Burning Nights CRPS Support is a UK national charity dedicated to raising awareness of Complex Regional Pain Syndrome (CRPS)
DONATE
2021-09-20

BURNING NIGHTS CRPS SUPPORT PRIVACY POLICY

 

Burning Nights CRPS Support Privacy Policy

Your privacy is very important to Burning Nights CRPS Support.  This privacy policy provides information about the personal information that we, Burning Nights CRPS Support collects, and the ways in which we, Burning Nights CRPS Support, uses that personal information.

Privacy Policy - Burning Nights CRPS Support is GDPR Compliant
Privacy Policy – GDPR Compliant

Introduction

Burning Nights CRPS Support is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Any personal data provided by you to the Burning Nights CRPS Support through any means (verbal, written, in electronic form, or by your use of our website) will be held and processed in accordance with the data protection principles set out in the Data Protection Act 1998 and the General Data Protection Regulation for the purposes for which you have given consent, to provide the services you have requested from us, and to meet the legitimate interests of the charity.

Please read this Data Protection and Privacy Policy to learn about your rights, what information we collect, how we use and protect it.

Definitions

Charitymeans Burning Nights CRPS Support, a registered charity.
GDPRmeans the General Data Protection Regulation.
Data SubjectA data subject is an identifiable individual person about whom the Charity holds personal data.
Responsible Person (Data Controller)means Mr Tom Lowe, ABS Accountancy Ltd
Register of Systemsmeans a register of all systems or contexts in which personal data is processed by the Charity

Introduction

We are fully committed to safeguarding the privacy of our supporters, donors, contacts and visitors; in this policy we explain how we will treat your personal information.

A pop-up cookies box will open when you first use our website and we will ask you to consent to our use of cookies in accordance with the terms of this policy.

This policy outlines how Burning Nights CRPS Support collects your personal information and how we make use of this data. We will outline how we protect your privacy and your rights when it comes to personal data, and demonstrate how we keep your information safe. We are very proud of the values that underpin everything we do at Burning Nights CRPS Support to improve the lives of those affected by Complex Regional Pain Syndrome, including how we make use of personal data.

This policy only applies to data collected by Burning Nights CRPS Support staff and volunteers, and via our own forms and website. Third party agents, and websites which are linked to ours, are not covered by this policy. If you have any queries concerning your personal information or any questions on our use of the information, please contact the Responsible Person or Chair of Trustees using our contact form.

Who we are

We are:

  • Burning Nights CRPS Support, a charity registered in England and Wales (1166522)

For the purposes of this document when we say “we”, “us” or “Burning Nights CRPS Support,” we mean all of the registered body above.

Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Data Protection Officer, ABS Accountancy Ltd, 10 Fairfield Road, Buxton, Derbyshire, SK17 7DW or email info@absaccountancy.co.uk

We aim to respond within 30 days from the date we receive privacy-related communications.

You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.

Data Controller

A Data Controller will be appointed by the Board of Trustees.

In the absence of the Data Controller (eg: on holiday or on sick leave) the Chair of the Trustees will act as the Data Controller.

The Data Controller shall implement appropriate technical and organisational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation.

Those measures shall be reviewed and updated where necessary.

Collecting Personal Information

How do we collect personal data?

•          Directly – We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their contact information, complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, purchase something, if you ask about our activities, complete a survey providing feedback, visit our office or apply for open roles.

We may also obtain personal data directly when, for example, we are establishing a corporate relationship, performing charity services through a contract, or through our hosted software applications. This includes when you phone us, visit our website, make a purchase from our online shop, or get in touch through the post, email, phone, live chat or in person.

•          Indirectly – We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our clients, donors, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.

  • Public sources — Personal data may be obtained from public registers (such as Companies House, Charities Commission), news articles, sanctions lists, and Internet searches.
  • Social and professional networking sites — If you register or login to our website via Gravatar to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
  • Recruitment services – We may obtain personal data about candidates including volunteers from an employment agency, and other parties including former employers, and credit reference agencies.

What categories of personal data do we collect?

We may obtain the following categories of personal data about individuals through direct interactions with us, or from information provided through client engagements, from applicants, our suppliers and through other situations including those described in this Privacy Policy.

