Our promise to you is that we will never sell your personal data and we will never share it with another company or charity for marketing purposes.  

We only share your personal data where we are required to by law, with your consent, or with carefully selected partners who do work for us. Our partners are required by contract to treat your data as carefully as we do. 

Your acceptance of this policy 

This policy, together with our terms and conditions [https://www.anaphylaxis.org.uk/terms-and-conditions/], applies to all the websites we operate, including social media sites, as well as purchases you make from us, our events or services and any other methods we use for collecting your information. 

 It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.  

 By using our websites, social media sites, or providing your personal data to us in the ways described in this policy, this means you agree that we can collect, keep and use your personal data in the ways set out in this policy. It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are. 

 If you do not agree to this policy please do not use our websites, social media sites, events or services. 

 What information do we collect about you? 

 We collect three kinds of information: 

 Non-personally identifiable information which is recorded anonymously, such as your IP address (the location of your computer on the internet).  

 Personally identifiable information, known as personal data, which is information that can be used to help identify a living individual. 

 ‘Sensitive personal data’ or ‘special categories of data’, which is personal data about your racial or ethic identity, physical or mental health (e.g. allergies), or information about any alleged or criminal offences. We will only use this data if you have provided it to us directly or it has been sourced from information we believe you have clearly made public. 

Once collected, we may anonymise your data for activities relating to our legitimate interests, such as being able to collate statistical data to inform our services, survey data or research. 

We aim to ensure that all information we hold about a person is accurate and kept up-to-date. If any of the information we hold about a person is inaccurate and either they advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible. 

The types of information we may collect and process includes: 

  • Your title and name (including former name or alias) 
  • Your gender and date of birth 
  • Your contact information e.g. postal address, telephone number, email address, social media 
  • Your allergies (if applicable) 
  • Your business details e.g. positions, organisation, professional memberships and qualifications 
  • Your outside interests and membership of groups 
  • Information about your wealth 
  • Your family details, including spouse or partner and children 
  • Your relationships with other organisations, supporters and potential supporters 
  • How you interact with our products and services e.g. events you have registered for and attended, products purchased, services you have subscribed to, your willingness to volunteer 
  • Financial or payment details if you have made a purchase or donation 
  • Any other information you choose to share with us 

Where do we collect information about you from? 

We collect information about you in the following ways 

  • When you give it to us directly 

 You may give us your information online via our websites or social media sites, over the phone, in writing by email or post, or face-to-face at an event. For example, when you  

  • Purchase from us  
  • Complete our surveys or forms e.g. contact preference forms, Gift Aid forms  
  • Contact our helpline for advice and guidance 
  • Donate to us 
  • Fundraise for us 
  • Join us as a member e.g. Corporate members  
  • Register as a volunteer 
  • Register for an online service e.g. an AllergyWise course 
  • Register for our events 

We will also collect your information where you only partially complete or abandon any information inputted into our websites or other online forms. We may use this information to contact you to remind you to complete any outstanding information or for marketing purposes, with your consent. 

If you intend to give us personal data about someone else, it is your responsibility to check before you give it to us that you have their consent to do so. You should also explain to them how will collect, use, keep, share and protect their personal data, for example, by directing them to read this Privacy Policy. Under no circumstances must you make public another person’s home address, email address, or phone number. 

  • When you give permission to other organisations, known as third parties, to share your information with us 

Your information may be shared with us by other organisations we are partnered with, for example events providers like the London Marathon or fundraising sites like Just Giving.  

These third parties will give your information to us with your consent when you indicate you wish to support us. You should check their privacy policy when you provide your information. 

  • When the information is available publicly 

We may enhance personal information we collect from you from publicly available sources such as media articles, company and charity filings, social networking posts and the world wide web. 

  • When we collect it as you use our website 

We use cookies to monitor and improve our website services. This enables us to understand how many people use our websites, where visitors have come to the websites from and how popular our website pages are. Read our cookies policy for more information. 

Depending on whether you are using a desktop computer, laptop or mobile phone to access our websites, the settings on your device may also provide us with information. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.  

How do we use the information we collect from you? 

We will use your information when we have a contractual or legitimate business interest to do so or with your consent. We will mainly use your data to: 

  • Provide you with the services, products or information you asked for 
  • Administer sales transactions, donations, or other payments and verify financial transactions, including processing gift aid 
  • Ensure we know how you prefer to be contacted 
  • Keep a record of your relationship with us including any communications we send to you 
  • To verify your account and provide a personalised experience for you on our websites  
  • Monitor, measure, improve and protect our services, products or information  
  • Prevent or detect fraud or abuses  
  • Provide you with any information that we are required to send you to comply with our regulatory or legal obligations 
  • Enable third parties such as food manufacturers, distributors and allied trades, academics or healthcare professionals to research the views of people who are at risk of severe allergy  
  • To provide, with your consent, targeted marketing communications about information that we think may be of interest to you  
  • Raise awareness about our charitable aims and activities through use of case studies or quotes 

Building profiles of supporters and targeting communications 

To ensure that we do not make inappropriate requests, we may carry out research to assess your likely ability and willingness to engage with our products and services. We will use your information to help us plan our activities and determine if we should contact you with certain communications.  

