Privacy Policy 2018 (GDPR Compliance)
Introduction
The Organisation for the Understanding of Cluster Headache in the United Kingdom OUCH (UK) [Organisation for the Understanding of Cluster Headache] takes your privacy very seriously. It is important that you know what we do with the personal information that you and others provide to us, why we gather it and what this means to you. The preservation of your privacy is extremely important to us and this policy sets out how we manage your data and privacy.
References to ‘we’ and ‘us’ in this policy refer to OUCH (UK) a company registered in England and a registered charity.
1. Information we collect about you.
We collect limited personal data about you when you enquire about our activities, ring our helpline or email us asking for support, and in some instances when you donate funding to us we may retain your information for financial recording purposes.
This data may include your name, email address, home or business address.
For helpline calls we often collect data about your health (the nature of your health and headache condition and sometimes the medication/ treatments you currently use) and your telephone number.
2. How we use your information.
Your personal information will only be used to process the requests you have consented to and provide services relating to that consent only.
If you have registered for our mailing list then you will receive communications from us via email or by post (only where you have no registered email)
If you have phoned our helpline, then we will use your phone number to contact you, solely for the purpose of contacting you to discuss your headache condition. During the call it is often helpful for our volunteers to gather some information regarding your health and treatment, in some limited instances, we record this data during the call, to assist us in assisting you. After your enquiry has been dealt with all personal data, including your health data, will be destroyed.
If you are a member of OUCH (UK) you will have provided your name, address, telephone number, email address and some statistical health data. This data is held only for membership activity details, your standing order/direct debit reference numbers and any encrypted financial transaction data conducted through the website.
PayPal/Gocardless data, our membership and donations register do not hold credit card or personal financial data, the system uses encryption, providing OUCH (UK) only with a reference number for your transaction.
Sharing Data, OUCH (UK) host your data on servers based in the United Kingdom, our webhosts (Turtle Reality) manage our CIVI (membership) database. We do not share your personal data with any third party and if we choose to do so at some point in the future then we will inform you and seek your consent. We promise not to share your data with other parties or marketing companies.
We will hold your data for as long as you remain subscribed to our services, subject to the legislation and regulatory rules of the United Kingdom and the European Union.
3. Data Management
OUCH(UK) have formally appointed a data controller to oversee the data management in line with the expectations of the GDPR legislation, they can be contacted via our office: P O Box 62, Tenby SA70 8AG or, info@ouchuk.org
4. Data Security
We will take reasonable precautions to prevent the loss, misuse or alteration of information you give us.
Communication from OUCH (UK) will most likely be sent by email and for those who have no electronic means of communication by post. Communications (non financial) will be sent in HTML unencrypted format sent from a secure mail server. E-mail is not considered a secure means of communication. While we endeavour to keep our systems and communications free from virus and other malicious code, OUCH (UK) cannot accept responsibility for viruses found on the recipients computer.
5. Cookies and how we use them
To try to give our users the most useful experience with our site, a number of our web pages use cookies. A cookie is a small file which asks permission to be placed on your computer's hard drive. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information. Cookies help analyse web traffic. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking
full advantage of the website.
You can usually modify your browser settings to control the use of cookies if you prefer, more information can be found here: https://www.aboutcookies.org/default.aspx?page=1
6. Forums and Social Media Groups
The members forum is a reactively moderated space, available to view by everyone, whether member or not. OUCH(UK) remind members that sharing data on this forum of a personal nature has the potential to lead to a loss of privacy. OUCH(UK) do not take responsibility for any breaches or privacy that occur where a poster has posted personal details in a post on our forum.
Should you feel that someone has posted something that may lead to a loss of their privacy or data, (posting phone numbers email address etc) we actively encourage members to contact the trustees who will remove the post to prevent any further loss of data or privacy.
Our Facebook group is set to ‘Closed’ meaning that non-members cannot see your posts and you must request to join, Facebook users are reminded that their personal data is held on that platform by Facebook and that the privacy settings (how much data that you share with others) are set by you. OUCH (UK) cannot and do not take any responsibility for any breaches of data as a result of Facebooks settings or errors. OUCH(UK) trustees try to maintain privacy within the closed group setting by reactively moderating comments and posts if needed, reminding members regarding sharing of sensitive or personal data. OUCH(UK) have no control over other group users sharing photos or content from within the group.
If anyone feels that they have suffered loss of privacy or data, please contact Facebook directly.
Our members forum and Facebook group have further rules to abide by to keep the space friendly and open, we encourage all posters to visit and understand our posting policies.
7. Links
The OUCH (UK) website contains many links to other sites that we think could be useful to our users. OUCH (UK) cannot be held responsible for the privacy policies of these linked sites. We strongly recommend users to be aware that when they leave our site they should read the privacy statements of each and every website they visit which may or may not be collecting personally identifiable information about them.
8. Amending, deleting and the storing of personal information
OUCH (UK) stores information for only as long as it is necessary. If your personal information changes (such as your contact details) or you no longer wish to use our website, we will provide a way to update or
remove your personal data. This can usually be done by you by e-mailing info@ouchuk.org and stating that you wish to update or remove your personal information.
If you require further information about OUCH (UK) and your data, please don’t hesitate to contact us at: P O Box 62, Tenby, SA70 9AG or, info@ouchuk.org