DSUK Privacy & GDPR Policy
DSUK is a Registered Charity: Number 1184564
DSUK is dedicated to obtaining, handling, processing, transporting, and storing all such personal data, whether held on computer, or paper, lawfully and correctly, in accordance with the safeguards contained in the UK GDPR Act 2016 and the Data Protection Act 2018. This policy applies to anyone who has access to and/or is a user of DSUK’s ICT systems, including staff, trustees, volunteers, parents / carers, contractors, and other community users. DSUK undertakes to obtain and process data fairly and lawfully by informing all data subjects of the reasons for data collection, the purposes for which data is held, the likely recipients of the data and the data subjects’ right of access. Information about the use of personal data is printed on the appropriate collection form, or in our Privacy Notices. If details are given verbally, the person collecting the data will explain the issues before collection the information.
Terms used in the Policy
- Processing, obtaining, recording, or holding the information or data or carrying out a set of operations on the information or data.
- data subject means an individual who is the subject of personal data or the person to whom the data relates.
- personal data means data which relates to a living individual who can be identified. Addresses and telephone numbers are examples.
DSUK has a responsibility to protect such personal data, especially sensitive personal data that it collects from data subjects. DSUK is committed to helping and supporting the Down syndrome community. To successfully achieve this, we need to collate and store data including personal information to create, analyse, and report on subjects. These can include a range of subjects including but not limited to information around maternity experience, ongoing health and education care and input, names and addresses of our members and their families. Submitting such data is entirely at the discretion and choice of each data subject. We believe in establishing a clear, transparent, and accountable approach to our data protection to ensure that all those who support and engage with DSUK can do so safe in the knowledge that we will apply the same values to our data protection as we do to all our work and will handle their personal data in a secure, transparent, and responsible manner with full respect for their privacy, in line with all relevant legal obligations. DSUK follows the principles of data protection as detailed in the UK GDPR Act 2016. Data must:
- be fairly and lawfully processed. This means that an organisation must be truthful about what personal data they wish to collect and what they want to use it for.
- be obtained for specified and lawful purposes. This means that an organisation cannot use personal data for any purpose other than that stated when they collected the data.
- be adequate, relevant, and not excessive. This means that an organisation cannot ask for any data that is not immediately needed.
- be accurate and up to date. If data held about you is wrong or out of date, you have the right to have it corrected or deleted.
- not be kept for longer than is necessary. As soon as an organisation no longer needs your data, they must delete it.
- be processed in line with your rights. Your rights include the right to see any data held on you, and the right to correct inaccurate data.
- be held securely. This means safe from unauthorised access (e.g. with usernames and passwords), but also safe from accidental loss (by making backups).
- not be transferred to other countries outside the European Economic Area unless those countries have similar data protection laws.
Data we collect & how we use it
DSUK collects data that data subjects provide to us, which is information that can be used to identify someone as an individual. DSUK will only do this when the data subject has agreed to the request for personal data. Data may include the following:
- Name and address
- date of birth
- medical records
- Contact details
DSUK follow applicable privacy and data security laws. DSUK may use third-party service providers (Salesforce) to collect and maintain data. Appropriate and legal measures will be in place to protect the confidentiality and security of data. DSUK will follow strict procedures and have many security features in place to protect data. However, as data transmission is not 100% secure, DSUK cannot guarantee the security of any information you transmit to us and therefore do so at your own risk.
By providing personal data the charity may use your data to:
- Improve our services
- Provide newsletters and updates
- Notify you of new events, training, or services we provide
- Ask for feedback
- Respond to your requests
- Keep in touch with our members / users
- only collect personal data to serve a specific purpose and only gather the minimum amount needed
- will use only fair and lawful means to obtain the personal data.
- will be transparent with data subjects whose personal data we collect
- will obtain a data subject’s consent to process personal data
- will not use personal data for a different purpose without getting the data subject’s consent
- will update personal data where it is incorrect.
- ensure only authorised staff, trustees, and volunteers of DSUK will process personal data
SHARING PERSONAL DATA DSUK will only share personal data in compliance with applicable law. Special cases include:
- to identify, contact or bring legal action against someone
- any request in connection with a criminal investigation by law enforcement authorities
DSUK will not sell or license your personal data to other third parties.
PHOTOGRAPHY AND FILM
DSUK wishes to use photography, images, and film with your consent. The images can potentially be used across all media (such as newspapers, magazines, websites), or broadcast outlets, on social media, in publications, on our website, in printed or online fundraising materials, in fundraising, training resources and awareness resources or by our partners who help fund raise and/or raise awareness to support DSUK. You can ask us to stop using this any time.
