Privacy Policy

Here at Cardiomyopathy UK we're just like you. We don't like being bombarded by information, and we don't want our details passed to other people. That's why we just don't do that.

We never share your details* and we'll only send you what you want to receive. You can change your contact preferences or unsubscribe at any time by contacting us on contact@cardiomyopathy.org or 01494 791224.

Cardiomyopathy UK promise to respect any personal data you share with us, or that we get from other organisations and keep it safe. We aim to be clear when we collect your data and won't do anything you wouldn’t reasonably expect. 

Developing a better understanding of our supporters through their personal data allows us to make better decisions, fundraise more efficiently and, ultimately, helps us to reach our vision of a full life for everyone affected by cardiomyopathy.  We have made improvements to this policy to make it more understandable to supporters.

As of January 2018 we moved to an ‘opt-in only’ communication policy. This means that we will only send marketing communications to those that have explicitly stated that they are happy for us to do so via their preferred channel(s) (email or post).

Our communications include information about our vital work, our fundraising, the latest news about cardiomyopathy. If you would like to hear from us but haven't yet opted in please complete our stay in touch form or call us on 01494 791224.

We use live chat software on our website, this is provided by Click4Assistance, a 3rd party UK based Software Company. Information regarding how the data is processed and stored can be viewed here.

Our Moodle platform for healthcare professional education will collect the data that you provide when creating an account, such as name and email. We also collect data about your activity on the site, including any contributions that you make. This information is used to provide access to the online courses on this site. We also monitor site activity in order to gain a better understanding of the learning needs of healthcare professionals.  

If you want to manage emails and other communications to you, you may update your preferences by following the steps described in links at the bottom of email messages, or email contact@cardiomyopathy.org or call 01494 791224

*We occasionally have to share some of your details temporarily, to provide you with the services you expect. For example, if you sign up for a fundraising event we will need to share your details with the event organisers to secure your place, or if you want to receive a postal copy of our magazine, we share the details with our publishers on a temporary basis only. The only other occasion where we may share your details is if we are required to do so by law. For more details please read the section on ‘how we keep your data safe’. 

How we keep your data safe

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We ensure that there are appropriate technical controls in place to protect your personal details.  For example our online forms are always encrypted and our network is protected and secured. 

All of our information is stored on our secure database, and is only accessible by appropriately trained staff and volunteers.

We only share your data where necessary, to continue to provide you with the services you have requested. For example, if you subscribe to our magazine, we will pass your name and mailing address to the publishing house to send it to you. Your details are then securely destroyed after the magazine has been sent.

If you have registered with us to take part in an event, where necessary, we will pass on the relevant details such as your name, address, contact details and running time to the event organisers, so they can process your entry into the event.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors or otherwise where required to do so by law.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

Third parties

Where we share your data with third party organisations (such as a skydiving centre, a running event or Moodle) we do everything we can to ensure that your data is processed and stored securely by the third party.

For the full Moodle data privacy policy please see the Moodle.com Privacy Notice.

Where we collect our data

We collect data from you in the following ways:

  • Directly - you may give us your information in order to request our support materials and services, sign up to fundraise for us, tell us your story, make a donation, purchase our products or communicate with us.
  • From other organisations - your information may be shared with us by other organisations, for example fundraising sites such as JustGiving, Virgin Money Giving, Moodle, or event organising sites such as the London Marathon. These independent third parties will only do so when you have indicated that you wish to support Cardiomyopathy UK and with your consent. You should check their Privacy Policy when you provide your information to understand fully how they will process your data. Once your data has been shared with us we will keep it secure and safe as if you had given it to us yourself.
  • Social media - depending on your settings or the privacy policies for social media and messaging services like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
  • Our website - like most websites, we use “cookies” to help us make our site better and hopefully easier for you to use and navigate. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are full details in the section below on cookies. In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What data we collect and how we use it

The lawful basis within which we collect and process data

According to Article 6 of the GDPR, at least one of the lawful bases for processing data must apply whenever we process personal data. Our lawful basis for processing data is as follows:

(f) Legitimate interests: the processing is necessary for your legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interest.

As a charity concerned with your heart health we necessarily have to process medical data in order to provide you with our services. We process this data in accordance with Article 9(2)(d):

Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.

