TSA Privacy and Data Protection Policy August 2018

Introduction

The Tuberous Sclerosis Association (TSA) takes great care to safeguard personal data provided by our supporters and to process this data fairly and lawfully in accordance with the Data Protection Act 2018.

The purpose of this privacy policy is to describe the types of information that we collect from you when you contact us or use our services and explain how we use this information.

The charity

Tuberous Sclerosis Association is a registered charity:

  • England and Wales No. 2900107
  • English Registered Charity Number. 1039549  
  • Scottish Registered Charity No. SC042780

Our registered address is CAN Mezzanine, 32-36 Loman Street, London, SE1 0EH 

Legal compliance

TSA takes data protection very seriously. It is required to adhere to the requirements of the Data Protection Act 1998, the General Data Protection Regulations 2018 (GDPR), all other related privacy laws and any codes of practice issued by the Fundraising Regulator (FR) or the Information Commissioners Office (ICO). TSA’s intention is to be compliant, user friendly and to ensure its supporters only receive information in which they are interested. Unless stated otherwise, TSA is the data controller in respect of all data it collects on this Website or otherwise. This means that TSA is responsible for full legal compliance.

By visiting our website, social media pages, services (including phone and email ) or providing your information to us, we will collect and use your information in the way(s) set out in this policy. If you do not agree with this policy, please do not use our sites, social media pages or services.

What information does the TSA collect about me?

We collect three kinds of information

1.Non-personal information such as IP addresses (the location of the computer on the internet), pages accessed, and files downloaded. This helps us to understand how many people use our websites, how many people visit on a regular basis and how popular/useful our web pages are. This information doesn't tell us anything about who you are or where you live.

2.Personal information. We will ask you for information in order to provide you with the services requested, for example to send you information or process a donation.

3. Sensitive personal information or special category data. We may ask you for information about your health so that we can provide you with relevant information and support or in order to support your safe participation in an event. We may also collect this information if you make the information public or if you tell us about your experiences relating to TSC (for example, if you agree to share your story with us). We only collect this information with your consent.

Under 16s

We are committed to protecting the privacy of the young people that engage with us. If you are under 16 and would like to get involved, please ensure you have consent from a parent or guardian before you provide your personal information to us. We do not send any marketing communications direct to children under 16.

Vulnerable supporters policy.

We are committed to protecting vulnerable supporters and follows the guidance issued by the Fundraising Regulator and Institute of Fundraising regarding treating donors fairly.  


We believes this helps to support staff and volunteers who come into contact with supporters, enabling them to provide high-quality customer care and ensuring anyone donating to TSA is in a position to make a free and informed decision.


How we collect your information

We may collect personal information that you give us about you or your family whenever you contact or interact with the Tuberous Sclerosis Association (TSA). We collect information about you in the following ways:

Information you give to us directly, for example when you:

  • Sign up to take part in or attend one of our fundraising or support events
  • Register with and buy products on our shop
  • Make a donation or tell us about your fundraising plans
  • Request information from our advisor team, for example factsheets
  • Contact our support team, when you may choose to provide details, including details of a personal nature in particular about you or someone else's health
  • Choose to share your story with us
  • Take part in surveys, questionnaires or get involved with our campaigns
  • Volunteer with us or apply to work with us
  • Sign up to our e-newsletter
  • When you visit our websites, we collect technical information such as the IP address you use to visit the website, your browser type and version
  • Contact us or become involved with us in any other way not listed above.

Information from third parties

We may also receive information about you from third parties if you have given them permission to share this information and indicated that you wish to support the TSA, for example, if you set up a fundraising page for us with JustGiving or Virgin money giving or sign up to a challenge with a partner organisation or enter an independently organised event like the London Marathon.

If you have been named as the Executor on a Will, we may receive your details in order to administer a Gift left to us in that will.


Information about other people. If you provide TSA with personal data relating to any person other than yourself, you must ensure, before you do so, that they understand how their personal data will be used and that you are authorised to disclose it to TSA, and to consent to its use on their behalf.

Why do you need my details and how do you use them?

The main reason we need your personal details is to enable us to communicate with you and keep you informed about what we’re doing and opportunities to support you or for you to support our work.

We will mainly use the information we collect about you to:

  • Provide you with the services, products or information you asked for.
  • Administer your donation or support your fundraising, including submitting your details to HMRC to claim Gift Aid if applicable.
  • Administer your participation in an event.
  • Keep you up-to-date with the impact of your support and to ask for financial and non-financial support.
  • Manage our research grants, including the peer review process.
  • Support and further our mission, for example if you have shared your story or given us consent to use your photo, we may use this in marketing or promotional materials.
  • Carry out any obligations arising from any contracts entered into by you and us.
  • Process a job or volunteering application.

