APS Support UK is committed to protecting your personal data and being transparent about what information we hold. This policy is designed to let you know how we collect and use your personal information, and to explain how we only make responsible use of your data.
Who are we?
In our policies, 'we', 'us' and 'our' refers to APS Support UK (the trading name and working title of the Hughes Syndrome Foundation).
We are a registered charity: number 1138116 (England and Wales). APS Support UK is a company limited by guarantee registered in England and Wales: number 07268671. The registered charity office address is The Orchard, White Hart Lane, Basingstoke, Hampshire, RG21 4AF.
We are a non-commercial partner of the National Institute for Health Research.
Information about you
We collect information about the people we support, our supporters, funders, volunteers and researchers.
We may collect information that can be personal data, sensitive personal data or non-personal data:
- Personal information. We will collect personal information from you when you, or your organisation enquire about our activities, request our support or subscribe to our services. This may include your name, title, email address, physical address, telephone numbers and job title.
- Sensitive personal information. We may ask you for information about your health, for example, your experience of APS including diagnosis, symptoms, your date of birth and occupation.
- Non-personal information such as IP addresses (the location of the computer on the internet), pages accessed and files downloaded. This helps us to understand how many people use our website, how many people visit on a regular basis and how popular/useful our web pages are. This information doesn't tell us anything about who you are or where you live.
How we collect your information
We may collect information about you that you give to us directly; for example when you:
- Correspond with us by phone, email or otherwise
- Join our charity
- Register for our e-news
- Sign up to take part in or attend one of our fundraising or support events
- Buy products from our shop
- Make a donation with or without Gift Aid
- Tell us about your fundraising plans
- Contact us through social media – Facebook and Twitter
- Choose to share your story with us
- Take part in surveys, questionnaires or get involved with our campaigns
- Volunteer with us or apply to work with us
- When you visit our websites, we collect technical information such as the IP address you use to visit the website, your browser type and version
- Contact us or become involved with us in any other way not listed above
Your credit and debit card information
All purchases and donations completed online are handled securely by World Pay, Charity Checkout or PayPal. We do not receive your card details, but will be provided with confirmation of your payment and reference number so that your payment can be allocated.
How we use your data
Your personal information will mainly be used to:
- Provide you with the services, products or information you asked for
- Administer your donation or support your fundraising, including submitting your details to the HMRC to claim Gift Aid if applicable
- Administer your participation in an event
- Keep you up-to-date with the impact of your support and to ask for financial and non-financial support
- Provide you with information we think you may be interested in
- To notify you of changes to our services
- Manage our research grants, including the peer review process
- Support and further our mission, for example if you have shared your story or given us consent to use your photo, we may use this in marketing or promotional materials
- Carry out any obligations arising from any contracts entered into by you and us, for example, the INR self-testing loan scheme
- Process a job or volunteering application
Communicating with you
If you have provided us with your postal and/or email address, we may send you direct and/or electronic mail including our newsletter and e-news which will include updates on our work, the information and support services we offer plus the research we are funding. We may also contact you about fundraising, campaigning and events.
We do not ask for consent to write, email or call you about these things because, as a charity, each of these activities is fundamental to how we work, so we have a legitimate interest to contact you. However, if you do not wish us to contact you, you have the right to opt-out at any time by contacting us on firstname.lastname@example.org or 0300 323 9943.
If you have registered for our e-news, you can unsubscribe at any time by clicking on the link in the email. Our mass email service allows us to track who has opened our e-news and what links have been clicked on. This allows us to monitor what information is most useful to improve our content and information in future.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of information you give us.
The transmission of information via the internet is not completely secure so, although we will do our best to protect your personal data, we cannot guarantee the security of data sent over the internet.
All paper records are stored on premises at our offices. These offices are securely locked when no members of staff are present, and access is restricted and monitored during the working day.
In line with the principles defined in the Data Protection Act 1998, APS Support UK will ensure that personal data will:
- Be processed fairly and lawfully, and shall not be processed unless certain conditions are met
- Be obtained only for specific, lawful purposes
- Be adequate, relevant but not excessive
- Be accurate and kept up to date to the best of our abilities
- Not be held for any longer than necessary. This necessity will be defined by its viability in helping the charity achieve its aims
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
Your details will be kept securely and only shared with trusted suppliers who enable us to deliver our charitable objectives, for example, distribution of our newsletter or if required to by law, ie. with the police or a regulatory body. At all times we remain legally responsible for your data. We never share your data with any third parties for their own marketing or commercial purposes, including charities.
Third party websites
Our website contains links to third party websites. If you follow a link to any of these, please note that we have no control over, and are not responsible for, the privacy policies and practices of third parties.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
We use both session and persistent cookies on our website, and blocking all cookies can have a negative impact upon the usability of our website.
Access to your data
Any person whose personal information is held or processed by APS Support UK has the right to know:
- What information we hold about them and why
- How to gain access to this information
- How to keep it up to date
- What the charity is doing to meet its data protection obligations
You have the right to request access to personal data being held about you, either physically or digitally: this is known as a subject access request.
Anyone who wishes to exercise this right should apply, in writing, to the Data Protection Officer (DPO) at the registered charity address. Individuals will be charged £10 per subject access request, payable in advance. The DPO will aim to respond within one month, providing the request includes appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address). The DPO will always verify the identity of anyone making a subject access request before handing over any information.
If you are unhappy at any time about the way we process your personal information, please contact the Data Protection Officer at the registered charity address, who will investigate your concerns.
If you would like us to correct or update any information, or if you would like information deleted from our records, then please email us at email@example.com.