Last updated December 11, 2023

Who are ‘we’?

Myaware is a registered charity in England & Wales (1046443), Scotland (SC044744), and registered under the ICO (Z719274X), our contact details are as follows: 

Myaware Head Office
The College Business Centre
Uttoxeter New Road
Derby, DE22 3WZ

Email: [email protected]

Telephone: 01332 290219

This privacy policy for myaware (‘we’, ‘us’, or ‘our’), describes how and why we might collect, store, use and/or share (‘process’) your personal information when you use our services.

Myaware is committed to protecting your personal information, being transparent about what we hold and ensuring that we use it in accordance with applicable laws concerning data protection.

Who are ‘you’?

In this privacy policy, whenever you see the word ‘you’, it refers to anyone external to myaware whom we have a relationship with, including but not limited to members, supporters, and fundraisers.

This policy does not cover myaware’s internal relationships, which include trustees, volunteers, interns, or employees, or applicants to any such position, which are covered separately under our HR policies. 

Questions or concerns?

Reading this privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our services. If you still have any questions or concerns, please contact us using the contact details above. 

WHAT INFORMATION DO WE COLLECT? 

Personal information provided by you

We collect personal information that you voluntarily provide to us. This could be by you filling in digital and/or paper forms, engaging with our services or events, participating in our social media accounts, donating to us, joining as a member, becoming a fundraiser or by corresponding with us in general. 

Examples of the personal information we collect:

  • We hold names and titles, postal addresses, telephone numbers, mobile numbers, email addresses, dates of birth, gender, occupation, and previous occupation if retired.     
  • We record basic information about your myasthenia such as the type of myasthenia you have (general myasthenia, LEMS, CMS, Ocular etc) and the date when you were diagnosed. 
  • If you are corresponding with us on behalf of a friend or relative who has myasthenia; we may record their name, their type of myasthenia and the date diagnosed when they were diagnosed.  
  • We record factual case notes on any interactions or conversations with us, including any correspondence we have sent you and ones you have sent us.  
  • What your preferred contact methods are (telephone, email, SMS and/or postal). 
  • As part of our legal obligation for business accounting and tax purposes, we keep financial records on any payments you make to us. This includes donations, purchases, and service fees. 
  • We record the purpose of any donations and any restrictions placed on them (for example, you may have specified your donation goes towards funding research).
  • The order and fulfilment details on any merchandise or services you have purchased from us.
  • Other financial information such as Gift Aid declarations or any refunds we have paid.  
  • Any myaware-hosted events or fundraisers you have attended online or in person.     
  • Any feedback or special requirements that you may choose to give us.
  • The details of any complaints or incidents you may have submitted to us for investigation. 

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so. 

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. 

Payment information

If you use your credit card or debit card to donate to us, pay for a registration or make a purchase over the phone, we will ensure this is done in accordance with the Payment Card Industry (PCI) Data Security Standard. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed. 

Donations or purchases processed via our website are handled securely by Stripe UK or GoCardless and we do not receive your card details. You may find the privacy policies for Stripe UK and GoCardless here: http://stripe.com/gb/privacy and https://gocardless.com/privacy/ 

Visitors to our website

Like many businesses, we use essential cookies to make our website work. With your consent, we may also use non-essential cookies to improve your online experience and analyse web traffic. 

You can choose to accept or decline the non-essential cookies when you visit our website for the first time. You can find more information about our Cookie policy here: www.myaware.org/cookies/policy 

HOW DO WE PROCESS YOUR INFORMATION?  

We process your personal information for a variety of reasons, depending on how you interact with our services and the context of your relationship with us. 

Examples of how we process your personal information:

  • Provide you with the services, products, or information you asked for. For example, membership benefits, information packs or fundraising materials.
  • Manage your membership status, such as verifying your eligibility, updating your contact details, and maintaining accurate membership records. 
  • Administer your donation or support your fundraising activities and events, including submitting your details to HMRC to claim Gift Aid if applicable. 
  • Keep you up to date with the impact of your support and our work and to ask for financial support. This would be via marketing and promotional communications such as our quarterly newsletter, appeal, and fundraising mailings.
  • Keep an accurate record of your relationship with us including contact preferences. 
  • Administer your participation in our social media groups or one of our online Zoom events. 
  • Support us in raising awareness, for example if you have shared your story or given us consent to use your photo on marketing and promotional materials.
  • Identify and inform you of any support services that may be particularly relevant to you or your relative. For example, the Kids group or the Young Generation group.  
  • Process orders from our online shop.  
  • Send administrative information to you such as details about our services, changes to our terms and policies, and other similar information.
  • Help us to identify how we can improve our products and services. 
  • Carry out any obligations arising from complaints or incidents. 

Statistical review purposes

We analyse certain information for statistical review purposes, specifically examining patterns of myasthenia based on age, geography, occupation, and gender. This information is aggregated and made anonymous to protect your privacy. It may be shared with medical universities for research purposes or utilised to raise awareness of myasthenia among the general public. 

