Rare Dementia Support (RDS) is committed to protecting your privacy. This policy explains how and why we collect and use your personal data and how we contact you.
Your personal data (any information that identifies you or relates to you personally) will be collected and held by Rare Dementia Support, on University College London (UCL) servers, and will be used to record your membership of RDS, keep you updated about our meetings, send you our newsletters and keep you up-to-date with research opportunities. RDS will never sell or swap your personal data.
The General Data Protection Regulation (GDPR) requires RDS to specify the basis on which we hold data. RDS holds and processes data under the Category of ‘Legitimate Interest’ (Article 6(1)(f)) ((EU) 2016/679 (General Data Protection Regulation)).
The information we collect and how we collect it
We collect and process different types of data about you in relation to RDS:
Standard Web server traffic pattern information. General traffic, site usage, and length of stay information is collected and stored in log files. This type of information is rarely shared outside of RDS, and then only in summary such that your personal information will remain anonymous and unidentifiable.
Personal information you provide to us: We receive personal information from you when you ask about our activities, request services from us (such as membership, publications and email newsletters), use our services, or otherwise give us personal information. The type of personal information we collect will include information such as:
- First name
- All or a number of the following contact details:
- Address including postcode
- Email address
- Telephone number
- Which support group(s) you are interested in
The above information will be collected for all RDS members. For those who choose to receive additional guidance, education and empowerment (e.g. via telephone or email), we will also record additional information regarding issues to do with diagnosis, legal & financial support, relationships & emotions, living with a condition, support options, and research interests. We will also record the actions we have agreed with you, and the outcome of those actions. In all instances, we intend to record only personal information relevant to providing relevant support, and to increase the continuity of the support we provide should you receive support from more than one member of the RDS team. At the time of discussing your support needs, we will ask you to consent verbally to allowing us to record this information, and will send you an email after the initial support conversation to confirm why and how we collect this information.
Personal Sensitive Data: We may record and store sensitive personal data (such as information relating to a specific health condition) where you have volunteered this information to us (e.g. if you write a blog for us). These data are stored and processed for the purposes of understanding what motivates our members, and also for communicating your experiences in our public engagement activities. If this does occur, we will ask for your informed consent to share this information. Occasionally, it may be useful for us to find out why you are supporting us. In providing this information, you may disclose personal sensitive data. This information helps us understand the benefits of our work. You do not have to provide this information and we only want you to answer if you are happy doing so.
Personal information provided to us by third parties: Sometimes, we receive personal information about you when you engage with other organisations. When this happens we will treat the information in the same way as if you had shared it directly with us.
How we use the information we collect
We will use your personal information primarily to:
- Record your RDS membership and manage your preferences for hearing from us
- Inform you about upcoming support group meetings and research opportunities
- Send you newsletters and other ad hoc correspondence (e.g. a letter from Professor Fox/Crutch thanking you for your support)
- Let you know about changes to our services or policies
- Investigate and respond to feedback and/or other issues
- To evaluate and develop our services (e.g. assessing trends by analysing call volume and frequency). All information used in this way will be anonymised.
- To ensure that agreed actions have been completed
- To track progress with ongoing issues requiring support over a period of time
- To ensure RDS team members dealing with your enquiries are familiar with the support you require (e.g. if the RDS team member who has been supporting you is unavailable)
If you contact RDS on behalf of another person (i.e. to register their interest in membership) you must ensure that you have the right to share their personal information with us.
If at any time you would like us to remove or update your details, please contact email@example.com.
Building profiles to improve the service we provide
By registering with RDS, you have agreed to provide the information outlined above. We may analyse this information in order to tailor the services we provide and the information we share (e.g. we may inform you of a newly-formed regional support group in your area that we think may be of interest to you).
In some instances, the personal information we hold about you may highlight other RDS members either within your local area, and/or whose interest in a particular support group may align with yours. We may contact you to ask if you would like to be put in touch with these other RDS members.
How we protect the information we collect
RDS’ operations are based in the UK and we store RDS data on UCL servers.
We use a range of physical and technical measures to keep your data safe and to prevent unauthorised access to, use or disclosure of your personal information. We control who has access to information (using both physical and electronic means). Your information is only accessible by appropriately trained staff. RDS staff receive information governance training which outlines the protocols that personnel are required to follow when processing personal data.
We may, in some limited circumstances, have an obligation to disclose your details to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. Membership data will only be kept whilst you wish to remain a member. The storage of other information (e.g. a blog post) will be continually reviewed and deleted when no longer required.
Your rights to your data
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
You have the right to:
- request a copy of the information we hold about you;
- update or amend the information we hold about you if it is wrong;
- change your communication preferences at any time;
- ask us to remove your personal information from our records; or
- Raise a concern or complaint about the way in which your information is being used.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
RDS website and external links
We use Eventbrite for event promotion and bookings. Please note that Eventbrite is a third-party service that is not owned or managed by UCL.
Eventbrite operates in the USA and subscribes to the EU-US Privacy Shield, which commits subscribers to adhering to European standards of data protection. For further information, please refer to Eventbrite’s legal terms.
Feedback and complaints
If you would like to give us any feedback or if you have a complaint, please email RDS directly on firstname.lastname@example.org. If you are not satisfied with our response, or you believe that your data protection or privacy rights have been infringed, you have a right to complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk