The privacy and security of your personal information is extremely important to us. We want everyone who supports us or comes to us for support, to feel confident and comfortable that any personal information they share with us will be looked after.
Kidney Care UK needs to keep certain information on its supporters and beneficiaries in order to carry out its day to day operations, to meet its objectives and to comply with legal obligations.
We are committed to protecting individuals’ personal information and privacy and ensuring any personal data is dealt with in line with the General Data Protection Regulation GDPR (2018). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
We’ll never sell your personal data and will only share it with trusted third party organisations we work with when it’s necessary to deliver our charitable work, and the privacy and security of your data is assured. For example, companies that provide goods and services for our patient grants programme or our mailing house to deliver patient communications.
1. Who we are
Kidney Care UK is the UK’s leading kidney patient support charity, a registered charity (charity number 270288 in England and Wales, SC048198 in Scotland) and a company limited by guarantee (company number 1228114).
We are committed to improving the quality of life for kidney patients and their families by providing practical, emotional and financial support, working to improve the quality and access to health and care services and campaigning for change.
2. What personal data do we collect?
We collect or update your personal information (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address), every time you get in touch with us by post, email, telephone, through our website, face to face and occasionally via social media.
We will only collect, use and otherwise handle your personal data:
- Where you have consented to this for specific, explicit and legitimate purposes, or for which we feel you would have a legitimate interest
- Where this is necessary to fulfill legal obligations that apply to us
- Where it is necessary for our legitimate interests relating to running our daily operations, as long as, in each case, these interests are in line with applicable law and your legal rights and freedoms
If you support us, for example by signing up to an event, donating, signing up to Gift Aid, or signing up to a campaign, we usually collect your name, contact details and whether you would like to be contacted and your preferred method of communication. If appropriate, we may also ask to collect your date of birth, financial details, Gift Aid eligibility, reasons for support, information relating to health and disability and responses to our campaigns.
We only collect this data so we can keep you up to date with information and products you have requested, or may be interested in, to keep you informed on how your support is making a difference and to fulfill our legal responsibilities for financial and Gift Aid reporting.
Our Patient Services
We offer a wide range of support services to patients, including information and advice, grants, counselling and advocacy. We will collect your contact details and preferences, and any other data that is relevant to delivering the best possible service to you.
With your permission, we may periodically send you information to keep you up to date with news and information on the charity, or which you might be interested in.
Sensitive Personal Data
Some of our patient support services may collect more sensitive personal data such as your health condition and social circumstances. This information is only collected in order for us to deliver the best possible service to you. This information is always stored securely and is not shared more widely within the charity. We will not pass on your details to anyone else without your express permission except in exceptional circumstances, such as anyone reporting serious self-harm or posing a threat to others, or children contacting us about serious issues such as physical abuse or exploitation.
Where you have given us your express consent that you are happy for us to share your story, then we may publish it on our blog, our magazine or other media.
Online Community and Social Media
We provide and manage an online community for kidney patients, their families and carers to get advice and information and to talk to people with similar experiences. This service is anonymous and no personal data is stored.
We may obtain your personal data through your use of social media such as Facebook, Twitter and other social channels, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. We collect statistics around email opening and clicks using industry standard technologies. For more information, please see Mailchimp’s privacy notice.
If you’re a volunteer then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
Website and Cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or identify you when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
3. Children and young adult data
When we know a supporter or beneficiary is under 18 we will always seek consent from the parent or guardian before storing and using personal information. In these circumstances any communications will be directed to the parent or guardian unless we have had their express permission to address any communication to the child or young adult, for example a thank you letter for their support if they have raised funds for the charity or personally written to us in a way that requires a response.
4. How we use your personal data
We use the personal information collected to help us achieve our charitable objects, deliver support services to patients and their families, create great relationships and tailor our communications with our supporters and beneficiaries, and to meet our legal, statutory or regulatory obligations.
This is for a number of purposes, including:
- to provide you with services, products or information you have requested or which may be of interest to you;
- to provide further information about our work, services, activities or products;
- to notify you of any changes to our services;
- to process donations or payments we have received from you;
- to further our charitable aims, including for fundraising activities;
- to fulfill sales made online;
- to invite voluntary participation in our work or surveys;
- to register, administer and personalise online accounts;
- to register and administer your participation in events for which you have registered;
- to analyse and improve our work, services, activities, products or information (including our website) or for our internal records;
- to use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you;
- for administration purposes (e.g. contact about an event you have registered for);
- to process your application for a job or volunteer role with us; and
- for fraud prevention, credit risk reduction or otherwise as required by law or regulation.
We are committed to protecting individuals’ personal information and privacy and ensuring any personal data is dealt with in line with the General Data Protection Regulation (2018). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
We will only keep your information for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations, such as the collection of Gift Aid or regulatory rules around holding financial information.
We may from time to time carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us and their views on how we can improve our patient support services. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (e.g. ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring), and your personal details remain anonymised for any reporting purposes.
We may give some of your personal data (e.g. contact information) to a research agency who will carry out research on our behalf. This will only be done if we are sure your information will remain secure under a non-disclosure agreement or via selected agencies governed by a robust research code of conduct.
5. Keeping your information safe
Your privacy is important to us, so we’ll always keep your details secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our cyber security policy is reviewed annually.
We will never sell or share your personal information with third party organisations so that they can contact you for any marketing activity. We will only share your information with trusted partners who work with us or on our behalf to deliver services to you, such as mailing agencies that help us to deliver our patient magazine. Any processing of your information is carried out under our instruction, after a non-disclosure agreement has been signed and we have made sure they store the information securely, delete it when they no longer need it and never use it for any other purposes.
If you make a donation online or purchase a product from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions
6. Updating your data and marketing preferences
We'd love to stay in touch, but we don't want to out-stay our welcome - we want you to remain in control of your personal data.
You have the right to:
- request a copy of the information we hold about you;
- update or amend the information we hold about you if it is wrong;
- change your communication preferences at any time;
- ask us to remove your personal information from our records;
- object to the processing of your information for marketing purposes; or
- raise a concern or complaint about the way in which your information is being used.
If at any time you want to update, amend or remove your personal data or marketing preferences, please contact us in one of the following ways:
By email – firstname.lastname@example.org
Via the website at www.kidneycareuk.org/contact-us
Write to our Data Manager
Kidney Care UK
3 The Windmills
St Mary’s Close
We will review this policy at least once a year to make sure it is up to date and accurate. As a result we may need to make changes to the policy, which will be posted on our website or by contacting you directly.
Last reviewed 13 July 2018