Keeping a record of your relationship with us:

We record contact we have with you, so we have a clear understanding of our relationship, how you've supported us or have been supported by us in the past. We may also collect and retain your information if you send us feedback about our services, give us a compliment or make a complaint.

Understanding how we can improve our services, events, products or information

We believe it's important to make sure that all of our services are the very best they can be, which is why we evaluate them. Once you've used one of our services, taken part in an event, received information or bought a product, we may get in touch to ask you about your experience. You don't have to take part but it's really valuable to help us improve in the future.

Understanding our supporters and working more effectively

We are committed to providing everyone who gets in touch with us with the very best experience, providing you with timely and relevant communications and using our resources effectively.

To do this, we may use profiling techniques to provide us with general information about you, which may include geographic, demographic or other information relating to you to better understand your interests and preferences. By doing this it allows us to understand the background of the people who support us and helps us to make the right requests. Importantly, it helps us to raise more funds, sooner, and more cost-effectively, than we otherwise would.

Communicating with you

If you have provided us with your postal address we may send you mail, including SCAN magazine newsletter, which will include updates on our work - the research we're funding, the information and support services we offer and our campaigning work. We may also contact you about fundraising, events and trading. We do not ask for consent to write or call you about these things, because, as a charity, each of these activities is fundamental to how we work, so we have a legitimate interest to contact you. However, you will also have an option to opt-out of receiving marketing communications by post or phone. 

We will only send you marketing communications by email if you have consented to receive these. You can unsubscribe at any time by clicking on the link in the email. Our mass email service allows us to track who has opened our e-newsletter and what links have been clicked on. This allows us to monitor what information is most useful to improve our content and information in future.

Opting out

You can always amend your preferences by logging into our website and updating your details or you can contact us at any time on admin@tuberous-sclerosis.org or call on 020 7922 7731 to opt-out of any or all forms of marketing communication.

You can unsubscribe from receiving electronic messages by following the “unsubscribe” instructions included in our communication.

Please note that, even where you opt-out of marketing communications, we may still send you non-marketing communications (for example, event information relating to an event you have signed-up to, or information about any on-going donation you are making to the charity).

The accuracy of personal information is determined by the accuracy of the information you supply to us. If you have an ongoing relationship with the Charity, we encourage you to notify us when there are changes in your personal details, so that we can keep our records up to date. In addition, we will pro-actively take steps to do this from time to time.

Where is my data is stored?

When you give us your details, you agree to us recording your details on our secure database, so we can provide you with the best possible service every time you contact us. We store your data on secure servers in the UK ,access to this system is limited and there is restricted access to data based on a person's role in the organisation. Data can only be be viewed only by our authorised staff, and partner organisations (for example, our IT support provider) with whom we have GDPR compliant contracts. 

Our third party suppliers store data in the EU, with the following exception/s:

  • Our online events registration, Eventbrite, who store data in the USA.

All paper records are stored on premises at our offices. These offices are securely locked when no members of staff are present and access is restricted and monitored during the working day.

How do you keep my information secure?

In line with the principles defined in the Data Protection Act 2018 and the General Data Protection Regulation, TSA will ensure that personal data will be processed in ways that are:

  • Lawful, fair and transparent
  • Collected for specific explicit and legitimate purposes
  • Adequate, relevant and limited
  • Accurate and up-to-date
  • Not kept for longer than necessary
  • Secure

We take precautions to prevent the loss, misuse or unauthorised alteration of personal information you give us. Access to your information is restricted to staff and partners who need it to perform their work. Sensitive information you give us is kept separate from other information and access is even more heavily protected. All staff who have access to your information have been successfully DBS-checked (Disclosure Barring Service) and are subject to our strict confidentiality agreements. 

Transmitting information over the internet is can never be guaranteed as secure, and while we do our utmost to keep our systems and communications protected, we cannot make assurances that the security of your data in transit. Any data you transmit to us over the internet is at your own risk.

Do you pass my details on to any other organisations or individuals?

We are a charity with a small number of staff and rely on a number of trusted suppliers and partners working with us to provide a wide range of services to you. In order to provide you with these services we may need to share some of your personal information with our suppliers and partners from time to time so they can process it for us according to our instructions.

These include:

  • banks and payment providers – to authorise and complete payment transactions;
  • organisations within the payment card industry to help prevent online fraud;
  • law enforcement bodies in order to comply with any legal obligation or court order and, where we are otherwise requested to provide information, we may provide it but only in accordance with applicable privacy and data protection laws;
  • HM Revenue & Customs, but only if we need to authorise claims for Gift Aid or other forms of tax efficient ways of giving; and
  • organisations linked to our charitable activities such as the Association of Medical Research Charities

We may also provide information to third party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services and customer services, or in relation to this website, such as card payment providers. Where we use service providers, we will enter into appropriate contracts to ensure that we are able to exercise control over their access to, and use of, your personal information.