This research helps ensure our communications are relevant and of interest to you. It also helps us identify how you are involved with our work and identify which of our user activities are most popular. 

This research may include collecting and storing data relating to you that is in the public as well as data that has been provided by you, including your interests, and any activities you have previously been involved with. This research is sometimes known as prospect research or wealth profiling. 

For further information please see our Ethical Fundraising Policy. 

Direct marketing  

With your consent, we may contact you via telephone, email, text or post with targeted marketing communications about information that we think may be of interest to you.  

We will only contact a person for the purpose requested via the channel they request. For example, if a person only wishes to receive our newsletter, we will only send emails about this. It is each person’s choice about the type of communication and information they receive from us. 

We will not use personal information for direct marketing purposes if a person has asked us not to do so. However, we will retain details on a suppression list to help ensure we do not contact them. A person may ask for any personal information about them that we hold to be deleted and destroyed at any time but, please note, in that case we will have no record of any marketing preferences. There may also be times when we cannot delete data because of other laws or regulations. We will inform a person, if possible, if data cannot be deleted. 

Our forms have clear marketing preference questions and we include information on how to opt in or opt out when we send you marketing communications. You have the right at any time to stop us from contacting you for marketing purposes and can unsubscribe from any email marketing using the links provided in the messages we send to you. To manage your communication preferences contact our Data Protection Officer on email address: privacy@anaphylaxis.org.uk

Sharing your information 

We only share your personal data where we are required to by law, with your consent, or with carefully selected partners who do work for us.  

We use external companies to collect or process personal data on our behalf to help us to fulfil the legitimate business interests described above or share information which we believe is of interest to you. We will never sell your personal data and we will never share it with another company or charity for marketing purposes. We may share your information with our service providers and agents (including their sub-contractors) or other third parties including: 

  • credit reference and fraud prevention agencies 
  • government departments  
  • internet service and platform providers 
  • law enforcement agencies  
  • organisations we engage to help us send communications to you 
  • our professional advisors and auditors  
  • payment processing providers  
  • any third party in order to meet our legal and regulatory obligations 
  • any third party in the context of actual or threatened legal proceedings 

We will only share your personal data with them if they have signed a contract that requires them to abide by the requirements of UK data protection law, only use the information for the purposes it was supplied and allow us to carry out checks to ensure they are complying with the contract. 

Some of the third parties we currently use to process personal data are as follows 

  • Mailchimp to deliver our e-newsletters and gather statistics around email opening and clicks using industry standard technologies. For more information, please see their privacy policy. 
  • Hootsuite to manage our social media interactions. For more information, please see their privacy policy. 
  • Google – to track movements on our website – their obligations are set out in their Privacy Policy. 

Although Google Analytics records data such as geographical location, the device being used to access our website, internet browser, and operating system, it does not personally identify any person. Google Analytics also records a computer’s IP address, and although this could be used to personally identify a person, Google does not grant access to this. 

  • Sage – we use this software to track our finances – their obligations are set out in their Privacy Policy. Sage Pay have a built-in encryption process for secure payments. 
  • LearnDash – an integrated online learning platform. 
  • PayPal – secure payment processing with built-in encryption process 
  • The Access Group – CRM software in which we store personal details – their obligations are set out in their Privacy Policy and their data processing agreement with us. 
  • SurveyMonkey – what we use to conduct surveys or questionnaires – their obligations are set out in their Privacy Policy and terms of business. 
  • Purple Jelly Ltd – we have a contract with them to provide our I.T. support – their obligations are set out in their Privacy Policy  

Storing your information  

Information is stored by us on computers located in the UK or securely locked within our office in paper files. We have security measures in place to attempt to protect against loss, misuse or alteration of the personal data under our control. For example, only authorised personnel such as employees, volunteers and contractors who receive data protection training can access user information and we use secure server software (SSL) to encrypt financial and personal information.  

We may transfer your information to other reputable third-party organisations. As explained above, we will only pass personal data to them if they have signed a contract that requires them to abide by the requirements of UK data protection law.  

If a company is situated outside the European Economic Area, they may not be subject to the same data protection laws as companies based in the UK. However, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. 

Unfortunately, the transmission of data across the internet is not completely secure and we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. 