As the sole charity in the UK dedicated to myasthenia, we strive to contribute valuable insights and support ongoing research efforts. 

WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

We only process your personal information when we believe it is necessary and we have a valid legal basis to do so. The UK General Data Protection Regulation (UK GDPR) requires us to set out the lawful grounds on which we collect and process your personal information as described in this policy. Depending on the purposes for which we use your information, one or more of the grounds listed below may be relevant. 

Consent

We will primarily rely on obtaining your consent as the legal basis for processing your personal information. If you choose to become a member of myaware, you provide your explicit consent for us to process your personal information for the purposes outlined in this privacy policy. 

Additionally, we offer the option of opting into marketing emails such as our newsletter, appeals and fundraising events. These can be opted in by choosing your contact preferences (telephone, email, SMS and/or postal). If you do not give us any contact preferences, we will not send you any marketing mailings. 

If you want to withdraw your consent for us to use your personal information, or to amend any of your contact preferences, please contact us at [email protected] or write to: myaware, The College Business Centre, Uttoxeter New Road, Derby, DE22 3WZ. 

Legitimate Interest

In certain instances, we may process your personal information by relying on the legitimate interest legal basis. Legitimate interest allows myaware to operate effectively and efficiently, whilst also respecting your privacy and personal rights. 

Examples of how legitimate interest might apply:

  • Responding to any questions or concerns. 
  • Contacting you for fundraising purposes. For example, if you are raising donations for us via a fundraising event, we may contact you to offer you the relevant support and advice such as sending you myasthenia sponsor forms, literature, and leaflets, or myaware t-shirts and collection boxes.   
  • Administering your donations and sending you a ‘thank you’ letter.
  • Statistical review purposes (these will always be aggregated and anonymised).  

This list is not exhaustive and there may be other circumstances where legitimate interest applies. 

We want to ensure that we achieve a balance between our own interests and your fundamental rights and freedoms. Rest assured that when we use legitimate interest, we do so in a way that is proportionate to and respects your privacy and is in accordance with the purposes described in this privacy policy. 

Legal Obligation

We may process your personal information if it is necessary for us to comply with the law. For example, we are legally required to hold donor transaction details for Gift Aid and accounting/tax purposes.  

Performance of a contract

We may process your personal information for the purpose of meeting our contractual obligations. For example, if you purchase something from our online shop. 

WHO DO WE SHARE YOUR INFORMATION WITH? 

Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share your information with third-party suppliers. In this context, a third-party supplier refers to those who perform services on our behalf and require access to such information to do that work. 

All our third-party suppliers will only process your information in accordance with instructions from us and comply fully with this privacy policy, the data protection laws and any other appropriate confidentiality and security measures. 

Examples of our third-party suppliers:

  • Printing companies to produce letters, appeals and newsletters. 
  • Mailing houses to efficiently send out physical mailings. 
  • Software providers such as accounts processing and CRM databases. 
  • IT service providers including general IT support, website hosting and cloud storage solutions.
  • Auditors to comply with our regulatory and compliance obligations. 

There may also be other circumstances where we are required to share information. For example:

  • To assist the police and other relevant authorities in the prevention or detection of crime and fraud. 
  • When instructed to do so by Court Order or other similar legal obligations. 
  • To protect the vital interests of an individual (life or death situations). 

Social Media

We are present on social media platforms such as Facebook, Instagram, X (formerly Twitter), and YouTube. On these platforms, users can engage in discussions, share information, and interact with one another. We want to make it clear that while we strive to create a safe and respectful environment within these groups, we are not responsible for the actions, content, or privacy practices of other users. It is important that you exercise caution and use your discretion when sharing personal information or engaging in discussions within these social media groups. We recommend reviewing the platform’s own privacy policies and terms of use to understand how your information may be processed. 

Third-party Websites

Occasionally, we may advertise or provide links to third-party websites for fundraising, support, or other purposes. While we strive to only partner with reputable third-party websites, we cannot control or guarantee their actions or practices. We recommend that you review the privacy policies and terms of use of any third-party website before providing them with your personal information. 

The above also applies to any donation processing platforms such as JustGiving or GoFundMe. Such websites operate independently from our charity and will have their own privacy policies and procedures

HOW LONG DO WE KEEP YOUR INFORMATION? 

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy unless a longer retention period is required by law (such as gift aid declarations for tax purposes, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information. 

Lifetime Membership

If you have chosen to obtain a lifetime membership with us, we will retain your personal information for the duration of your membership or until you request its deletion. This allows us to maintain accurate records and provide you with ongoing benefits and services associated with your membership. 

HOW DO WE KEEP YOUR INFORMATION SAFE?

We take the security of your personal information seriously. We have implemented a range of measures to ensure the confidentiality, integrity, and security of your information.

