Privacy Statement Privacy Statement BHA is committed to protecting your personal data, and respects your right to privacy. This Privacy Statement tells you how we collect data, how we process it and how we store it; how you can request to see your data and also have it removed. This Privacy Statement relates to our use of your personal information we collect from you via our donation platforms, websites, social media platforms and filling in forms. It also relates to our use of any of your personal information you provide to us by phone, SMS, email, in letters or in person. This Privacy Statement applies to the websites, products and services offered by BHA. If you have any queries on this policy or your personal information contact: Qurab Ahmed, Data Protection Lead, BHA, 609 Stretford Road, Old Trafford, Manchester, M16 0QA Email: [email protected] Telephone: 0845 450 4247 How we collect information from you When you: Provide us with your details to inform the service and support we provide you. Contact us to request information about health issues or the services we offer. Provide us with your details when making a donation. Complete surveys. Provide feedback or report a problem about one of our services. Interact with us on social media or through our community engagement activities Apply for a job or volunteering role at BHA. Subscribe to receive our newsletter. We use a third-party provider, MailChimp, to deliver our newsletter. For more information, please see MailChimp’s privacy notice. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection lead. We will only collect as much personal information we need and only for the purpose for which you have provided the information. What information we collect from you This can include information such as your name, communication preferences, email address, postal address, IP address, phone number, mobile number, date of birth, services accessed, or bank account details so we can process donations, or information as to whether you are a taxpayer to help us to claim gift aid. Sensitive Personal Information You may provide us with information about yourself that is classed as ‘sensitive personal data’ or Special Category Data (for example, details of your health condition, ethnicity, sexual orientation, lifestyle etc). We may need to record this information for a number of reasons To refer you to relevant services To provide you with appropriate information, support and services If you choose to share your experience of living with a health condition If you sign up to take part in an event Children and Vulnerable Persons We are committed to protecting the privacy of vulnerable Persons and the young people that engage with us through our website, our services and events. Anyone under the age of 16 must obtain parental or guardian consent before participating in an event organised by BHA. Children aged under 13 must obtain the consent of a parent or guardian before providing any personal information. How we use your information We may use your personal information for: Dealing with your enquiries requests and complaints Administrative purposes, including processing your donations Providing you with information about our work, activities, events, and services and any changes to our services Complying with our legal obligations, policies and procedures Providing and personalising our services Fundraising Conducting research Using your Credit/Debit Card If you use your credit or debit card to donate to us buy something or pay for a registration online or over the phone we will ensure this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find out more information about PCI DSS here https://www.pcisecuritystandards.org/pci_security/. We do not store your credit or debit card details at all following the completion of your transaction. All card payments are handled by the payment gateway Stripe and GoCardless. More details are available here https://raisingit.zendesk.com/hc/en-gb/articles/206437486-How-secure-are-Stripe-and-GoCardless- How we protect your information We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal or transactional data stored on our website and systems. How we store your personal information We keep your personal information for as long as required to operate the service in accordance with good practice guidance, legal requirements and tax and accounting rules. Where your information is no longer required, we will ensure it is disposed of in a secure manner. Disclosures We will never pass your personal information on to other organisations for them to use for marketing purposes. However we may disclose your personal information in the following circumstances: To third parties who provide a service to us and are data processors. This would include our trusted partners that work with us in connection with our charitable purpose. We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all our data processors and regularly monitor their activities to ensure they are complying with data protection regulations and BHA’s policies and procedures. Where we are under duty to disclose your personal information in order to comply with law or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation Where we have your written consent. Some companies that provide services to BHA run their operations outside of the EU and the 3 European Economic Area (EEA) countries. We take steps to ensure that they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to the transfer, storing or processing of the data at a location outside the EU and EEA. Your rights Under the Data Protection Act and the General Data Protection Regulation, which comes into force on May 25th 2018 you have the following rights: The right to access your personal information The right to edit and update your personal information The right to request to have your personal information deleted The right to restrict processing of your personal information The right to object to the processing of your data The right to contact the Information Commissioners Office on their helpline on 0303 123 1113. If you would like to receive some or all of your personal information (called a Subject Access Request) or exercise any of your rights please contact the Data Protection Lead. Qurab Ahmed, Data Protection Lead, BHA, 609 Stretford Road, Old Trafford, Manchester, M16 0QA Email: [email protected] Telephone: 0845 450 4247 We may ask for the ID of the person making the request. Website and Cookies We take a proactive approach to user privacy and ensure necessary steps are taken to protect privacy of our users throughout their visiting experience. Add link to website & cookies policy Changes to this policy We will make changes to this policy as regularly. When we do, we will revise the updated date at the bottom of this page. We encourage our users to frequently check this page for any changes to stay informed about how we are helping to protect your personal information we collect. This document was last updated May 2018.