Burning Nights CRPS Support is a UK national charity dedicated to raising awareness of Complex Regional Pain Syndrome (CRPS)
2018-06-21

BURNING NIGHTS CRPS SUPPORT PRIVACY POLICY

Burning Nights CRPS Support Privacy policy

Your privacy is very important to Burning Nights CRPS Support.  This privacy policy provides information about the personal information that we, Burning Nights CRPS Support collects, and the ways in which we, Burning Nights CRPS Support, uses that personal information.

 

Privacy Policy - Burning Nights CRPS Support is GDPR Compliant

Privacy Policy – GDPR Compliant

 

Burning Nights CRPS Support is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Please read this Privacy Policy to learn about your rights, what information we collect, how we use and protect it.

 

 

 

 

 

Definitions

Charity means Burning Nights CRPS Support, a registered charity.
GDPR means the General Data Protection Regulation.
Responsible Person means Mr Tom Lowe, ABS Accountancy Ltd
Register of Systems means a register of all systems or contexts in which personal data is processed by the Charity

 

Introduction

We are fully committed to safeguarding the privacy of our website visitors; in this policy we explain how we will treat your personal information.

A pop-up cookies box will open when you first use our website and we will ask you to consent to our use of cookies in accordance with the terms of this policy.

 

Who we are

Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Data Protection Officer, ABS Accountancy Ltd, 10 Fairfield Road, Buxton, Derbyshire, SK17 7DW or email info@absaccountancy.co.uk

We aim to respond within 30 days from the date we receive privacy-related communications.

You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.

 

Collecting Personal Information

How do we collect personal data?

  • Directly – We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their business card, complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, visit our offices or apply for open roles. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
  • Indirectly – We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our business clients, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.
  • Public sources — Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, and Internet searches.

 

  • Social and professional networking sites — If you register or login to our website via Gravatar to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.

 

  • Recruitment services – We may obtain personal data about candidates including volunteers from an employment agency, and other parties including former employers, and credit reference agencies.

 

What categories of personal data do we collect?

We may obtain the following categories of personal data about individuals through direct interactions with us, or from information provided through client engagements, from applicants, our suppliers and through other situations including those described in this Privacy Policy.

  • Personal data – Here is a list of personal data we commonly collect to conduct our business activities:

–  Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address).

– Professional details (e.g., job and career history, educational background and professional memberships, published articles).

– Family and beneficiary details for insurance and pension planning services (e.g., names and dates of birth).

– Financial information (e.g., taxes, payroll, investment interests, pensions, assets, bank details, insolvency records).

– CCTV at our sites may collect images of visitors. Our policy is to automatically overwrite CCTV footage within 30 days.

 

  • Sensitive personal data – We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include:

– Dietary restrictions or access requirements when registering for in-person events that reveal religious beliefs or physical health.

– Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.

– Expense receipts submitted for accounting advice that reveal affiliations with trade unions or political opinions.

– Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.

– Information provided to us by our clients in the course of a professional engagement.

– Diversity and equal opportunity information volunteered by participants in certain

We do not intentionally collect information from individuals under 13 years of age. We may occasionally receive details about children attending conferences, support groups and other events we host with their parents or guardians.

 

TO THE TOP

 

What lawful reasons do we have for processing personal data?

We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:

Contract – We may process personal data in order to perform our contractual obligations.

Consent – We may rely on your freely given consent at the time you provided your personal data to us.

Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:

  • Delivering services to our clients – To deliver the professional services our clients have engaged us to provide.
  • Direct marketing – To deliver timely market insights and speciality knowledge we believe is welcomed by our business clients, subscribers and individuals who have interacted with us;

 

Legal obligations and public interests – We may process personal data in order to meet regulatory and public interest obligations or mandates.

 

Why do we need personal data?

We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:

  • Providing professional advice and delivering reports related to our tax, advisory, audit and assurance, pension scheme administration, restructuring, mergers and acquisitions and other professional services.
  • Promoting our professional services, products and capabilities to existing and prospective business clients.
  • Sending invitations and providing access to guests attending our events and webinars or our sponsored events.
  • Personalising web page landings and communications we think would be of interest to you.
  • Administering, maintaining and ensuring the security of our information systems, applications and websites.
  • Authenticating registered users to certain areas of our sites including social media platforms.
  • Seeking qualified candidates, and forwarding candidate career inquiries to our People team, which may be governed by different privacy terms and policies.
  • Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
  • Contacting journalists regarding company press releases, invitations to annual press parties, highlighting messages that may be of interest on specific industry topics.
  • Travel arrangement assistance.
  • Helping support clients to run a series of development programs for education and learning purposes to inform leaders in the healthcare, civil service and other industries.
  • Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.

