Aniridia Network is the ‘data controller’ for the personal data about our members, supporters, event attendees, the children and families we advise and support and professionals and volunteers at organisations we work with.
This privacy notice explains how Aniridia Network uses and protects your personal information, including data from your use of our website.
If you have any questions about how your data is used, or want to make a request about how we use your data in the future, please contact email@example.com
How we use your personal data
We use personal data to provide our membership services, offer information and support to children and families, promote awareness and grow understanding of aniridia, secure support for the charity, facilitate aniridia research and meet our legal obligations.
We may also process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services or communications with you, for your benefit
- to identify and prevent fraud
- to enhance the security of our network and information systems
- to better understand how people interact with our websites
- to provide email communications which we think will be of interest to you
- to determine the effectiveness of promotional campaigns.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights. You have the right object to this processing and be removed from our system. Please bear in mind that if you do so, this may affect our ability to carry out tasks above for your benefit.
We will not share your information for marketing purposes with other companies. We may share your information with partners in order to fulfil your request. For example, we may need to share some of your details with an events company or partner organisation if you are due to attend one of our events. They will not have the right to hold your details or use them for any other purpose.
In the policy below, where we refer to you/your we also mean children that you are legally responsible for up to the age of 18 unless they exercise their own rights independently.
When you become a Member or Supporter
When you join the Aniridia Network we ask you for some personal data including your contact details (name and postal address) and so that we can communicate with you and provide you with the benefits available to members. We need this personal data from you so that we can fulfil the requirements on us a membership organisation and your meet expectations as described on our membership web page and other communications.
We also ask you about your aniridia condition so we can meet your needs and build an understanding of people with aniridia. We also ask about your occupation and skills so we can invite you to help us achieve our goals. It is optional to tell us this information.
As a charity, we also need to raise money and recruit volunteers. We send appeals for people to donate or collect money or help us complete tasks
In data protection terminology, this means that the ‘lawful basis’ for our use of the data is ‘legitimate interest’.
With your consent, we will also collect details of, and contact you by email, social media or phone to tell you about the subjects above. This includes via our newsletter through a third party company called Charity email and Dotmailer. You can unsubscribe from the newsletter at any time using the included link. You can withdraw your consent for other electronic communications at any time by getting in touch with us.
We use your information while your membership is active and will check periodically that you wish to continue as a member. If we do not hear from you, we will continue to keep your personal data for 10 years or until you ask us not to. This is because aniridia is a life-long condition and, in our experience, previous members often wish to rejoin at a particular milestone. You can ask us at any time to stop using or to delete your information.
How we use your data when you seek our advice and support
When you seek our advice by email, phone or via the contact us pages on our website, we will use your personal data to provide you with an answer. We keep a summary of the questions we are asked so that we can understand what questions are commonly asked, and for reporting purposes. We keep the log of questions and email threads for 10 years.
When you seek advice and support from our advisors we will ask you to provide detailed relevant information about the situation, such as special educational needs or medical history. We need this information so that we can get an understanding of how best to help you and what support you may be entitled to. We use this information while the support is ongoing. Our experience is that families often return to us at a later stage for further support and so we will keep your information about adults for 10 years or about a child until they are 18, unless you ask us not to. You can ask us at any time to stop using or to delete your personal information.
When we use your personal data to provide advice and support, we do it on the basis of our ‘legitimate interest’ as a charity (if you would like to see a fuller explanation of this, please ask us) and on the basis of ‘consent’ when there is health information involved.
How we use your data when you volunteer for us
When you volunteer with us, we ask you for personal data to make decisions about the role and to provide support to you.
When we use your information for this purpose, we do it on the basis of our ‘legitimate interest’ as a charity. If you would like to see a fuller explanation of this, please ask us.
How we use your data when you give us financial support
When you give us a donation or fundraise on behalf of the charity, we will retain your contact details, if provided, and figures for the amount you have donated or fundraised, so that we can thank you and celebrate publicly your generosity and support. This does not apply if you choose to donate anonymously.
We may contact you by post to advise you of further fundraising opportunities, awareness campaigns or to let you know how your money is being spent. We do this on the basis of our ‘legitimate interest’ as a charity. If you would like to see a fuller explanation of this, please ask us.
