BBS UK Privacy Notice
BBS UK is a registered charity, primarily supporting those with Bardet-Biedl Syndrome, their families and/or carers.
BBS UK maintains a database of individuals who utilise the Charity’s services, for example as a service user, volunteer, fundraiser etc. BBS UK also processes information in respect of its employer responsibilities. BBS UK does not use automated decision-making, including profiling.
BBS UK complies with UK GDPR and the Data Protection Act 2018, and does not share data with third parties except where required by law. We do not transfer data outside of the EU. Rigorous procedures have been established to reduce the risk of compromise and ensure data is processed lawfully. Any suspected data breaches will be reported to the Information Governance Lead who will assess impact and consider further action in accordance with statutory guidance issued by the Information Commissioners Office.
Throughout this Notice, unless otherwise defined, ‘BBS UK’, ‘we’ and ‘our’ should be understood as referring to and representing Bardet-Biedl Syndrome UK.
Data Collection and Processing
Key Roles: Data Controller or Data Processor?
BBS UK is Data Controller for BBS UK data processing.
How do we collect information?
We collect personal information from you when you make an online, written or telephone enquiry, attend an event or BBS clinic, register with us, make a donation, volunteer or otherwise provide us with personal information.
Why do we process data?
We aim to provide service users with the highest quality information and support services and data processing will be undertaken in support of this.
We know that our service users, trustees, staff and volunteers value their privacy and the security of personal information held about them and this Notice outlines our commitment and sets out how we use and protect any information that service users, trustees, staff and volunteers give to BBS UK.
Your rights as a ‘data subject’
The ‘data subject’ will have access to certain rights which could include:
- Right to be Informed
- Right of Access
- Right to Rectification
- Right of Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Rights related to Automated Decision Making and Profiling
We will ensure that the rights of our service users, staff, trustees and volunteers are complied with in accordance with guidance provided by the Information Commissioners Office under UK GDPR.
What Information is recorded/processed?
BBS UK Service Users:
- Name, address, contact numbers, email address, IP address, date of birth, ethnicity data and contact preferences/information requirements.
BBS Clinic Support Service Users / BBS UK Advice Service Users:
- NHS number, GP contact information
- Benefits, education, health and social care information where provided
- Referral information which may include symptoms/treatments where given
BBS UK Staff, Trustees and Volunteers
- Name, address, contact numbers, email address, disability information (to meet access/adjustment requirements), IP address, names of family members (i.e. emergency contact information), DBS information
- Staff Only: Contact information as above plus qualifications, employment history, bank details, pension details, tax details, pay, sick leave, ethnicity
Legal basis for data processing
Legitimate Interest is the primary legal basis on which BBS UK processes personal data. We have undertaken an assessment of our data processes to ensure that our Legitimate Interest is necessary and proportionate and is the least intrusive basis for processing our service users’ data:
- The storing and processing of data is necessary to enable the effective provision of our services
- The data we process, as part of our day to day operations, has minimal impact on the service user’s privacy
- The principle beneficiaries of the data we process on this basis are service users
We will only use individuals’ data in ways they would reasonably expect, unless we have a very good reason not to, such as an overriding duty to ensure a person’s safety.
In circumstances where Legitimate Interest is not the most proportionate basis to process data we will seek the consent of the person concerned. Personal data will be processed by employees, contracted staff and volunteers in accordance with this Privacy Notice.
Special Category Data
BBS UK collects and records limited Special Category Data of its employees including health, ethnicity and disability information. The legal basis for processing this information is Article 9(2)(b); ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law...’
BBS UK collects and records service user ethnicity data for service user monitoring purposes. The legal basis for processing this information is Article 9 (2)(h); ‘processing is necessary for the purposes of … …the management of health or social care systems and services.’
BBS UK collects and records service users’ benefits, health, education and social care needs as provided by service users in the provision of support and advocacy services. The legal basis for processing this information is Article 9 (2)(h); ‘processing is necessary for the provision of health or social care…’
We will not sell, distribute or lease any personal information to third parties unless we have permission or are required by law to do so.
The information held about you will only be shared where the following statements apply:
- You ask us to do so
- We ask and you give us specific permission
- We are required by law
- We are permitted by law, for example where public interest overrides the need to keep the information confidential
Third Party Processer Contracts
BBS UK may from time to time engage the services of third party processors, i.e. for information technology support and security services or secure data/IT equipment destruction services. As Data Controller, we retain responsibility for this aspect of data processing and will always ensure that robust contracts and security processes and procedures are in place and that the third party complies with the requirements of the UK GDPR.
Consent will be used by BBS UK in respect of consent to receive research and fundraising information and will be reviewed regularly. Any consent request will be unambiguous and involve a clear affirmative action (an opt-in) and the option to choose a preferred method of communication. Any personal data obtained through consent will be retained securely, will be used solely by BBS UK and will not be passed to third parties except where required by law. Where consent is the legal basis for processing, ‘data subjects’ retain the right to withdraw consent at any time.
Data retention periods
Data retention periods are reflective of the purposes of processing and will be reviewed subject to need and any changes in legislation.
Access to personal information
BBS UK tries to be as open as it can be in terms of giving people access to their personal information. You can find out if we hold any personal information by making a ‘subject access request’.
If we do hold information about you we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be disclosed to
- Give you a copy of the information in an intelligible form
To make a request for any personal information we may hold, write to us at the address at the bottom of this Privacy Notice. If you believe that any information we are holding about you is incorrect or incomplete, you should contact us as soon as possible so that we may correct any information found to be incorrect.
How the NHS and care services use your information
BBS UK is working in the health and care system to improve care for BBS patients.
Whenever you use a health or care service, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.
On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
You can change your mind about your choice at any time.
From 2020 health and social care organisations must have systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. BBS UK does not use or share confidential patient information for purposes beyond individual care. BBS UK is currently compliant with the national data opt-out policy.
BBS UK Website
Information submitted and statistics from BBS UK's service usage will be used to enable us to provide, manage and improve the BBS UK services and to email customers occasionally about any BBS UK resources we think may be of interest.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
We take your privacy very seriously and comply with the UK and EU law on handling cookies and provide (you) the user with means to remove such cookies or prevent your computer from accepting them in the future.
Blocking and removing cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer.
Data protection and confidentiality
Some services on the BBS UK website may require us to collect personal information from you. To comply with the UK General Data Protection Regulations, we have a duty to tell you how we store the information we collect and how it is used. Any information you do submit will be stored securely and will never be passed on or sold to any third party.
Conditions of use
Use of this website constitutes agreement with the following terms and conditions.
While Bardet-Biedl Syndrome UK takes every care to ensure that the materials, information and data (together the ‘Materials’) provided on this site (the ‘Website’) are accurate and up-to-date, we must emphasise that the Materials are provided ‘as is’ and without warranty or guarantee of any kind, whether express, implied or statutory, or whether relating to title, the rights of third parties or otherwise.
Bardet-Biedl Syndrome UK reserves the right, at its absolute discretion, to add, revise or remove any Materials without notice.
Bardet-Biedl Syndrome UK uses reasonable care to ensure the content of this website is accurate and up to date. Bardet-Biedl Syndrome UK does not guarantee the comprehensiveness, accuracy, suitability, currency or adequacy of this information on the website and disclaims all liability arising from its use. BBS UK shall not be liable for any losses as a result of reliance on information provided. The content of this web site may be changed at any time without notice.
The Materials are designed for general information purposes only and Bardet-Biedl Syndrome UK assumes no responsibility for information contained in the Website and disclaims all liability in respect of such information. Those who choose to access the site (the “Users”) shall assume all risks of use and shall indemnify and hold Bardet-Biedl Syndrome UK its trustees, officers, employees, and agents harmless from and against any and all damages, liabilities, losses, costs, and expenses, including reasonable attorney’s fees, arising out of or related to use of information, services or products offered and/or presented on this Website.
Bardet-Biedl Syndrome UK makes no warranty that the Materials are free of infection by computer viruses or other contamination, or that data or information is created and structured in files that are technically error-free. The downloading of any of the Materials is at the individual user’s own risk and the user will be solely responsible for any damage, loss, or problems, whether suffered by the user or a third party in consequence of the user’s actions, which results from a download and/or use of any such Materials, or from any linked external sites.
Links to other websites
Bardet-Biedl Syndrome UK is not responsible for any content of any other website accessible from the Website, nor does it endorse or in any respect warrant any third party products or services by virtue of any information, material or content referred to or included on, or linked from or to the Website. Bardet-Biedl Syndrome UK has no control over, the data protection or privacy policies of these sites and makes no representation that the information or opinions contained on these sites, or associated links to these sites, are accurate, reliable or complete. Visitors should consult the privacy policies of these other websites and enter these sites at their own risk.
All information and copyright incorporated within this website is the property of BBS UK and any unauthorised reproduction is prohibited. Unauthorised use of BBS UK trademarks, trade names and logos is prohibited.
Complaints or Queries
BBS UK tries to meet the highest standards when collecting and using personal information.
For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate; if anyone wants to make a complaint about the way we have processed their personal information please see contact details below. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of data collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
Changes to this Privacy Notice
We keep our Privacy Notice under regular review which means it may change from time to time in line with legislation or industry developments.
We will not explicitly inform our service users of these changes. Instead, we recommend that you check this page occasionally for any Privacy Notice changes.
This privacy notice was last updated on 28 February 2023.
How to contact us
The person responsible for data protection at BBS UK is:
Tonia Hymers, 43 Balton Way, Dovercourt, Harwich, Essex, CO12 4UP
Queries and complaints may also be directed to:
Dianne Hand, Secretary, BBS UK E: [email protected]