  • Personal data – Here is a list of personal data we commonly collect to conduct our charity activities:

–  Personal information / Contact details Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), age, nationality and ethnicity information for monitoring purposes, as well as information you provide in any communications between us.

– Information relating to your health (for example if you are taking part in or attending an event or are accessing one of our services such as the counselling or befriending service;

– where you have left us a legacy, any information regarding next of kin with which you may have provided us to administer this;

– any other personal information you provide to us.

Donations & Fundraising – You may have given us this information whilst making a donation, registering for an event, applying or accessing our services, placing an order on our website or any of the other ways to interact with us. We will mainly use this information:

  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services or goods that you have requested.
  • To update you with important administrative messages about your donation, an event or services or goods you have requested.
  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which requires us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.
  • If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide goods and services you have requested.

Counselling & Befriending Requests –  Registering with us to request access to our counselling or befriending service can be done online, on paper or in person. Our request process involves providing us with your name, address, telephone numbers and email address. We may also request information on your availability, therapeutic issues, and other details which we deem relevant to processing your request.

Initial Counselling or Befriending Assessment Appointments –  At an initial appointment we ask about your current personal, social, medical and financial circumstances.  We may also ask about your background and family history, as well as the issues which are affecting you now. We require this information so that we can decide about our offer of counselling to you, to assign you to a counsellor, and to manage the service we provide to you.

Volunteer Placements  – Counsellors, Befrienders and other volunteers may apply for placements by form, letter, or email. They may also be interviewed. We may ask about your background, qualifications, experience, and professional memberships. We also ask for your name, address, telephone numbers, email address, and address and telephone details for referees and people we may need to contact for you in emergencies.

Employment – In order to apply for job opportunities advertised on our website and elsewhere, and to become an employee of the charity, you will be required to provide your contact details and other personal information contained in your CV (such as employment history and qualifications), as well as contact details of referees. This information is only processed for the purpose of considering your job application, making any offer of employment, and administering your contract of employment.

Website – We use Google Analytics to collect anonymous data relating to user behaviour and ‘web traffic’ statistics. The collection and use of this data by Google Inc. is subject to their own Privacy Policies.

Other Forms – The information you give us on our forms (including all enquiry and application forms) may include your name, postal address, email address, phone number and other messages to us.

Professional details (e.g., job and career history, educational background and professional memberships, published articles).

Family and beneficiary details for donations, support services (e.g., names and dates of birth).

Financial information (e.g., taxes, bank details).

CCTV at our site may collect images of visitors. Our policy is to automatically overwrite CCTV footage within 30 days

Photos and videos from events or through the course of our charitable activities

  • Sensitive personal data – When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. If you share your personal experience or the experiences of a friend or relative, we may also collect this health information. If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy. You can of course decide if you want to remain anonymous, if you are happy to share your personal details with staff members/ volunteers or if you would like us to share your story with the media or other parties as part of our work telling people’s personal stories about mental health (for example, on our blog). Examples of sensitive personal data we may obtain include but not limited to:

– Dietary restrictions or access requirements when registering for in-person events that reveal religious beliefs or physical health.

– Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.

– Expense receipts submitted for accounting advice that reveal affiliations with trade unions or political opinions.

– Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.

– Information provided to us by our clients in the course of a professional engagement.

– Diversity and equal opportunity information volunteered by participants in certain

– Personal information about health including mental health supplied during the course of accessing our services such as counselling or befriending

We do not intentionally collect information from individuals under 13 years of age. We may occasionally receive details about children attending conferences, support groups and other events we host with their parents or guardians. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children for events we organise specifically for young people or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people under the age of 16.

A special note about the Sensitive Personal Information we hold

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.

If you contact us through our Helplines, Live Chat, through the course of receiving Counselling or through the Befriending service or in other more general communications with us such as blogs or emails, you may choose to provide details of a sensitive nature.

We will only use this information:

  • For the purposes of dealing with your enquiry, counselling service, befriending scheme, training, and quality monitoring or evaluating the services we provide.
  • We will not pass on your details to anyone else without your explicit consent except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
  • Where you have given us your explicit consent or otherwise clearly indicated to us (for example, by submitting your story through our ‘Personal CRPS Stories’ website page) that you are happy for us to share your story, then we may publish it on our blog or in other media.

