South West Rare Disease Policy Group (“We”) are committed to protecting and respecting your privacy.
For collecting data covered by The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) the Data Controller is South West Rare Disease Policy Group.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in an enquiry form on our site. We will use this information to send answers to your enquiries only. We may also ask for further information if you are reporting problems with our website. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these emails.
- Information that you provide by registering to use our site, subscribing to our service, posting material or requesting further services. This will be stored: on the WordPress database, or MailChimp list. You have the right to withdraw consent at any time by deleting your account.
- Details of transactions you carry out through our site and of the fulfilment of your orders. This will be stored: on the WordPress database and our email system. You have the right to withdraw consent at any time, deleting your account will leave the order in place but your contact details will be deleted.
- Information that you provide by filling in a newsletter request form on our site. This is provided by MailChimp. This will be stored: on our Mailchimp account. You have the right to withdraw consent at any time – unsubscribe at the bottom of the next newsletter.
- If you contact us by email, we will keep a record of that correspondence. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these mails.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Where we store your personal data
All information you provide to us is stored on our servers (see above: Information we may collect from you). Any payment transactions will be encrypted using SSL technology, and processed by an external payment processor i.e. PayPal, Stripe or other. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
We use information held about you in the following ways:
- To reply to your enquiries.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To allow you to participate in interactive features of our service, when you choose to do so.
If you are an existing customer, we will contact you by phone, e-mail or SMS with information about goods and services like those which were the subject of a previous sale to you.
You have the right to withdraw consent at any time.
Disclosure of your information
We may disclose your personal information to members of our company, which means our parent company, its subsidiaries and colleagues where appropriate.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using our usual methods.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you believe that we have done something wrong by not complying with GDPR please contact us in the first instance to make a complaint for which we aim to resolve. Should you not be happy with this resolution, you do have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office.
Access to information
GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £5 to meet our costs in providing you with details of the information we hold about you.