Privacy and Cookie Policy
Introduction
Spinal Research promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
Developing a better understanding of our supporters through their personal data allows us to make better decisions, fundraise more efficiently and, ultimately, will help us change the future of spinal cord injury. We have made improvements to this policy to make it more understandable to supporters.
Where we collect information about you from
We collect information in the following ways:
• When you give it to us directly
You may give us your information in order to sign up for one of our events, tell us your story, make a donation, purchase our products or communicate with us. Sometimes when you support us, your information is collected by an organisation working for us (e.g. a professional fundraising agency), but we are responsible for your data at all times.
• When you give it to us indirectly
Your information may be shared with us by independent event organisers, for example the London Marathon or fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do so when you have indicated that you wish to support Spinal Research and with your consent. You should check their Privacy Policy when you provide your information to understand fully how they will process your data.
• When you give permission to other organisations to share or it is available publicly
We may combine information you provide to us with information available from external sources in order to gain a better understanding of our supporters to improve our fundraising methods, products and services. The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources:
Third party organisations You may have provided permission for a company or other organisation to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition or sign up with a comparison site.
Social media Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
• When we collect it as you use our websites or apps
Like most websites, we use ‘cookies’ to help us make our site, and the way you use it, better. Cookies mean that a website will remember you. They’re small text files that websites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are more details in our Cookie Policy section below.
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What personal data we collect and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
Supporters
If you support us, for example make a donation, volunteer, register to fundraise, or sign up for an event, we will usually collect:
- Your name
- Your contact details
- Your date of birth
- Your bank or credit card details.
Where it is appropriate we may also ask for:
- Information relating to your health (for example if you are taking part in a high-risk event)
- Why you have decided to donate to us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.
We will mainly use your data to:
- Provide you with the services, products or information you asked for
- Administer your donation or support your fundraising, including processing gift aid
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Understand how we can improve our services, products or information.
If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our website.
We may also use your personal information to detect and reduce fraud and credit risk.
Building profiles of supporters and targeting communications
We use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters. Profiling also allows us to target our resources effectively, which donors consistently tell us is a key priority for them. We do this because it allows us to understand the background of the people who support us, and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would.
When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses, listed Directorships or typical earnings in a given area.
Direct Marketing
With your consent, we will contact you to let you know about the progress we are making and to ask for donations or other support. Occasionally, we may include information from partner organisations or organisations who support us in these communications. We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us on 020 7653 8935 or info@spinal-research.org
We do not sell or share personal details to third parties for the purposes of marketing. But, if we run an event in partnership with another named organisation your details may need to be shared. We will be very clear what will happen to your data when you register.
Sharing your story
Some people choose to tell us about their experiences with spinal cord injury to help further our work. They may take on a role as an Ambassador or Media Volunteer, attend our patient-focused events or sit on our committees. This may include them sharing sensitive information related to their health and family life in addition to their biographical and contact information.
We use some of the information provided, including gender, ethnicity or the type of injury people have, to target opportunities to get involved. We will also monitor the types of people who are involved to ensure that the views we hear are representative of all people affected by spinal cord injury.
If we have the explicit and informed consent of the individuals, or their parent or guardian if they are under 18, this information may be made public by us at events, in materials promoting our campaigning and fundraising work, or in documents such as our annual report.
Children’s data
We collect and manage information from children, and aim to manage it in a way which is appropriate to the age of the child. Information is usually collected when children attend our events or fundraise for us.
Where possible and appropriate we will seek consent from a parent or guardian before collecting information about children. Our events have specific rules about whether children can participate, and we‘ll make sure advertising for those events is age appropriate.
How we keep your data safe
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to.
Some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Keeping your information up to date
Where possible we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above.
We really appreciate it if you let us know if your contact details change.
Your right to know what we know about you, make changes, or stop using your data
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event) we will do so. Contact us on 020 7653 8935 or info@spinal-research.org if you have any concerns.
You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, send a description of the information you want to see and proof of your identity by post to Supporter Services, Spinal Research, 80 Coleman Street, London, EC2R 5BJ. We do not accept these requests by email so we can ensure that we only provide personal data to the right person.
If you have any questions please send these to info@spinal-research.org, and for further information see the Information Commissioner’s guidance here (link is external).
