Who is The Haemophilia Society?
We are the only UK wide charity for everyone affected by a bleeding disorder: a community of members, supporters and healthcare professionals. Our work is driven by a small staff team, based in London and working alongside volunteers from all over the UK. We are governed by a board of trustees.
As a health charity, we work to provide easy access to information and opportunities, influence national policy and practice to make the care and treatment of bleeding disorders consistent, effective and accessible to all and enable the voices of all people with bleeding disorders to be heard.
Explaining the legal bases we rely on−
The law on data protection sets out several different reasons why an organisation can collect and process your personal data, including:
In specific situations, we can collect and process your data.
We collect personal data about you to enable us to register you as a member. We ask for basic personal details and also ask questions about your bleeding disorder or other health conditions.
This additional information helps us to understand who our members are but there is no requirement for you to tell us this; we would only want to know the answers if you are comfortable telling us.
The information you give us may include your name, address, email address and phone number, date of birth, financial and credit card information, and information about your diagnosis or relationship to other members of your family who are also members.
Non members, supporters and fundraisers
If you are not a member, but make a donation, fundraise or wish to attend one of our services or events, we ask for basic personal details. If you make a donation, fundraise for us or Gift Aid money we will also collect financial information.
We collect personal data about you and may also ask for additional information such as information required to undertake a Safeguarding check if this is required as part of your volunteering role.
If the law requires us to, we may need to collect and process your data.
For example, if you have any financial contact with us (e.g. made a donation or a Gift Aid declaration) we are required to store information to comply with the law.
We may also ask information required to undertake a Safeguarding check if this is required as part of your role.
In specific situations we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running the charity and which does not materially impact your rights, freedom or interests.
For example, as a member we will and contact you about key areas of our work that we are required to share with you according to our constitution. This will include information about our AGM and trustee elections, we will also share general information about our activities.
When do we collect your personal data?
- When you join as a member or volunteer
- When you sign up to an event or service
- When you make a donation, or make a Gift Aid declaration
- When you visit our websites.
- When you contact us by any means with queries, complaints etc.
- When you join as a staff member
What sort of personal data do we collect?
We’ll only ask for and use your personal data collected to ensure we can provide the best service possible to you. Of course, it’s always your choice whether you share such details with us.
If you join as a member, or sign up to one of our services or events we may ask for your name, gender, date of birth, address, email and telephone number. We may also ask for details of your bleeding disorder, treatment and other medical conditions. We also collect the connections between members to identify if you are a family.
If you make a donation or Gift Aid declaration we will collect financial data along with personal details such as name, address and email address.
We collect notes from our conversations with you, details of any complaints or comments you make and how and when you contact us.
We will keep copies of documents you provide to prove your identity where the law requires this. (including your passport and driver’s licence). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality. This may be required when you join as an employee or require a safeguarding check to work at or volunteer at one of our events or services.
Payment card information
To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
How and why do we use your personal data?
We want to give you the best possible experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.
We then use this to ensure you know about the services and events that are most likely to interest you.
The data privacy law allows this as part of our legitimate interest in understanding our community and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
For example, if you’ve asked us to let you know about a particular service, we can’t do that if you’ve withdrawn your general consent to hear from us.
How we’ll use your personal data and why:
To process any membership applications or donations we need to process your application or donation to comply with our legal or constitutional obligations
For example, your details may need to be passed to a third party to deliver a mailing that needs to go to all members to ensure you are aware of our AGM and Trustee elections.
To respond to your request to be a member, join a service or event of make a donation we need to process your data. We do this on the basis of our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To process payments. We do this on the basis of our legitimate interests.
With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone s about relevant products and services and events including tailored services, events, campaigns and so on.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
To send you relevant, personalised communications by post in relation to our activities. We’ll do this on the basis of our legitimate business interest.
You are free to opt out of hearing from us by post at any time.