Accessing Burning Nights CRPS Support Services

When you apply to access a Burning Nights CRPS Support advice or support service we will process your personal information and sensitive – special category data.

We will use this information to safely deliver our services to you and in order to meet your assessed needs.

Your information is held in a client file and on our client database, and on paper-based records which are held in a locked cabinet with restricted access.

We will also use your data for statistical reports for monitoring purposes to see how our services are performing and how we can improve them. Statistics will not include any information that could be used to identify any individual.

We process this information because it is necessary in the performance of a contract, to fulfil our legal and regulatory obligations, and because it is in our legitimate interests to do so.

What lawful reasons do we have for processing personal data?

We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:

Contract – We may process personal data in order to perform our contractual obligations. People who sell goods and/or services to, and/or purchase goods and/or services from the Charity.

The information collected will additionally contain details of:

a) The goods/services being sold to, or purchased from the Charity;

b) Bank and other details necessary and relevant to the making or receiving of payments for the goods/services being sold to, or purchased from the Charity.

The information provided will be held and processed solely for the purpose of managing the contract between the Charity and the person for the supply or purchase of goods/services.

Consent – We may rely on your freely given consent at the time you provided your personal data to us:

  1. People who are interested in, and wish to be kept informed of, the activities of the Charity
  2. Subject to the person’s consent, this may include information selected and forwarded by the Charity on activities relevant to those of the Charity by other organisations.

Note: this will not involve providing the person’s personal data to another organisation.

The information collected may additionally contain details of any particular areas of interest about which the person wishes to be kept informed.

The information provided will be held and processed solely for the purpose of providing the information requested by the person.

Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:

  • Delivering services to our clients – To deliver the charitable & professional services our clients have engaged us to provide.
  • Direct marketing – To deliver timely insights and speciality knowledge we believe is welcomed by our clients, subscribers and individuals who have interacted with us;
  • Volunteers
  • Where we contact you about our work via post, use your personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.
  • Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes, and intergroup transfers of data.
  • Administration and operational management: including responding to solicited enquiries, providing information and services, research, data analytics, events management, the administration of volunteers and employment, and recruitment requirements. Also including the arrangement of appointments, the handling of donations, and for financial control, data analysis, research, statistical and survey purposes.
  • Fundraising and Campaigning: including administering campaigns and donations, and sending direct marketing by post (and in some cases making marketing calls) and maintaining communication suppressions. Our normal practice is to keep in contact with supporters for a maximum of four years after their last activity (such as making a donation, taking part in an event, signing a petition or volunteering).
  • To provide clients with the professional counselling service requested from us
  • To enable us to offer appropriate opportunities and support to our counsellors and other volunteers
  • To offer suitable counselling appointments, and to allocate clients and counsellors for counselling
  • To notify you about changes to your appointments and other changes to our services
  • To seek feedback from you on your experience of using our services
  • To improve our service to ensure that it is provided in the most effective manner for you and for us.
  • To administer our service, including the arrangement of appointments, the handling of donations, and for financial control, data analysis, research, statistical and survey purposes.
  • To keep in touch with those who consent to this, for the purposes of organisational, service and professional development.
  • To fulfil our administrative, legal and contractual obligations as an employer.

Legal obligations and public interests – We may process personal data in order to meet regulatory and public interest obligations or mandates. People where there is a legal obligation on the Charity to collect, process and share information with a third party – eg: the legal obligations to collect, process and share with HM Revenue & Customs payroll information on employees of the Charity.

The information provided will be held, processed and shared with others solely for the purpose meeting the Charity’s legal obligations.

  1. Taxation (HM Revenue & Customs)

For the purpose of managing an employee’s PAYE and other taxation affairs the information collected will additionally contain details, as required by HM Revenue & Customs, of:

  • The person’s National Insurance Number;
  • The person’s taxation codes;
  • The person’s salary/wages, benefits, taxation deductions & payments;
  • Such other information as may be required by HM Revenue & Customs.
  • Pensions

For the purpose of managing an employee’s statutory pension rights the information collected will additionally contain details, as required by the Charity’s pension scheme (National Employees Savings Trust, NEST), of:

  • The person’s National Insurance Number;
  • The person’s salary/wages, benefits, taxation & payments;
  • Such other information as may be required by the NEST scheme.

Why do we need personal data?

