Purpose of this Statement
This privacy statement provides you with details of how we collect and process your personal data.
DrugFAM respects and seeks to preserve the confidentiality of our clients. Confidentiality is a matter of consideration and respect for all clients supported by DrugFAM.
DrugFAM is the data controller and we are responsible for your personal data (referre d to as “we”, “us” or “our” in this privacy notice).
Our email address is: office@drugfam.co.uk
Our postal address is: DrugFAM Head Office, Oakley Hall, 8 Castle Street, High Wycombe, Bucks, HP13 6RF
If you are not happy with any aspect of how we collect and use your data, we would be grateful if you would contact us in the first instance to enable us to resolve it for you. You do have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at office@drugfam.co.uk
Our nominated representative for the purpose of data protection is: Office Manager
1. How we use your personal data
• Where we need to perform the contract between us
• Where you have given consent
• Where it is necessary for our legitimate interests
• Where we need to comply with a legal or regulatory obligation You have the right to withdraw consent to at any time by emailing us at office@drugfam.co.uk
2. Legal basis on which DrugFAM collects your personal data
DrugFAM collects and processes your Personal Data on the basis of different legal grounds, depending on the nature of the Personal Data being provided and the type of processing involved. Personal data means any information capable of identifying an individual. It does not include anonymised data.
Consent
Most of the Personal Data stored and processed by DrugFAM relies on your consent in order to process your Personal Data. Where DrugFAM requires your consent in order to collect and process certain Personal Data, we seek your consent at the time of provision, and such processing will only be performed where consent is secured. If consent is not given, we anonymise personal data.
Legitimate Interest
A second ground relied upon by DrugFAM for other types of processing of your Personal Data is that it is necessary for the purposes of legitimate interests pursued by DrugFAM. Such legitimate interests will include where DrugFAMsends you marketing about our products and services, where we believe you have a reasonable expectation that we will perform a particular type of processing on your behalf, or where such processing is strictly necessary for fraud detection and prevention. DrugFAM will only rely on such a ground where an assessment has been performed balancing the interests and rights involved and the necessity of the processing in order to provide our services, products and features to you.
Compliance with a Legal Obligation
A third ground relied upon for certain types of processing is that it is necessary in order to allow DrugFAM to comply with a legal obligation. An example of this would be where DrugFAM is required to retain accounting records for fixed periods of time in order to comply with local legal requirements.
3. Why we collect your sensitive data
In order to provide a service that meets your needs and to provide continuity of services DrugFAM collects some sensitive data. We are also required to provide anonymous demographic data in order to meet funding requirements which enable us to continue to deliver our services.
With consent may collect sensitive data provided by you (for example by filling in forms on our site or by sending us emails). It is important our clients have a clear understanding of our confidentiality statement so you can decide what information to share with us.
We keep a record of all our contacts, including group reports for the purpose of continuity and so we are up-to-date with your situation. This documentation will be held on our secure database system for three years after your last contact with the service.
We also record some personal statistical information to use for grant monitoring purposes and to improve our service. However, the statistics we produce will never include personally identifiable information.
We may monitor phone calls for the purposes of quality control and training.
If you would like your details anonymised or removed, please do not hesitate to email: office@drugfam.co.uk
At a minimum
• First name (or pseudonym) and, or, password
• Postcode or nearest town
• Age range
• Ethnicity
Optional (for support literature and information to be sent to you)
• Full name
• Address
• Phone Number
You can ask us to stop sending you support service messages at any time by emailing us at office@drugfam.co.uk at any time.
3.1 Marketing Communications
You will receive marketing communications from us if you have:
(i) requested information about DrugFAM events, conferences, the play, talks and presentations; or have purchased goods or services from us; or
(ii) if you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and
(iii) in each case, you have not opted out of receiving that marketing. Our newsletter service is certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework.
You can ask us to stop sending you marketing messages at any time by emailing us at office@drugfam.co.uk at any time.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us to access DrugFAM support services.
4. Keeping your information secure
We use a secure cloud based charity management database, that fully supports GDPR compliance.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to those who have a genuine business interest. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so.
5. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
We keep a record of all our contacts, including group reports for the purpose of continuity and so we are up-to-date with your situation. This documentation will be held on our secure database system for three years after your last contact with the service.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may retain this information indefinitely without further notice to you.
6. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
These include the right to:
• Withdraw consent.
• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
You can see more about these rights here
If you wish to exercise any of the rights set out above, please email us at office@drugfam.co.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
7. Cookies
We do not currently use Cookies. However, while visiting pages on our site, you may click onto 3rd Party sites via hyperlinks and embedded content and these 3rd party websites may use cookies.