Updated May 23rd 2018
Under the General Data Protection Regulations (GDPR), you have specific rights. This privacy notice tells you what to expect when FAVOR UK personal information. We are absolutely committed to processing your data securely and transparently. We also pride ourselves on confidentiality. This notice applies to current and former users.
Data Protection Principles
In relation to your personal data, we will comply with data protection law. This says that the personal information we hold about you must be:
- processed fairly, lawfully and in a clear, transparent way
- collected only for valid reasons that we find proper for the course of your time as a patient and not used in any way that is incompatible with those purposes
- only used in the way that we have told you about
- accurate and up to date
- kept only as long as is necessary for the purposes we outline
- process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
- kept securely
Types of Information We Hold About You
Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We hold many types of data about you, including:
- your personal details including your name, address, date of birth, email address, phone numbers
Special categories of data
There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. These may include:
- time length of addiction recovery
We will use your special category data:
- to determine membership status
We must process special categories of data in accordance with more stringent guidelines. We will process special categories of data when the following applies:
- you have given explicit consent to the processing (on our membership form)
As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
The Personal Data We Process and What We Do with It
When you supply your personal details to this charity they are stored and processed for 4 reasons:
- We need to collect personal information about you in order to provide you with membership. Your request for membership and our agreement to provide you with membership constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide membership.
- We have a legitimate interest in collecting that information, because without it we couldn’t do our job effectively and safely.
- We also think that it is important that we can contact you in order to confirm your membership with us or to update you on matters related to your membership. This again constitutes legitimate Interest, but this time it is your legitimate interest.
- Provided we have your consent, we may occasionally send you general addiction, recovery & mental health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
Change of Purpose
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Retaining Your Personal Data
We have no legal obligation to retain your membership records for any given length of time.
If you become a member, and decide not to continue with the membership, we delete your membership records immediately. We will keep your contact records as described below.
The nature of addiction and recovery means that people may come back as members after significant periods of time. Because of this, we will retain your contact records indefinitely should you wish to join as a member at some future date. However, we will be happy to delete this at your request.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Data Security – Protecting Your Data
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those charity employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Our Data Security Policy is available on request. Please ask the data controller below for a copy.
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
Your records are stored:
- Electronically, using Apple iCould, Google GMail and Google Cloud (Google Drive). These providers have given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to all of this data is password protected, and the passwords are changed regularly.
- On our charity computers. These are password-protected, backed up regularly and encrypted. They are stored in a locked, secure environment when not in use.
- On mobile devices. The nature of our charity dictates we need access to records whilst travelling. We can access and retrieve your information using mobiles phones and tablet devices. These devices may hold your contact details and any job-specific data but not any financial data. They are password protected and backed-up securely.
Sharing Your Personal Data
We will never share your data with anyone who does not need access without your written or verbal consent.
Only the following people/agencies will have routine access to your data:
- Charity trustees and/or employees.
We may share your data with third parties in order to facilitate a referral to another charity, and, in some cases, to places of treatment.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data. We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
We may also share your data with third parties as part of a charity restructure or audit, or for other reasons to comply with a legal obligation upon us. We would always keep you informed of these situations.
Transferring Information Outside the EU
We do not share your data with bodies outside of the European Economic Area.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right to be informed, a right of erasure, a right to restrict processing.
- You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Controller whose details are shown below. Please provide the following information: your name, address, telephone number, email address and details of the information you require.
- If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
- The right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice. We must also inform you of any changes to how we use your data.
- If you believe we should erase your data, please contact the Data Controller, whose details are shown below.
- If you wish us to stop storing, using, or restrict the processing of your data, please contact the Data Controller, whose details are shown below.
- Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Making a Complaint
If you have any questions about this Privacy Notice or how we handle your information please contact the Data Controller, whose details are shown below.
If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to the Data Controller. Here are the details you need for that:
Data Controller: Favor UK
Address: Registered Office. 3 Kelvinside Grove. Glasgow. G20 6PL
Telephone: 0141 946 2710
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office (ICO) www.oic.ie
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
People who Contact Us Via Social Media
If you send us a private or direct message via social media the message will be stored in that media for three months. It will not be shared with any other organisations.
Visiting our Website
When you visit facesandvoicesofrecoveryuk.org we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies’ are small pieces of information that are stored by your browser on your computer’s hard drive.
We use Google Analytics, a very popular tool used to analyse site usage and traffic, which utilises cookies. This helps us to refine the site content and give you the best experience on this website.
If you are concerned about cookies, you can turn them off in your browser. However, if you do this please note that some areas of the site may not work properly.
To find out more about cookies, how to turn them off, and further guidance on the laws governing cookies, please visit www.aboutcookies.org
At UK Recovery Walks, we’re committed to ensuring and protecting your privacy at all times.
1. Information We Collect from You
We can obtain data when you use our website in the following ways:
1.1 If you register for information by filling out a form.
1.2 Traffic data, weblogs, location data, and any other communication can be collected. These details come from your visit to our site.
Circumstances may arise when we may need to gather information about your computer to help provide appropriate services. The data gathered is solely for statistical data. Indeed, the facts collected about you are statistical only. No identifying information about our visitors and no personal details will ever be shared.
Cookies are used to collect general online usage by using a text file. If used, this text file is downloaded without prompting you. It is placed on your computer’s hard drive. A cookie is used to improve any services/products or overall website features we offer.
All computers, PCs and mobile devices have the option of declining/deleting cookies. Your web browser includes this option.
3. Use of Your Information
Any identifying information we collect and store about your visit or through a form on our site is NEVER shared. We only use identifying information you provide us in order to contact you about our services and/provide advice and guidance to you.
If you consent to us using anonymised information, we will only use it for evaluation and research purposes in order to find out how well UK Recovery Walk is reaching out and engaging people.
4. Storing Your Personal Data
4.1 Industry standard servers are used by our company to ensure proper data storage.
4.2 Transmission of data on the internet can never be ultimately secure. We do not and cannot guarantee security of information collected electronically or transmitted; however, we take all necessary steps to provide the best security available. As a result of our inability to fully and complete guarantee safety (as there may be a security breach anywhere in between your sending and our receiving of data, you are submitting information to us at your own risk. Where needed, a password may be necessary to access areas of our site. You are responsible for the safety and confidentiality of the password you generate.
Any information used for research purposes will be stored securely by academic partners (a university) in formats designed to protect research data, and governed by academic standards of ethics regarding use and storage of data.
5. Disclosing Your Information
5.1 Personal information to third parties may only be disclosed if a legal requirement obliges us to, such as a police investigation, or when we are required under legislation for vulnerable children and adults.
6. Third Party Links
There may be links on our site to third party websites.. We do not accept liability or responsibility for their content and/or privacy policies, as we have no control over their content.
7. Access to Information
The Data Protection Act 1998 was established to govern online electronic communications. The act gives you access to any data we have about you. To access this information that we hold about you, please email us using the email address below.
8. Contacting Us