Version 3.0, last updated June 2023
Means the British Kidney Patient Association Trading as Kidney Care UK a charity registered in England and Wales (270288) and Scotland (SCO48198).
Means the UK General Data Protection Regulation.
Means the Data Protection Act 2018.
a. The privacy and security of your personal information is extremely important to us. We want everyone who supports us or comes to us for support, to feel confident and comfortable that any personal information they share with us will be looked after.
c. Kidney Care UK needs to keep certain information on its supporters and beneficiaries in order to carry out its day to day operations, to meet its objectives and to comply with legal obligations.
d. We are committed to protecting individuals’ personal information and privacy and ensuring any personal data is dealt with in line with the GDPR and the DPA. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
e. We’ll never sell your personal data and will only share it with trusted third party organisations we work with when it’s necessary to deliver our charitable work, and the privacy and security of your data is assured. For example, companies that provide goods and services for our patient grants programme or our mailing house to deliver patient communications.
1. Who we are
a. Kidney Care UK is the UK’s leading kidney patient support charity, a registered charity (charity number 270288 in England and Wales, SC048198 in Scotland) and a company limited by guarantee (company number 1228114).
b. We are committed to improving the quality of life for kidney patients and their families by providing practical, emotional and financial support, working to improve the quality and access to health and care services and campaigning for change.
c. If you are a supporter, beneficiary or a visitor to our website we act as the ‘data controller’ of personal data. This means we determine how and why your data are processed. We are registered as a data controller at the UK Information Commissioner’s Office under number Z7124610.
2. What personal data do we collect?
a. We collect or update your personal information (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address), every time you get in touch with us by post, email, telephone, through our website, face to face and occasionally via social media.
b. We will only collect, use and otherwise handle your personal data:
- i. Where you have consented to this for specific, explicit and legitimate purposes, or for which we feel you would have a legitimate interest
- ii. Where this is necessary to fulfill legal obligations that apply to us
- iii. Where it is necessary for our legitimate interests relating to running our daily operations, as long as, in each case, these interests are in line with applicable law and your legal rights and freedoms
c. Supporters data
- i. If you support us, for example by signing up to an event, donating, signing up to Gift Aid, or signing up to a campaign, we usually collect your name, contact details and whether you would like to be contacted and your preferred method of communication. If appropriate, we may also ask to collect your date of birth, financial details, Gift Aid eligibility, reasons for support, information relating to health and disability and responses to our campaigns.
- ii. We only collect this data so we can keep you up to date with information and products you have requested, or may be interested in, to keep you informed on how your support is making a difference and to fulfill our legal responsibilities for financial and Gift Aid reporting.
- iii. Legal basis for processing: consent, legitimate interest
d. Our Patient Services
- i. We offer a wide range of support services to patients, including information and advice, grants, counselling and advocacy. We will collect your contact details and preferences, and any other data that is relevant to delivering the best possible service to you.
- ii. With your permission, we may periodically send you information to keep you up to date with news and information on the charity, or which you might be interested in.
- iii. Legal basis for processing: consent legitimate interest
e. Sensitive Personal Data
- i. Some of our patient support services may collect more sensitive personal data such as your health condition and social circumstances. This information is only collected in order for us to deliver the best possible service to you. This information is always stored securely and is not shared more widely within the charity. We will not pass on your details to anyone else without your express permission except in exceptional circumstances, such as anyone reporting serious self-harm or posing a threat to others, or children contacting us about serious issues such as physical abuse or exploitation.
- ii. Where you have given us your express consent that you are happy for us to share your story, then we may publish it on our website, in our magazine or in social media or other media.
- iii. Legal basis for processing: explicit consent
f. Online Community and Social Media
- i. We provide and manage an online community for kidney patients, their families and carers to get advice and information and to talk to people with similar experiences. This service is anonymous, and no personal data is stored.
- ii. We may obtain your personal data through your use of social media such as Facebook, Twitter and other social channels, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
- iii. Legal basis for processing: consent
- i. We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. We collect statistics around email opening and clicks using industry standard technologies. For more information, please see Mailchimp’s privacy notice.
- ii. Legal basis for processing: explicit consent
h. Information Events/ Conferences and Webinars
- i. We provide information events, conferences and online webinars for kidney patients, their families and carers and healthcare professionals. These events aim to provide advice and guidance on a broad number of kidney related topics and to share information from experts in their field. Attendance to these events is by registration only. During registration contact data is stored to enable communications regarding the event and the activities of the charity. It clearly explains at the point of sign up how personal information will be used.
- ii. We use the Zoom platform for webinars, please refer to their privacy statement for how they handle your information.