The data we collect depends on why you are contacting us.

Supporters and fundraisers

If you support us, for example make a donation, volunteer, register to fundraise,  sign up for an event or buy something from our shop, we will usually collect:

  • Your name
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • Your date of birth
  • Your bank or credit card details to process your payment or donation. Your details are kept securely in order to process your donation or purchase, and are they securely destroyed, in line with our Data Destruction and Retention Policy.

Where it is appropriate we may also ask for:

  • Information relating to your health (for example if you are taking part in a high risk event) 
  • Why you have decided to donate to us or support our work. As a small charity we love to get to know our fundraisers and always try and give you the best possible support, so it's helpful for us to know why you're choosing to support us, so we can do so properly. However, this is never a compulsory question, we only want you to share the information you're comfortable telling us.
  • Other information relevant to our work and cardiomyopathy

We will mainly use your data to:

  • Provide you with the services, products or information you asked for
  • Administer your donation or support your fundraising, including processing gift aid
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our services for people affected by cardiomyopathy.
  • Internal record keeping.
  • With your permission, we may periodically send promotional emails or postal information about new services, fundraising or other information which we think you may find interesting. This will be based on the communication preferences you have previously given us. We may use the information to customise the website according to your interests.

Service users including medical professionals

If you contact us to use our support services, including our nurse helpline, online education, Livechat, or receive our literature or cardiomyopathy information materials, we will usually collect:

  • Your name
  • Your job title (for medical professionals)
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • Information relating to your health
  • other information relevant to our work and cardiomyopathy

We will mainly use your data to:

  • Provide you with the services, products or information you asked for
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our services for people affected by cardiomyopathy.
  • Internal record keeping.
  • With your permission, we may periodically send promotional emails or postal information about new services, fundraising or other information which we think you may find interesting. This will be based on the communication preferences you have previously given us. We may use the information to customise the website according to your interests.

Cardiomyopathy UK will only share your details in exceptional circumstances to comply with the nurses’ code of professional conduct or where legally required, for example where a child reports abuse, or someone reports serious self-harm or a serious intention of harming someone else.

We may also collect and retain your information if you send feedback about our services or make a complaint.

Sharing your story

  • Some people choose to tell us about their experiences with cardiomyopathy to help further our work.  They may take on a role as a Media Volunteer, attend our patient focused events or sit on our youth panel.  This may include them sharing sensitive information related to their health and family life in addition to their biographical and contact information. 
  • We use some of the information provided, including gender, ethnicity or the type of cardiomyopathy people have experience with, to target opportunities to get involved. 
  • If we have the explicit and informed consent of the individuals, or their parent or guardian if they are under 18, this information may be made public by us at events, in materials promoting our campaigning and fundraising work, or in third party media outlets, social media and online.

Children, young people and young adults' data

As part of our work to support children, young people and young adults (CYP&YA) affected by cardiomyopathy, we offer services for those aged 0 -25 years of age. This includes our CYP&YA Panel and youth peer support volunteers. Where someone participating in these support services is under 18 years of age,we will seek consent from a parent or guardian before collecting information about the young person. This parental consent is recorded securely.

Marketing

If you are an existing supporter with a strong connection to us we have not your sought renewed consent to send you marketing information, under GDPR. We have limited this group to specific contacts, including (from August 2017):

  • Regular donors – anyone with a regular standing order or direct debit
  • Regular donors – anyone who has a regular annual donation that has renewed within the last twelve months
  • Fundraisers who have been actively engaged with us within the last year
  • Support group leaders and closely connected volunteers e.g. our Youth Panel
  • Major donors that have supported our work
  • Legators – those who have indicated they wish to leave us a legacy in the future

If you are contacting us for the first time we will ask your permission to send you marketing information.

We have asked your permission to send you marketing information if you are someone who does not have a strong link with us.

You are free to opt-out or update your preferences at any time, and we give you that opportunity every time we send you marketing information.

Others

There may be other individuals with whom we do business and for whom we hold personal data, such as those who work for supplier companies. We process this information in accordance with our contracts with these organisations.

Keeping your details up to date

We will not keep your data for any longer than is necessary to provide our services to you, in line with our Data Destruction and Retention Policy. 