Examples of how we keep your information safe:

  • We utilise secure databases and servers to store your information. These are protected by advanced firewalls and encryption protocols. 
  • We have implemented strict access controls to ensure that only authorised employees within our organisation can access your information. 
  • We regularly provide data protection and cyber awareness training to our employees. 
  • We perform regular back-ups of our data to ensure that in the event of any unforeseen issues or disasters, your information remains protected and can be easily recovered. 
  • We utilise Anti-Virus and Anti-Spam software
  • We regularly review our archives to ensure we only retain and store the personal information that is necessary for the purposes of this privacy policy. Any information that is no longer required or relevant is permanently destroyed safely and securely.  

DO WE COLLECT INFORMATION FROM UNDER 18s? 

In general, we will not knowingly collect information from or market to individuals under the age of 18. Membership is only open to adults. If you are under 18 and wish to use our support services, we would encourage you to have your parent or legal guardian contact us on your behalf. 

There are exceptions to the above, for example if an individual under the age of 18 is fundraising on our behalf. We will process the minimum amount of information required for administrative purposes, such as logging donations against their record and sending them simple thank you letters / receipts. We may also send them information leaflets and literature on myasthenia if requested. 

The safety and privacy of individuals under the age of 18 is of paramount importance to us. We recognise that under 18s are often more vulnerable and require special safeguards to ensure their safety and well-being. By limiting the level of information we collect from under 18s, we hope to prioritise their protection and adhere to ethical and legal guidelines.

WHAT ARE YOUR PRIVACY RIGHTS?

Under UK data protection law, you have rights over personal information that we hold about you:

Right to be informed

You have the right to know how and why we collect and use your personal information. This privacy policy and other policies and statements used on this website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used. 

Right to access your personal information

You have the right to access the personal information we hold about you, either physically or digitally. This is called a Subject Access Request (SAR). If you wish to exercise this right, please apply in writing: 

Myaware Head Office
The College Business Centre
Uttoxeter New Road
Derby, DE22 3WZ 

Email: [email protected]

Telephone: 01332 290219 – if you wish to apply by telephone, please ask for the Compliance Manager who will complete a SAR form on your behalf. 

Please include details of the information you wish to access. We will respond within 30 days, providing that the request includes appropriate contact details, proof of identity and we can validate the request. 

Right to have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete personal information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies. 

Right to erasure of your personal information

You have the right to ask us to delete some or all the personal information we hold about you. This can be for any reason such as withdrawal of consent, or if you feel we are unlawfully processing your data. Your request will be complied with providing there are no financial or legal obligations that prevent us from doing so (for example, we have a legal obligation to keep certain financial records for a minimum of 6 years). In some cases, if full deletion isn’t possible, we may be able to anonymise your information. 

Right to restrict use of your personal information

You have the right to request that we refrain from processing some or all of the personal information we hold about you in the following situations: where you contest the accuracy of the information we hold; you feel the information has been unlawfully processed; you need us to retain your information in order for you to establish, exercise or defend a legal claim; or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so. 

Right to data portability of your personal information

You have the right to receive any personal information that you have provided to us to transfer it onto another organisation. As a charity, we do not engage in data portability practices, so this is not likely to be relevant or applicable to the categories of information we hold. 

Right to object to the use of your personal information

You have the right to object to the processing of your personal information if it is for direct marketing such as appeal mailings. If we are processing your information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible. 

Rights related to automated decision-making including profiling

You have the right to be informed about any automated decision-making or profiling. As a charity, we do not conduct any automated processing, profiling, or decision making using your personal information. 

Please note that exceptions apply to a number of these rights, and not all rights will be absolute in all circumstances. For more details we recommend you consult the guidance published by the Information Commissioner’s Office in their ‘Your Data Matters’ blog: https://ico.org.uk/for-the-public/ 

If you wish to exercise any of your rights, please contact us: 

Myaware Head Office
The College Business Centre
Uttoxeter New Road
Derby, DE22 3WZ 

Email: [email protected]

Telephone: 01332 290219 

We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within 30 days of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay. 

Change the way we contact you

Your personal preferences and keeping your information accurate are of utmost importance to us. If at any stage you do not want to hear from us, want to change your contact preferences or want to update your details, you can email us at [email protected] or call us on 01332 290219 or write to myaware, The College Business Centre, Uttoxeter New Road, Derby, DE22 3WZ. 

Any marketing email we send you will contain information about how to unsubscribe from email marketing communications. During any phone, email, or social media conversation you have with us, please feel free to let us know how you prefer to be contacted.  

Make a complaint

If you are unhappy with the way we have processed your personal information and wish to make a complaint to us, please refer to our complaints procedure here: www.myaware.org/complaints

If you remain dissatisfied with the response received, you have the right to lodge a complaint to the ICO. You can do this via their website: www.ico.org.uk or you can write to / call them: 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF

Telephone: 0303 123 1113

Changes to this privacy policy

This policy may change from time to time. If we make any significant changes in the way we treat your personal information, we will contact you directly with more information.