1.0 Introduction and Purpose

At the National Osteoporosis Society we are committed to protecting and respecting your privacy and keeping your data safe. This privacy policy (together with our terms of use and any other documents referred to in it) sets out how the National Osteoporosis Society collects and uses your data and your rights to have your personal data protected.

Gaining a better understanding of our supporters and beneficiaries through their data allows us to make more informed decisions about the support and services we provide and the fundraising we conduct. It helps us to make more efficient use of our resources and ultimately, to bring us closer to ending osteoporosis for good. Please also see our Supporter Charter which outlines our commitment to ethical fundraising practice. We are also registered with the Fundraising Regulator, commit to the Fundraising Promise and comply with requirements of the Fundraising Preference Service.

The data controller is the National Osteoporosis Society, a charity registered under number 1102712 in England and Wales and in Scotland under number SC039755; a company limited by guarantee registered under number 04995013 in England and Wales with registered offices at Camerton, Bath, BA2 0PJ.

What we do not do

The National Osteoporosis Society does not sell, trade or rent your personal information to others, for marketing purposes or otherwise. Please see our Supporter Charter for more information.

We do not conduct telemarketing, but you may receive calls from us for administrative purposes, for example to check the accuracy of our records and update your details, or in connection with your donation or membership.

Information we may collect and process about you

1.1   Information you give us directly

You may give us information when:

  • requesting information from us
  • making a donation
  • joining as a member
  • signing up for an event or training
  • filling in a form on our website
  • completing an application or expression of interest for a research grant or job vacancy
  • corresponding with us by phone, e-mail, post or online
  • registering as a member on the website or interacting with us on our social media platforms
  • you call our Helpline and receive support and advice.

The information you give us may include your name, address, e-mail address, phone number, date of birth and financial and credit card information. In addition, where you register for our events you may also give us further information, which may include any accessibility or dietary requirements but this will only be used for the event you are attending and not held on file. If you volunteer to be a case study or call the helpline, you may also provide us with information about your experiences of living with osteoporosis.

2.2 Information you give us indirectly

You may give us information indirectly when:

  • you register for an event such as a challenge event like the Virgin London Marathon, or a sporting challenge like Ride London,
  • use a fundraising platform such as JustGiving,
  • book your attendance at an event via a third party

Your information may be shared with us if you have provided your consent or have submitted information to a third party supplier in order that we can provide the service that you have requested.

The NOS does not purchase any data from third party suppliers but data from other organisations may be passed to us if you have given them consent to have your information shared with us or where they are acting on our behalf to provide a service for you.

We work closely with our third party suppliers to ensure that they operate in accordance with Data Protection legislation and in accordance with this Privacy Policy. When submitting your information to a third party it is important to check their Privacy Policy for details of how they use your data before you submit it.

2.3 Information we collect about you online when you use our website

Our website uses cookies to distinguish you from other users of our website. We use Google Analytics in order to provide an analysis of data related to the use and users of our website.

When you visit our website, the following information may be collected automatically:

  • Technical information, including the IP address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and the type of device you are using;
  • Information about your visit, including the route into and through our site, length of visit and pages you viewed;
  • We may receive information about you if you use any of the other websites we operate or if you donate online through our online payment provider;

In addition when you register on the website and have your own login to access secure areas we will collect the above information in a way that associates the information with your user profile.

There is a notification for all website users that states that cookies will be collected if you use the website. Please see the Cookies Policy within the Information Security Policy for further details of the information collected.

2.4 Information we collect from other sources

We may use information from other sources where you have consented to share it or it is available publicly. This may include information from your social media accounts, from media articles or information in the public domain such as Companies House. We work with third party suppliers including payment providers, delivery services, and credit referencing agencies and may receive information about you from them in order to fulfil a contractual obligation or service.

The information we use from third party sources may depend on the consent you have given them or the privacy settings you use, so please check these regularly and consult their privacy policy for more details. 

3.0 How we use the Information

We will process your data when it meets the following conditions:

  • You have consented to us processing your personal data,


  • The processing is necessary, in relation to a contract which you have entered into; or because you have asked for something to be done so you can enter into a contract.

We will keep a record of the consent you give us to process your information and we rely on this consent to process your data for up to and including 24 months. Please see the below section concerning your rights in relation to your data, including your right to have the processing of your data restricted and your data deleted in some cases.

3.1 Information you give to us directly or indirectly

We will use this information:

  • To provide you with the information, products and services that you request from us; including information packs and other literature, information about events or training you have signed up to, events you might be interested in, and information about support group meetings and Health Professional events where you have indicated you wish to receive information from us.
  • To administer your donation or your membership fee, including claiming Gift Aid where appropriate; and where you consent to further contact.
  • To provide you with information about changes to our services and to inform you about other similar services we offer as part of your membership;
  • To record our correspondence with you;
  • To evaluate and understand how we can improve our services, including our website;
  • To keep you informed about our work and about how your support is making a difference if you have chosen to keep in touch, e.g. you may receive newsletters and stewardship communications and invitations to relevant events.
  • To let you know how you can support our work through donating, fundraising volunteering or campaigning where you have consented to receive this information.
  • To process an application for a research grant, including sharing your application with the Research Grants Committee.
  • We may also use your data to help detect fraud.


3.2 Information we collect about you online when you use our website

The cookies collected by Google Analytics on our behalf help us to provide you with a good experience when you browse our website and also this allows us to improve our site and make information provided more relevant to you.

Please see our Cookies Policy within our Information Security Policy for further information related to specific data collected when you use our website.