 

Cookies, Web beacons & other websites

Burning Nights CRPS Support collects standard Internet log information including your IP address, browser type and language, ISP and geographic location. To ensure that our website is well managed and maintained to facilitate navigation, we or our service provider may also use cookies (small text files, which are stored in a users browser.) Or Web beacons (electronic images that allow the website to count visitor numbers who have accessed a particular page) Additional information on cookies and other tracking technologies can be found at http://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies

Our websites may contain links to other sites. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

 

Burning Nights CRPS Support cannot be held responsible for the content, security or privacy practices of any external website.

 

We cannot guarantee that our Website is free from viruses or other malicious code. You therefore agree that it is ultimately your responsibly to satisfy yourself that your own information technology/equipment used to access the Website is protected against such viruses and/or codes.

 

Do we share personal data with third parties?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

  • Where necessary for administrative purposes and to provide professional services to our clients (e.g., when providing services involving advice ).
  • Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
  • Our professional advisers, including lawyers, accountants/auditors and insurers.
  • Payment services providers such as PayPal, BT MyDonate, Virgin Money Giving.
  • Marketing services providers.
  • Law enforcement or other government and regulatory agencies (e.g., Charities Commission) or to other third parties as required by, and in accordance with, applicable law or regulation.

We do not sell any personal data to anyone.

 

What are your data protection rights?

Your data protection rights are highlighted here.

  1. Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
  2. Correction– You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  3. Erasure – You can ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
  4. Processing restrictions – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
  5. Data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
  6. Automated Individual Decision-making – You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
  7. Right to Object to Direct Marketing including Profiling – You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
  8. Right to Withdraw Consent – You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.

If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

 

How long do we retain personal data?

We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for seven years. We will dispose of personal data in a secure manner when we no longer need it.

 

Data Sharing

  • Why might you share my personal data with third parties?

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so, such as other member firms, where necessary for administrative purposes and to provide professional services to our clients or where specific consent has been requested.

  • Which third-party service providers process my personal data?

“Third parties” includes third-party service providers [and other entities within our group OR the members of our firm’s network]. The following activities are carried out by third-party service providers: [IT [and cloud] services, professional advisory services, administration services, marketing services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may also need to share your personal data with our regulator or to otherwise comply with the law.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

Security of your information

The General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018. Accepted standards of technology and operational security have been implemented to protect personal information from loss, misuse, alteration or destruction.

However, no data transmission over the internet can’t be entirely secure, as a result, while we will take every reasonable endeavour to protect your personal information, we cannot guarantee that any information you submit to us will be free from unauthorised access, use, intrusion or destruction. Therefore, we cannot guarantee the security of your personal information, or your use of our website.

We hold all data securely and we shall only process the client personal data:

  • in order to provide our services to you and perform any other obligations in accordance with our engagement with you;
  • in order to comply with our legal or regulatory obligations; and
  • where it is necessary for the purposes of our legitimate interests and those interests are not overridden by the data subjects’ own privacy rights.

You have the right at any time to request a copy of the personal information we hold on you.

Should you wish to receive a copy of this, or would like to be removed from our database, unless there is a Legitimate or a legal requirement that prevents us from doing so. Please contact us at info@absaccountancy.co.uk

All employees, subcontractors and principals are required to keep personal information confidential and only authorised personnel have access to information.

You can ask to review the personal information we hold about you and ask to change or delete any of this information. You can do this by email info@absaccountancy.co.uk.

We are registered with the Information Commissioner as a data controller. Details of our registration can be viewed at http://www.ico.gov.uk/ under registration code ZA145429.

 

What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.

 

If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

 

How long do we keep your data for?

We will not retain your personal information longer than necessary. We will hold onto the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.

If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account, or it is no longer needed to provide the Services to you.

 

Contact Details

  • This website is owned and operated by Victoria Abbott-Fleming and trustees of Burning Nights CRPS Support
  • We are based in England and Wales and our registered office is at 1 Alder Brook, Chinley, High Peak SK23 6DN
  • Our principal place of business is at the same address as above
  • You can contact Burning Nights CRPS Support by writing to the address given above, by using our website contact form https://www.burningnightscrps.org/contact/  by email to support@burningnightscrps.org or by telephone on 01663 795055
  • To contact the Data Protection Officer please contact: Data Protection Officer, ABS Accountancy Ltd, 10 Fairfield Road, Buxton, Derbyshire, SK17 7DW or email info@absaccountancy.co.uk and mark your email or letter “Burning Nights CRPS Support  Data Request”

 

Last Updated: 23/05/2018

LET’S SPREAD AWARENESS of CRPS! Burning Nights orange side version

Don't keep our info to yourself! Share....Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Google+
Google+
Share on Reddit
Reddit
Print this page
Print
Email this to someone
email
Accessibility
Call Now