We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:

  • Providing professional advice and delivering reports related to our donations, tax, advisory, audit and assurance, restructuring and other professional services.
  • Promoting & keeping in touch with those who consent to this, our charitable services, products and capabilities to existing and prospective clients.
  • Provide clients with the counselling & befriending services requested from us including to enable us to offer appropriate opportunities and support to our counsellors and other volunteers, to offer suitable counselling & befriending appointments, and to allocate clients and counsellors for counselling, to notify you about changes to your appointments and other changes to our services,
  • To seek feedback from you on your experience of using any of our services
  • Sending invitations and providing access to guests attending our events and webinars or our sponsored events.
  • To improve our services to ensure that they are provided in the most effective manner for you and for us.
  • To administer our services, including the arrangement of appointments, the handling of donations, and for financial control, data analysis, research, statistical and survey purposes.
  • Personalising webpage landings and communications we think would be of interest to you.
  • Administering, maintaining and ensuring the security of our information systems, applications and websites.
  • Authenticating registered users to certain areas of our sites including social media platforms.
  • Seeking qualified candidates, and forwarding candidate career inquiries to our People team, which may be governed by different privacy terms and policies.
  • Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
  • Contacting journalists regarding company press releases, invitations to annual press parties, highlighting messages that may be of interest on specific industry topics.
  • Travel arrangement assistance.
  • Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.

Communications for Fundraising/Marketing

We may use your contact details to provide you with information about our work and events which we consider may be of interest to you (for example updates about fundraising appeals and/or volunteering opportunities via our newsletter). Where we do this via email, SMS or telephone, we will not do so without your prior consent. We may also ask for your consent to send you information by post.

You can opt out of receiving emails from the Charity at any time by clicking the “unsubscribe” link at the bottom of our emails or you can tell us by contacting us at support@burningnightscrps.org In some circumstances, we may send you information in the post under the legal basis of legitimate interest.  Again, if you wish to opt out of receiving postal mail from us you can tell us by contacting us at support@burningnightscrps.org

Do we share personal data with third parties?

The personal information we collect about you will mainly be used by our staff (and volunteers) at Burning Nights CRPS Support so that they can support you.

We may occasionally share personal data with trusted partners, suppliers or third parties to help us deliver efficient and quality services, but processing of this information is always carried out under our instruction. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

  • Where necessary for administrative purposes and to provide professional services to our clients (e.g., when providing services involving advice ).
  • Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
  • Our professional advisers, including lawyers, accountants/auditors and insurers.
  • ●       Payment services providers such as PayPal, Virgin Money Giving, Facebook Charitable Giving, Just Giving, Go Cardless or Stripe.
  • ●       Donation processing – When making an online donation you will be directed through to an online form hosted by Donorfy. If you are making a credit or debit card donation this will be processed by Stripe or Paypal which processes card transactions on our behalf. The site utilises a number of security features, including Secure Socket Layer (SSL) encryption, for all transactions. Information provided to Stripe and Paypal will be processed only for the purposes of enabling the donation transaction to take place. Stripe and Paypal also have their own privacy policies.
  • ●       Donation processing (regular giving) – If you set up a direct debit, your data will be shared with GoCardless who act as a direct debit bureau on behalf of Burning Nights CRPS Support. Information provided to GoCardless will be processed only for the purposes of claiming the direct debit donations and sending out an advance notification letter/email.
  • ●       Gift Aid – If you have made a Gift Aid declaration, we will disclose the information you have provided as part of the declaration to HMRC for the purpose of reclaiming gift aid on your donation(s).
  • Marketing services providers (including our email newsletter)
  • Law enforcement or other government and regulatory agencies (e.g., Charities Commission) or to other third parties as required by, and in accordance with, applicable law or regulation.

We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, with our partners who help us to process donations and claim Gift Aid and our partners who help us to manage our social media accounts.

We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.

We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

Legal disclosure

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.

What are your data protection rights?

Your data protection rights are highlighted here.

  1. Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
  2. Correction– You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  3. Erasure – You can ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
  4. Processing restrictions – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
  5. Data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
  6. Automated Individual Decision-making – You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
  7. Right to Object to Direct Marketing including Profiling – You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
  8. Right to Withdraw Consent – You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.

If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

How long do we retain personal data?

