Designability’s Privacy Notice covers the ways in which we use and disclose personal information that beneficiaries, applicants, employees, volunteers and donors may provide us with. Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number. The Charity recognises that your privacy is very important and so we want you to be confident with the way we handle your personal information.
How We Collect Information
The Charity receives and stores personal information provided by beneficiaries, applicants, employees, volunteers and donors supplied to us in writing, via email, via the telephone or on our website when applying, enquiring, or registering for help, employment, volunteer opportunities or when donating money to the Charity. We may also receive information about you from third parties, for example a therapist, charity, agency or other third party organisation who refers you to the Charity.
How We Use Information
We may use the information we collect from you in a number of ways. This data will only be used where you have consented to this for specified, explicit and legitimate purposes or where this is necessary to fulfil legal or business obligations that apply to us.
We principally collect personal information so that we can provide you with the services, products or information you have requested or to fulfil individual employment contracts with our employees or agreements with volunteers and to further our charitable aims, including for fundraising activities.
We may also use personal information such as your address, email address and telephone/mobile phone number to communicate with you, for example to provide information relating to our work or new developments or for customer satisfaction queries. Contact details, including National Insurance numbers, will be used for security reasons so that we can verify your identity.
We only use your personal information for direct marketing purposes if we have your consent. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time using the contact details below or by using an unsubscribe link. Some personal information may be used for internal administration, segmentation, analyses and operational/service reviews.
If you have given us explicit permission to publish your details and images electronically or in printed publicity materials, our Communications Team may use these in the following ways: stories on our website; social media, for example, Facebook and Twitter; reports – including our Annual and Impact Reports; promotional materials such as newsletters, posters, banners, magazines, leaflets and flyers.
Disclosure of Information
The Charity may disclose personal information to employees and/or volunteers including the Charity Trustees if needed to allow them to perform their duties. The Charity does not permit these parties to use such information for any other purpose than to perform the services they have been instructed to provide by us.
On occasion we may need to share your details with specific third party organisations who work with us to deliver our services. We will always ask your permission before we do this, giving you precise details of why we need to share the data, with whom and how it will be used.
We may also need to disclose your information if required to do so by law. We will not share your data with any third party organisations without your consent.
By providing us with your personal data, including sensitive personal data, such as information on your health, you consent to the collection and use of any information you provide in accordance with the above purposes and this Privacy Notice. Where we offer you services either directly or through a third party supplier, we will ask you for permission to use and/or share your information before we proceed.
Commitment to Personal Data Security and Storage
The Charity will use all reasonable endeavours to ensure that personal information provided is handled in a secure and confidential manner and when the information is no longer needed it will be destroyed or permanently rendered anonymous.
We have put in place appropriate physical, electronic and managerial procedures to safeguard information we collect in order to prevent unauthorised access, maintain data accuracy, and ensure the correct use of information.
Your data will be hosted on servers located in the UK, which will not be transferred out of the European Union, or in the case of Mailchimp, (the organisation we use for subscription-only Designability newsletters and communications) and Eventbrite, (the organisation we use to promote and manage events) the data will be stored in the US. Their systems are in compliance with the General Data Protection Regulation.
Your Rights & Changes to this Policy
We will only collect the data that we need to carry out the purposes you have contacted us for, or given us permission to use it for.
Subsequently, at any time you can:
- Gain access to the personal data which Designability holds about you. This is called a Subject Access Request and must be made to the Data Protection Officer whose contact details are provided below
- Have your personal data rectified if it is inaccurate or incomplete
- Restrict the processing of your personal data, for example, ask us not to contact you
- Object to the processing of your data for specific purposes such as communications or direct marketing
- Ask for the transfer of your data electronically to a third party – this could be yourself (known as data portability)
- Have your personal information removed (known as Erasure or the ‘right to be forgotten’)
- Lodge a complaint with the Information Commissioner’s Office
This Privacy Notice will be reviewed regularly in-line with business practices and relevant laws. We will publish any changes we make to the Privacy Notice on our website. www.designability.org.uk/privacy
Controlling Your Personal Information
Designability follows the data protection principles specified in the General Data Protection Regulations (GDPR) and the Data Protection Bill. Personal data is processed in accordance with these principles so that the data is:
- Processed fairly, lawfully & transparently – and only if there is a valid legal basis for doing so
- Processed only for specified, explicit and legitimate purposes
- Adequate, relevant and limited
- Accurate (and rectified if inaccurate)
- Not kept for longer than necessary
- Processed securely – to preserve the confidentiality, integrity and availability of the personal data
Designability is registered with the Information Commissioner’s Office under number Z6810677, is a Registered Charity under number 256335, and a Registered Company Limited by guarantee under number 933932 (England and Wales).
You can change how we contact you or discuss our use of your personal information at any time, simply by contacting us:
By email: DPO@designability.org.uk Tel: 01225 824103
In writing to:
The Data Protection Officer, Designability Charity Ltd, Wolfson Centre, Department D1, Royal United Hospital, BATH, BA1 3NG