This Privacy Notice (“Notice”) is issued by Brittle Bone Society, a charity registered under number 272100 in England and Wales and in Scotland under number SC010951 (“BBS” or “we”). BBS is the national charity that supports individuals and families affected by Osteogenesis Imperfecta (“OI”).
BBS is committed to using your personal data in accordance with our responsibilities under the General Data Protection Regulation (“GDPR”).
This Notice lets you know how we collect, use and protect your personal data. Personal data has the meaning given to it in the GDPR and includes any information that relates to an identified or identifiable natural person.
We use the personal data that you provide us through this website and through your other interactions with us to gain a better understanding of how you use our services. This assists us in making more efficient use of our resources to support individuals and families affected by OI.
We may post additional GDPR information (“Additional GDPR Information”) in connection with specific users of this site from time to time. If you are one of those specific users, please read this Notice in conjunction with the Additional GDPR Information. In the event of any conflict, the terms of the Additional GDPR Information prevail over the terms of this Notice.
Information we may collect and process about you
You may give us personal information when:
- requesting information from us
- making a donation
- joining as a member
- signing up for an event or training
- filling in a form on our website
- corresponding with us by phone, e-mail, post or online
- interacting with us on our social media platforms
- fundraising on our behalf
- telling us your story
- giving us feedback
- making a complaint
- applying for a job
- registering as a volunteer
You may give us information indirectly when:
- you register for an event run by other organisations who commit to share funds with us, such as a sponsored sporting event;
- use a fundraising platform to make a donation to us;
- book your attendance at an event via a third party;
- you request third parties to provide us information in connection with an application to us. For example, we may ask you to obtain information from healthcare providers who know you to assist in the evaluation of your application.
In these instances, you will either have provided us with your consent to obtain this information or provided your consent to the third party to share your personal information with us.
The information we hold either because you gave it to us or you asked for it to be given to us may include your name, address, e-mail address, phone number, date of birth and financial and credit card information.
We may also hold further information concerning accessibility and dietary requirements, particularly when you register for events. You may also provide us with information regarding your experiences of living with OI. We appreciate that some of this information constitutes sensitive information and in most cases we will need your explicit consent to process this sensitive data. If we are relying on a different lawful basis, we will inform you of this.
What we do not do
BBS does not sell, trade or rent your personal data to others, for marketing purposes or otherwise. We do not conduct telemarketing, but you may receive calls from us for administrative purposes, for example to check the accuracy of our records and update your details, or in connection with your donation or membership.
- Technical information, including the IP address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and the type of device you are using;
- Information about your visit, including the route into and through our site, length of visit and pages you viewed.
If you’re 16 or under
If you are aged 16 or under, you must get a parent’s/guardian’s permission before you provide any personal data to us.
Fundraising and direct marketing
At the point of giving us your details you will have the opportunity to opt in and consent to receiving further information and updates from us, including newsletters and promotional material for upcoming events and fundraising initiatives.
If you select to receive fundraising and marketing communications we will use your data to keep you informed about our work and how your support is making a difference, as well as giving you the opportunity to make donations towards our work or get involved through activities. If you later decide that you would prefer not to receive such communications, wish to update your contact information, We ensure that all of our forms and fundraising materials include a section about your communication preferences and how to opt out.
How we protect your information
We use technical and corporate organisational safeguards to ensure that your personal data is secure. We limit access to information on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this Privacy Notice.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and do not store the details on our website.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We understand that additional care may be needed when we collect and process the personal data of vulnerable supporters and volunteers. Please contact us as soon as possible should you have any concerns about our use of personal data of vulnerable supporters and volunteers and/or any issues with how vulnerable supporters and volunteers may be using this website or receiving information from us.
The following information is provided to you pursuant to the information requirements of the GDPR:
Data Controller: BBS, whose details are set forth above. Please also see “Contact us” details below.
Personal Data Collected: Please see “Information we may collect and process about you” above.
Purpose and Legal Basis for Processing: To support our legitimate interests of providing you with general information regarding our charitable activities relating to OI.
Recipients: We may transfer this personal data to banks and payment providers, to our IT, facilities and event providers, to legal and professional advisors, to taxation and other governmental authorities (particularly in connection with Giftaid records), and to third parties should we be engaged in legal proceedings. Subject to having obtained the necessary consents, we may also share your information with healthcare providers, researchers into OI and related diseases and with other institutions from whom we are seeking funds in support of our activities.
Data Subject Rights: You may have certain rights under the GDPR, including the right to revoke any data processing consent you have given, to obtain information on the processing of your personal data, to object to the processing of your personal data, to make use of your right to data portability and to have your personal data rectified or deleted or its processing restricted. If you revoke any consent you give, we may continue to process your data if we have an alternative basis of doing so, and we will inform should this become relevant to you. You are also entitled to lodge a complaint with a supervisory authority, which is generally the supervisory authority where you work and/or are resident. If you wish to exercise any of these rights, please see the “Contact us” details below.