Overcoming MS (OMS) is committed to protecting your personal information and being transparent about what information we hold. Developing a better understanding of our community of people following the OMS Program (OMSers) and their families, carers, friends and medical teams through their personal data and the questions we may ask allows us to constantly improve the services and resources we provide. This enables people with MS to make informed decisions and take control of their health. It also enables us to fundraise more efficiently, which ultimately means we can spread hope to more people facing a diagnosis of MS. The purpose of this policy is to give you a clear explanation about how OMS collects and uses the personal information you provide to us and that we collect online, via the phone, in letters, in person or via any other correspondence. We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information OMS may collect from you;
- How we will use that information;
- Whether we disclose your details to anyone else;
- Your choices regarding the information you provide to us; and
Where we collect information about you
We collect information in the following way:
Information you give to us directly
This could be when you fill out one of the forms on the OMS website to join our OMS Circles (support groups), apply to be an Ambassador, request a free book, register for professional development, ask us a question, register for our forums or sign up to our newsletter. We will ask you for personal information, such as your name, address, and email address. We also collect information when you make a donation. We may also collect data if you email us your details or complete a paper form.
Information you give to us indirectly
What personal data we collect and how we use it
If you support us, for example by making a donation, volunteering or signing up for an event, we will usually collect your name, address, email address, credit or debit card details, Gift Aid eligibility, etc. We will mainly use your data to: provide you with the services, products or information you asked for; administer your donation or support your fundraising, including processing Gift Aid; keep a record of your relationship with us; ensure we know how you prefer to be contacted; and understand how we can improve our services, products or information.
Special Category Data (Sensitive Data)
Special category data is recognized by GDPR as: health information; race; religious beliefs; and political opinions. We ask on our forms if you ‘have MS’. This is purely for statistical reasons, so that we are able to monitor how many people with MS we support and provide the most appropriate services. We may also collect ‘special category data’ if you are participating in a high-risk challenge event, or if you are attending a retreat/event. This is to ensure that your experience is optimized. If you are attending an OMS retreat or event, we may need to share some of this data with external providers. For example, hotels or accommodation used for retreats will need to know if someone is a wheelchair user so that they can be placed in a wheelchair accessible room. Another example is passing on your dietary requirements to caterers to ensure that your dietary needs are catered for. We will never share special category data unless absolutely necessary to enhance your experience of our events. Rest assured that we will always have a contract in place with those we share such data with, to ensure it is protected. We may collect sensitive personal data if you make the information public or if you tell us about your experiences relating to MS (for example, if you write a blog for us). We will always make it clear to you when we collect this information from you, what sensitive personal data we are collecting and why.
Legal basis & Legitimate Interests
When we collect and use your personal information, we will make sure this is only done in accordance with the legal grounds covered under GDPR legislation. We might have obtained your specific consent to use your information for a previously notified purpose, such as to send you email marketing or to provide you with a product, service or information at your request. Another legal basis is where we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes. In some circumstances we may collect and use personal information where this is necessary in our legitimate interest as a charity, including being able to:
- Send out relevant information and resources to relevant health care professionals, such as MS nurses/MS Support Groups, so they can disseminate to people with MS;
- Conduct research to better understand who our supporters are and better target our fundraising activity (see more at Fundraising, below);
- Maintain and administer our donor database and systems; and
- Obtain feedback from our beneficiaries on our resources and services so that we can continue to improve them.
- Send out relevant news and updates to people who have registered via one of our online forms.
In all cases, we balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy or previously expressed preferences.
Your debit and credit card information
As a growing organization with a big ambition, we rely on increasing our fundraising revenue to fund our vital work. To do this, we need to be able to identify new donors. We therefore may occasionally use profiling and screening techniques to target our valuable resources effectively, which we know is important to donors. Profiling also ensures communications are relevant and timely, and to provide an improved experience for our donors. We do this because it allows us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner and more cost-effectively than we otherwise could. When building a profile we may analyze geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses or listed Directorships. If you would rather we didn’t use your data in this way, then you can let us know by emailing email@example.com, or write to us at Data Protection, Overcoming MS, Thame House, Thame Road, Haddenham, Buckinghamshire, HP17 8HU, UK.
