Privacy policy

At Kidney Care UK we are committed to protecting your personal information and being transparent about what we do with it.

Version 4.0, last updated April 2024

Definitions

Charity GDPR DPA

Means the British Kidney Patient Association Trading as Kidney Care UK a charity registered in England and Wales (270288) and Scotland (SCO48198).

Means the UK General Data Protection Regulation.

Means the Data Protection Act 2018.

Introduction

1. Who we are

2. What personal data do we collect?

  • i. Where you have consented to this for specific, explicit and legitimate purposes, or for which we feel you would have a legitimate interest
  • ii. Where this is necessary to fulfill legal obligations that apply to us
  • iii. Where it is necessary for our legitimate interests relating to running our daily operations, as long as, in each case, these interests are in line with applicable law and your legal rights and freedoms
    1. Supporters data
  • i. If you support us, for example by signing up to an event, donating, signing up to Gift Aid, or signing up to a campaign, we usually collect your name, contact details and whether you would like to be contacted and your preferred method of communication. If appropriate, we may also ask to collect your date of birth, financial details, Gift Aid eligibility, reasons for support, information relating to health and disability and responses to our campaigns.
  • ii. We only collect this data so we can keep you up to date with information and products you have requested, or may be interested in, to keep you informed on how your support is making a difference and to fulfill our legal responsibilities for financial and Gift Aid reporting.
  • iii. Legal basis for processing: consent, legitimate interest
    1. Our Patient Services
  • i. We offer a wide range of support services to patients, including information and advice, grants, counselling and advocacy. We will collect your contact details and preferences, and any other data that is relevant to delivering the best possible service to you.
  • ii. With your permission, we may periodically send you information to keep you up to date with news and information on the charity, or which you might be interested in.
  • iii. Legal basis for processing: consent legitimate interest
    1. Sensitive Personal Data
  • i. Some of our patient support services may collect more sensitive personal data such as your health condition and social circumstances. This information is only collected in order for us to deliver the best possible service to you. This information is always stored securely and is not shared more widely within the charity. We will not pass on your details to anyone else without your express permission except in exceptional circumstances, such as anyone reporting serious self-harm or posing a threat to others, or children contacting us about serious issues such as physical abuse or exploitation.
  • ii. Where you have given us your express consent that you are happy for us to share your story, then we may publish it on our website, in our magazine or in social media or other media.
  • iii. Legal basis for processing: explicit consent
    1. Online Community and Social Media
  • i. We provide and manage an online community for kidney patients, their families and carers to get advice and information and to talk to people with similar experiences. This service is anonymous, and no personal data is stored.
  • ii. We may obtain your personal data through your use of social media such as Facebook, Twitter and other social channels, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
  • iii. Legal basis for processing: consent
    1. E-newsletter
  • i. We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. We collect statistics around email opening and clicks using industry standard technologies. For more information, please see Mailchimp’s privacy notice.
  • ii. Legal basis for processing: explicit consent
    1. Information Events/ Conferences and Webinars
  • i. We provide information events, conferences and online webinars for kidney patients, their families and carers and healthcare professionals. These events aim to provide advice and guidance on a broad number of kidney related topics and to share information from experts in their field. Attendance to these events is by registration only. During registration contact data is stored to enable communications regarding the event and the activities of the charity. It clearly explains at the point of sign up how personal information will be used.
  • ii. We use the Zoom platform for webinars, please refer to their privacy statement for how they handle your information.
  • iii. For post webinar surveys we use Survey Monkey, please refer to their privacy statement for how they handle your information.
  • iv. For events/ conferences and webinars where we partner with other charities, we have data sharing agreements in place and clearly explain how personal information will be used at sign up and signpost to their privacy policies.
  • v. Legal basis for processing: consent
      1. Volunteers
  • If you’re a volunteer then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
  • Legal basis for processing: explicit consent
    1. Website and Cookies
  • i. A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or identify you when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
  • ii. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
  • iii. You can accept, set your preferences or deny all the cookies that we use by clicking on the buttons displayed on our cookie banner.
  • iv. You can amend your settings or withdraw your consent for cookies at any time by clicking on the small black floating Cookies Settings button on the bottom right of our webpages.
  • v. Legal basis for processing: legitimate interest

3. Children and young adult data

4. How we use your personal data

  • i. to provide you with services, products or information you have requested or which may be of interest to you;
  • ii. to provide further information about our work, services, activities or products;
  • iii. to notify you of any changes to our services;
  • iv. to process donations or payments we have received from you;
  • v. to further our charitable aims, including for fundraising activities;
  • vi. to fulfill sales made online;
  • vii. to invite voluntary participation in our work or surveys;
  • viii. to register, administer and personalise online accounts;
  • ix. to register and administer your participation in events for which you have registered;
  • x. to analyse and improve our work, services, activities, products or information (including our website) or for our internal records;
  • xi. to use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you;
  • xii. for administration purposes (e.g. contact about an event you have registered for);
  • xiii. to process your application for a job or volunteer role with us; and
  • xiv. for fraud prevention, credit risk reduction or otherwise as required by law or regulation.
    1. We are committed to protecting individuals’ personal information and privacy and ensuring any personal data is dealt with in line with the GDPR. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
    2. We will only keep your information for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations, such as the collection of Gift Aid or regulatory rules around holding financial information.
    3. Research
  • i. We may from time to time carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us and their views on how we can improve our patient support services. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
  • ii. If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (e.g. ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring), and your personal details remain anonymized for any reporting purposes.
  • iii. We may give some of your personal data (e.g. contact information) to a research agency who will carry out research on our behalf. This will only be done if we are sure your information will remain secure under a non-disclosure agreement or via selected agencies governed by a robust research code of conduct.

5. Keeping your information safe

6. Updating your data and marketing preferences

  • i. Your right of access - You have the right to ask us for copies of your personal information.
  • ii. Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • iii. Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • iv. Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • v. Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • vi. Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
    1. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
    2. If at any time you want to update, amend or remove your personal data or marketing preferences, please contact us in one of the following ways:
  • i. By email – [email protected]
  • ii. Via the website at www.kidneycareuk.org
  • iii. Call 01420 541 424
  • iv. Click on the unsubscribe or update my preferences links at the bottom of every email that we send to you
  • v. Write to our Data Protection Officer
    Kidney Care UK
    3 The Windmills
    St Mary’s Close
    Turk Street
    Alton GU34 1EF

7. How to complain

8. Making this policy great and updates

    1. Well done for getting to the bottom of this policy. We have designed it to be as transparent, useful and engaging as possible and we would love to hear your feedback on how we can make it even better - please contact us at [email protected].
    2. Please don’t make this the last time you read it as we will review this policy at least once a year to make sure it is up to date and accurate. As a result, we may need to make changes to the policy, which will be posted on our website or for any significant changes we will of course notify you by email.