Bracknell and District Branch

Bracknell & District Branch

Editor Comments: I was passed this Privacy Policy by another branch. The policy seems to refer to Parkinson’s UK, and not the branch. If the branch is subject to data protection rules stated by Parkinson’s UK, and has the resources and budget to follow them, and PUK is underwriting your exposure, then this is fine. However I doubt that is the case. 

Many organisations I work with do not fully understand GDPR, and do not carry out the due diligence up front (to understand what data they hold, where it is, and by whom, and who has access to it.) You really need to start there before you put a policy together. I am not a legal expert, and you need to seek your own advice, but I would assume a privacy policy like this one would be underwritten and upheld by the branch who should feature in it somewhere, and not at the parent organisation. 

Having said all of that, this policy has all of the requirements in it provided of course you follow it. 

Last Updated On: 2 Jan 2020

Our Commitment to GDPR

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.

The GDPR imposes additional requirements upon organisations to strengthen the security and enhance the protection of personal data of EU residents.

The Branch recognises the importance of passing regulations to advance information security and data privacy for citizens of the EU, and all citizens, regardless of their location.

The Branch is firmly committed to GDPR compliance.

Definition of Data Controller and Data Processor

A data controller is the person or organisation that decides the purpose for which and the way in which any personal data is processed. A Data processor refers to the person or organisation which processes personal data on behalf of the controller.

The data controller is the Membership Secretary

The data protection officer is The DGPR Officer at Parkinsons UK who can be contacted directly at dataprotection@parkinsons.org.uk .

Privacy Notice

This Privacy Notice is meant to help you understand what Personal Data the Branch might collect, why we collect it, and what we do with it. It also describes the choices available to you with regard to the use of your Personal Data and how you can access and update this information.

The Branch has adopted the following principles to govern the use, collection, and transmittal of Personal Data, except as specifically provided by this Policy or as required by applicable laws:

  • Personal data will only be processed fairly and lawfully
  • We do not collect any more personal data than is necessary to provide the services
  • We only use your personal data for the purposes specified in this Privacy Notice, unless you agree otherwise
  • We do not keep your personal information if it is no longer needed
  • We do not sell, distribute or share your personal information with third parties
  • You can have your data updated at any time
  • You can remove your data at any time
  • You can request a copy of the data we store on you at any time
  • Personal data is securely stored and managed

What is Personal Data?

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, can also constitute personal data.

Personal data is subject to the protection requirements set out in the GDPR.

Examples of data considered as personal data:

  • a name and surname
  • a home address
  • an email address such as YourName@company.com
  • telephone numbers
  • an identification card number
  • location data (for example the location data function on a mobile phone)
  • an IP address
  • your photograph both singularly and in a group

What and how we Collect and Maintain Information

We collect and maintain information about Branch Members, which may include:

  • First and last name
  • Postal address
  • Phone and fax numbers
  • Website URL
  • E-mail address
  • Age
  • Parkinsons Disease status
  • Next of Kin
  • How contacted
  • Attendance at Meetings

In order to communicate with the Branch, you may be prompted to provide certain personal data in the following ways:

  • By filling in forms (i.e. a “Contact Us” form) on our websites, new membership form.
  • Contact directly (i.e. by phone, SMS, email or post).
  • When you register to receive e-newsletter, you can unsubscribe yourself from at any time.
  • By corresponding with the Branch by phone, e-mail or otherwise using their contact details.

How We Use Personal Data

The Branch  uses personal data provided by you to provide services to benefit its Members

We will never share your personal data, or otherwise make your personal data available to any third parties for the purposes of marketing or targeting you. We will not sell, rent, or exchange your personal data with any third-parties.

Photographs will be used by the Branch to share news and information and to publicise future events. The photographs will be stored securely, and will be deleted after they are no longer needed. If you would prefer not to be photographed, please speak to the person taking the photographs who will then ensure that you are not included in the images. You can request that your photographs are removed at any time, and not used again.

Definition Data Processing

The meaning of data processing is defined as any operation performed on personal data whether by automated systems or not and includes collection, use, recording etc.

How We Protect Your Personal Data

All of your Personal Data remains private and confidential. The security of your Personal Data is extremely important to the Branch. We follow generally accepted standards to protect personal data submitted to us, both during transmission and once it is received. No method of transmission over the Internet, or method of electronic storage is 100% secure.

Our email communications are sent over, and received from, an encrypted connection to the mail systems. Provided you ensure your email communications settings in your email application are also configured to use security you should be assured of the secure communications between us.