You can update your personal information at any time, and change your marketing preferences. The accuracy of your individual information is important to Cardiomyopathy UK.

If any of your contact details have changed please let us know completing our online form by emailing us at contact@cardiomyopathy.org or by calling us on 01494 791224.

Employee and volunteer data

When you apply for a job or a volunteer role with Cardiomyopathy UK we will process the data that you send to us, and store it securely in order to process your application.

Our legal basis for processing this data is Article 6(b): Contract:

The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

Where you have provided us with information about your health or other special category data we will process this under Article 9(2)(b):

(d) Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.

If your application is unsuccessful, or you no longer work or volunteer for us, we will securely destroy your data in line with our Data Destruction and Retention Policy.

Choosing to opt out

If at any time you wish to change your communications preferences, or stop hearing from us entirely, just let us know and we'll make it happen. You can either update your contact preferences via our online form, drop us an email at contact@cardiomyopathy.org or call us on 01494 791224.

We will update your preferences within one month. Please note, if you opt out just prior to our magazine publication you may still receive the next issue, but will not hear from us after this.

Your rights

You have the right to know what data we hold about you, make changes to the data, or ask us to stop using your data.

You have the right to ask for a copy of the information we hold about you (Subject Access Request). To make a SAR please contact us at contact@cardiomyopathy.org and we will send you our Subject Access Request Form to complete and return to us. We do not charge a fee for this service.

Under certain circumstances we may refuse to comply with a SAR. When we do, this will be discussed with the DPO, and clearly explained to the subject. All information provided under a SAR is subject to exemptions as set out in the relevant Data Protection legislation. 

You have the right to change the data we process about you. If there are any discrepancies in the information we hold, please let us know and we will correct them.

You have the right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event) we will do so. Please contact us at contact@cardiomyopathy.org if you have any concerns.

If you have any questions please send these to contact@cardiomyopathy.org, and for further information see the Information Commissioner’s guidance here (link is external)

Liability

We take no responsibility for the content of any external websites we link to. The existence of a link from any organisation's site to the Cardiomyopathy UK site does not imply that we endorse the activities or views of that organisation.

We make every effort to ensure that the information on the website is accurate. We make no guarantee as to, and assume no responsibility for, the correctness, sufficiency or completeness of such information or recommendation.

Advice posted by users other than our medical professionals in comments, or through personal messaging should not be taken as professional advice unless identified by Cardiomyopathy UK as a qualified expert or professional. Cardiomyopathy UK cannot be held responsible for this advice.

Users of the site are advised to consult a doctor regarding all aspects of individual health care.

Cookies

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or identify you when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

The Cardiomyopathy UK website uses several types of cookies:

  • PHP Session ID cookie. This is used to anonymously identify each unique user of the website, and is used by the server to provide a continuous service. It expires when the browser is closed.
  • Traffic log and Google Analytics cookies. These provide anonymous statistics on website usage and identify which pages are being used and which resources are being downloaded. This helps us analyse data about webpage traffic and improve our website in order to tailor it to the needs of users. We only use this information for statistical analysis purposes. This does not identify individuals, but will give us information as to the geographical location of visitors, how they arrived at our website, and how they interact with the content on the website.
  • Add This cookies. The Add This button on our web pages enables you to share the page through a range of social networks. The Add This widget makes use of a core group of cookies for bookmarking and a group of third party cookies which are generally used for target advertising and appear after a few page loads where the Add This widget appeared. You can read more about cookies used by Add This, and how to opt out of them, here.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

To disable the use of cookies

It is possible to stop your web browser accepting cookies from one website or all websites through built in cookie controls. If you do this you may find that some aspects of this website and others stop working, or stop working as well (for example, login facilities and shopping carts may stop working completely).

All modern browsers allow you to change your cookie settings. The following links provide details on how to do this in a range of popular web browsers (external links):

Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari

Changes to our Privacy Policy

We may change this Privacy Policy from time to time.  If we make any significant changes in the way we treat your personal information we will make this clear on the Cardiomyopathy UK Website or by contacting you directly.

If you have any questions, comments or suggestions, please let us know by contacting us at contact@cardiomyopathy.org You can also write to us at Cardiomyopathy UK, 75A Woodside Road, Amersham, HP6 6AA