privacy

REDS4VEDS Privacy Policy 

Annabelle’s Challenge operates this website. We take your right to privacy very seriously. For that reason, we have set out this privacy policy, so you can make sure you understand how and why we use the information you give us. The terms of this policy may change, so please check it from time to time.

If you have any queries about this policy, please contact us at dpo@annabelleschallenge.org

Who are we?

Annabelle’s Challenge is registered with the UK Charity Commission for England and Wales under number: 1157074 whose registered office is Walshaw Park House, Walshaw Road, Bury, BL8 1PY.

We also host the Annabelle's Challenge website.

How we collect information from you

Annabelle’s Challenge is the sole owner of the information submitted by you, to us, in any way. We may use this information gathered during our organisation’s stated role, to further our charitable aims and to further understand our supporters and how best we can support you. However, we will not ever sell or rent personally identifiable information that you have submitted to this site to third parties.

Collection of your information may be through:
  • Our online shop at Annabelle’s Challenge and REDS4VEDS
  • Your registration to an event via our website (we will only contact you about this event unless you have specified otherwise)
  • Your information passed from a third party you have registered with for a fundraising event (in this instance please always refer to their Privacy Policy too)
  • Via your phone call to the charity (we will always make sure that we have your consent to contact you further)
  • Via a written consent form you have sent to the charity
  • By joining the charity as a member through the website
Information we collect about you

Is the information that you have given us.

Information collected by a third party

Your information may be shared with us by third party organisations, for example fundraising sites, like Just Giving and our online donation partner Enthuse. They will do so pursuant to their own policies on data protection and privacy. It’s a good idea to check their privacy policy when you provide your information to understand fully how they will process your data.

How we use your information:

We use your data to:
  • Provide you with the services, products, or information you have asked for (for example when you purchase an item from our shop or sign up to an event via our website)
  • Administer your donation or support your fundraising, including processing Gift Aid.
  • Add you to our database
  • Keep a record of your relationship with us
  • Comply with financial regulations and the law
  • To contact you by email with updates on the work we do, fundraising events and news on vascular EDS (this is classed as marketing emails)
  • To contact you by telephone or social media in direct response to any queries you send to us
You may opt-out of marketing emails at any time by clicking the ‘unsubscribe’ link in our marketing emails. You can also change your contact preferences at any time, including telling us to no longer send you marketing by post, by contacting dpo@annabelleschallenge.org or calling 0800 917 8495.

If you request to receive no further contact from us, we will keep some basic information in order to avoid sending you unwanted materials in the future, and to ensure that we do not accidentally store details for the same person multiple times.

Confidentiality

In exceptional circumstances we may need to break confidentiality and share information without your consent.

Circumstances where we may be required to break confidentiality:
  • A child or young person is at risk of harm
  • An adult is at risk of immediate and significant harm either to themselves or others
  • We are required to share information as ordered by the courts
  • A caller is being threatening or abusive to staff or is deliberately misusing the service preventing the helpline being available to support others.
We will always attempt to keep you informed of any action we take if a decision is made to break confidentiality.

Transfer of data outside the EEA

Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

How long do we keep your personal data?

We keep personal data only for as long as it’s necessary. When it comes to financial donations and Gift Aid, we’re required to keep information such as the supporter’s name, address, Gift Aid declaration form(s) and financial information for 7 years for HMRC auditing purposes. We’ll retain basic information (such as a supporter’s postcode and transactional history). We believe it’s important to keep basic information of this kind in case someone leaves a gift in their Will to us and we’re re required to evidence the nature of their support if it’s contested.  

How do we protect personal information?

We use a secure server when you make a donation or payment via our website through the Enthuse platform. We take appropriate measures to ensure that the personal information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. All personal information is stored in a central database which has stringent measures in place for restricting access and preventing external data breaches.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and third-party organisations who have been contracted by us to process data. Our approach to personal information involves restricting access to sensitive personal information, for example health information and financial contributions, to only those departments that need this data in order to carry out their functions.

We use external companies to collect or process personal data on our behalf. We make sure we only work with companies that comply with the Payment Card Industry Data Security Standard (PCI DSS) and we do annual reviews of their data processes to be certain that they meet our GDPR expectations and requirements.

The data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) i.e USA. It may also be processed by persons operating outside the EEA.

We use the following systems for processing and storing your data:

Mailchimp – Please click here to read their Privacy Policy

Enthuse – Please click here to read their Privacy Policy

Ecwid – Please click here to read their Privacy Policy

PayPal – Please click here to read their Privacy Policy

Meta – please click here to read their Privacy Policy

Unfortunately, no data transmission over the internet can be completely secure. Whilst we do our best to protect your personal data, we cannot guarantee the security of any information which you transmit to us online and you must understand that you do so at your own risk. 

Cookies

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help make sure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

a. 'session cookies' , which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

b. 'persistent cookies', which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

c. 'third-party cookies' , which are set by other online services who run content on the page you are viewing, for example by third-party analytics companies who monitor and analyse our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

Your consent

By providing us with your personal data, including sensitive personal data such as your state of health and diagnosis information, you consent to the collection and use of this information in accordance with the purposes described above and this privacy statement.

You also consent to our transferring your information to countries or jurisdictions outside the UK if necessary for the above purposes. These countries may not provide the same level of data protection as the UK.

Minors

We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow the use of our services by minors without prior consent or authorisation by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at dpo@annabelleschallenge.org

Your rights under the GDPR

The General Data Protection Regulation (GDPR) gives you more control over what happens to your personal information. Under this legislation you have the right to:
  • be given clear, transparent and free information about how your data will be used;
  • access your personal data so that you can see how your personal information is being used by us;
  • have your personal information updated and corrected;
  • obtain and reuse the personal data you have given to us for your own purposes;
  • request that we permanently delete or remove your information where there is no “compelling” reason for us to keep it; and
  • request that we don’t use your personal data for specific purposes and, unless we are under a legal or contractual obligation, we must respect your wishes;
The GDPR also prohibits us from using solely automated technologies to build profiles and make decisions about people who support us which will have “legal or similarly significant effects”, unless:
  • it’s necessary to fulfil a contract;
  • it’s been authorised by a Union or Member state law; or
  • you’ve given your explicit consent for your information to be used in this way
How to access and update your personal information

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by contacting us using the contact details below. You may also withdraw your consent for us to keep your personal data for some of the above purposes by writing to the address below.

You have a right to access the personal information we hold about you and in certain circumstances to be provided with a copy of that information. You can request this free of charge by email to dpo@annabelleschallenge.org or by writing to:

Annabelle’s Challenge / REDS4VEDS
Data Controller
Walshaw Park House
Walshaw Road
Bury
BL8 1PY

We are registered with the ICO. If you are unhappy with the way in which your personal data has been handled you are entitled to make a complaint to the ICO: Information Commissioner's Office 

Changes to this Privacy Policy

We may change the terms of this privacy policy from time to time. If we do so, we will post the changes here so please check from time to time. By continuing to use our website you will be deemed to have accepted such changes.

V1 GDPR. Effective 24th May 2018. Update 24th August 2020.
Share by: