Privacy Policy
Privacy notice
Introduction
Encephalitis Society is a charity registered in England and Wales (1087843) and Scotland (SC048210) and a
company limited by guarantee and registered in England and Wales (04189027). The Encephalitis Society’s
office is at 32 Castlegate, Malton, North Yorkshire, YO17 7DT, UK.
The Encephalitis Society is committed to keeping your information secure and managing it in accordance
with our legal responsibilities under privacy and data protection laws where we operate. This Privacy Notice
provides information about how we process your personal information.
By visiting our website, online chatservice, social media pages, e-learning modules, telephone, events and providing your information, you
agree to the information you provide being collected, used and disclosed in the manner set out in this
Notice.
You are not required to provide personal data to us. Note, however, that your failure to do so may affect our
ability to provide the Services you request.
‘Personal information’ means any information that identifies a living person. We may process the following
types of information:
Personal contact details such as name, address, phone number, email address, family relationship
(e.g. father).
Emergency contact details.
Photographs and videos.
Employment status and occupation.
Age / Date of birth.
Financial information such as bank account details.
Geographic location such as country and town.
Social media account information and profiles.
Details of visits to our websites including pages accessed and links visited.
Communication records with you such as emails, telephone, social media.
Donation transactions and history.
Fundraising and other event details.
Device information when you visit our website such as IP address, operating system, location.
We also collect and process more sensitive data about individuals as part of providing support to our service
users such as (this list is not exclusive):
Information about your race, ethnicity or religious beliefs.
Information related to your health and wellbeing.
Gender.
This is commonly referred to as “special category” information.
We may also collect, store and use information about criminal convictions and offences.
We process your personal and sometimes special data for several purposes:
To communicate with you as a supporter and service user.
To respond to your support enquiries, or requests for information.
To provide you with the support services you have requested.
To keep a record of any contacts we have with you, so we can help you with future requests.
To improve and assist you with navigating our website.
To administer donations made (and claiming Gift Aid, if applicable).
To process sales from our online shop, manage orders and deliver items.
To enrol you as a member of our society and manage your membership.
To enable you to attend our events.
To advertise our services on social media and other online platforms.
To share your stories on our website, newsletters, and social media platforms for the purposes of
support or awareness.
For the purposes of statistical research.
To enrol you has a fundraiser, donor or volunteer and manage this relationship.
To personalise the look and feel of our website (as well as our communications with users) to fit
personal preferences which you have told us about or which we have inferred from your usage of
our website or derived from market research.
To provide users of or services with fundraising related news stories, event information, and updates
on campaigns or fundraising.
To help us prevent fraud associated with online payments.
To improve the service we offer – for example you may be asked to complete one of our online user
satisfaction surveys.
To process employment and volunteer applications.
As an organisation we rely on the following legal bases for processing your personal data:
Where we have obtained your consent for processing.
Where necessary to fulfil a contract for services with you.
Where necessary to meet our legal obligations.
Where it is in our legitimate interests and such activities do not override your rights and freedoms.
Should we rely on legitimate interest when processing your information, this will be for the purposes of
fulfilling our charitable aims and supporting service users.
As an organisation we rely on legitimate interest to undertake the following activities:
1. Responding to enquiries from health and social care professionals.
2. Communicating and signposting service users to other voluntary organisations.
3. Engaging and communicating with corporate sponsors.
4. Submitting funding applications to Trusts and foundations.
5. Engaging and communicating with research organisations.
6. Monitoring visitors to our websites to understand their activities and make improvements.
7. To respond to enquiries made through social media platforms.
Special category data (sensitive types of personal data as defined in Article 9(1) of the GDPR) must be
processed only in the line with one of the conditions specified in Article 9(2). We will ask for your explicit
consent to record and process Special Categories of Personal Data.
Where you have consented to receive updates about our work, encephalitis, news and events, we may send
communications through your preferred channels e.g. e-mail.
We ensure you can opt-out from receiving communications by clicking the ‘unsubscribe’ link included in our
emails or at any time by contacting us at communications@encephalitis.info or by calling +44 (0)1653
692583.
The accuracy of users’ personal information is determined by that which you supply us. The Encephalitis
Society is not responsible for errors or problems that arise because of inaccurate information provided by
users. If you have opted to receive communications from us, we may contact you from time to time to
ensure your information is up to date.
When you use a social media platform to communicate with us, please be aware that you may share personal and special category data. It is important to understand that these platforms are beyond our control and users utilising such platforms are responsible for any associated risks. Please check the respective platforms privacy policy for details about how they process and protect your information.