- iii. For post webinar surveys we use Survey Monkey, please refer to their privacy statement for how they handle your information.
- iv. For events/ conferences and webinars where we partner with other charities, we have data sharing agreements in place and clearly explain how personal information will be used at sign up and signpost to their privacy policies.
- v. Legal basis for processing: consent
- If you’re a volunteer then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
- Legal basis for processing: explicit consent
j. Website and Cookies
- i. A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or identify you when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
- ii. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
- iii. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
- iv. Legal basis for processing: legitimate interest
3. Children and young adult data
a. When we know a supporter or beneficiary is under 18 we will always seek consent from the parent or guardian before storing and using personal information. In these circumstances any communications will be directed to the parent or guardian unless we have had their express permission to address any communication to the child or young adult, for example a thank you letter for their support if they have raised funds for the charity or personally written to us in a way that requires a response.
b. Legal basis for processing: explicit consent
4. How we use your personal data
a. We use the personal information collected to help us achieve our charitable objects, deliver support services to patients and their families, create great relationships and tailor our communications with our supporters and beneficiaries, and to meet our legal, statutory or regulatory obligations.
b. This is for a number of purposes, including:
- i. to provide you with services, products or information you have requested or which may be of interest to you;
- ii. to provide further information about our work, services, activities or products;
- iii. to notify you of any changes to our services;
- iv. to process donations or payments we have received from you;
- v. to further our charitable aims, including for fundraising activities;
- vi. to fulfill sales made online;
- vii. to invite voluntary participation in our work or surveys;
- viii. to register, administer and personalise online accounts;
- ix. to register and administer your participation in events for which you have registered;
- x. to analyse and improve our work, services, activities, products or information (including our website) or for our internal records;
- xi. to use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you;
- xii. for administration purposes (e.g. contact about an event you have registered for);
- xiii. to process your application for a job or volunteer role with us; and
- xiv. for fraud prevention, credit risk reduction or otherwise as required by law or regulation.
c. We are committed to protecting individuals’ personal information and privacy and ensuring any personal data is dealt with in line with the GDPR. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
d. We will only keep your information for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations, such as the collection of Gift Aid or regulatory rules around holding financial information.
- i. We may from time to time carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us and their views on how we can improve our patient support services. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
- ii. If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (e.g. ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring), and your personal details remain anonymized for any reporting purposes.
- iii. We may give some of your personal data (e.g. contact information) to a research agency who will carry out research on our behalf. This will only be done if we are sure your information will remain secure under a non-disclosure agreement or via selected agencies governed by a robust research code of conduct.
5. Keeping your information safe
a. Your privacy is important to us, so we’ll always keep your details secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our cyber security policy is reviewed annually.
b. We will never sell or share your personal information with third party organisations so that they can contact you for any marketing activity. We will only share your information with trusted partners who work with us or on our behalf to deliver services to you, such as mailing agencies that help us to deliver our patient magazine. Any processing of your information is carried out under our instruction, after a non-disclosure agreement has been signed and we have made sure they store the information securely, delete it when they no longer need it and never use it for any other purposes.
c. If you make a donation online or purchase a product from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
6. Updating your data and marketing preferences
a. We'd love to stay in touch, but we don't want to out-stay our welcome - we want you to remain in control of your personal data.
b. Under data protection law, you have rights including:
- i. Your right of access - You have the right to ask us for copies of your personal information.
- ii. Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- iii. Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- iv. Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- v. Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- vi. Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
c. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
d. If at any time you want to update, amend or remove your personal data or marketing preferences, please contact us in one of the following ways:
- i. By email – [email protected]
- ii. Via the website at www.kidneycareuk.org
- iii. Call 01420 541 424
- iv. Click on the unsubscribe or update my preferences links at the bottom of every email that we send to you
- v. Write to our Data Protection Officer
Kidney Care UK
3 The Windmills
St Mary’s Close
Alton GU34 1EF
7. How to complain
a. If you have any concerns about our use of your personal information, you can make a complaint to us at Data Protection Officer, Kidney Care UK, 3. The Windmills, St Mary’s Close, Turk Street, Alton, GU34 1EF. You can also telephone us on 01420 541424.
b. You can also complain to the ICO if you are unhappy with how we have used your data.
c. The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
8. Making this policy great and updates
a. Well done for getting to the bottom of this policy. We have designed it to be as transparent, useful and engaging as possible and we would love to hear your feedback on how we can make it even better - please contact us at [email protected].
b. Please don’t make this the last time you read it as we will review this policy at least once a year to make sure it is up to date and accurate. As a result, we may need to make changes to the policy, which will be posted on our website or for any significant changes we will of course notify you by email.