Privacy Policy

The Limbless Association is committed to ensuring that any information we collect from you is protected and used responsibly. Please read our policy below to understand how we collect, use and store your information, whether via our website www.limbless-association.org or otherwise.

Contacting us:

If you have any questions about this privacy policy or need more information on how we use your information you can contact us by writing to us at:

The Limbless Association, Unit 10, Waterhouse Business Centre, 2 Cromar Way, Chelmsford, Essex, CM1 2QE

Alternatively, you can send us an email to our data protection contact Jaynie Flowers at Jaynie@limbless-association.org or call us.

This Privacy Policy applies to information we; The Limbless Association collect about individuals who interact with our organisation. It explains what personal information we collect and how we use it.

If you have any comments or questions about this policy, feel free to contact us at enquiries@limbless-association.org.

1. Personal data that we process

The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.

Purpose

Data (key elements)

Basis

Enquiring about our organisation and its work

Name, email, message

Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect.

Subscribing to email updates about our work

Name, email

Consent – you have given your active consent.

Making a donation

Name, email, address, payment information

Legitimate interests – this information is necessary for us to fulfil your intention of donating money and your expectation of receiving a confirmation message.

Signing up as a paying member

Name, email, telephone number, date of birth, address, hospital regularly attended and details of centre of treatment

Contract – by paying your membership fees you have entered into a contractual relationship with us as set out in our membership terms and conditions.

Consent – for the processing of special category personal data, such as medical data

Non-paying members

Name, email, telephone number, date of birth, address, hospital regularly attended and details of centre of treatment

Contract – by agreeing to be a member you agree to receive membership benefits, including staying in touch, accessing information, events and resources including receiving membership emails, invitations and receiving the LA’s quarterly StepForward magazine.

Consent – for the processing of special category personal data, such as medial data.

Website functionality

Website activity collected through cookies

Legitimate interests

– it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.

Relationship with suppliers, contractors and their employees

Contact information, including name, address, telephone number and email address, bank details

Contract and pre-contractual negotiations – to enable compliance with obligations under relevant contracts, including processing orders, refunds, logging and payment of invoices.

Networking and contacts

Contact information, including name, company name, job position, address, telephone number and email address, including those available via business networking sites such as LinkedIn

Legitimate interests of all parties – it is necessary to exchange, keep and otherwise process contact information in order to network; there is normally a positive action taken by all parties to provide their contact details during networking with the expectation that such contact details, including personal data, may be used by the recipient for business networking.

Volunteers, necessary for delivery of volunteer visitor project

Name, email, telephone number, date of birth, address.

Consent – you have given your active consent.

Research conducted for special category data

Name, email, date of birth, address, cause of amputation, number of amputations.

Consent – you have given your active consent.

In order to offer membership benefits to you are ask for special category personal data, such as the type of amputation. We will only process special category data with your consent. We will not generally collect any other special category data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic and biometric data) but we ask volunteers to complete optional equal opportunities form as part of our volunteering recruitment process. We do not collect any information about criminal convictions and offences.

Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:

a) you have given consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which we are subject;

d) processing is necessary to protect the vital interests of you or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or

f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.

2. How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table at the top of this policy.

For example, we may use your personal information to:

• Reply to enquiries you send to us;

• Handle donations or other transactions that you initiate;

Where you have specifically agreed to this, send you marketing communications by email relating to our work which we think may be of interest to you.

3. When we share your data and where we store your data

Who we share your data

Why we share data

Types of personal data shared

Pipe Media

Hosts of our central database, to be able to provide our services to members

Name, address, email address, telephone details, cause of amputation, type of amputation, how many amputations.

Two Cubed Creative

LA digital marketing consultants

To produce and distribute the LA e-newsletter

To communicate and coordinate the LA’s online events

Email address

CPUK Ltd

For the purpose of printing and distributing StepForward magazine

Name and address

We will only pass your data to third parties in the following circumstances:

• You have provided your explicit consent for us to pass data to a named third party;

• We are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or

• We are required by law to share your data.

In addition, we will only pass data to third parties outside of the UK or EEA where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation, such as using the appropriate Standard Contractual Clauses. We take reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations and obligations of the third party under UK GDPR and the law.

We may transfer your collected data to storage outside the UK and the EEA. By giving us your data you agree to this arrangement. It may be processed outside the EEA as may be necessary to provide our services to you, to deal with payment, or if we have your consent.

We will do what we reasonably can to keep your data secure, including restricting access, using usernames, passwords and secure servers. Although we try to provide protection, we cannot guarantee complete security for your data, and you take the risk that any sending of that data turns out to be not secure despite our efforts.

4. How long we keep your data

We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose, retain the data only for as long as we need to and delete that data promptly once it is no longer required.

Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.

In relation to members, we will generally keep your personal data for as long as you remain a member.

5. Rights you have over your data

You have a range of rights over your data, which include the following:

• Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).

• You have the right to ask for rectification and/or deletion of your information.

• You have the right of access to your information.

• You have the rights to be informed of what data processing is taking place, restrict processing or to object to the processing of your personal data.

• You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed but we would invite you to contact us first if you have any questions or concerns to give us an opportunity to resolve your concerns.

• You also have rights with respect to automated decision-making and profiling.

A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us by using details at the beginning of this policy or by writing to enquiries@limbless-association.org. To opt-out from receiving marketing communications please email us at fundingandcommunications@limbless-association.org.

Please note that relying on some of these rights, such as the right to deleting your data, may make it impossible for us to continue to deliver some or all of the services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

6. Cookies & usage tracking

We use cookies to distinguish users and improve our website. Please read our Cookie Policy [link] for more cookie information

Our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google’s privacy policy is available at http://www.google.com/privacypolicy.html.

To control third party cookies, you can also adjust your browser settings.

By using our site, you accept the terms of our Privacy Policy.

7. Modifications

We may modify this Privacy Policy from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.

8. Links to other sites

Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our website. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

9. Automated decision-making and profiling

We do not undertake any automated decision-making, including profiling.