We may pass your personal information to third-party service providers contracted to Encephalitis International. This is strictly for the purposes of providing services to you or improving them.
The categories of organisations we share your information with includes:
Banks and payment providers to facilitate donations and payments.
Hosting suppliers to provision our website and online chat facility
IT Infrastructure and support suppliers – to support our back-office processes.
Telecom’s providers
Mobile application providers – To provide access to our mobile apps such as Brainwalk
Training providers – to facilitate education of users, trustees, volunteers and employees.
Survey providers – To allow us to conduct survey of our users and employees.
Website analytics and optimisation providers
User relationship management platforms – to record and manage user details / interactions.
HMRC – To meet our legal obligations with respect to Gift Aid and accounts.
Research organisations - We collaborate with researchers and institutions in the encephalitis research field and we may share anonymised data about the illness and its after-effects.
Social media platforms – To share your stories and experiences
Our outsourced services and consultants
We may also share your information with a law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any person.
We will never sell or rent your information to third parties for marketing purposes.
We may also share your personal information where you have consented to do so. E.g. Consent to share contact details with a legal or medical expert, consent to share your story with one of our partners
The information we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") to third-party suppliers such as Hosting / IT infrastructure suppliers based in the United States.
We take all necessary steps to ensure your information is treated securely and in accordance with the GDPR.
We will only transfer your data to a recipient outside the EEA where we are permitted to do so by law and where adequate safeguards are in place - for instance, (A) where the transfer is based on standard data protection clauses adopted or approved by the European Commission, (B) where the transfer is to a territory that is deemed adequate by the European Commission, or (C) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards.
For the transfer of special category data, we will obtain explicit consent to facilitate such transfers.
We are committed to protecting the personal information you entrust to us. While we take reasonable precautions to safeguard the personal information we collect, no system is impenetrable.
Unfortunately, sending information via e-mail is not completely secure; anything you send via this medium is done so at your own risk. Once received, we will secure your information in accordance with our procedures and controls.
The organisation implements security controls to prevent information about you being subject to loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction. For example, we store the personal information you provide to us on computer systems that have limited access and are located in controlled facilities.
We also ensure that our third-party suppliers provide adequate security measures.
Please notify us of any changes to your personal information which you have provided to us. You also have the right to object to any of our methods of contact at any time by using unsubscribe option of any contact at any time. You can also do this by contacting us using the details below.
Our website uses cookies (which includes third party cookies to support social media, personalisation and analytics functionality).
Cookies are small computer files which are downloaded onto your device and collect information about the way in which you navigate and use our website and the internet. Cookies do not collect information which allows us to identify individual users. The information provided by cookies helps us to provide you with a more personal experience and allows us to make improvements to our services over time. You may delete and block all cookies or decide to just block certain types of Cookies via your browser setting. However, if you choose to block or delete Cookies, this may affect the functionality of the website.
GDPR provides individuals with rights which can be exercised under the correct conditions. This includes:
You have the right to request copies of the information we hold about you.
If you think any of the personal information, we hold about you is inaccurate or incomplete, you may request its correction.
You have the right to request the removal and erasure of your personal information.
You have the right to object to the processing of your information where such activities rely on the legal basis of legitimate interest.
You have the right to withdraw consent for processing activities which rely on this legal basis and mechanism.
You have the right to the portability of your data, if you wish to transfer your data to another service provider you are entitled to make such a request.
You have the right to object and restrict to processing activities under certain circumstances
If you wish to exercise any of these rights, please contact us.
If you have a complaint about how we have handled your personal information you may contact us using the details below and we will investigate your complaint. If you are not satisfied with our response or are dissatisfied with our processing activities you are entitled to make a complaint to the UK supervisory authority (The Information Commission). Who contact details can be obtained from there website https://ico.org.uk/
This Policy only applies to the Encephalitis International website. If you land on our site from other websites (or move to other sites from our website) you should read their separate privacy policies. We are not responsible for the privacy practices of external websites.
We keep this privacy notice under regular review and may update it from time to time. When updates occur, we will communicate these changes. To see the date this notice was issued please check the bottom of this notice.
The Data Protection Officer at Encephalitis International is the Director of Services. If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, please contact us via admin@encephalitis.info , +44(0)1653 692583 or write to Encephalitis International, 32 Castlegate, Malton, YO17 7DT, UK.
This document was reviewed on 19th January 2022.