Privacy Statement

INTRODUCTION AND DEFINITIONS

The Scar Free Foundation ("we", "our" and "us") is committed to protecting and respecting your privacy. This notice tells you how we process your personal data.

In this notice "data protection law" means the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom now and in the future.

1. Our details

1.1 – The entity that decides how to process the personal data we collect (called the data controller) is The Scar Free Foundation, a registered charity and company with company number 3831398. Our registered office is: The Scar Free Foundation, The Royal College of Surgeons, Lincoln's Inn Fields, 35 – 43 Lincoln Fields, London, WC2A 3PE.

1.2 – Our data protection officer is Amanda McKechnie of The Scar Free Foundation, The Royal College of Surgeons, Lincoln's Inn Fields, 35 – 43 Lincoln Fields, London, WC2A 3PE.

2. Which information do we process and for what purpose?

2.1 – Supporters and Prospective Supporters.

We collect the following information about our current donors and prospective donors to our charity:

2.1.1 – We will obtain personal data from you when you enquire about our activities, make a donation to us, or otherwise provide us with information. We do not capture data through this website and any data you give us will be through telephone, mail or e-mail. The types of information we collect this way include name, address, telephone number, email address, credit/debit card details, previous donations, previous events attended/invited to, dietary requirements and car registration details.

2.1.2 – This information will be used to process and keep a record of your donations, provide you with any material you have requested or to process a donation, and keep you informed of any areas we feel might be of interest to you, including fundraising material. We will not send marketing emails to your personal email address without your consent.

2.1.3 – If we have contacted you in the first place as a prospective donor, when prior to contacting you we will have collected publicly available information about you and used this to contact you to ask for your support. This information is typically obtained by using internet searches and research. The types of information we collect this way include name, address, telephone number, email address, job title and career history and financial standing and philanthropic interests. We will not contact you using your personal email address without your consent. We may publicly recognise your donation, but will always ask for your consent before we do.

2.1.4 – This information will be used to assess whether you may be interested in supporting our charity and then contacting you, for example by inviting you to events to promote our charity.

2.1.5 – We do not share details of our donors or prospective donors with third parties for marketing purposes. We may, at times, share short biographies of donors or prospective donors attending our events with other guests. We will always seek you permission before we do this.

2.2 – Academic Partners.

We collect the following information about our academic partners and prospective academic partners:

2.2.1 – Before we first contact you, we may collect information about you from publicly available sources (such as via internet searches) or from your peers. The types of information we collect this way include name, address, telephone number, email address, job title, areas of academic expertise and career history / CV, financial information about grants (including personal salaries), research information from students and researchers, research contracts, research annual reports, individual publications, peer-review on research applications submitted (successful and unsuccessful), correspondence with you (including notes of telephone calls) and whether you are on maternity leave. We will not contact you using you personal email address without your consent.

2.2.2 – This information will be used to assess whether you may be able and interested in assisting our charity by evaluating funding applications, administering grants, applying for funds, attending research events or being invited to speak at an event.

2.3 – Trustees and Volunteers.

We collect the following information about our trustees and volunteers:

2.3.1 – If we have contacted you in the first place as a prospective trustee or volunteer, then prior to contacting you we will have collected publicly available information about you and used this to contact you to ask for your support. This information is typically obtained by using internet searches, research and occasionally by recommendation through someone who might know you. We will also obtain personal data from you when you apply to become a trustee or volunteer for our charity through telephone, mail or e-mail. The types of information we collect this way include name, address, telephone number, email address, job title and career history, financial standing, CV, details of any matter that may constitute a conflict of interest and any information that we may need to support your attendance at an event or meeting (such as dietary information, access requirements etc). It may also include details of your story and medical history. We will not contact you using your personal email address without your consent.

2.3.2 – We use this personal data to invite you to events and meetings relevant to your role as a trustee or volunteer, to keep you updated about the activities of the charity, to monitor conflicts of interest, to publish your photo and details of your professional and other interests on our website and promotional material and generally to administer your relationship with us.

2.4 – Ambassadors.

We collect the following information about our ambassadors:

2.4.1 – If we have contacted you in the first place as a prospective Ambassador, then prior to contacting you we may have collected publicly available information about you and used this to contact you to ask for your support. This information is typically obtained by using internet searches, research and occasionally by recommendation through someone who might know you. We will also obtain personal data from you when you apply to become an ambassador for our charity through telephone, mail or e-mail. The types of information we collect this way include name, address, telephone number, email address, job title and any information that we may need to support your attendance at an event or meeting (such as dietary information, access requirements etc). It may also include details of your story and medical history. We will not contact you using your personal email address without your consent.

