, Hayweight House
23 Lauriston Street
Edinburgh
EH3 9DQ

or telephoning 0131 281 7366 (Lines open 9am 5:30pm, Monday – Friday).

What does marketing mean?

Marketing does not just mean offering things for sale, but also includes news and information about:

  • Our charity, campaigns, projects, services, and events programme;
  • Haemophilia Scotland benefits and offers;
  • Volunteering opportunities;
  • Fundraising (including donations and also competitions, raffles etc.);
  • Our other, activities and interest groups.

When you receive a communication, we may collect information about you respond to or interact with that communication, and this may affect how we communicate with you in future.

Newsletters and magazines

Our membership magazine, The Wire, is provided as a benefit to our members. We send these out to all our members (unless you specifically ask us not to) and you can choose to unsubscribe from general marketing communications without giving up your subscription to The Wire. However, please be aware that member magazines do include advertisements, competitions and fundraising information.

Inappropriate website content

If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content on our forums or social media pages, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.

Fundraising

As a charity, we rely on donations and support from others to continue our work. From time-to-time, we will contact members and supporters with fundraising material and communications. This might be about an appeal, a competition we’re running, or to suggest ways you can raise funds (e.g. a sponsored event or activity, or even buying a product if Haemophilia Scotland will receive some of the proceeds).

As with other marketing communications, we’ll only contact you specifically about fundraising if you’ve opted into to receiving marketing from us (and you can, of course, unsubscribe at any time).

7. RESEARCH AND PROFILING

Analysing and grouping

We analyse our supporters to determine common characteristics and preferences. We do this by assessing various types of information including behaviour (e.g. previous responses) or demographic information (e.g. age or location)

By grouping people together on the basis of common characteristics, we can ensure that group is provided with communications, products, and information which is most important to them. This helps prevent your inbox from filling up, and also means we aren’t wasting resources on contacting people with information which isn’t relevant to them.

Profiling to help us understand our members

If, based on previous information that has been provided to us, (such as geographical location, demographics or previous involvement), it appears an individual might be willing and able to help Haemophilia Scotland and support its cause, we may contact them if they wish to do so.

We collect information on preferences and interests (e.g. if you are interested in the Inquiry or our events programme etc.) so that we know what material you are most likely to be interested in.

Anonymised data

We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as to identify trends or patterns within our existing member base. This information helps inform our actions and improve our materials.

8. YOUNG PEOPLE

Photographs

Young people make up a core part of our community and we regularly organise events for them. If we ever post photos on our website, e-newsletter, on social media or in our magazine, The Wire, we will usually include the first and last names.

Parental permission

If your child is under 16 then we’ll need permission from you as their parent or guardian to share a picture, photo or story with us.

Information for parents

We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. Where we believe a young person has sufficient understanding and maturity to do so, we will seek consents for processing of personal data from them from the age of 12. However, if your child is under 16 we’ll only use his or her personal data with your consent. This means that, for example, if we take
pictures of your children for our website etc., we’ll need you to confirm you’re happy for us to do so.

Marketing and fundraising

We won’t send marketing emails, letters, calls or messages to under 16 year-olds without parental or guardian consent.

Young people’s information

We won’t use young people’s personal data for marketing purposes and we won’t profile it. If a young person turns 16 and wishes to join Haemophilia Scotland as a member, some of the personal data we hold about that individual will be carried over to their member profile.

9. HOW WE PROTECT DATA

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a data protection procedures which personnel are required to follow when handling personal data.

CCTV

Our office has CCTV and you may be recorded if you visit. CCTV is there to help provide security and to protect both you and Haemophilia Scotland. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily.

10. STORAGE

Where we store information

Haemophilia Scotland’s operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.

For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).

How long we store information

We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).

We continually review what information we hold and delete what is no longer required. We never store payment card information.

11. COOKIES AND LINKS TO OTHER SITES

Cookies

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to improve the performance of a website, or saving different options and to provide website owners with information on how the site is being used.

We use cookies to enhance the experience of the websites, to increase the performance, to identify how the website is being used and where we can make improvements. Some of our cookies are vital for the websites to operate effectively and others are optional, but may decrease the usability or performance of the website.

Information such as your IP address is used by Google Analytics to help Haemophilia Scotland understand where our website traffic is coming from.

Links to other sites

Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ link at the top of the page).

If an external website requests personal information from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by the Haemophilia Scotland’s Privacy Policy. We suggest you read the privacy policy of any website before providing any personal information.

12. KEEPING YOU IN CONTROL

We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

  • the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
  • the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • the right to have inaccurate data rectified;
  • the right to object to your data being used for marketing or profiling; and
  • where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

If you would like further information on your rights or wish to exercise them, please write to us,

Haemophilia Scotland
Fourth Floor, Hayweight House
23 Lauriston Street
EH3 9DQ

or email hello@haemophilia.scot

Alternatively, you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at,

The Information Commissioner’s Office
Wycliffe House
Water Lane, Wilmslow
Cheshire
SK9 5AF.

Complaints, compliments or comments

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services.

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk

13. CHANGES TO THIS PRIVACY POLICY

We’ll amend this Privacy Policy from time-to-time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Policy will always be posted on our website.

UPDATE YOUR PREFERENCES

Please click here to update your communication and date preference.

This Privacy Policy was last updated on 22 August April 2018