We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for seven years. We will dispose of personal data in a secure manner when we no longer need it.

Data Sharing

●     Why might you share my personal data with third parties?

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so, such as other member firms, where necessary for administrative purposes and to provide professional services to our clients or where specific consent has been requested.

●     Which third-party service providers process my personal data?

“Third parties” includes third-party service providers and other entities within our group OR the members of our charity’s network. The following activities are carried out by third-party service providers: IT [and cloud] services, professional advisory services, administration services, marketing services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may also need to share your personal data with our regulator or to otherwise comply with the law.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

Security of your information

The General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018. Accepted standards of technology and operational security have been implemented to protect personal information from loss, misuse, alteration or destruction.

We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

However, no data transmission over the internet can’t be entirely secure, as a result, while we will take every reasonable endeavour to protect your personal information, we cannot guarantee that any information you submit to us will be free from unauthorised access, use, intrusion or destruction. Therefore, we cannot guarantee the security of your personal information, or your use of our website.

We hold all data securely and we shall only process the client personal data:

  • in order to provide our services to you and perform any other obligations in accordance with our engagement with you;
  • in order to comply with our legal or regulatory obligations; and
  • where it is necessary for the purposes of our legitimate interests and those interests are not overridden by the data subjects’ own privacy rights.

You have the right at any time to request a copy of the personal information we hold on you.

Should you wish to receive a copy of this, or would like to be removed from our database, unless there is a Legitimate or a legal requirement that prevents us from doing so. Please contact us at info@absaccountancy.co.uk

All employees, subcontractors, volunteers and principals are required to keep personal information confidential and only authorised personnel have access to information.

You can ask to review the personal information we hold about you and ask to change or delete any of this information. You can do this by email info@absaccountancy.co.uk.

We are registered with the Information Commissioner as a data controller. Details of our registration can be viewed at http://www.ico.gov.uk/ under registration code ZA145429.

What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.

If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

How long do we keep your data for?

We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).

If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account, or it is no longer needed to provide the Services to you.

Staff, Volunteers and Boards Members

When you apply for a job, volunteering opportunity or work for us we collect personal and sensitive information about you. We do this to:

  • Comply with legal requirements or industry standards, such as to carry out eligibility checks and where relevant Disclosure Barring Services.
  • Offer appropriate support or training you need to carry out your role.
  • Administer your role, such as payroll or pension services.
  • Contact you in relation to your role or organisational information.
  • Monitor Equality, Diversity and Inclusion.

Your information is stored on our computer system, on our CRM (Donorfy) and in a staff/volunteer file held by our Chair of Trustees or Board.

If you are unsuccessful in your job or volunteering application, we will hold your personal information for 6 months after we’ve finished recruiting the post/opportunity you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes, but this does not contain any information that could be used to identify individual job applicants.

Once you stop working for us, we will keep your information for 7 years.

Cookies, Web beacons & other websites

Burning Nights CRPS Support collects standard Internet log information including your IP address, browser type and language, ISP and geographic location. To ensure that our website is well managed and maintained to facilitate navigation, we or our service provider may also use cookies (small text files, which are stored in a user’s browser.) Or Web beacons (electronic images that allow the website to count visitor numbers who have accessed a particular page) Additional information on cookies and other tracking technologies can be found at http://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies 

Cookie Definitions – Burning Nights CRPS Support’s website inhabits both Google Analytics cookies and those set in the site build which are used to gain information to improve end users experiences and interactions with the Burning Nights CRPS Support site.

Google sets cookies in order to evaluate the use of your site (burningnightscrps.org).

Our websites may contain links to other sites. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

Burning Nights CRPS Support cannot be held responsible for the content, security or privacy practices of any external website.

We cannot guarantee that our Website is free from viruses or other malicious code. You therefore agree that it is ultimately your responsibility to satisfy yourself that your own information technology/equipment used to access the Website is protected against such viruses and/or codes.

How do I prevent being tracked by Google Analytics?

If you are uncomfortable with Cookie tracking, you can take the following actions:

  • Use a tracking-blocker, such as Privacy Badger
  • Clear cookies after every browsing session
  • Install the Google Analytics opt-out extension

Social Media

We use social media to inform, educate and engage new potential supporters. We may target ads using social media at audiences that look like they have an interest in Burning Nights CRPS Support’s work.

If you have given us consent to use your image or become a case study to help promote our work we may post this on our Social Media outlets.

We want to remind you that information shared on social media, on our pages or in private messages may be used or sold by the provider, such as Facebook, Twitter or Youtube, for commercial purposes.

Facebook

We use Facebook as a social media platform to communicate with our existing and potential supporters. We use both paid ads and unpaid organic posts on the platform. We use cookies to measure the success and effectiveness of our paid advertising by ensuring that our ads are served to the relevant people.

We also use Facebook cookies to retarget to supporters who have previously engaged with us through our website.

These cookies also help us to build custom audiences and lookalike audiences so you can receive relevant adverts from us when you use Facebook. This is so we can raise awareness among users of Facebook who share similar interests to you. Your data is sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account.

Please read Facebook’s Privacy Policy – https://www.facebook.com/policy.php

Email and Newsletter Subscribers

If you subscribe to our mailing list, you will be automatically be subscribed to receive email updates. You will only receive information that you have opted in to receive.

Depending on your preferences, we will contact you for the following reasons:

  • To share stories about living or caring for someone with Complex Regional Pain Syndrome (CRPS)
  • To share articles about being affected by CRPS, managing living with the condition
  • To offer opportunities to take part in research studies and/or clinical trials concerning chronic pain or CRPS
  • To update you with news about Burning Nights CRPS Support, the work we are doing, events we may be holding
  • To let you know about opportunities to get involved with Burning Nights CRPS Support campaigns, events and giving

We use Mailchimp to manage our email marketing. Our agreement with Mailchimp is based on one of the approved means of protecting the data of UK citizens (it uses what are called the Standard Contractual Clauses, and you can see them here). We only send you our newsletter with your consent.

The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems. We don’t rent or trade email lists with other organisations and businesses.

We gather statistics around newsletter opening and clicks using industry standard technologies to help us monitor and improve our newsletter.

We transfer all contacts to our own database, Donorfy, which is hosted in the North Europe data centre which is located in Dublin, Republic of Ireland. This system is kept updated with your marketing preferences.

You can change your email marketing preferences at any time, by clicking ‘unsubscribe’ or ‘manage preferences’ on any of our emails or by contacting: support@burningnightscrps.org

Monitoring

Your communications with our teams (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.

Contact Details

Burning Nights CRPS Support is based in England and Wales and our registered office is at 1 Alder Brook, Chinley, High Peak, Derbyshire SK23 6DN

Our principal place of business is at the same address as above.

To contact the Data Protection Officer please contact: Data Protection Officer, ABS Accountancy Ltd, 10 Fairfield Road, Buxton, Derbyshire, SK17 7DW or email info@absaccountancy.co.uk and mark your email or letter “Burning Nights CRPS Support  Data Request”

Changes to this Privacy Policy

This policy will be reviewed at least annually. The next review is planned for February 2022. If we make significant changes, we will publish them clearly on our website or contact you directly with more information.

We are fully committed to safeguarding the privacy of our website visitors; in this policy we explain how we will treat your personal information.

A pop-up cookies box will open when you first use our website and we will ask you to consent to our use of cookies in accordance with the terms of this policy.

 

Contact Details

  • This website is owned and operated by Burning Nights CRPS Support
  • We are based in England and Wales and our registered office is at 1 Alder Brook, Chinley, High Peak SK23 6DN
  • Our charity registration number is 1166522 (England and Wales)
  • Our principal place of business is at the same address as above
  • You can contact Burning Nights CRPS Support by writing to the address given above, by using our website contact form https://www.burningnightscrps.org/contact/  by email to support@burningnightscrps.org or by telephone on 01663 795055
  • To contact the Data Protection Officer please contact: Data Protection Officer, ABS Accountancy Ltd, 10 Fairfield Road, Buxton, Derbyshire, SK17 7DW or email info@absaccountancy.co.uk and mark your email or letter “Burning Nights CRPS Support  Data Request”

 

Last Updated: 23/06/2021

LET’S SPREAD AWARENESS of CRPS! Burning Nights orange side version

We Need Your Support

Please help us provide counselling to people affected by CRPS. Our help, services and advice are only possible thanks to donations from people like you. If you can, please donate now.

Accessibility