Our GDPR Policies

Chordoma UK is committed to meeting the latest General Data Protection Regulation (GDPR) requirements. Please find our policies below: (1) Privacy Policy and (2) Charity Data Protection Policy.

Please note that we respect your privacy and take protecting it seriously. Any information you provide is held in strict confidence. It has always been our policy not to share our supporters' names or personal information with any other organisation.

If you should have any concerns, questions or wish to opt-out from communications from Chordoma UK please do not hesitate to contact our Chairman, Gerald Fitz-Gibbon, via our contact form.


(1) Privacy Policy

Chordoma UK is committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection the Data Controller is Gerald Fitz-Gibbon.

This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used. This Policy covers Chordoma UK in relation to the collection and use of the information you give us. We may change this Policy from time to time. If we make any significant changes we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.

If you have any questions about this Policy or concerning your personal information please contact Gerald Fitz-Gibbon, via our contact form.

What type of personal information we collect

The type and amount of information we collect depends on why you are providing it. The information we collect when you make an enquiry includes your name, email address, postal address and phone number.

Similarly, if you are a supporter, for example volunteering, making a donation, or signing up for an event, we will ask for the information noted above and may need your full address e.g. for UK Gift Aid declarations.

When processing donations or payments and bank or credit card details are provided to us we keep any records and/ or processing securely at the Chordoma UK offices. If you are a grant or job applicant the information you are asked to provide is as set out in the application and necessary for the purposes of our considering the application.

How we collect information

We may collect information from you whenever you contact us or have any involvement with us for example when you:

Where we collect information from

We collect information:

  1. From you when you give it to us directly: You may provide your details when you ask us for information or make a donation, volunteer, attend our events or contact us for any other reason. Your information may be collected by an organisation we are working with but we are still responsible for your information.
  2. When you give it to us indirectly: Your information may be shared with us by other organisations such as fundraising sites like Just Giving or Virgin Money if you are fundraising for us. They should only do so in the way they have set out in their own Privacy Policy which you should check when you give your details.
  3. When you have given other organisations permission to share it: Your information may be provided to us by other organisations if you have given them your permission. This might for example be a charity working with us or might be when you buy a product or service from a third party organisation. The information we receive from other organisations depends on your settings or the option responses you have given them.

How we use your information

e will use your personal information in a number of ways which reflect the legal basis applying to processing of your data. These may include:

Our legal basis for processing your information

The use of your information for the purposes set out above is lawful because one or more of the following applies:

How we keep your information safe

We understand the importance of security of your personal information and take appropriate steps to safeguard it.

Confirmations of payments made via bank or credit card machine are locked away securely in the Chordoma UK office.

We always ensure only authorised persons have access to your information, which means only our staff, volunteers and contractors, and that everyone who has access is appropriately trained to manage your information.

No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

Who has access to your information?

We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.

Other than this, we will not share your information with other organisations without your consent.

Children’s Information

We appreciate that our supporters and volunteers are of all ages. Where appropriate we will ask for consent from a parent or guardian to collect information about children (under 16s).

How long we keep your information for.

We will hold your personal information for as long as it is necessary for the relevant activity. By way of example, we hold records of donations you make for at least seven years so we can fulfil our statutory obligations for tax purposes.

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for four years. We may periodically ask you to renew your consent.

If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Your rights

You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request contact via our contact form.

You also have the following rights which will be introduced in the UK under the GDPR on 25 May 2018:

All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact Gerald Fitz-Gibbon, Morrison & Foerster UK, Citypoint, One Ropemaker St, London, EC2Y 9AW if you are not happy with the way in which we have processed or dealt with your information.

Changes to this Privacy Policy

This Policy may be changed from time to time. If we make any significant changes we will advertise this on our website and contact you directly with the information.

Do please check this Policy each time you consider giving your personal information to us. This Policy was adopted on the 19th June.


Charity Data Protection Policy

1. INTRODUCTION

2. PERSONAL DATA

3. THE DATA PROTECTION PRINCIPLES

4. CONDITIONS FOR PROCESSING IN THE FIRST DATA PROTECTION PRINCIPLE

5. DISCLOSURE OF PERSONAL DATA

6. SECURITY OF PERSONAL DATA

7. SUBJECT ACCESS REQUESTS

8. OTHER RIGHTS OF INDIVIDUALS

Right to object to processing

Right to rectification

Right to erasure

Right to restrict processing

Right to portability

9. BREACH OF ANY REQUIREMENT OF THE GDPR

10. CONTACT

Policy Updated on 19th June 2018