Our website address is: https://www.cdssg.org.uk.
Cornwall Down’s Syndrome Support Group (CDSSG) is committed to protecting your privacy. We aim to ensure that all information you give to us is held securely and is only used in a manner that you have consented to or would expect. Everything we do is underpinned by our values, one of which is that we strive to be open and transparent in our processes, being reliable and responsible to high professional standards.
This privacy notice applies to CDSSG – the data controller with regards to the personal data you have disclosed to us. A data controller is the person or organisation who determines the purpose for which, and the way, any personal data is processed. The data controller is responsible for establishing practices and policies in line with the Regulations.
This notice explains how we collect, store and use your personal data. The website that we refer to in this notice is www.cdssg.co.uk
The information in this notice is provided in accordance with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and considers the General Data Protection Regulations (GDPR) which will be implemented on 25/5/2018.
What information do we collect?
We collect data from you when you interact with CDSSG online, face to face, by post, over the phone or via SMS. Some of this information is personal data which can be used to identify you. Examples of personal data include your name, address, date of birth, telephone number, email address and sometimes bank details if you are making a donation or payment. In the future, to gain access to the new activity booking system, you may be asked to register using your name and a password. We will only collect data which is relevant to the purpose for which you have given it.
How we use your personal data
The purpose of collecting personal data is to ensure you receive access to the service you may have requested. We may also use your personal data to keep you informed about our work if you have requested this or have not opted out of receiving such communications. Examples of such communications are our electronic communications which inform you about things like the Learning Support groups or external grant opportunities.
We may also ask you to financially support our work by sending you fundraising appeals. We may also use your data to process any donations you have given and any Gift Aid associated with that donation. All promotional and fundraising communications are classed as Direct Marketing.
How will we contact you?
We may contact you via post, email, telephone or SMS text. However, we will only contact you by the channel you have told us you wish to receive communications by and where we have received your consent to do so.
If you are a new member we will aim to capture your consent for Direct Marketing purposes at the data collection point. You do not have to give consent – it is your decision. If you do consent, we will also aim to capture your contact channel preferences at the data collection point. Should you wish you can specify a time limit for your consent to remain valid for, after which time we will not be able to contact you unless you give further consent. As a default position we will consider consent to remain valid while your child is still registered with us and have not objected to doing so.
You can give or withdraw consent to Direct Marketing, or change your contact channel preferences, at any time by writing to us at the address above, emailing email@example.com. Please let us know if you change your contact details or if you believe any information we hold is incorrect.
Storing and sharing your data
Your data will not be processed outside of CDSSG and will not be disclosed to any parties outside of CDSSG, except to trusted partners and affiliates with whom we work, or work for us, to organise our events, e.g. discussing general needs of our membership and disclosing generic group info for fundraising appeals, sending electronic mail, or to process donations and Gift Aid, e.g. our bank and HMRC.
As part of our responsibilities to ensure that data we hold is accurate and up to date, we may occasionally undertake a process of cleansing data and we will delete any info no longer needed.
We only enter into relationships with third parties who have appropriate data protection policies and procedures in place. All data held by third parties is destroyed when it is no longer needed ie after a support group is over.
We will not disclose your data to any other third parties unless we have your explicit consent to do so. At no time, will your data be passed to a third party for marketing purposes.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
How long do we hold your personal data?
Your personal data will be held on our database during the period of our active relationship. Once we no longer require your data it will remain on our database indefinitely but will be marked inactive and no further steps will be taken to process it. We will not keep your personal data for any longer than is necessary. Once it is no longer required we will take all reasonable steps to destroy it or erase it from our systems.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
In relation to us processing your personal data you have the following rights, which can be exercised at any time. This does not however include any data we are obliged to keep for administrative, legal, or security purposes:
- To withdraw your consent for us to process your data.
- To be forgotten – to request your data is no longer processed or quarantined.
- Subject access requests – a right to request a copy of the data we hold about you.
- To object to your data being used by us for the purposes of direct marketing.
- If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
You can read more regarding our policy on cookies here
What else you should know about privacy
Remember to close your browser when you have finished your session. This will help ensure others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or internet café. You, as an individual, are responsible for the security of, and access to, your own computer.
Please be aware that whenever you voluntarily disclose personal information over the internet that this information can be collected and used by others. In short, if you post personal information in publicly accessible online forums, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your usernames and passwords and any account information. Please be careful and responsible whenever you are using the internet.
Our pages may contain links to other websites, and you should be aware that we are not responsible for the privacy practices on other websites.
Contact us via email firstname.lastname@example.org
A copy of CDSSG’s Data Protection Policy is available upon request. If you wish to receive further information regarding CDSSG’s Data Protection Policy please contact Bonnie 07704057006
Any issues, questions or concerns you may have in relation to the way CDSSG process your data please do not hesitate to contact us on: email@example.com.
If at any time you have any concerns about the way your data has been processed by CDSSG and those concerns cannot be resolved by CDSSG directly you have the right to take those concerns externally and raise them with the regulator, the Information Commissioner www.ico.org.uk
Changes to this Privacy Notice
This privacy notice was last updated on 22nd May 2018.