If you have any queries about this policy, please contact us at firstname.lastname@example.org
Who are we?
Annabelle’s Challenge is registered with the UK Charity Commission for England and Wales under number: 1157074 whose registered office is Europa House, Barcroft Street, Bury, BL9 5BT.
We also host the REDS4VEDS campaign and website.
How we collect information from you
Annabelle’s Challenge is the sole owner of the information submitted by you, to us, in any way. We may use this information gathered during our organisation’s stated role, to further our charitable aims and to further understand our supporters and how best we can support you. However, we will not ever sell or rent personally identifiable information that you have submitted to this site to third parties.
Collection of your information may be through:
Our online shop at Annabelle’s Challenge and REDS4VEDS
Your registration to an event via our website (we will only contact you about this event unless you have specified otherwise)
Via your phone call to the charity (we will always make sure that we have your consent to contact you further)
Via a written consent form you have sent to the charity
By joining the charity as a member through the website
Information we collect about you
Is the information that you have given us.
Information collected by a third party
Special category or sensitive information
Some health information that you may tell us falls under what is deemed as sensitive information, such as your genetic data or health information. As with all the personal information you provide us, you can be assured that any sensitive information you choose to supply will be kept confidential and only shared with your consent including the NHS EDS Diagnostic Service.
How we use your information:
We use your data to:
Provide you with the services, products, or information you have asked for (for example when you purchase an item from our shop or sign up to an event via our website)
Administer your donation or support your fundraising, including processing Gift Aid.
Add you to our database
Keep a record of your relationship with us
Comply with financial regulations and the law
To contact you by email with updates on the work we do, fundraising events and news on vascular EDS (this is classed as marketing emails)
To contact you by telephone or social media in direct response to any queries you send to us
To direct mail a copy of our annual board report and accounts to all our members once per year
To plan events such as conferences, family retreats and fundraising activities
To enable UK patients to be contacted by the NHS EDS Diagnostic Service (were required and only with your permission)
You may opt-out of marketing emails at any time by clicking the ‘unsubscribe’ link in our marketing emails. You can also change your contact preferences at any time, including telling us to no longer send you marketing by post, by contacting email@example.com or calling 0800 917 8495.
If you request to receive no further contact from us, we will keep some basic information in order to avoid sending you unwanted materials in the future, and to ensure that we do not accidentally store details for the same person multiple times.
How long do we keep your personal data?
We keep personal data only for as long as it’s necessary. When it comes to financial donations and Gift Aid, we’re required to keep information such as the supporter’s name, address, Gift Aid declaration form(s) and financial information for 7 years for HMRC auditing purposes. We’ll retain basic information (such as a supporter’s postcode and transactional history). We believe it’s important to keep basic information of this kind in case someone leaves a gift in their Will to us and we’re re required to evidence the nature of their support if it’s contested.
How do we protect personal information?
We use a secure server when you make a donation or payment via our website through the Charity Checkout platform. We take appropriate measures to ensure that the personal information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. All personal information is stored in a central database which has stringent measures in place for restricting access and preventing external data breaches.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and third-party organisations who have been contracted by us to process data. Our approach to personal information involves restricting access to sensitive personal information, for example health information and financial contributions, to only those departments that need this data in order to carry out their functions.
We use external companies to collect or process personal data on our behalf. We make sure we only work with companies that comply with the Payment Card Industry Data Security Standard (PCI DSS) and we do annual reviews of their data processes to be certain that they meet our GDPR expectations and requirements.
The data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) i.e USA. It may also be processed by persons operating outside the EEA.
We use the following systems for processing and storing your data:
Unfortunately, no data transmission over the internet can be completely secure. Whilst we do our best to protect your personal data, we cannot guarantee the security of any information which you transmit to us online and you must understand that you do so at your own risk.
By providing us with your personal data, including sensitive personal data such as your state of health and diagnosis information, you consent to the collection and use of this information in accordance with the purposes described above and this privacy statement.
You also consent to our transferring your information to countries or jurisdictions outside the UK if necessary for the above purposes. These countries may not provide the same level of data protection as the UK.
Your rights under the GDPR
The General Data Protection Regulation (GDPR) gives you more control over what happens to your personal information. Under this legislation you have the right to:
be given clear, transparent and free information about how your data will be used;
access your personal data so that you can see how your personal information is being used by us;
have your personal information updated and corrected;
obtain and reuse the personal data you have given to us for your own purposes;
request that we permanently delete or remove your information where there is no “compelling” reason for us to keep it; and
request that we don’t use your personal data for specific purposes and, unless we are under a legal or contractual obligation, we must respect your wishes;
The GDPR also prohibits us from using solely automated technologies to build profiles and make decisions about people who support us which will have “legal or similarly significant effects”, unless:
it’s necessary to fulfil a contract;
it’s been authorised by a Union or Member state law; or
you’ve given your explicit consent for your information to be used in this way
How to access and update your personal information
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by contacting us using the contact details below. You may also withdraw your consent for us to keep your personal data for some of the above purposes by writing to the address below.
You have a right to access the personal information we hold about you and in certain circumstances to be provided with a copy of that information. You can request this free of charge by email to firstname.lastname@example.org or by writing to:
We are registered with the ICO. If you are unhappy with the way in which your personal data has been handled you are entitled to make a complaint to the ICO: Information Commissioner's Office
V1 GDPR. Effective 24th May 2018.