At Action for M.E. we will only collect, process and store information about you that you have willingly provided. We aim to be open about collecting this information and clear about what we will use it for. You do not need to give us any information to use our website, although as a result of your use of the website we may collect cookies and other related information.
This privacy notice tells you what to expect when Action for M.E. collects personal information. We will process your personal data on the basis of receiving your consent to do so (or, rarely, through a ‘legitimate interest’ if one applies, or being compelled to by law). Your data will be held for no longer than is necessary.
Our data retention policy sets out the different periods we retain personal information for in respect of these relevant purposes. The criteria we use for determining these retention periods is based on various legal requirements; the purpose for which we hold data and guidance issued by relevant regulatory authorities including, but not limited to, the Information Commissioner's Office (ICO).
People who use Action for M.E. services
Action for M.E. offers a number of services to the public, including those providing support to individuals affected by M.E.
We collect personal data in order to provide those services. Depending on the service, we may use it to answer your questions and give you advice or guidance. We will also use it for training, quality monitoring or evaluating the services we provide.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received.
When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.
When you give us a donation or sign up to support us in other ways, we will ask for your information. We use this information to manage your donation, event, etc. and to record your marketing preferences.
We use a third party to deal with some publication requests, but they are only allowed to use the information to send out the publications.
Sharing your story
Some people choose to tell us about their experiences with M.E. to inform our work. This may include them sharing sensitive information related to their health.
If you choose to give us your consent to do so, this information may be made public by us at events, in materials promoting our campaigning and fundraising work, or in documents such as our annual report.
People who receive our e-newsletter, Keep me updated
We use a third party provider, Dotdigital, to deliver our monthly e-newsletters. We gather statistics around email opening to help us monitor and improve our e-newsletter. In compliance with UK Law, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each e-newsletter. If an automated un-subscription system is unavailable, clear instructions on how to un-subscribe will be detailed instead.
People who donate to us
For major donors we may sometimes look at publicly held information through Companies’ House, the Charity Commission, media stories and internet search engines, to better understand you and your philanthropic priorities. Research of this kind is important so that we can ensure our funders align with our organisational values, and to protect the reputation of the organisation.
People who email us
We may use, retain or reply to emails you send us. Any saved messages are stored in our secure email system, managed by our third party IT security provider.
People who contact us via social media
If you send us a private message via social media it will not be shared with any other organisations.
Visitors to our website
When someone visits www.actionforme.org.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Links to other websites
This privacy notice does not cover links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
When you visit our website, we collect information to help us to understand how supporters use our site, and to make improvements. This information consists of your IP address, your browser (eg. Internet Explorer), when you visited and which pages you visited or downloaded during your visit. We cannot use this information to find out further personal information about you, and will not share any individual information unless required to do so by law.
Using our forums
Our online forums ask you to provide your full name and email address when you register, and we encourage the use of an anonymous username on the forum itself. We may use your email address to contact you about administrative issues and changes to the forum. Posts to the forum made by users may contain sensitive information. We advise users to be careful not to post information which would allow them to be identified.
Keeping your data safe – know your rights
We strive to ensure your data is properly protected through encryption, firewalls and monitoring. Your data is only seen by people who need to view it for their work and our staff are trained in protecting your information.
Keeping your information up to date
Where possible, we keep our records up to date and use public records to do this in some cases. We are more easily able to do this if you let us know when your details change.
Your right to access your information
You have the right to see the information we hold about you under Data Protection laws. If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information.
You also have a right to ask us to correct, delete, or restrict your personal data. You may ask us to send your information to someone else, or to give you information in a way that makes it easy for you to pass on. You can also object to or withdraw your permission for us to process your information.
If you want to exercise any of these rights, please send a description of your request (including the information you want to access, if applicable) and proof of your identity by email or write to us at Action for M.E., 42 Temple Street, Keynsham BS31 1EH.
Disclosure of your information
We may disclose personal data to:
- Third parties, including cloud service providers, who provide a service to us
- A public authority in the event that we are required to do so by law
- A third party where we are under a legal obligation to transfer it to that third party or where we provide it on behalf of a client who is under such legal obligation
- A third party where it is necessary to protect the vital interests of the data subject or another natural person
- Third parties who tender to or provide services or goods to us
Where we interface with third party service providers that can access your personal data, these situations are managed by data processor agreements which contain clear contractual safeguards for individuals and their personal data. We do not share your data with any partner charities linked to Action for ME. We will never sell your data. We will never allow any third party gain access to our participant database other than those contracted to provide a service.
Where we are required to share your personal data by law we will apply the principles of the GDPR.
Right to complain
If you are not happy about the way in which we are processing your personal data, please email us. You also have the right to make a complaint to the UK Information Commissioner’s Office.
Action for M.E. (registered charity number 1036419) is the data controller of personal data collected through the website.
Data Protection Officer (DPO)
Action for M.E.’s data protection officer (DPO) is the Chief Executive. You can contact the DPO by emailing firstname.lastname@example.org
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 20 October 2020.