Changes to this policy
We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on the Spinal Research website or by contacting you directly.
If you have any questions, comments or suggestions, please let us know by contacting us at, Spinal Research, 80 Coleman Street, London, EC2A 5BJ or email info@spinal-research.org
Cookies
A cookie is a small text file passed to your computer’s hard drive through the web browser so the website remembers who you are when you return.
If you do not wish to have cookies stored on your computer you can easily change your web browser to refuse cookies, or let you know when you get a new cookie by clicking on the ‘Help’ menu.
If you are 16 or under, you must get your parent or guardian’s permission before you provide any personal information on the Spinal Research website.
Privacy Policy
Your privacy
In this policy, you’ll find important information about your personal rights to privacy, and how and why we use your personal information.
It’s up to you whether you choose to give us your personal information. But if you don’t, we may not be able to give you a complete service.
What this policy covers
How do we process your data?
What is personal information?
How do we use your personal information?
How long do we keep it?
What happens if you ask for your data to be removed?
Our lawful grounds for processing your information
What do we mean by ‘legitimate interests’?
Processing sensitive personal data
Will we share your personal information?
Security, storage and access to your personal information
Your rights
How to exercise your rights
How to contact us
A quick note on what “Spinal Research” means
In this Privacy Policy, “Spinal Research” means International Spinal Research Trust (registered charity in England & Wales (1151015) and Scotland (SC050578) and company limited by guarantee (8409361, whose registered offices are at 80 Coleman Street, London, EC2R 5BJ.
Our promise to keep your information safe
At Spinal Research, we’re committed to protecting your privacy. We promise to respect any personal information you share with us (or that we receive from other organisations) at all times, and we promise to keep it safe.
How we process your data
This policy sets out how we process your data. It also explains your rights and options around how we use your personal information.
We collect information about you:
…when you give it to us directly
This might be when you:
interact with us online
register with us
communicate with us
make a donation
take part in an event
buy something from us
apply to work or volunteer for us
give us your personal information in any other way
…when you give it to us indirectly
This is when your personal information is given to us by third parties. These might be:
websites such as JustGiving or Ebay
business partners
sub-contractors in technical, payment and delivery services
event organisers
sponsors
advertising networks
analytics providers and search information providers.
You’ll always hear from them when this happens, and you’ll be told how and why we intend to use that information.
You might tell us through a third-party website (such as the London Marathon) that you’d like to fundraise for Spinal Research by taking part in an event.
When this happens, we’ll contact you by phone or email to check how you’d like to hear from us in the future, and to offer you support with your fundraising efforts.
…when it’s available publicly
Some information about you may be in the public domain, using public registers such as Companies House, the electoral roll and press reports. For example:
whether you have charitable interests.
to establish possible common connections between Spinal Research’s network and yours.
depending on your privacy settings for professional services such as LinkedIn.
We may collect personal information to conduct supporter research and this is on occasion through our existing network. We may also analyse information you provide to us with other freely available public information to create a profile of supporter interests, preferences and level of potential donations so that we can contact you in the most appropriate way and with the most relevant information
…when you visit this website
When you visit this website, we automatically collect the following personal information:
technical information, including:
the internet protocol (IP) address used to connect your computer to the internet
your browser type and version
your time zone setting
browser plug-in types and versions
your operating systems and platforms
information about your visit to our website, including:
the uniform resource locator (URL) clickstream to, through and from this site (including date and time)
products/services you viewed and searched for
page response times
download errors
length of visits to certain pages
referral sources (how you arrived at the website)
page interaction information (such as scrolling and clicks)
methods used to browse away from the page.
We collect and use your personal information by using cookies on our website – A cookie is a small text file passed to your computer’s hard drive through the web browser so the website remembers who you are when you return.
If you do not wish to have cookies stored on your computer you can easily change your web browser to refuse cookies, or let you know when you get a new cookie by clicking on the ‘Help’ menu.
If you are 16 or under, you must get your parent or guardian’s permission before you provide any personal information on the Spinal Research website.
What is personal information?
We collect, store and use the following kinds of personal information:
Your name and contact details, including postal address, telephone number, email address and, where applicable, social media profile URL
Your date of birth
Financial information, such as bank details or credit/debit card details, where you provide them to make a payment. We don’t store credit or debit card details, but we’re required to store bank details in some circumstances, including when they’re used for direct debit payments.
Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location
Information about our services which you use/which we consider of interest to you
Information as to whether you are a tax payer so that we can claim Gift Aid.
How do we use your personal information?
We use your personal information to:
provide you with services, products or information you’ve asked us for
provide further information about our work, services, activities or products
allow you to purchase goods
process your donations
further our charitable aims, including for fundraising activities
research the impact and effectiveness of our work and services
register, administer and personalise online accounts
register and administer your participation in events you’ve registered for
administer and keep our website safe and secure and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
improve your interactions with our website, for example by making sure that content is presented in the most relevant and effective manner for you and for your computer/mobile device
report on the results and impact of our work, services and events
analyse and improve our work, services, activities, products or information (including our website) or for our internal records
use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you
to process your application for a job or volunteer role with us
training and/or quality control
audit and/or administer our accounts
satisfy legal obligations which are binding on us, for example arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work
prevent fraud, misuse of services or money laundering and to perform due diligence in respect of larger donations;
reduce credit risk
communicate with you in any other way
for the establishment, defence and/or enforcement of legal claims; and/or
How creating a record for you helps us to be more relevant
We may use your personal information to create a record of your interests and preferences.
This means we can make our contact with you more relevant, timely and appropriate.
It also helps us understand the background of our supporters to help us make sure that what we’re asking is appropriate.
How we combine and analyse the information we collect about you
Before contacting you, we may use data analysis to interpret your data and predict how likely you are to be interested in or responsive to a particular campaign or fundraising message. Where we have identified that you have the capacity and/or affinity to support Spinal Research at a higher level, we may collect additional information about you (see ‘How we use your information’) and combine, analyse and compile that information into a profile of you in order to assist us in engaging with you in a more personalised way.
We typically look at and combine information published in the media but other commonly used publicly available sources including company resources, the Electoral Register and any data you choose to make public on LinkedIn such as your professional memberships and networks. We may also use any publicly available data that you share on social media. We may use additional information such as geographical information for measures of affluence where available. In order to do this efficiently, we may use trusted third-party specialist companies that collate and analyse information from public registers alongside statistical social-economic data to automate some of this work. This helps us to understand more about your interests and level of potential engagement or donation.
Please note that before seeking or accepting major donations we are required to conduct a minimum level of due diligence. This is in accordance with our legal and regulatory obligations and our internal risk management policies and procedures. This means that if you opt out of analysis of your data, we may still conduct some analysis that is required to enable us to accept donations from you.
Marketing to you and talking about fundraising
We use your details to give you information about our work, events, services and/or products which we think might interest you.
For example, we might contact you about goods or services you’ve purchased or used in the past, or send you updates about our fundraising appeals, volunteering opportunities and latest campaigns.
We’ll only do this with your prior consent via email, SMS or phone.
Donations and other payments
When you use our secure online donation or payment pages, you’ll be directed to a specialist supplier company, who will receive your credit card number and contact information to process the transaction. We don’t retain your credit or debit card details.
Children’s information
Where we capture children’s data online, we’ll seek parental consent for any children under 13. We won’t actively market to under 18s.
How long do we keep your personal information?
In general, if we no longer need your information for the reasons you gave it to us, we remove your personal information from our records ten years after the date it was collected.
But we’ll remove it sooner if:
your personal information is no longer required for the purpose you shared it with us
we’re no longer lawfully entitled to process it
you ask us to remove it.
What happens if you ask for your data to be removed?
If you ask to receive no further contact from us, we’ll keep some basic information about you to make sure we don’t send you unwanted materials in the future.
Exceptions
Where your personal information is used to support research, it is usually kept for longer and may be used in the future to help with further research as medical science advances.
Our lawful grounds for processing your information
The GDPR/DPA18 requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are relevant.
Where you’ve given your consent for us to use your personal information in a certain way.
For example, we’ll ask for your consent to use your personal information to send you electronic direct marketing/fundraising.
Where necessary so that we can comply with a legal obligation (for example, where we need to share your personal information with regulatory bodies which govern our work and services).
Where necessary for the performance of a contract which we have with you or to take steps before entering a contract (for example, if you purchase something from our online shop or apply to work for/volunteer with us).