Photography, images and film created for case studies are collected and used with your consent. We will discuss with you how your, and/or your child’s, image and information is going to be used and ensure you are happy for it to be used in this way. You can ask us to stop using this any time.
Where an event is organised by DSUK, we will ask you for consent to use any photographs taken where you are the focus of the image. Permission will be requested either prior, during or after the event. Where the photograph does not focus on you as an individual, e.g., where you appear in the background of the photograph or as one of several people in a group shot, it is not normally necessary for us to ask your permission. We will ensure the terms and conditions of the event tell you if there will be photographers present. If you do not want your photograph taken, please either tell the photographer at the time, if it is convenient to do so, or contact DSUK after the event. You can change your mind at any time. Where the event is organised by a third party, we will use photography from the event under our legitimate interests. We will be clear in our terms and conditions of entry if this is the case. If you do not want your photograph taken, please either tell the photographer at the time, if it is convenient to do so, or contact DSUK after the event. At some events there may be photographers present who represent the media or the event organiser and for whom DSUK is not responsible. Please review the terms and conditions issued by the event organiser for more information and inform the event organiser of your preferences and wishes in respect of photography taken.
Equality & Diversity Monitoring
We are committed to ensuring that we value our differences and benefit from diversity of thought, background, and experience by reflecting the diversity of those that we work with and for. For some case studies or surveys, we will ask you to provide equality, diversity, and inclusion data, called diversity monitoring data. Diversity monitoring data is provided to us directly by you and only where you choose to provide it. We will never require you to submit this information. Diversity monitoring data is special category data under the UK GDPR and includes information regarding:
- health data, including information about disability
- sexuality and gender identification, including reassignment
- religious beliefs.
We collect and process diversity monitoring data for reasons of substantial public interest to ensure compliance with the Equality Act 2010, and to monitor and promote equal opportunities and treatment to all. Your data is used in an anonymised format for equal opportunities monitoring and to compare representation of our community. It may be published as anonymised statistics or reported in an anonymised format to comply with legal and regulatory responsibilities, including those under the Equality Act 2010. It is not used or published in a way that could identify.
Marketing & Communications
We use marketing communications to keep you up to date with what we are doing, how you can get involved, and news and features about DSUK which we feel will be of interest to you. This may include but is not limited to newsletters, surveys, financial appeals, raffle appeals, fundraising opportunities, or updates about DSUK.
DSUK uses social media to communicate with you and share information about campaigns or events. Currently we use Facebook, Twitter, TikTok, LinkedIn and Instagram. We do this through advertising on our social media or through posting messages and information on our own social media pages which you may choose to “like”, “follow” or interact with. We take your privacy and rights seriously but still deem your interest to us important. For this reason, we use our legitimate interest to use your information and communicate with you in this way. Therefore, we will not ask for your permission to market to you through social media, but you are always free to inform us that you do not want us to contact you in this way. You can also update your preferences within the social media site to stop receiving marketing.
- Make our website work as you’d expect.
- Remember your settings between visits.
- Improve the speed and security of the site.
- Collect any personal information (without your express permission).
- Collect any sensitive information (without your express permission).
- Pass data to advertising networks.
- Pass personal information to third parties.
- Pay sales commissions.
Turning Cookies off
Changes to Cookies
LINKS TO OTHER WEBSITES
The DSUK website may provide links to other websites. If you navigate to another site via the DSUK website, DSUK is not responsible for how these websites collect and use your personal data or the content of the websites. Please view the data protection policies for the website you are on before entering any data. This Policy does not apply to any other websites.
The Data Protection Acts entitles all data subjects a right of access to their own personal data. Anyone who has personal data held by the Charity has the right to make a subject access request. This could be to update, correct or remove your personal data at any time. DSUK will deal promptly with subject access requests.
DSUK will continually update this policy to ensure it follows all changes in applicable laws.
DSUK is always seeking to implement best practice and strives for the highest standards. DSUK operates an “open door” policy to discuss any concerns about the implementation of this policy or related issues – see Complaints Policy There is a right to make a complaint to the Information Commissioner’s Office (ICO), but under most circumstances the ICO would encourage the complainant to raise the issues in the first instance with DSUK The ICO is contactable at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.
LEGISLATION AND GUIDANCE
This policy considers the following:
- The General Data Protection Regulation (GDPR) 2018
- The Data Protection Act (DPA) 2018.
- The Protection of Freedoms Act 2012
- Guidance published by the Information Commissioner’s Office
Our contact details
If you have any questions or queries about this Privacy Notice, please contact us: firstname.lastname@example.org
We will regularly review and update this document.
Significant changes will be notified through an announcement on our website.