We use password controlled accounts on the various computer systems we use on a day to day basis. Systems will also time out requiring password re-entry. The locations where your information is stored are also encrypted. Should we need to carry personal data with us for any purpose, the media that is used is also encrypted.

We ensure that my computer systems are up to date and are using the latest security patches.

The Branch website, is generally protected by at least one security plugin. Default logins on websites and other devices are never left at their default settings, and passwords to sensitive areas such as websites are extremely cryptic and complex.

You should never share your account information with anyone else, including your username and password. We recommend that you use unique passwords for your website, control panel and email. You should check your account regularly to ensure that your Personal Data has not been tampered with or altered.

Any suspicious activity regarding your account, including automated messages from parties you cannot identify, should be reported to me using the contact information at the end of this document.

Location of Personal Data

Systems used by the Branch that contain data may be in one of the following locations:

  • On a local encrypted drive attached to a computer system
  • On a portable encrypted device
  • On securely stored paper records

Newsletter/Marketing

If you have subscribed to our Newsletter you will receive an email generally once per quarter, and on rare occasions when there is something important, an Alert communication which is sent out on an ad hoc basis. You may unsubscribe to these at any time. You will not receive any further newsletters after you unsubscribe.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website. Cookies can be “persistent” or “session ID” cookies. Persistent cookies remain on your computer when you have gone offline, while session ID cookies are deleted as soon as you close your web browser.

In general, cookies are used to retain user preferences, store information, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

Links

the Branch website, documentation pages or emails might include links to other websites whose privacy practices may differ from those of our own. If you submit information to any of those sites, your information is governed by their respective privacy policies. You should  carefully read the Privacy Policy of any website you visit before engaging with them in any way.

The Branch cannot take responsibility for any interaction you have with 3rd parties or services that are not directly our own.

Your Rights under the Personal Data Protection Laws

As a Customer or User, you have the right to:

Request access to your personal data (known as a data access request). This enables you to receive details of the personal data we hold about you and to check that we are lawfully processing it.

  • Request Correction of the personal data that we hold about you.
  • Request erasure of your personal data. This enables you to ask the Branch to delete or remove personal data where there is no good reason for us to continue processing it.
  • Object to processing of your personal data where we am relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis.
  • Request the restriction of processing of your personal data. This enables you to ask the Branch to suspend the processing of personal data about you, for example if you want to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible. We do not believe that any circumstances exist where this right would be exercised due to the very small amount of data held.

Your Responsibilities under the Personal Data Protection Laws

Within your rights under privacy laws you are entitled to ask for a copy of the data (access request)  that the Branch holds in our systems. We will follow a process to make sure that before any personal data is transmitted to the requester, that they are legitimately entitled to receive it.

If you do not co-operate in this process to establish the legitimacy of the request, the information will not be released. Any requests on our part to verify your request will be undertaken solely to protect both you and us against a breach of your personal information.

Should this situation occur and not be resolved to your satisfaction, you should write or contact the Parkinsons UK Data Protection Officer at dataprotection@parkinsons.org.uk to escalate the matter. 

Consent Withdrawal

You may withdraw your consent at any time by contacting the Branch .

Data Retention Period

The Branch will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

Data retention periods will depend upon a number of factors such as :

  • The requirements of our relationship with you, and services provided;
  • Relevant statutory or legal obligations;
  • The purposes for which the data was originally collected;
  • The lawful grounds upon which we based the processing;
  • They types of personal data collected;
  • The amount and categories of your personal data;
  • Whether the purpose of the processing could be achieved by other means.

The normal data retention period for data received in connection with such operations and services will be 7 years in line with regulatory requirements unless there is a legitimate interest for retaining that data for a longer period.

Changes to this Privacy Notice

The Branch may change this Privacy Notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this Privacy Notice for changes whenever you visit our website. Each privacy notice will note the date it has been released; we will also inform you of changes through our newsletter.

Parkinsons UK

Parkinson’s UK is the operating name of the Parkinson’s Disease Society of the United Kingdom. A registered charity in England and Wales (258197) and in Scotland (SC037554). Registered office: 215 Vauxhall Bridge Road, London SW1V 1EJ.

Complaints

You have the right to make a complaint by contacting the Parkinsons UK Data Protection Officer.
•     Email:  dataprotection@parkinsons.org.uk
•     Written enquiries to:
Data Protection Officer,
Parkinson’s UK,
215 Vauxhall Bridge Road,
London  SW1V 1EJ

Top

Next: Cookies Policy
Return to Home