Where it is in your/someone else’s vital interests (for example, in case of medical emergency suffered by someone taking part in an event).
Where there is a legitimate interest in us doing so (for example, writing to supporters to let them know about our work and ways of supporting us).
What do we mean by ‘legitimate interests’?
The GDPR/DPA18 allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights.
Spinal Research’s legitimate interests
In broad terms, our “legitimate interests” means running Spinal Research as a charitable entity in pursuit of our aims and ideals. For example, by:
providing information about research projects
processing donations
administering events
taking applications for staff and volunteers.
Your legitimate interests
“Legitimate interests” can also include your interests, such as when you have requested information or certain goods or services from us, and those of third parties (for example, research projects).
How do we balance these interests?
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We won’t use your personal information for activities where our interests are overridden by the impact on you. For example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Processing sensitive personal data
The GDPR/DPA18 prohibits the processing of sensitive personal data (special category data) unless additional conditions are met.
We think the following conditions are relevant, in each case in accordance with the relevant safeguards:
where the processing is necessary for the provision of health or social care
where the processing is necessary for scientific research.
Will we share your personal information?
We never share, sell or rent your information to third parties for marketing purposes.
However, in general we may disclose your personal information to selected third parties in order to achieve the other purposes set out in this policy.
These may include (among others):
healthcare professionals, medical researchers and organisations involved in medical research
business partners, suppliers and sub-contractors
advertisers and advertising networks
analytics and search engine providers
IT service providers
other beneficiaries, executors and legal advisers, when administering a legacy.
In particular, we reserve the right to disclose your personal information to third parties:
in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets;
if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
if we are under any legal or regulatory duty to do so; and/or
to protect the rights, property or safety of Spinal Research, its personnel, users, visitors or others.
Security, storage and access to your personal information
We promise to keep your personal information safe and secure.
We have appropriate and proportionate security policies and organisational and technical measures in place to help us do this. For example, we require specialist suppliers who process secure payments to comply with the Payment Card Industry Data Security Standard (PCI DSS) standards.
Who can see my personal information?
Only appropriately trained staff, volunteers and contractors can access your information. It is stored on secure servers with features to prevent unauthorised access.
Where is my personal information stored?
In general, the personal information that we collect from you will be stored at a destination within the UK.
However, we use agencies and suppliers to process personal information on our behalf.
Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK who work for us or for one of our suppliers.
Please note that some countries outside of the UK have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.
Where your personal information is transferred, stored and/or otherwise processed outside the UK, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure.
Your rights
These are your rights in relation to how we process your personal information:
Right to be informed
You have the right to be told how your personal information will be used. This policy and other policies and statements used on this website and in our communications provide you with a clear and transparent description of how your personal information may be used.
Right of access
You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information.
Provided we are satisfied that you are entitled to see the information requested and we’ve successfully confirmed your identity, we’ll give you your personal information (subject to any exceptions that apply).
Right of erasure
You have the right to ask us to delete your personal information, and we’ll do this when you ask us to. In many cases, we’ll check to see if you’re happy for us to make it anonymous first, rather than delete it completely.
Right of rectification
If you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.
You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
Right to object
You have the right to object to processing where we are:
processing your personal information on the grounds of legitimate interest
using your personal information for direct marketing or
using your personal information for statistical purposes.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.
Right to data portability
Where we are processing your personal information:
because you gave us your consent
because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, and the processing is carried out by automated means
you may ask us to provide it to you – or another service provider – in a machine-readable format.
Rights related to automated decision-making
Where we take automated decisions (ie with no human involvement) in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision.
How to exercise your rights
To exercise any of these rights, please send a description of the personal information in question using the contact details below. We reserve the right to ask for:
personal identification
further information.
Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) or please contact us.
You have the right to make a complaint to the ICO about us or the way we have processed your personal information. Find further information on how to exercise this right , or contact them .
Changes to this Notice
We may update this Policy from time to time so please check back periodically. We will notify you of significant changes by placing a notice on our website. This Policy was last updated in May 2022.
Links and third parties
We link our website directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
When you make a donation through Text to Donate, your donation will be managed by your network provider in accordance with their terms and conditions and privacy policy.
How to contact us
If you would like change your current contact preferences then please contact us on: info@spinal-research.org or call us on 020 7653 8935.