In each case we will never share more information than is necessary to provide the service in question. For example, to send you a printed copy of SCAN magazine we need to give your address details to our print supplier. 

What happens when I make a donation or buy something from the TSA?

If you use your credit or debit card to donate to us, pay for a registration or make a purchase over the phone, we will ensure this is done securely and in accordance with the Payment Card Industry Data Security Standard. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed.

All purchases and donations completed online are handled securely by World Pay or PayPal and we do not receive your card details.

Cookies on Our Website

A cookie is a small data file that is created by our website and stored on your computer when you visit our site. The use of cookies is standard across most websites. We have a visible banner to remind users that by using our website you consent to our use of cookies. The cookie does not collect or contain personal information about you and poses no security or virus risk to your computer. When you return to our site, the cookie associates your computer with the information that you gave us when you first visited or registered. It helps us evaluate how often visitors return to the site. You can still make full use of our website if you choose not to accept the cookie on your browser, or to delete it at any time after having accepted it.

Form more information read our cookies policy.

What happens when I use social media platforms like Facebook and Twitter used by the TSA?

The TSA uses a number of social media platforms to communicate our news, invite input and feedback, raise awareness and campaign for people affected by TSC, their families and carers. There are many other great websites on the internet with useful resources and information relevant to the TSC community.

However please be aware that the TSA is not responsible for and has no control over information you or others submit, post or share on social media or other websites even where we link to them from our own website or they link to our website. When you use these sites you do so in accordance with the separate terms and conditions and policies of these sites. 

Your rights

Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time.

  • Right of Access –You have the right to request copies of the personal information which we hold on you, and, details of how we use that information.

The Tuberous Sclerosis Association (TSA) will always endeavour to keep accurate and up to date information on you but if you think any of the personal information we hold about you is not correct, you may also request that it is corrected.

Any person whose personal information is held or processed by TSA has the right to know:

  • What information we hold about them.
  • How to gain access to this information.
  • How to keep it up to date.
  • What the charity is doing to comply with the Data Protection Act 1998 and EU General Data Protection Regulation.

Individuals have a right to access certain personal data being kept about them, either physically or digitally. Anyone who wishes to exercise this right should apply, in writing, to the Data Protection Officer at the address below. The Charity will respond within one month, providing that the request includes appropriate contact details, proof of identity from the individual and we can validate the request.

  • Right to be Informed – You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used in the Charity’s communications, are intended to be a clear and transparent description of how your data may be used.
  • Withdraw consent to other processing – Where the only legal basis for processing your personal data is that we have your consent to do so, you may withdraw your consent to that processing at any time and TSA will have to stop processing your personal data. Please note, this will only affect a new activity and does not mean that processing carried out before you withdrew your consent is unlawful.
  • Right to Object – You have an absolute right to stop the processing of your personal data for direct marketing purposes. You can exercise this right at any time and can update your preferences yourself on our website or contact us to do it for you. See section ‘Updating and correcting personal data’ above for details.
  • Right of Rectification – If you believe YAA’s records are inaccurate you have the right to ask for those records concerning you to be updated. See section ‘Updating and correcting personal data’ above for details.
  • Right to restrict processing – In certain circumstances you may be able to require us our processing of your personal data. For example, if you consider the data  TSA holds to be inaccurate and we disagrees, then processing may be restricted until the accuracy of the data has been verified.
  • Right of Erasure – Where we have  no lawful basis for holding onto your personal data you may ask that it is deleted under your right to be forgotten. In many cases we would recommend that it suppresses you from future communications, rather than data deletion.
  • Right to Data Portability – In limited circumstances you may be entitled to have the personal data you have provided to us sent electronically to you for you to provide to another organisation.
  • Complaints – see section ‘How to lodge a complaint’ below for more details

In relation to all of these rights, please email admin@tuberous-sclerosis.org or write to us at: CAN Mezzanine, 32-36 Loman Street, London, SE1 0EH marked FAO Data Protection Officer

How to lodge a complaint

If you are unhappy at any time about the way we process your personal information, please contact the Data Protection Officer at the address above, who will investigate your concerns.

If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office 
Wycliffe House
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Tel: 0303 1231113
Website: www.ico.org.uk/global/contact-us

Top of Form

Keeping our Privacy Policy up to date

We regularly review and update this policy to make sure it is accurate and simple to understand. This policy was last updated in August 2018.