Introduction

Our commitment to protecting your privacy is paramount at the Patients Association. The following privacy and cookies policy describes how we collect and use information about people who contact us or visit our website.

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website and more information on cookies can be found below.

If you have any queries about this policy please contact us at the Patients Association, PO Box 935, c/o Aspire Business Partners, 32 Byron Hill Road, Harrow, HA1 3YJ or email [email protected]

What personal data we collect and how we use your personal data

Personal data collected can include names, date of birth, email address, postal address, telephone number, and credit/debit card details, we can also collect your opinions about a service or an issue.

We use your personal information to:

  • Provide you with the services or information that you ask for;
  • Our helpline team collects sensitive personal data about you when you speak, email or send instant messages. The Patients Association will only share these data in exceptional circumstances, where legally required, such as where a child is at risk, or someone reports self-harm or a serious intention of harming themselves or someone else;
  • Administer your donation or support your fundraising including processing gift aid;
  • Keep a record of our relationship with you;
  • Ensure we know how you prefer to be contacted. We will only send communications to people who have explicitly stated that they are happy for us to do so via their preferred channel(s) (email or post);
  • Understand how we can improve our services and information;
  • Analyse and understand the issues affecting people accessing health and social care services;
  • With your consent we may contact you to let you know about the progress we are making and to ask for donations or your views. We do not sell or share personal details to third parties for the purposes of marketing but if we run an event in partnership with another named organisation your details may need to be shared. We will be very clear what will happen to your data when you register;
  • Sharing your story. Some people choose to tell us about their experiences with health and social care to help further our work. They may attend our patient focus groups, workshops or sit on our committees and patient panels. We use some of the information provided, including gender, ethnicity or the type of issue people have experience with, to target opportunities to get involved. We will also monitor the types of people who are involved to ensure that the views we hear are representative of all patients. We may put some people in touch with the media so that they can share their story. These types of activities may include sharing sensitive information related to individuals’ health and family life, in addition to biographical and contact information with others but we will always check first that we have your permission to do so;
  • Tracking diversity at events.

How do we collect data? 

Directly

You may give us your information in order to access advice, to sign up for one of our events, tell us your story, give us your opinions, make a donation, communicate with us, or become a member.   

Third party organisations
You may have provided permission for a company or other organisation to share your data with third parties, including charities.  

Social media
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.

Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.

Financial transactions

We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

We use the following payment services providers and you can find information about the payment services providers' privacy policies and practices as follows:

-        Stripe

-        GoCardless

-        Paypal

Retaining and deleting personal data

You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. contacting our helpline, processing your donation or registering you for an event) we will do so. Contact us on 020 8423 9111 or [email protected] if you have any concerns.

You have a right to ask for a copy of the information we hold about you, although we may charge £10 to cover the costs involved.  If there are any discrepancies in the information we provide, please let us know and we will correct them.

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us.  In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in this privacy policy
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights under the other parts of this privacy policy.

How do we keep your data safe?

We ensure that there are appropriate technical controls in place to protect your personal details.  For example our online forms are always encrypted and our network is protected and routinely monitored. 

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.

Should we use external companies to collect or process personal data on our behalf, we do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.  

Some suppliers may run their operations outside the European Economic Area (EEA).  Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

If you want to access your information, send a description of the information you want to see and proof of your identity by post to the Chief Executive, PO Box 935, Harrow HA1 3YT.   We do not accept these requests by email so we can ensure that we only provide personal data to the right person.

If you have any questions please send these to Chief Executive at the address above, and for further information see the Information Commissioner’s guidance here.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.  We will retain and delete your personal data as outlined in our data protection policy.  A copy can be requested by emailing [email protected].

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work better, as well as to provide information to the owners of the site. A cookie often contains a unique number, which can be used to recognise your computer when a user of your computer returns to a website that it visited previously.

We use cookies to enhance the online experience of our visitors, to better understand how our website is used and to monitor how our advertisements perform. Cookies may tell us, for example, whether you have visited our site before or whether you are a new visitor.

Your rights

Our cookies do not store financial information or information which is capable of directly identifying you (such as your name or address). You have the right to choose whether to accept these cookies. You can exercise this right by amending or setting the controls on your browser to reflect your cookie preferences. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of this website.

Changing your cookie preferences

The "Help" menu in the toolbar of most web browsers will tell you how to change your browser's cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether.

Cookies that we use:

We use cookies for the following purposes:

(a) Authentication - we use cookies to identify you when you visit our website and as you navigate our website. Cookies used for this purpose are: ASP.NET SessionId

(b) Status - we use cookies to help us to determine if you are logged into our website. Cookies used for this purpose are: MemberLoggedIn

(c) Personalisation - we use cookies to store information about your preferences and to personalise the website for you. Cookies used for this purpose are: DisplayName, IDE,  DSID, _ct_rmm

(d) Security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally. Cookies used for this purpose are: __cfduid

(e) Advertising - we use cookies to help us to display advertisements that will be relevant to you. Cookies used for this purpose are: IDE,  DSID, _ct_rmm

(f) Analysis - we use cookies to help us to analyse the use and performance of our website and services. Cookies used for this purpose are: __utma, __utmz

(g) Cookie consent - we use cookies [to store your preferences in relation to the use of cookies more generally. Cookies used for this purpose are: __unam

Cookies used by our service providers:

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/. The relevant cookies are: utma, __utmz, _ga and _gid, _gat_UA-71504265-2

Our details

This website is owned and operated by The Access Group.

The Patients Association is registered in England and Wales under registration number 1006733, and our registered office is at:

P Block
Northwick Park Hospital
Harrow
HA1 3UJ

You can contact us:

(a)      [By post, using the postal address [given above]];

(b)      [Using our website contact form];

(c)      [By telephone, on 020 8423 9111]; or

(d)      [By email, using [the email, using [email protected].].

Data protection officer:

Our data protection officer's contact details are: Chief Executive, Rachel Power. 

[email protected]

Data protection registration:

We are registered as a data controller with the UK Information Commissioner's Office.

Our data protection registration number is Z4880306.

Complaints

If you have a complaint about us, or the treatment of your data, you can contact the Charity Commission. The Charity Commission is the independent watchdog for charities.  You can make a complaint about a charity on their website at www.charity-commission.gov.uk.

[If you've got a complaint about our fundraising activities you can also complain to the Fundraising Standards Board (FRSB).  

Amendments

We may update this policy from time to time by publishing a new version on our website.

Date of implementation March 2022
Date of next review March 2025