This policy explains how the Anaphylaxis UK will collect, use, keep, share and protect your personal data.
In this policy, whenever you see the words ‘we’, ‘our’ or ‘us’ this refers to the Anaphylaxis UK. Under data protection law we are the ‘data controller’ who processes your personal data.
Our full legal information is: Anaphylaxis UK, a charity registered in England and Wales (1085527) and a registered company limited by guarantee in England and Wales (04133242). Our registered company address is Anaphylaxis UK, 1 Alexandra Road, Farnborough, GU14 6BU.
Personal data is personal information that can be used to help identify a living individual, such as your name, postal address, phone number or email address as well as additional information such as your interests or hobbies.
Our promise to you is that we will never sell your personal data and we will never share it with another company or charity for marketing purposes.
We only share your personal data where we are required to by law, with your consent, or with carefully selected partners who do work for us. Our partners are required by contract to treat your data as carefully as we do.
Data protection law in the United Kingdom is changing.
Until 24th May 2018 we shall process your personal data in accordance with the Data Protection Act 1998 (DPA).
From 25th May 2018 we shall process your personal data in accordance with the General Data Protection Regulations (GDPR).
This policy complies with requirements under both DPA and GDPR. Our marketing communications will continue to comply with the Privacy and Electronic Communication Regulations 2003 (PECR).
Your acceptance of this policy This policy, together with our terms and conditions, applies to all the websites we operate, including social media sites, as well as purchases you make from us, our events or services and any other methods we use for collecting your information.
It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.
By using our websites, social media sites, or providing your personal data to us in the ways described in this policy, this means you agree that we can collect, keep and use your personal data in the ways set out in this policy. It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are.
If you do not agree to this policy please do not use our websites, social media sites, events or services.
We collect three kinds of information:
Non-personally identifiable information which is recorded anonymously, such as your IP address (the location of your computer on the internet).
Personally identifiable information, known as personal data, which is information that can be used to help identify a living individual.
‘Sensitive personal data’ or ‘special categories of data’, which is personal data about your racial or ethic identity, physical or mental health (e.g. allergies), or information about any alleged or criminal offences. We will only use this data if you have provided it to us directly or it has been sourced from information we believe you have clearly made public.
The types of information we may collect and process includes:
Your title and name (including former name or alias)
Your gender and date of birth
Your contact information e.g. postal address, telephone number, email address, social media
Your allergies (if applicable)
Your business details e.g. positions, organisation, professional memberships and qualifications
Your outside interests and membership of groups
Information about your wealth
Your family details, including spouse or partner and children
Your relationships with other organisations, supporters and potential supporters
How you interact with our products and services e.g. events you have registered for and attended, products purchased, services you have subscribed to, your willingness to volunteer
Financial or payment details if you have made a purchase or donation
Any other information you choose to share with us
We collect information about you in the following ways
When you give it to us directly
You may give us your information online via our websites or social media sites, over the phone, in writing by email or post, or face-to-face at an event. For example, when you
Buy a product e.g. T-shirts, Christmas cards
Complete our surveys or forms e.g. contact preference forms, Gift Aid forms
Contact our helpline for advice and guidance
Donate to us
Fundraise for us
Join us as a member e.g. Corporate, Healthcare Professional, Individual or Family
Register as a volunteer
Register for an online service e.g. an AllergyWise course
Register for our events e.g. Corporate Conference, Healthcare Professional Conference, Support Group
We will also collect your information where you only partially complete or abandon any information inputted into our websites or other online forms. We may use this information to contact you to remind you to complete any outstanding information or for marketing purposes, with your consent.
When you give permission to other organisations, known as third parties, to share your information with us
When the information is available publicly
We may enhance personal information we collect from you from publicly available sources such as media articles, company and charity filings, social networking posts and the world wide web.
When we collect it as you use our websites
Depending on whether you are using a desktop computer, laptop or mobile phone to access our websites, the settings on your device may also provide us with information. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
We will use your information when we have a contractual or legitimate business interest to do so or with your consent. We will mainly use your data to:
Provide you with the services, products or information you asked for
Administer sales transactions, donations, or other payments and verify financial transactions, including processing gift aid
Ensure we know how you prefer to be contacted
Keep a record of your relationship with us including any communications we send to you
To verify your account and provide a personalised experience for you on our websites
Monitor, measure, improve and protect our services, products or information
Prevent or detect fraud or abuses
Provide you with any information that we are required to send you to comply with our regulatory or legal obligations
Enable third parties such as food manufacturers, distributors and allied trades, academics or healthcare professionals to research the views of people who are at risk of severe allergy
To provide, with your consent, targeted marketing communications about information that we think may be of interest to you
Raise awareness about our charitable aims and activities through use of case studies or quotes
To ensure that we do not make inappropriate requests, we may carry out research to assess your likely ability and willingness to engage with our products and services. We will use your information to help us plan our activities and determine if we should contact you with certain communications.
This research helps ensure our communications are relevant and of interest to you. It also helps us identify how you are involved with our work and identify which of our user activities are most popular.
This research may include collecting and storing data relating to you that is in the public as well as data that has been provided by you, including your interests, and any activities you have previously been involved with. This research is sometimes known as prospect research or wealth profiling.
With your consent, we will contact you via telephone, email, text or post with targeted marketing communications about information that we think may be of interest to you such as
Ways we can help you through our information, training and support services such as membership, AllergyWise online training courses, support group meetings and/or
Ways you can engage with us through fundraising, campaigning and volunteering which support our charitable aims and activities and/or
Offers or opportunities from third-party partners who support us including competitions, discounts or surveys which support research about severe allergies and anaphylaxis
Our forms have clear marketing preference questions and we include information on how to opt in or opt out when we send you marketing communications. You have the right at any time to stop us from contacting you for marketing purposes and can unsubscribe from any email marketing using the links provided in the messages we send to you. To manage your communication preferences online click this link or contact our Data Protection Officer.
We only share your personal data where we are required to by law, with your consent, or with carefully selected partners who do work for us.
We use external companies to collect or process personal data on our behalf to help us to fulfil the legitimate business interests described above or share information which we believe is of interest to you. We will never sell your personal data and we will never share it with another company or charity for marketing purposes. We may share your information with our service providers and agents (including their sub-contractors) or other third parties including
credit reference and fraud prevention agencies
internet service and platform providers
law enforcement agencies
organisations we engage to help us send communications to you
our professional advisors and auditors
payment processing providers
any third party in order to meet our legal and regulatory obligations
any third party in the context of actual or threatened legal proceedings
We will only share your personal data with them if they have signed a contract that requires them to abide by the requirements of UK data protection law, only use the information for the purposes it was supplied and allow us to carry out checks to ensure they are complying with the contract.
Some of the third parties we currently use to process personal data are as follows
Information is stored by us on computers located in the UK or securely locked within our office in paper files. We have security measures in place to attempt to protect against loss, misuse or alteration of the personal data under our control. For example, only authorised personnel such as employees, volunteers and contractors who receive data protection training can access user information and we use secure server software (SSL) to encrypt financial and personal information.
We may transfer your information to other reputable third-party organisations. As explained above, we will only pass personal data to them if they have signed a contract that requires them to abide by the requirements of UK data protection law.
If a company is situated outside the European Economic Area, they may not be subject to the same data protection laws as companies based in the UK. However, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law.
Unfortunately, the transmission of data across the internet is not completely secure and we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
Where you have a password enabling you to access parts of our websites, it is your responsibility to keep this confidential.
We will update the data we hold on you from time to time. For example, if you provide us with new contact details or change your details on our website.
We may use third-party sources or services to keep your records up to date such as Royal Mail NCOA (National Change of Address) or check if there are people we should no longer contact (for example, if someone has died). As explained above, we will only pass personal data to them if they have signed a contract that requires them to abide by the requirements of UK data protection law.
We will keep your information for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, inform our research, update your communications preferences or to comply with the law.
If you decide that you no longer wish to receive communications from us we may need to retain a minimal amount of personal data so we can keep a record you have asked us not to contact you.
Records of financial transactions which may include personal data are retained for 6 years. We generally remove records 6 years after last contact. When we no longer need your information, we will always dispose of it securely, using specialist companies if necessary.
If you would like to see our Data Retention policy please email: email@example.com.
Under GDPR you have the right to
to be told how we will use your information
to ask to see the information we have about you
to correct anything that is wrong or inaccurate
to ask us to remove your information from the systems we use to process personal data
to ask us to stop processing your personal data
to ask us for a copy of your data in a commonly used electronic form so you can move, copy or transfer it
to object to us using your data in certain ways, including for direct marketing purposes
and various rights regarding automated decision making or profiling
Please see https://ico.org.uk for further information on the above rights.
If you wish to exercise any of these rights please contact our Data Protection Officer in writing. You have the right to be provided with a copy of the information we hold free of charge. However, we reserve the right to charge a reasonable fee to comply with requests for further information, based on the administrative cost of providing you with the information.
We do not make automated decisions (decisions made with no human involvement in the decision-making process) that have a legal or similarly significant effect on individuals.
We are not a ‘public authority’ as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this act.
We have the right to continue processing your data to exercise the right of freedom of expression and information for public health purposes or archiving purposes in the public interest to comply with legal obligations and exercise or defend legal claims
Some of the services we offer are aimed specifically at families who have children with severe allergies. To deliver these services safely it is necessary for us to collect personal data and ‘sensitive personal data’ or ‘special categories of data’ and store it on our database. Before we collect data from anyone aged under 18 we will always ask them to directly obtain the permission of a parent or guardian. We do not knowingly contact children aged 12 or under with targeted marketing communications. We manage the information we collect in a way which is appropriate to the age of the child and ensure any communications or advertising likely to be viewed by children are age appropriate.
If you have any questions about this policy or concerns about the way your personal data is being processed, please contact our Data Protection Officer.
Tel: +44 (0)1252 546100
Anaphylaxis UK, 1 Alexandra Road, Farnborough, GU14 6BU
Our data controller registration number provided by the Information Commissioner’s Office is Z553814X.
If you would like to see our Data Protection Policy please email: firstname.lastname@example.org.
Publication Date: May 2018
Review Date: March 2021