Privacy Policy

This privacy policy notice is for this website; www.alextlc.org and served by Alex The Leukodystrophy Charity (Alex TLC), 45 Peckham High Street, London SE15 5EB and governs the privacy of those who use it. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy, you may wish to cease viewing / using this website.

POLICY KEY DEFINITIONS:

  • “I”, “our”, “us”, or “we” refer to the business, Alex TLC.
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Regulation.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Data means all information that you submit to Alex TLC via the website or other means. This definition incorporates, where applicable, the definitions provided in the GDPR.
  • Cookies mean small files stored on a user’s computer or device.


PROCESSING OF YOUR PERSONAL DATA

Alex TLC collects information from the public in a variety of ways – communications through our website and social media pages, monetary donations, donations of goods to our charity shops, are examples of information collection methods. Information is processed using a secure database, accessible only to Alex TLC employees. On occasion Alex TLC volunteers have permission to access relevant areas of this database to execute work tasks under the terms of the Alex TLC non-disclosure agreement.

We may collect the following Data, which includes personal Data, from you:

  • Name
  • Date of Birth;
  • Gender;
  • Job Title;
  • Profession;
  • Contact Information such as email addresses and telephone numbers;
  • Demographic information such as post code, preferences and interests;
  • Financial information such as credit / debit card numbers;
  • IP address (automatically collected);
  • Web browser type and version (automatically collected);
  • Operating system (automatically collected);
  • A list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected);
  • Diagnosis


in each case, in accordance with this privacy policy.
Although not required by law, we are registered with the ICO under the Data Protection Register, our registration number is: ZA368935.
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.

LAWFUL BASIS: CONSENT

When we use this basis: Alex TLC uses this basis for expressions of interest about our work and services. We will always ask for your consent before we communicate with you further. You can withdraw your consent at any time by phoning 020 7701 4388 or emailing info@alextlc.org. There are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground e.g. Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.
Data retention period: We will continue to process your information until you withdraw consent, or it is determined your consent no longer exists.
Sharing your information: We do not share your information with third parties.

LAWFUL BASIS: CONTRACT

When we use this basis: Alex TLC uses this basis for providers who supply goods or services, employees and voluntary workers. This also includes steps taken at the individual’s request before entering into a contract.
Data retention period: We shall continue to process your information until the contract between us ends or is terminated under any contract terms.
Sharing your information: We do share your personal information with third parties where there is a legal precedent for example HMRC.

LAWFUL BASIS: LEGAL OBLIGATION

When we use this basis: In some instances, we have a legal obligation to use or disclose information about you, e.g. we are required by law to keep records of gifts that are given to us with Gift Aid for 4 years.
Data retention period: This is dictated by the legal obligation and we will endeavour, but cannot guarantee, not to retain records past this period.
Sharing your information: We do share your personal information with third parties where there is a legal precedent for example HMRC.

LAWFUL BASIS: VITAL INTEREST

When we use this basis: In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.
Data retention period: We will continue to process your information until you withdraw consent, or it is determined your consent no longer exists.
Sharing your information: We do not share your information with third parties except in extreme situations as detailed above.