We will use this information:

  • To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • To improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them;
  • in order to gain a better understanding of our supporters and beneficiaries to enable us to improve our services or the effectiveness of our fundraising;
  • When you have a login to the Members Area your IP address is combined with your registered profile to help us shape the content most suitable for you.


3.3 Information we receive from other sources

We may combine this information with data you have provided to us directly or indirectly in order to gain a better understanding of our supporters and beneficiaries to enable us to improve our services or the effectiveness of our fundraising. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

For instance, if you register to take part in a fundraising event to raise money for us, we will use the registration details provided by the event organiser to send you information about the event and about your fundraising activities. If you choose to raise money for us through an online fundraising portal such as JustGiving, and give consent for them to share your information with us we will receive your data in line with their privacy policy and use it to keep in touch with you about your fundraising.

3.4 Information we share with others

We may pass your data to third parties, such as mailing and distribution houses, postal service providers and payment processing companies for the fulfilment of services on our behalf. This includes your name and address and your payment details. If you have registered for an event or to participate in training, we may also need to share your details with the event organiser and this may include information related to your dietary and accessibility requirements in addition to your name and contact information. See Appendix 1 for what information we pass on, to whom and why.

We ensure that the third party suppliers we work with comply with the relevant Data Protection legislation at the point of their selection. In addition to this we commit to regularly reviewing those third party suppliers to ensure they are meeting requirements and handling your data securely.

We ensure that data is transmitted securely to third party suppliers and is only given to those who require it in order to deliver a service to you. We take responsibility for sharing only accurate information and ask that you contact us to let us know of any changes to the information you have given us in order that our records can be updated. We work with all third party suppliers to ensure they meet the requirements of our Data Retention Policy.

4.0 Fundraising and direct marketing

At the point of giving us your details you will have the opportunity to opt in and consent to receiving further information and updates from the charity including monthly newsletters and promotional material for upcoming events and fundraising initiatives.

If you select to receive fundraising and marketing communications we will use your data to keep you informed about our work and how your support is making a difference, as well as giving you the opportunity to make donations towards our work or get involved through activities such as campaigning or volunteering.

We will rely on this consent to process your data for direct marketing for up to 24 months following consent, and after that time we will presume you wish not to be contacted unless you renew your consent to keep in touch. We will not contact you with direct marketing unless you have chosen to receive this information.

If you later decide that you would prefer not to receive such communications, wish to update your contact information, or would like to change the channels by which you receive information, you can let us know at any time. We ensure that all of our forms and fundraising materials include a section about your communication preferences and how to opt out.

4.1 Profiling

We may use your data to ensure that the communications you receive are most likely to be of interest to you and to improve the efficiency and cost-effectiveness of our fundraising. In order to do this we may use the information you provide us with to tailor the communications we send to you, for example, we may use your geographical location to inform the communications we send you in order to invite you to local events, or as someone who has previously supported a specific appeal we may send you information about further appeals. In some cases, we may also use publicly-available data from third-party sources such as Companies House or social media sites to tailor our communications with you and send you information that is most relevant to you.

An internal set of guidelines is given to staff who are involved in this process to ensure we operate ethically and comply with legislation and good practice guidelines.

5.0 How we store your personal data and keep it safe

Please see our Data Protection and Information Security Policies for further details about how we ensure that your data is not held for longer than necessary and is retained and destroyed securely, in line with legal requirements, good practice and to ensure we provide you with a high quality service.

When you call with a general enquiry, speak to one of our Helpline Nurses or a member of our Supporter Development Team your call will be recorded. Please see our Call Recording Policy for further details.

All of the information you provide to us is stored on our secure servers and we ensure we have the necessary technical and organisational measures in place to protect your data. Any donations you give will be encrypted using SSL technology.

The data that we collect from you may be stored in the cloud on a server outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers for among other things, the fulfilment of donations, the processing of your payment details, the mailing of communications and the provision of other services. We will check that any suppliers outside of EEA are recognised by the European Union as providing adequate protection of your data and if they are not we will take all steps reasonably necessary to ensure that there are adequate safeguards and protections in place to ensure your data is treated securely and in accordance with the law, this privacy policy and our other data protection policies.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

6.0 Your Rights

The General Data Protection with effect from 25th May 2018 will ensure that all individuals have the following rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure, unless your data is being processed in line with a legal requirement
  5. The right to restrict processing, except for processing related to a legal requirement
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.


You can contact us using the contact details at section 8 of this Policy if you believe the information we process about you is incorrect and wish for it to be corrected or deleted. If you object to the way in which your personal data is being processed, wish to raise a complaint about how we are processing your data, or wish to withdraw your consent for the processing of your data.

In order to access the information we hold about you (this is known as a ‘subject access request’) please see the Subject Access Request Policy for further information. We ask that you request this in writing from us using the contact details at section 8.0 of this Policy.  We will require you to confirm your identity before we can release this information.

To see more information about your rights, or if you are not satisfied with our response to any request you make or concerns you raise regarding your personal data, or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Their contact information can be found at

7.0 Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

8.0 Contact us

Please contact us if you wish to amend your communication preferences, update your contact information or to see what information we hold about you. 

Membership & Supporter Team
National Osteoporosis Society
Manor Farm
Skinners Hill

or email us:

or call us on 01761 473287.

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to our Data Protection Officer, Fizz Thompson, Clinical Director by email at or by post to National Osteoporosis Society, Manor Farm, Camerton BA2 0PJ.

Appendix 1

Organisations we share your data with in order to fulfill a service:


In addition to data being shared for the purposes of processing payments, data can be shared with us by these agencies to inform us who they have provided a service to.