2.4.2 – Depending on what you agree to, we will use this information to publish your photo and details of your story on our website and promotional material, to invite you to events and meetings relevant to your role as an ambassador, to keep you updated about the activities of the charity, and generally to administer your relationship with us.

2.5.1 – If you are a supplier or work for one of our suppliers then we may collect your name, work address, work phone number, work email address, job title and correspondence you exchange with us.

2.5.2 – We process this information in order contact you to administer the contract between us and you (or the supplier you work for).

3. What are the grounds for processing your information?

3.1.1 – You have consented to the processing for the purposes stated in section 2 above. This might apply where you have agreed to make a donation, agreed become an ambassador, where you have subscribed to our newsletter or mailing list using your personal email address, or you have agreed over the phone that we may contact you by email using your personal email address.

3.1.2 – the processing is necessary for the performance of the contract details of contract between you and us. This might include where you have agreed to be a volunteer, or if you are a supplier to us.

3.1.3 – the processing is necessary for us to comply with our legal obligations such as keeping our tax and accounting records.

3.1.4 – the processing is necessary for us to carry make funding awards, being a task in the public interests.

3.1.5 – the processing is necessary for achieving our legitimate interest of promoting our charity (such as by sending emails or contacting prospective donors) and pursuing our charitable objectives. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purpose.

4. Duration and further processing

4.1 – We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

4.2 – Generally speaking, we retain your information for the following periods of time:

4.2.1 – If you are a donor or prospective donor: until you let us know that you no longer want to hear from us. If you have not engaged with us (such as by attending an event, sending us an email or making a donation) for more than 10 years, then we may remove your details from our database.

4.2.2 – If you are an academic partner: until you let us know that you no longer wish to work with us, or until our relationship is clearly at and end.

4.2.3 – If you are a trustee or volunteer: For as long as you continue to be a trustee or volunteer, and for a period of 7 years thereafter.

4.2.4 – If you are an ambassador: until you let us know that you no longer wish to be an ambassador for the charity. Once you let us know, we will remove all your details from our database and our website within 3 months. It may not be possible to destroy all previously circulated hard copy documents (such as leaflets or posters).

4.2.5 – If you are a supplier (or work for one of our suppliers): as long as our relationship with you continues, and for a period of 7 years after the relationship ends, in case of contractual claims.

If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.

5. Who is your information shared with?

5.1 – In order to achieve the purpose(s) set out in section 2 above, we may share your data with the following people or group of people:

5.1.1 – Our outsourced IT providers may have access to your personal data on our IT systems if such access is required to enable them to resolve problems with our systems.

5.1.2 – In rare cases we may provide personal data to our legal advisers or other professional advisers, if necessary to defend claims, protect our rights, or receive advice on compliance with the law. Such transfers will be protected by confidentiality obligations owed by our advisers.

5.1.3 – We may share details of donations with HMRC, particularly in relation to gift aid claims.

5.2 – To the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.

6. Your rights

6.1.1 – if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by notifying us using the details set out in section 9 below;

6.1.2 – the right to access a copy of your information which we hold. This is called a 'subject access request'. Additional details on how to exercise this right are set out in section 7, below;

6.1.3 – the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 9, below;

6.1.4 – the right to object to decisions being made about you by automated means. We do not make automated decisions about you based on your information. We will inform you if your information is subject to automated processing;

6.1.5 – the right to object to us processing your personal information in certain other situations;

6.1.6 – the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and

6.1.7 – the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.

6.1.8 – in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called 'data portability'.

6.2 – You also have the general right to complain to us (in the first instance) and to the Information Commissioner's Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 9, below. The Information Commissioner's Office website is www.ico.org.uk.

6.3 – For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner's Office (www.ico.org.uk).

7. SUBJECT ACCESS REQUESTS

7.1 – Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details in section 9 below.

7.2 – If you are requesting copies of documents you already possess, we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.

8. Changes to our privacy notice

This notice was last updated in May 2018. Any material changes we may make to our privacy notice in the future will be uploaded to our website and if the change is significant we will send you the updated notice by email. Please check back frequently to see any updates or changes to our privacy notice.

9. Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to The Data Protection Officer at The Scar Free Foundation, The Royal College of Surgeons, Lincoln's Inn Fields, 35 – 43 Lincoln Fields, London, WC2A 3PE or [email protected].