Sharing your story
Some people choose to tell us about their experiences of the OMS Program to help further our work. They may film their story, write a blog or become an OMS Ambassador. This may include them sharing sensitive information, related to their health and family life, in addition to their biographical and contact information. We use some of the information provided, including gender and type of MS people have experience with, to target opportunities to get involved. If we have the explicit and informed consent of individuals, this information may be made public by us at events, in materials, in our PR and fundraising work, on our website, or in documents such as our annual report.
Information and disclosure
OMS may disclose your personal information in the following circumstances:
- To third parties who provide a service to us and are data processors. This would include consultants, freelancers and other OMS colleagues and partners who are contracted to carry out work for us. We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all of our data processors and regularly monitor their activities to ensure they are complying with OMS policies and procedures. Please note that given the global scope of OMS’ work, we sometimes contract the services of colleagues who are outside the EEA and carry out professional work on our behalf and all of whom are signatories to our confidentiality and data sharing policies. We will always make sure that they are aware of and adhere to our safeguarding policies.
- Where we are under duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect OMS, for example in cases of suspected fraud or defamation.
Please note – we will NEVER share, sell or swap your details with any third parties for any other purpose.
Keeping your personal data
We keep your personal information only for as long as required to operate in accordance with legal requirements and tax and accounting rules (currently six years). We will seek to refresh any consents and update details every three years. If we have no engagement with you after three years we will assume that we no longer have a need to keep your data we may anonymize the data for statistical purposes. Please note we will ensure that it is disposed of in a secure manner. Under GPDR law we are required to refresh your consents every three years and will comply to this, giving you the opportunity to update your preferences.
International transfers of personal information
All data is centrally controlled in the UK, which is part of the EEA. However as an organization, which is registered and recognized in the UK, USA and Australia, we also work with colleagues and occasionally suppliers (such as Mailchimp for our newsletters) in these countries, to ensure that we offer the best possible level of services and care to our communities in these countries. We take great care to put in place suitable safeguards to protect your personal information when processed by the supplier, such as getting contracts in place, anonymizing data and sharing through secured channels. Tools we use, such as MailChimp and Google Analytics for our newsletter, may hold and process data outside the EEA, but will comply with Privacy Shields to ensure that your data is safe and secure. You should visit their websites for more details on their Privacy Policies.
- Proper functioning of certain areas of the website
- Monitoring website performance
- Tracking marketing and fundraising campaign activity
- Enhanced and personalized functionality
How you can edit and delete your account information and preferences
It is important to us that your personal information is accurate and up-to-date. You can edit your information, including your address and contact details, at any time. If you would like to change your preferences or update the details we hold about you, please contact our Data Manager by emailing firstname.lastname@example.org, or write to: Overcoming MS, Thame House, Thame Road, Haddenham, Buckinghamshire, HP17 8HU, UK.
Your rights to your personal information
You have a right to request a copy of the personal information we hold about you (Subject Access Right) and to have any inaccuracies corrected.
Any such requests will be actioned by OMS 30 days after your request and provided free-of-charge. You also have the right to request us to erase your personal information, request us to restrict the processing of your personal information or to object to our processing of your personal information.
Should you wish to do any of the above, contact our Data Officer by emailing email@example.com, or write to Overcoming MS, Thame House, Thame Road, Haddenham, Buckinghamshire, HP17 8HU, UK. Where you have provided your consent for our use of your personal information, you always have the right to withdraw your consent at any time.
We may update the terms of this policy at any time, so please check it from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website. By continuing to use the website you will be deemed to have accepted such changes.
Complaints, compliments or comments
If you are unhappy with our work, or something we have done or failed to do, we want to know about it. You can provide feedback via the contact us form on our website. We would also love to hear from you if you have a positive experience to share or would like to let us know what you think we are doing well at. If you are unhappy with the way we have used or handled your data, then you can contact us at firstname.lastname@example.org. If you still feel that we have not handled your complaint effectively, then you may also contact the ICO. Last updated on May 24, 2018