Data Privacy Statement 6 September 2024
Key things to know about our approach to privacy and why we have this Privacy Notice
DC Action is a registered charity with charity number 1167150. We regard the lawful and correct treatment of your personal information as very important and are fully committed to the principles of data protection, as set out in the General Data Protection Regulation (GDPR) which came into effect on 25 May 2018 and was updated subsequently by UK GDPR, which came into effect on 1 January 2021.
Our Privacy Notice will help you understand what information we collect, how we use it, how we protect any information that you give us and what choices you have.
A quick note on terminology
- ‘Personal data’ means data which can be used to identify an individual and includes information about that individual. Examples are: name, phone number, address, e-mail address, bank account details, photographs etc.
- ‘Special category data’ is personal data that needs more protection because it is sensitive. Where we collect special category data, we must complete a legitimate interest assessment (LIA).
- When we use the words “we”, “us”, or “our” in this policy, it refers to DC Action only.
- DC Action is defined by GDPR as a ‘data controller’ which means that we are responsible for what data is collected, how and why personal data is used, and who it is shared with.
- Processing refers to the collection, storing and transfer of personal data.
What are the lawful bases we use for processing your data?
We process personal data in connection with our charitable activities. The General Data Protection Regulation sets out a number of bases on which we may rely for legal processing of data. We use the lawful bases of ‘consent’, ‘contract’ and ‘legitimate interests’. The lawful bases will differ depending on the nature of your relationship with us. We carry out Legitimate Interest Assessments in relation to the special category data we collect.
What personal data might we hold about you?
We will hold different kinds of personal data depending on the nature of your relationship with us. We access and use the information:
- To personalise and customise your experience with our website.
- To communicate with you, including by email, post or telephone.
- To provide you with news and information on DC Action’s work and events, if you have chosen to receive it. You can change your preferences as to whether you receive this information at any time.
- To fundraise and promote the interests of the charity.
- To conduct charity business on behalf of patients and their families.
- To maintain our own accounts and records.
- In the case of suppliers, advisers and consultants, we will access and use the contact information with which you provide us in pursuit of the work for which we have engaged you.
We may also hold:
- Payment and other financial information: we will only hold bank details for institutions for the purposes of making grant-related or other contractual payments but may hold individuals’ personal bank account details for reimbursement of expenses, as per our expenses policy for trustees, committee members and other individuals, as agreed with us. We will only hold such financial information for as long as necessary, and in line with legal requirements.
- Surveys and interviews: from time to time, we may conduct surveys and interviews with individuals and organisations. We will explain any specific implications as part of the activity, should they differ from this privacy notice.
Equality, diversity and inclusion data, if provided, is used solely for statistical purposes.
We do not undertake any automated decision-making in our processing of personal data.
We will not share your personal data with third parties outside of DC Action without your consent.
How do we protect your personal data?
We take data security seriously. We take all reasonable steps to protect the information you provide to us from loss, misuse, and unauthorised access, alteration or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology, and include firewalls and passwords.
How long do we keep your personal data?
We will hold personal information only for as long as necessary for the stated purpose(s), and in line with any legal, accounting or reporting requirements, for example, in relation to financial information. If you have simply asked us to keep you informed of our news, events and other information, we will retain your name and email address until you request us not to.
Your rights and your personal data:
Subject to proof of identity, you have the following rights with respect to your personal data:
- The right to be informed about what we are doing with your personal information. We do this by providing you with this Privacy Notice
- The right to request access to any personal data that DC Action holds (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- The right to request that the DC Action corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you ask us to delete your personal information we will not be able to provide any services to you.
- Where we rely on consent to process your personal information you have the right to withdraw that consent at any time.
- The right to ask us to restrict how we use your personal information for a period of time if you claim that it is inaccurate and we want to verify the position, or if our processing is unlawful but you do not want us to erase your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. If you ask us to restrict our use of your personal information, we may not be able to provide you with our services.
- The right to object to the processing of personal data where we are relying on the legitimate interests lawful basis.
- The right to lodge a complaint with the Information Commissioners Office.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
Communicating changes to this Privacy Notice
We may need to change this notice from time to time. If we do so, we will post any changes on this page. If you continue to use services which rely on your consent to process your personal data after those changes take effect, you will be asked to agree to the revised notice.
Reporting a concern
If you feel we haven’t handled your data properly, please do contact us via admin@dcaction.org and we will do everything we can to rectify the problem. If you feel this doesn’t go far enough, or if you want to report your concern elsewhere, you can contact the Information Commissioners Office on 0303 123 113 (option 4: Advice for small charities), via email https://ico.org.uk/global/contact-us/email/ or the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Contact Details:
To exercise all relevant rights, queries or complaints, in the first instance please contact
us via admin@dcaction.org