This privacy notice tells you what to expect when Action for M.E. (“we” or “us”) collect information that identifies you (your “personal data”), how we will use that information and what your rights are in relation to your personal data. Where we process your personal data, Action for M.E. (registered charity number 1036419) is the controller of that personal data.
Our processing of your personal data
At Action for M.E., we will only collect, process and store personal data that you have willingly provided to us. We aim to be open about collecting this information and clear about what we will use it for, in line with the requirements of applicable data protection laws. You do not need to give us any personal data, although as a result of your use of our website we may collect cookies and other related information. Depending on which Action for M.E. service you access, we may collect the following categories of personal data: race; ethnic origin; religious beliefs; health.
Depending on which Action for M.E. service you access, we may collect the following categories of personal data: race; ethnic origin; religious beliefs; health. If you choose not to provide us with your personal data, this may result in being unable to access certain services.
We will only process your personal data where we have a legal basis to do so under data protection laws. Our legal basis for processing your personal data may be:
- that you have given your consent to the processing of your personal data for a specific purpose set out in this notice. Where our processing is based on your consent, you have the right to withdraw your consent at any time.
- we are required to process your personal data to comply with a legal obligation that applies to us.
- the processing is necessary in our legitimate interests or those of a third-party, provided that these are not overridden by your rights and freedoms in relation to your personal data
How long do we keep your personal data?
Your data will be held for no longer than is necessary.
Our data retention schedule (available on request), sets out the different periods we retain personal information for in respect of these relevant purposes – this can be provided upon request. The criteria we use for determining these retention periods is based on various legal requirements; the purpose for which we hold data and guidance issued by relevant regulatory authorities including, but not limited to, the UK Information Commissioner's Office (ICO).
For what purposes will we process your personal data?
- If you use Action for M.E. services:
- If you decide to share your story:
- If you opt-in to receive our e-newsletter, “Keep me updated”:
- If you donate to us:
- If you email us:
- If you contact us via social media:
- If you visit our website:
- If you use our forums:
Action for M.E. offers several services to the public, including those providing support to individuals affected by M.E.
We collect personal data to provide those services. Depending on the service, we may use it to answer your questions and give you advice or guidance. We will also use it for training, quality monitoring or evaluating the services we provide. Where we process your personal data for this purpose, we will do so based on our legitimate interests, specifically.
We must hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received.
When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.
When you give us a donation or sign up to support us in other ways, we will ask for your information. We use this information to manage your donation, event, etc. and to record your marketing preferences.
We use a third party (Mailchimp, Warners Midlands and Dotmailer) to deal with some publication requests, but they are only allowed to use the information to send out the publications.
Some people choose to tell us about their experiences with M.E. to inform our work. This may include them sharing sensitive information related to their health. Where we process your personal data for this purpose, we will do so based on your consent.
If you choose to give us your consent to do so, this information may be made public by us at events, in materials promoting our campaigning and fundraising work, or in documents such as our annual report.
We use a third-party provider, Dotmailer, to deliver our monthly e-newsletters. We gather statistics around email opening to help us monitor and improve our e-newsletter. Where we process your personal data for this purpose, we will do so based on your consent.
In compliance with UK Law, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each e-newsletter. If an automated un-subscription system is unavailable, clear instructions on how to un-subscribe will be detailed instead.
For major donors we may sometimes look at publicly held information through Companies’ House, the Charity Commission, media stories and internet search engines, to better understand you and your philanthropic priorities. Where we process your personal data for this purpose, we will do so based on our legitimate interests, specifically so that we can ensure our funders align with our organisational values, and to protect the reputation of the organisation.
We may use, retain, or reply to emails you send us. Any saved messages are stored in our secure email system, managed by our third-party IT security provider. Where we process your personal data for this purpose, we will do so based on our legitimate interests, specifically to use your data in a way that people would reasonably expect (responding to your enquiry) and that have a minimal privacy impact.
If you send us a private message via social media, it will not be shared with any other organisations. [Where we process your personal data for this purpose, we will do so based on our legitimate interests, specifically to use your data in a way that people would reasonably expect (responding to your enquiry) and that have a minimal privacy impact.
When someone visits www.actionforme.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. [Where we process your personal data for this purpose, we will do so based on our legitimate interests, specifically to find out information that helps us improve the website such as the number of visitors to the various parts of the site.]
This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
This privacy notice does not cover links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
[When you visit our website, we collect information to help us to understand how supporters use our site, and to make improvements. This information consists of your IP address, your browser (eg. Internet Explorer), when you visited, and which pages you visited or downloaded during your visit. We cannot use this information to find out further personal information about you and will not share any individual information unless required to do so by law.]
Our online forums ask you to provide your full name and email address when you register, and we encourage the use of an anonymous username on the forum itself.
We may use your email address to contact you about administrative issues and changes to the forum. Posts to the forum made by users may contain sensitive information. We advise users to be careful not to post information which would allow them to be identified.
How do we keep your data safe and up to date?
We strive to ensure your data is properly protected through encryption, firewalls and monitoring. Your data is only seen by people who need to view it for their work and our staff are trained in protecting your information.
Where possible, we keep our records up to date and use public records to do this in some cases. We are more easily able to do this if you let us know when your details change.
Your rights in relation to your personal data
You have the right to see the information we hold about you under applicable data protection laws. If we do hold information about you, we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information.
You also have a right to ask us to correct, delete, or restrict our processing of your personal data. You may ask us to send your information to someone else, or to give you information in a way that makes it easy for you to pass on. You may also be able to object to our processing of your personal data.
If you want to exercise any of these rights, please send a description of your request (including the information you want to access, if applicable) and proof of your identity by email or write to us at Action for M.E., 42 Temple Street, Keynsham BS31 1EH.
When may we disclose your personal data?
We may disclose personal data to:
- Third parties, including cloud service providers, who provide a service to us
- A public authority in the event that we are required to do so by law
- A third party where we are under a legal obligation to transfer it to that third party or where we provide it on behalf of a client who is under such legal obligation
- A third party where it is necessary to protect your vital interests or those of another natural person
- Third parties who tender to or provide services or goods to us
Where we interface with third-party service providers that can access your personal data, these situations are managed by data processor agreements which contain clear contractual safeguards for individuals and their personal data. We do not share your data with any partner charities linked to Action for ME. We will never sell your data. We will never allow any third-party gain access to our participant database other than those contracted to provide a service.
Where we are required to share your personal data by law we will apply the principles of applicable data protection laws, including the UK GDPR.
Your right to complain
If you are not happy about the way in which we are processing your personal data, please email us. You also have the right to make a complaint to the UK Information Commissioner’s Office.
Action for M.E.’s data protection officer (DPO) is the Chief Executive. You can contact the DPO by emailing firstname.lastname@example.org
Changes to this privacy notice