- People we collect information on
- Complying with the Data Protection Act
- Marketing communication preferences
- Giving your data to other organisations
- Sensitive data
- Your data on our website
- Children’s data
- Accessing information held about you
- Changing your communication preferences
- Asking for your data to be deleted
- The remit of this policy
- Changes to this privacy statement
- How to contact us
This privacy statement tells you what to expect when we collect personal information.
We need to collect and use your personal data if you contact us for any reason including if you are a:
- member of our online community
- someone who uses our advice and information services
- a visitor to our website
- someone who buys goods from our trading company: BEA Trading Ltd
- employee of Epilepsy Action
We have to hold your details to fulfill your enquiry or provide you with the service or membership you have requested.
Data Protection principles require Epilepsy Action to process personal data fairly and lawfully. We will offer you choices about the way you are contacted and will be clear about how we will use your information. We will make sure that the reason for collecting information is lawful.
As required by law Epilepsy Action has informed the Information Commissioner’s Office (ICO) why we collect and process data.
We only hold data about you which is enough for our purpose, nothing more.
We work to make sure the data we hold is accurate and up to date. Accuracy is checked when data is recorded, such as through Royal Mail postcode files.
We only hold personal data as long as necessary. However, we do need to keep personal data from you even if you have requested no further contact. This is so we can make sure we exclude you from any activity. For example, trying to recruit new supporters by using a mailing list.
We have systems in place to safeguard your personal data. Access to written and electronic personal data is restricted and has a level of security depending on the sensitivity of the data. No sensitive data linked to a person’s name or address is taken off-site unless it is either password protected or encrypted.
Epilepsy Action aims to make sure that you have an opportunity to opt-out of receiving marketing communications. At the first reasonable opportunity you will be offered the chance to opt out of hearing from Epilepsy Action and its trading company. You will be able to decline contact by mail, telephone, text or email.
If at a later date you complete another form, giving different contact preferences, we will use those you have given most recently.
Every time we contact you in the future we will give you the chance to tell us you don’t want that particular information again. For example, with each raffle ticket appeal, you will have the chance to opt out of receiving future raffle tickets.
Note on email marketing
Emails and text messages are also covered by the Privacy and Electronic Communications Regulations. Every time your email address or mobile telephone number is recorded, you will be offered email / text updates. You will have to tick a box to agree to your details being used for marketing emails / texts.
Also, any marketing emails / texts sent by Epilepsy Action will include the opportunity to unsubscribe from future emails / texts.
We use third parties to handle some of our services on our behalf, as allowed under the Data Protection Act. These organisations are only allowed to use your personal information for the specific purpose they have been contracted for. For example, this could be to send a letter to you or process your direct debit.
We have also stated in our ICO registration that we will not transfer data outside the European Economic Area.
We always transfer your personal data securely – through a secure FTP (File Transfer Protocol) website, or as a password-protected file.
Unlike some organisations, we will not swap or sell your data to another organisation for them to use for marketing purposes.
If you call our helpline we will record:
- your interests in epilepsy and what affects you in your daily life, this helps us to monitor the demand for our services and to plan future content of our information booklets, fact sheets and web pages
- your age, epilepsy status and ethnicity, this helps us to identify trends in the types of people using our services and plan to improve access to our services
Some of this is classified as “sensitive data” (and is subject to additional Data Protection regulations). We will ask for your explicit consent to record and process sensitive information.
We have legally backed reasons for collecting sensitive data. It helps us to achieve one or more of our charitable aims, such as more targeted membership benefits. None of this data will be used in a way that could harm you as an individual.
If you use any of the email facilities or forms within our sites, we will capture your email address, your name and, where relevant, your postal address. This means we can fulfil your request, enquiry or order. As with off-line data capture, we will ask if you want to opt-out of being contacted in the future by mail, telephone, email or text.
If you use any of the secure forms within the site, your credit card information is only used to complete that transaction. All such forms are secure and cannot be accessed by anyone other than the members of staff necessary to complete the transaction.
If a child under 16 joins Epilepsy Action, we will keep their information in order to service their membership. If a child uses the helpline or uses any other email facility to contact us, their information will only be used to deal with their enquiry.
We recognise the need to protect the privacy and safety of children under 16. We try to use photographs of models wherever possible. If this is not possible steps will be taken to make sure the child cannot be identified through the photograph or the attached text. Parental permission will have been obtained to use the image, and, in the case of children 13 and over, we also ask for the child’s permission.
Epilepsy Action will assist you if you want to see the information we hold about you, for a £10 administration fee. A request should be made in writing, by letter or by email to firstname.lastname@example.org. In most cases we will reply to a request quickly, and certainly within 40 calendar days.
Incorrect data can be changed, blocked or destroyed.
You also have a right to prevent us processing your data for marketing or if it is likely to cause distress.
If you have already requested and received this information, there will need to be a reasonable period of time before you can request the information again.
You can change your communication preferences at any time. You can choose whether we contact you by mail, telephone, email or text message. You can also choose whether or not you receive information on certain activities of Epilepsy Action, such as appeals, campaigns and raffles. Just contact us - either in writing or by email to email@example.com or visit www.epilepsy.org.uk/services/keep-in-touch-data-protection
At all times you can ask Epilepsy Action to stop using your personal data. However, we usually keep the personal data of people who have requested no further contact. This is so we can make sure we exclude them from any activity aiming to recruit new supporters.
This privacy notice does not cover information gathered on other websites outside our control.
We keep our privacy statement under regular review. Any updates will be posted on our website. Supporters that we are in contact with will be informed if there are major changes.
Requests for information about our privacy statement can be emailed to the Data Protection Compliance Team at firstname.lastname@example.org or by writing to:
Data Protection Compliance Team
New Anstey House
Gate Way Drive
For a more detailed list of what information we collect and how it is used you can visit the ICO website and view our registry entry: registration number: Z4605447