To send you communications required by law or which are necessary to inform you about our changes to the services we provide. For example, updates to this Privacy Notice, information about our AGM and legally required information relating to financial transactions. These service messages will not include any promotional content and do not require prior consent when sent by email or post. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
To comply with our contractual or legal obligations to share data with law enforcement.
To send you surveys to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by contacting us and updating your preferences.
Much of our contact will be on the basis of your consent when you become a member. If you don’t want to continue receiving this information, you’ll be unable to continue your membership.
For example, to process your booking requests to register for services or events.
Sometimes, we’ll need to share your details with a third party who is providing a service (such as a mail house). Without sharing your personal data, we’d be unable to fulfil our agreement with you.
We will never sell, swap or rent your information to third party organisations, and we do not share your personal information with third parties for their benefit.
How do we protect your personal data?
We know how much data security matters to all our members and contacts. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data (such as health or financial information) is secured by encryption and only accessible to staff who require this information to fulfil their role.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will be deleted completely
Some examples of data retention periods:
We will keep the information you provided when joining as a member until you tell us you would like to resign your members. For young people we will keep data until you are 16 following permission by your legal guardian. We will ask if you would like us to keep your data after this and ask you to become a member in your own right.
When you make a donation or a Gift Aid declaration, we’ll keep the personal data you give us for five years after your last transaction so we can comply with our legal obligations.
If you’ve not had any contact for more than two years and you are not a member, we’ll contact you to ask whether you want to keep in touch. Unless you reply to say ‘yes’, delete the data.
Data consent will be reviewed every six months. Any contact who is not a member who has not had any contact for two years will have their data deleted unless there is a legitimate interest to keep the data, such as financial record keeping complying with legislation.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties.
For example, mail houses and hotels.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems.
- Operational companies such mailhouses.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration. This may be relating to a safeguarding concern
For further information please contact our Data Protection Lead
Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers within the European Economic Area (EEA).
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
Sometimes we may need to share your personal data with third parties outside the EEA
For example, this might be required in order to process a mailing to large numbers of people via a professional bulk mail house such as MailChimp
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
What are your rights over your personal data?
An overview of your different rights
You have the right to request:
Access to the personal data we hold about you, free of charge.
The correction of your personal data when incorrect, out of date or incomplete.
That we stop using your personal data for direct marketing (either through specific channels, or all channels).
That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact The Data Protection Lead, The Haemophilia Society 140-148 Borough High Street, London, SE1 1LB or email [email protected] To ask for your information to be amended.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. This may mean for example we need to cancel your membership
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. Any request will require a form to be completed that will be sent to your registered address.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from us.
Write to The Haemophilia Society 140-148 Borough High Street, London , SE1 1LB or email [email protected]
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns
The content of this website is for information only, it is not a substitute for the professional care of your medical team.
We make every effort to ensure that the content of the site is accurate and up to date, but we accept no liability in relation to typographical errors or third-party information.
Privacy and cookies
Collection of information
The Haemophilia Society is the sole owner of the information submitted by you anywhere on this site. We may use information gathered in compiling anonymous statistics and research in the course of the organisation’s stated role. However, we will not ever sell, share or rent personally identifiable information that you have submitted to this site to third parties.
We ask people using our order forms to provide contact information. This is used to fulfil orders as stated on the online order forms and to enable us to process your order and contact you if we encounter difficulty or problems.
Analysing site activity
This website uses web analytic services including Google Analytics, a service provided by Google, Inc. These services use ‘cookies’, which are text files placed on your computer, to help us understand how people use our site.
The information generated by the cookie about your use of the website will be transmitted to and stored on third party servers for the purpose of evaluating use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. This information may also be transferred to third parties where required to do so by law.
The Haemophilia Society is a registered charity and registered company limited by guarantee.
Registered charity in England & Wales no 288260
Registered charity in Scotland no SC039732
Company registered in England no 1763614
Copyright © Haemophilia Society
All material on this website is protected by copyright. Although users are encouraged to view, print and download the contents for personal use, the material on this website or any part of it is not to be incorporated or distributed in any work or in any publication in any form, nor used for any commercial purposes.