1.0 Introduction and Purpose
Gaining a better understanding of our supporters and beneficiaries through their data allows us to make more informed decisions about the support and services we provide and the fundraising we conduct. It helps us to make more efficient use of our resources and ultimately, to bring us closer to ending osteoporosis for good. Please also see our Supporter Charter which outlines our commitment to ethical fundraising practice. We are also registered with the Fundraising Regulator, commit to the Fundraising Promise and comply with requirements of the Fundraising Preference Service.
The data controller is the National Osteoporosis Society, a charity registered under number 1102712 in England and Wales and in Scotland under number SC039755; a company limited by guarantee registered under number 04995013 in England and Wales with registered offices at Camerton, Bath, BA2 0PJ.
What we do not do
The National Osteoporosis Society does not sell, trade or rent your personal information to others, for marketing purposes or otherwise. Please see our Supporter Charter for more information.
We do not conduct telemarketing, but you may receive calls from us for administrative purposes, for example to check the accuracy of our records and update your details, or in connection with your donation or membership.
Information we may collect and process about you
1.1 Information you give us directly
You may give us information when:
The information you give us may include your name, address, e-mail address, phone number, date of birth and financial and credit card information. In addition, where you register for our events you may also give us further information, which may include any accessibility or dietary requirements but this will only be used for the event you are attending and not held on file. If you volunteer to be a case study or call the helpline, you may also provide us with information about your experiences of living with osteoporosis.
2.2 Information you give us indirectly
You may give us information indirectly when:
Your information may be shared with us if you have provided your consent or have submitted information to a third party supplier in order that we can provide the service that you have requested.
The NOS does not purchase any data from third party suppliers but data from other organisations may be passed to us if you have given them consent to have your information shared with us or where they are acting on our behalf to provide a service for you.
2.3 Information we collect about you online when you use our website
When you visit our website, the following information may be collected automatically:
In addition when you register on the website and have your own login to access secure areas we will collect the above information in a way that associates the information with your user profile.
There is a notification for all website users that states that cookies will be collected if you use the website. Please see the Cookies Policy within the Information Security Policy for further details of the information collected.
2.4 Information we collect from other sources
We may use information from other sources where you have consented to share it or it is available publicly. This may include information from your social media accounts, from media articles or information in the public domain such as Companies House. We work with third party suppliers including payment providers, delivery services, and credit referencing agencies and may receive information about you from them in order to fulfil a contractual obligation or service.
3.0 How we use the Information
We will process your data when it meets the following conditions:
We will keep a record of the consent you give us to process your information and we rely on this consent to process your data for up to and including 24 months. Please see the below section concerning your rights in relation to your data, including your right to have the processing of your data restricted and your data deleted in some cases.
3.1 Information you give to us directly or indirectly
We will use this information:
3.2 Information we collect about you online when you use our website
The cookies collected by Google Analytics on our behalf help us to provide you with a good experience when you browse our website and also this allows us to improve our site and make information provided more relevant to you.
Please see our Cookies Policy within our Information Security Policy for further information related to specific data collected when you use our website.
We will use this information:
3.3 Information we receive from other sources
We may combine this information with data you have provided to us directly or indirectly in order to gain a better understanding of our supporters and beneficiaries to enable us to improve our services or the effectiveness of our fundraising. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
3.4 Information we share with others
We may pass your data to third parties, such as mailing and distribution houses, postal service providers and payment processing companies for the fulfilment of services on our behalf. This includes your name and address and your payment details. If you have registered for an event or to participate in training, we may also need to share your details with the event organiser and this may include information related to your dietary and accessibility requirements in addition to your name and contact information. See Appendix 1 for what information we pass on, to whom and why.
We ensure that the third party suppliers we work with comply with the relevant Data Protection legislation at the point of their selection. In addition to this we commit to regularly reviewing those third party suppliers to ensure they are meeting requirements and handling your data securely.
We ensure that data is transmitted securely to third party suppliers and is only given to those who require it in order to deliver a service to you. We take responsibility for sharing only accurate information and ask that you contact us to let us know of any changes to the information you have given us in order that our records can be updated. We work with all third party suppliers to ensure they meet the requirements of our Data Retention Policy.
4.0 Fundraising and direct marketing
At the point of giving us your details you will have the opportunity to opt in and consent to receiving further information and updates from the charity including monthly newsletters and promotional material for upcoming events and fundraising initiatives.
If you select to receive fundraising and marketing communications we will use your data to keep you informed about our work and how your support is making a difference, as well as giving you the opportunity to make donations towards our work or get involved through activities such as campaigning or volunteering.
We will rely on this consent to process your data for direct marketing for up to 24 months following consent, and after that time we will presume you wish not to be contacted unless you renew your consent to keep in touch. We will not contact you with direct marketing unless you have chosen to receive this information.
If you later decide that you would prefer not to receive such communications, wish to update your contact information, or would like to change the channels by which you receive information, you can let us know at any time. We ensure that all of our forms and fundraising materials include a section about your communication preferences and how to opt out.
We may use your data to ensure that the communications you receive are most likely to be of interest to you and to improve the efficiency and cost-effectiveness of our fundraising. In order to do this we may use the information you provide us with to tailor the communications we send to you, for example, we may use your geographical location to inform the communications we send you in order to invite you to local events, or as someone who has previously supported a specific appeal we may send you information about further appeals. In some cases, we may also use publicly-available data from third-party sources such as Companies House or social media sites to tailor our communications with you and send you information that is most relevant to you.
An internal set of guidelines is given to staff who are involved in this process to ensure we operate ethically and comply with legislation and good practice guidelines.
5.0 How we store your personal data and keep it safe
Please see our Data Protection and Information Security Policies for further details about how we ensure that your data is not held for longer than necessary and is retained and destroyed securely, in line with legal requirements, good practice and to ensure we provide you with a high quality service.
When you call with a general enquiry, speak to one of our Helpline Nurses or a member of our Supporter Development Team your call will be recorded. Please see our Call Recording Policy for further details.
All of the information you provide to us is stored on our secure servers and we ensure we have the necessary technical and organisational measures in place to protect your data. Any donations you give will be encrypted using SSL technology.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
6.0 Your Rights
The General Data Protection with effect from 25th May 2018 will ensure that all individuals have the following rights:
You can contact us using the contact details at section 8 of this Policy if you believe the information we process about you is incorrect and wish for it to be corrected or deleted. If you object to the way in which your personal data is being processed, wish to raise a complaint about how we are processing your data, or wish to withdraw your consent for the processing of your data.
In order to access the information we hold about you (this is known as a ‘subject access request’) please see the Subject Access Request Policy for further information. We ask that you request this in writing from us using the contact details at section 8.0 of this Policy. We will require you to confirm your identity before we can release this information.
To see more information about your rights, or if you are not satisfied with our response to any request you make or concerns you raise regarding your personal data, or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Their contact information can be found at https://ico.org.uk/concerns
8.0 Contact us
Please contact us if you wish to amend your communication preferences, update your contact information or to see what information we hold about you.
Membership & Supporter Team
National Osteoporosis Society
or email us: firstname.lastname@example.org
or call us on 01761 473287.
Organisations we share your data with in order to fulfill a service:
In addition to data being shared for the purposes of processing payments, data can be shared with us by these agencies to inform us who they have provided a service to.