With your consent, we may contact you by email, social media or phone to advise you of further fundraising opportunities, awareness campaigns or to let you know how your money is being spent. You can withdraw your consent for this at any time by getting in touch with us.
When you attend our events
When you buy a ticket for one of our events we use your personal data to send you details and administer the event. We do this on the basis of the ‘contract’ that you have with us. We will also contact you for feedback following the event and we may contact you about similar events in the future.
We will add your details to our supporters list and we will contact you by post to tell you about our fundraising, volunteering and awareness-raising campaigns. We do this on the basis of our ‘legitimate interest’ as a charity. If you would like to see a fuller explanation, please ask us.
We make recordings of our events in the form of audio, video and photographs. We use these on our website, on social media and in our publications.
We will always let you know in advance and on the day recordings are made so you can decide not to take part or can tell us to avoid including you in recordings or delete (parts of) ones where accidentally you are identifiable.
We use your personal data in this way on the basis of our ‘legitimate interest’ as a charity. If you would like to see a fuller explanation, please ask us.
When you join our professional network
We use data about professionals who are involved in aniridia/rare/genetic disease healthcare, research, education to keep in touch with them about relevant issues. We use publicly available information, such as from NHS clinic and university websites to invite people to join the network, and from time to time other researchers will suggest people to us who may be interested. We will always let you know where we got your details from when we contact you.
We do this on the basis of our ‘legitimate interest’ as a charity. If you would like a fuller explanation of this, please ask us.
When you participate in research
We fund research, and we advertise and signpost our members to relevant research projects.
We do not conduct any health research ourselves.
Generally, participants sign up directly with the researchers, and we would only pass on your contact details by exception and with your consent.
We don’t have access to any of the personal data from the research, and only the published research outcomes are available to us.
If you do take part in research, you will be provided with more detailed privacy information by the research team.
When you participate in third-party projects
We fund sometimes request, advertise and signpost our members to take part in media opportunities such as magazine articles, documentaries or artworks.
Generally, participants sign up directly with the project, and we would only pass on your contact details by exception and with your consent. We normally don’t have access to any of the personal data from the project, and only the final result is available to us.
If you do take part in a project, you should be provided with more detailed privacy information by the project team.
How we keep your data safe
We store and process personal and data in:
- documents and spreadsheets in an online repository provided by Google
- an online database provided by Salesforce
- other software, services, data stores and organisations
These are accessed by our officials, on a need to know basis whilst administering the work of the charity.
We have contracts in place with companies who provide us with services that make sure they are also keeping the data safe. These providers cannot use your data for any other purpose, other than that set out in their contract with us. So they cannot contact you or sell your data to others.
Our officials use their personal devices for communicating with each other and you. It is possible that your data will exist on these devices. We tell officials to minimise this and to delete data as soon as possible and when they cease to be an official.
We take reasonable steps to protect the personal data collected against loss, misuse, unauthorized use, access, inadvertent disclosure, alteration and destruction. However, no network, server, database, Internet or e-mail transmission is ever fully secure or error-free. Therefore, you should take special care in deciding what information you send to us electronically and when disclosing personal information.
You have the right to ask us for a copy of your personal data. This is called making a ‘subject access request’. If you would like to do this, please get in touch with us by email to firstname.lastname@example.org. There is no charge for this.
When we are using your personal data with your ‘consent’, you can withdraw this at any time.
When we are using your personal data on the basis of ‘legitimate interest’ you can ask us to stop using your personal data.
In some circumstances, you can ask us to delete your personal data. We may need to keep some information to meet our legal obligations and to demonstrate how we are using our charitable funds. If we are not able to delete your data we will explain this to you.
If any of your personal data is inaccurate or out of date, please get in touch and we will correct it.
Information Commissioner’s Office (ICO)
The ICO is the UK’s independent regulator for data protection. It also has a role in giving advice and guidance and you can visit the Your Data Matters website to find out more about your data rights under the General Data Protection Regulation (GDPR)
If you are not happy with how we are using your personal data, you can make a complaint to the ICO at https://ico.org.uk/make-a-complaint/
Changes to this policy