LAWFUL BASIS: LEGITIMATE INTEREST

When we use this basis: We believe that Alex TLC supporters are connected to our mission and want to know how they can continue to help us to achieve our charitable aims. Unless you tell us not to, we think you are content for us to process (keep and use) your personal information for the following lengths of time. As of May 2018, we promise not to keep your personal information for longer than we specify below.
BENEFICIARY – individuals who have contacted us because they are directly affected by leukodystrophy. We believe our information provides improved outcomes and essential medical updates for beneficiaries.
Data retention period: We believe beneficiaries have a lifelong interest in our information and we need to keep their information.
Sharing your information: We do not share your personal information with third parties except for information gathered by survey for research purposes. The information processed may include name, contact details, family details, lifestyle and social circumstances, financial details, good and services. The sensitive types of information may include physical or mental health details, racial or ethnic origin and religious or other beliefs. This information is about survey respondents. Where necessary or required this information may be shared with customers and clients, agents, service providers, survey and research organisations.
FINANCIAL SUPPORTER – We believe the majority of our financial supporters have a specific interest in or are affected in some way by leukodystrophy due to its rarity and associated public awareness levels.
Data retention period: We believe that those that support us financially have a lifelong interest in our work and we need to keep their information.
Sharing your information: We do not share your personal information with third parties. MEDICAL PROFESSIONAL/RESEARCHER – specialists and researchers with a proclaimed and published interest in leukodystrophy and/or treating leukodystrophy patients. This includes employees of research facilities, medical facilities (hospitals) and pharmaceutical companies. We believe we cannot achieve our charitable objectives without communicating meaningfully with said medical professionals/employees.
Data retention period: We believe medical professionals/researchers have a career long interest in our information and we need to keep their information.
Sharing your information: We do not share your personal information with third parties.
PATRON/AMBASSADOR – a celebrity or renowned figure who officially and publicly supports Alex TLC.
We believe that individuals who are or have been a patron or ambassador for Alex TLC cannot advocate comprehensively for Alex TLC unless they receive communications about our work.
Data retention period: We believe patrons and ambassadors have a lifelong interest in our information and we need to keep their information.
Sharing your information: We do not share your personal information with third parties.
PEER ORGANISATION – an organisation and its employees or volunteers who’s function it is to support or advocate in areas relevant to the work of Alex TLC. For example, other leukodystrophy or rare disease support organisations, organisations to support carers and those with disabilities and other relevant issues.
Data retention period: We believe peer organisations have a lifelong interest in sharing mutually beneficial information and we need to keep their information.
Sharing your information: We do not share your personal information with third parties. It is always your choice. If you don’t think this is quite right for you, you can tell us to change your communication preferences and our use of your information. You can do this at any time by phoning 020 7701 4388 or emailing info@aldlife.org.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

CHILDREN’S DATA

We collect and manage information from children and aim to manage it in a way which is appropriate
to the age of the child. Information is usually collected when children are part of a family affected by
leukodystrophy, attend our events or fundraise for us, and it can include sensitive personal data. Where
possible and appropriate we will seek consent from a parent or guardian before collecting information
about children.

YOUR INDIVIDUAL RIGHTS

Under the GDPR your rights are as follows. You can read more about your rights in details here;

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.


You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.

THIRD PARTY WEBSITES AND SERVICES

Alex TLC may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services have access to certain personal data provided by users of this website.
Any data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited. Furthermore, any data that is processed by third parties will be processed within the terms of this privacy policy and in accordance with GDPR.

INTERNET COOKIES

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third-party website. Some cookies are required to enjoy and use the full functionality of this website. We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Cookies that we use are:

  • WordPress
  • Google Analytics


DATA SECURITY AND PROTECTION

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

TRANSPARENT PRIVACY EXPLANATIONS

We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.

LINKS TO OTHER WEBSITES

This website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

SPONSORED LINKS, AFFILIATE TRACKING & COMMISSIONS

Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google Adsense, eBay Partner Network, Amazon Affiliates, or are self-served through our own means. We only use trusted advertising partners who each have high standards of user privacy and security. However, we do not control the actual adverts seen / displayed by our advertising partners.

Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. In most cases we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not.
We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the best overall experience and valued information. If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.

EMAIL MARKETING MESSAGES & SUBSCRIPTION

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third-party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users. Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as: times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign. Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide
you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all communications here, otherwise contact the EMS provider.

Our EMS provider is E-Tapestry by Blackbaud. We hold the following information about you within our EMS system;

  • Email address
  • I.P address
  • Subscription time & date


RESOURCES & FURTHER INFORMATION

  • Overview of the GDPR – General Data Protection Regulation
  • Data Protection Act 1998
  • Privacy and Electronic Communications Regulations 2003
  • The Guide to the PECR 2003
  • Twitter Privacy Policy
  • Facebook Privacy Policy
  • Google Privacy Policy
  • Linkedin Privacy Policy
  • E-Tapestry/Blackbaud Privacy Policy