The International Glaucoma Association (IGA) is the only charity solely dedicated to supporting the estimated 700,000 people living with glaucoma in the UK. As a charity that receives no government funding, we rely on the kindness and generosity of our supporters and members. We are committed to protecting and respecting your privacy.
This policy explains how and why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering Data Protection, the Data Controller is the IGA.
The IGA is registered under the Data Protection Act as a Data Controller: registration number Z7866865. Full details of our notified purposes can be viewed on the Information Commissioner’s Office website.
If you have any queries about this Policy or concerning your personal information please contact us by email at firstname.lastname@example.org by phone on 01233 64 81 71 or write to the Data Controller, IGA, Woodcote House, 15 Highpoint Business Village, Henwood, Ashford, Kent TN24 8DH.
1. What personal information do we collect?
The type and amount of personal data we collect depends on why you are providing it.
If you are requesting information or materials, we will collect your name, address and/or email address and telephone number.
If you are a applying for a research grant, a volunteer role or a paid job with the IGA, the information you are asked to provide is as set out in the application and is necessary for the purposes of our considering the application.
If you are a supporter, member, donor or a customer purchasing goods, we will ask for your name, address and/or email address, telephone number, credit or debit card details, and whether or not you are a taxpayer (in order to claim Gift Aid).
If you are using our telephone helpline (Sightline) or requesting patient advice or materials relevant to your specific condition, we may also ask for details of your glaucoma, your medical treatment, medication, family glaucoma history, and other relevant health conditions.
2. How we collect information
We may collect information from you whenever you contact us or have any involvement with us, for example when you:
- Contact us in any way including by phone (calls to our main head office phone numbers are recorded), email, online, social media or post
- Enquire about our activities or services
- Visit our website
- Sign up to receive news about our activities
- Create or update a profile on our online forum
- Post content onto our website or social media sites
- Volunteer or work for us
- Apply for research funding
- Donate to us or fundraise for us
- Attend IGA events or meetings and provide us with information
3. Where we collect information from
We collect information:
- From you when you give it to us directly: You may provide your details when you ask us for a service or make a donation, volunteer with us, fundraise for us, attend an event, etc
4. How we use your personal information
We may use the information provided by you in a number of ways which reflect the legal basis applying to processing your data. These include:
- To provide you with written information that you have requested or correspondence you have sent us (for example on glaucoma and related conditions) or to manage your event registrations, such as conferences or the IGA Annual Lectures
- To provide you with specific advice about your glaucoma and treatment, or that of a friend or relative, for example via our telephone helpline.
- For carrying out your obligations under a contract between us, for example for processing memberships and goods purchases
- To process donations and legacies
- To process job , volunteer or grant applications,
- To provide you with communications with your consent that may be of interest to you including marketing information about our services and activities, campaigning, fundraising and appeals for donations
- For analysing the operation of our website and analysing your website behaviour to improve the website and its usefulness
- Analysing your data and seeking your views so that we can make improvements to our services or represent your views to external bodies such as NICE
- For accurately maintaining our organisational records and ensuring we know how you prefer to be contacted
5. Our legal basis for processing your information
The use of your information for the purposes set out above is lawful because one or more of the following applies:
- Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. You may withdraw consent at any time by emailing us at email@example.com. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned. (Applies to 4.1, 4.2, 4.3, 4.5, 4.6).
- It is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or to take steps you ask us to prior to entering into a contract. (Applies to 4.3, 4.5).
- It is necessary to comply with our legal obligations (for example processing and retaining records relating to payroll, pensions, donations, gift aid payments, VAT, and insurance). (Applies to 4.3, 4.4, and 4.5. Article 9(2) of the GDPR also applies to our legal basis for handling health and other special category data as set out in 4.2 above: “…. necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment…”).
- Where the purpose of our processing is the provision of information or services to you, we may also rely on the fact that it is necessary for your legitimate interests that we provide the information or service requested, and given that you have made the request, would presume that there is no prejudice to you in our fulfilling your request. (Applies to 4.1, 4.2, 4.3, 4.4, 4.7, 4.8, 4.9).
6. How do we protect your personal information?
We understand the importance of security of your personal information and take appropriate steps to safeguard it.
All telephone recordings are securely held in an encrypted format compliant with FSA policy statement 08/1.
Credit/debit card payments are processed by third-party PCI-compliant payment gateways through secure servers, and card details are securely destroyed immediately after processing.
However, no data transmission over the internet can be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
7. Who has access to your information?
We always ensure only authorised persons have access to your information, which means only our staff, volunteers and contractors, and that everyone who has access is appropriately trained to manage your information. People who may have access to your information include:
- Third parties who provide services for us, including our printing and mailing distributor, our IT Support provider and the banks that process payments on our behalf. We select our third party service providers with care. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do.
- Analytics and search engine providers that help us to improve our website and its use.
Owing to matters such as financial or technical considerations the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third party processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Processing Agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
We would really appreciate it if you let us know if your contact details change. You can do so by contacting us at firstname.lastname@example.org or by calling us on 01233 64 81 71.
8. Cookies and IP addresses
9. Individuals aged 18 or under
We do not knowingly solicit or process personal information from anyone aged 18 or under without parental or guardian’s consent.
Anyone contacting the IGA who is under 18, should have the consent of a parent or guardian before supplying any personal information. If our staff consider that someone contacting the charity or requesting to use our services is under 18 they will ask for details of age before proceeding.
10. How long will we keep your personal information?
We will retain your personal data for as long as is necessary for the relevant activity. By way of example we hold records of donations you make for at least six years so that we can fulfil our statutory obligations for tax purposes. Please see our retention policy which is available on request by emailing email@example.com.
Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for two years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure that we comply with your request.
11. Your rights
You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. To make a Subject Access Request please contact firstname.lastname@example.org marking your email ‘Subject Access Request’, or write to the Data Controller, IGA, Woodcote House, 15 Highpoint Business Village, Henwood, Ashford, Kent TN24 8DH.
From 25 May 2018 you also have the following rights:
- The right to request rectification of information that is inaccurate or out of date
- The right to erasure of your information (also known as “the right to be forgotten”)
- The right to restrict the way in which we are dealing with and using your information
- The right to request that your information be provided to you in a format that is secure and suitable for re-use (also known as “the right to portability”)
- Rights in relation to automated decision making and profiling including profiling for marketing purposes.
All of these rights are subject to certain safeguards and limits or exemptions, details of which can be found in our Data Protection Policy (available from email@example.com) or at the address given above.
If you are not happy with the way we have processed or dealt with your information, you can complain to the Information Commissioners Office. Further details can be found here https://ico.org.uk/concerns/
12. Changes to this policy
We review this policy regularly, and if we make any significant changes we will advertise this on our website. Do please check this policy each time you consider giving your personal information to us.
Policy Version 2.0 updated: 01.05.18