Where you have a password enabling you to access parts of our websites, it is your responsibility to keep this confidential. 

Data Protection and Security 

We take steps to ensure all information is safe and secure, and that all staff are aware of and comply with their responsibilities in relation to data protection legislation. A copy of our detailed Data Protection Policy applicable to our staff and contractors can be accessed via this link.  

All staff undergo training in data protection requirements, with an annual review. 

Access to personal data is based on role responsibility and a ‘need to know’ basis, which is seen as good practice by the Information Commissioner’s Office (ICO). We do this to reduce the risk of inappropriate access to personal data by staff or volunteers. 

Access to our office is through use of secure keypad entry and the code is changed regularly as required. 

We have confidential waste processes in place in the form of a shredder. This improves the security of documents which may contain personal data which is no longer required. 

We have formal retention schedules in place to ensure that we only keep personal information for an appropriate length of time. 

We have security locks for our IT screens. 

We enforce regular password changes through our IT systems. 

We have a clear desk policy with regard to personal information – nothing containing personal information is to be left out on a desk outside office hours. 

All paper files or discs containing personal information are held in securely locked cabinets, with only the appropriate staff having access to them. 

We have an encrypted memory stick which is password protected and use this if we are required to present at external meetings/events. 

Although we cannot fully guarantee the security of any information transmitted to us, we enforce strict procedures and security features to protect all information and prevent unauthorised access. 

How will we keep your information up to date? 

We will update the data we hold on you from time to time. For example, if you provide us with new contact details or change your details on our website.  

We may use third-party sources or services to keep your records up to date such as Royal Mail NCOA (National Change of Address) or check if there are people we should no longer contact (for example, if someone has died). As explained above, we will only pass personal data to them if they have signed a contract that requires them to abide by the requirements of UK data protection law.  

How long will we keep your information for? 

We will keep your information for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, inform our research, update your communications preferences or to comply with the law. 

If you decide that you no longer wish to receive communications from us we may need to retain a minimal amount of personal data so we can keep a record you have asked us not to contact you. 

Records of financial transactions which may include personal data are retained for 6 years. We generally remove records 6 years after last contact. When we no longer need your information, we will always dispose of it securely, using specialist companies if necessary. 

If you would like to see our Data Retention policy please email: privacy@anaphylaxis.org.uk 

What rights do you have under law? 

Under GDPR you have the right to 

  • to be told how we will use your information 
  • to ask to see the information we have about you 
  • to correct anything that is wrong or inaccurate 
  • to ask us to remove your information from the systems we use to process personal data 
  • to ask us to stop processing your personal data 
  • to ask us for a copy of your data in a commonly used electronic form so you can move, copy or transfer it 
  • to object to us using your data in certain ways, including for direct marketing purposes  
  • and various rights regarding automated decision making or profiling 

Please see https://ico.org.uk for further information on the above rights. 

If you wish to exercise any of these rights please contact our Data Protection Officer in writing. You have the right to be provided with a copy of the information we hold free of charge. However, we reserve the right to charge a reasonable fee to comply with requests for further information, based on the administrative cost of providing you with the information. 

We are not a ‘public authority’ as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this act. 

Please note, if you withdraw your consent for us using your personal information for the purposes set out in this privacy policy, we may not be able to provide you with access to all or parts of our websites, o applications and services. 

We have the right to continue processing your data 

  • to exercise the right of freedom of expression and information 
  • for public health purposes or archiving purposes in the public interest 
  • to comply with legal obligations and exercise or defend legal claims 

Children’s personal data 

Some of the services we offer are aimed specifically at families who have children with severe allergies. To deliver these services safely it is necessary for us to collect personal data and ‘sensitive personal data’ or ‘special categories of data’ and store it on our database. Before we collect data from anyone aged under 18 we will always ask them to directly obtain the permission of a parent or guardian. We do not knowingly contact children aged 12 or under with targeted marketing communications. We manage the information we collect in a way which is appropriate to the age of the child and ensure any communications or advertising likely to be viewed by children are age appropriate. 

External links 

This privacy policy does not cover links on our websites that link to websites of other organisations. We encourage you to read the privacy policies of other websites you visit. 

Changes to this policy 

 We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly. 

Questions 

If you have any questions about this policy or concerns about the way your personal data is being processed, please contact our Data Protection Officer. 

Head of Finance and Operations 

Email: privacy@anaphylaxis.org.uk 

Tel: +44 (0)1252 546100 

Anaphylaxis UK, 1 Alexandra Road, Farnborough, GU14 6BU 

Our data controller registration number provided by the Information Commissioner’s Office is Z553814X. 

If you would like to see our Data Protection Policy please email: privacy@anaphylaxis.org.uk