Overcoming MS (OMS) is committed to protecting your personal information and being transparent about what information we hold.
Developing a better understanding of our community of people following the OMS Program (OMSers) and their families, carers, friends and medical teams through their personal data and the questions we may ask allows us to constantly improve the services and resources we provide. This enables people with MS to make informed decisions and take control of their health. It also enables us to fundraise more efficiently, which ultimately means we can spread hope to more people facing a diagnosis of MS.
The purpose of this policy is to give you a clear explanation about how OMS collects and uses the personal information you provide to us and that we collect online, via the phone, in letters, in person or via any other correspondence.
We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
We collect information in the following way:
This could be when you fill out one of the forms on the OMS website to join our OMS Circles (support groups), apply to be an Ambassador, request a free book, register for professional development, ask us a question, register for our forums or sign up to our newsletter. We will ask you for personal information, such as your name, address, and email address. We also collect information when you make a donation. We may also collect data if you email us your details or complete a paper form.
If you support us, for example by making a donation, volunteering or signing up for an event, we will usually collect your name, address, email address, credit or debit card details, Gift Aid eligibility, etc.
We will mainly use your data to: provide you with the services, products or information you asked for; administer your donation or support your fundraising, including processing Gift Aid; keep a record of your relationship with us; ensure we know how you prefer to be contacted; and understand how we can improve our services, products or information.
Special category data is recognized by GDPR as: health information; race; religious beliefs; and political opinions. We ask on our forms if you ‘have MS’. This is purely for statistical reasons, so that we are able to monitor how many people with MS we support and provide the most appropriate services. We may also collect ‘special category data’ if you are participating in a high-risk challenge event, or if you are attending a retreat/event. This is to ensure that your experience is optimized.
If you are attending an OMS retreat or event, we may need to share some of this data with external providers. For example, hotels or accommodation used for retreats will need to know if someone is a wheelchair user so that they can be placed in a wheelchair accessible room. Another example is passing on your dietary requirements to caterers to ensure that your dietary needs are catered for.
We will never share special category data unless absolutely necessary to enhance your experience of our events. Rest assured that we will always have a contract in place with those we share such data with, to ensure it is protected. We may collect sensitive personal data if you make the information public or if you tell us about your experiences relating to MS (for example, if you write a blog for us). We will always make it clear to you when we collect this information from you, what sensitive personal data we are collecting and why.
When we collect and use your personal information, we will make sure this is only done in accordance with the legal grounds covered under GDPR legislation.
We might have obtained your specific consent to use your information for a previously notified purpose, such as to send you email marketing or to provide you with a product, service or information at your request.
Another legal basis is where we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes.
In some circumstances we may collect and use personal information where this is necessary in our legitimate interest as a charity, including being able to:
In all cases, we balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy or previously expressed preferences.
If you make payment over the phone, this will be handled by trained and authorized staff. We do not store your credit or debit card details at all following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed.
As a growing organization with a big ambition, we rely on increasing our fundraising revenue to fund our vital work. To do this, we need to be able to identify new donors.
We therefore may occasionally use profiling and screening techniques to target our valuable resources effectively, which we know is important to donors. Profiling also ensures communications are relevant and timely, and to provide an improved experience for our donors. We do this because it allows us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner and more cost-effectively than we otherwise could.
When building a profile we may analyze geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses or listed Directorships.
If you would rather we didn’t use your data in this way, then you can let us know by emailing [email protected], or write to us at Data Protection, Overcoming MS, Thame House, Thame Road, Haddenham, Buckinghamshire, HP17 8HU, UK.
Some people choose to tell us about their experiences of the OMS Program to help further our work. They may film their story, write a blog or become an OMS Ambassador. This may include them sharing sensitive information, related to their health and family life, in addition to their biographical and contact information.
We use some of the information provided, including gender and type of MS people have experience with, to target opportunities to get involved.
If we have the explicit and informed consent of individuals, this information may be made public by us at events, in materials, in our PR and fundraising work, on our website, or in documents such as our annual report.
OMS may disclose your personal information in the following circumstances:
Please note – we will NEVER share, sell or swap your details with any third parties for any other purpose.
We keep your personal information only for as long as required to operate in accordance with legal requirements and tax and accounting rules (currently six years). We will seek to refresh any consents and update details every three years. If we have no engagement with you after three years we will assume that we no longer have a need to keep your data we may anonymize the data for statistical purposes. Please note we will ensure that it is disposed of in a secure manner.
Under GPDR law we are required to refresh your consents every three years and will comply to this, giving you the opportunity to update your preferences.
All data is centrally controlled in the UK, which is part of the EEA. However as an organization, which is registered and recognized in the UK, USA and Australia, we also work with colleagues and occasionally suppliers (such as Mailchimp for our newsletters) in these countries, to ensure that we offer the best possible level of services and care to our communities in these countries. We take great care to put in place suitable safeguards to protect your personal information when processed by the supplier, such as getting contracts in place, anonymizing data and sharing through secured channels.
Tools we use, such as MailChimp and Google Analytics for our newsletter, may hold and process data outside the EEA, but will comply with Privacy Shields to ensure that your data is safe and secure. You should visit their websites for more details on their Privacy Policies.
It is important to us that your personal information is accurate and up-to-date. You can edit your information, including your address and contact details, at any time. If you would like to change your preferences or update the details we hold about you, please contact our Data Manager by emailing [email protected], or write to: Overcoming MS, Thame House, Thame Road, Haddenham, Buckinghamshire, HP17 8HU, UK.
You have a right to request a copy of the personal information we hold about you (Subject Access Right) and to have any inaccuracies corrected. Any such requests will be actioned by OMS 30 days after your request and provided free-of-charge. You also have the right to request us to erase your personal information, request us to restrict the processing of your personal information or to object to our processing of your personal information.
Should you wish to do any of the above, contact our Data Officer by emailing [email protected], or write to Overcoming MS, Thame House, Thame Road, Haddenham, Buckinghamshire, HP17 8HU, UK.
Where you have provided your consent for our use of your personal information, you always have the right to withdraw your consent at any time.
We may update the terms of this policy at any time, so please check it from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website. By continuing to use the website you will be deemed to have accepted such changes.
If you are unhappy with our work, or something we have done or failed to do, we want to know about it. You can provide feedback via the contact us form on our website. We would also love to hear from you if you have a positive experience to share or would like to let us know what you think we are doing well at.
If you are unhappy with the way we have used or handled your data, then you can contact us at [email protected]. If you still feel that we have not handled your complaint effectively, then you may also contact the ICO.
Last updated on May 24, 2018