The Charlie Gard Foundation Privacy Policy

June 2020

Introduction

The Charlie Gard Foundation will handle and process all personal information appropriately and responsibly.

We shall diligently protect all information held in recognition of our obligations to individuals and regulators, and other stakeholders in the Foundation. We will be transparent about the type of information held and our purpose for holding it. When information is no longer relevant or required, it shall be securely deleted.

This policy describes our principles and approach to privacy, and the Foundation will regularly review the policy to ensure it is effective.

We appreciate your support and respect your privacy.

Terminology

This policy uses the word “Foundation” instead of the full name to make the document easier to read.

It sometimes uses “we” and “our” to describe the approach of all Foundation staff, trustees and anyone acting on behalf of the Foundation – in this case, the sentence will describe the intention and practice that shall be followed.

Personal Information

The Foundation keeps personal information provided by its supporters. For example, we store information about those people who donate time and money, and other people who are involved in the work and activities of the Foundation. We recognise that personal information about people and their activities in support of the Foundation is highly sensitive and we take appropriate steps to ensure it is properly protected.

The Foundation only stores personal information that is relevant to our activities and which is given to us directly and explicitly. We shall ask for consent to control and process personal information every time it is provided to us.

Information types
The types of personal information we keep includes names, addresses and any other contact information given to us (such as email addresses and social media contact details) to help us communicate effectively with you. We also store your communication preferences.

We shall store payment information when individuals make donations. This information will only be stored for the period related for that transaction and it shall not be kept beyond an appropriate period.

Technical information may also be kept, so that we know what kind of devices (for example, phones or laptops) are commonly used to access our website, information about that device, and where they connect from (IP address and country). This helps us to improve our website, and its performance and relevance. We may also use ‘cookies’ on our website to help us understand when you revisit our website and which pages you prefer to look at. Use of cookies is non-intrusive and usually anonymous (unless we develop a secure login feature on our website in the future).

Further information about individuals may be recorded to help us identify which kind of groups support our cause, or who want to communicate more generally. This may include age, gender, and any health information volunteered to us. Other geographic and demographic information may be recorded to give us an understanding of our supporters and audiences and how best to reach those who are in support of our aims.

No profiling
The Foundation does not undertake any automated profiling of individuals for any purpose.

Accuracy
We do not want to store any inaccurate personal information and so all individuals are invited to let us know if information we hold about them needs correcting or updating.

Sometimes, we may cross reference information we hold with public information. This helps to keep our records up-to-date and it can sometimes help to prevent fraud and deception.

Children’s data
The Foundation shall not seek to store the personal information of children under the age of 13 without appropriate consent. Wherever the personal data of a child may be received, it shall be identified as such and the permission of the child’s parent or guardian sought before storing the information. Without such consent, the child’s information shall be deleted.

Obviously, our activities are focused upon the problems faced by children affected with mitochondrial disease and their parents. However, we are aware of the particularly sensitive nature of information concerning these children and their families. We are not seeking to assemble such sensitive information if it is not directly related to our aims and objectives.

We shall take particular care to ensure that children’s data shared with us is safeguarded and that we have appropriate consent to hold it.

Communications

The Foundation wants to communicate with as many people as possible in pursuit of its aims and objectives. We want to build relationships and further our cause effectively with accurate information and transparency in our activities.

This is why we keep a record of our communications and the people we communicate with, along with replies and other information that individuals send to us. Records may also be kept of feedback, requests, suggestions and complaints.

Consent and opt-out
The Foundation will only store personal information of those who have given us consent, and we shall send mass communications only to those individuals who give consent for us to contact them in this way. See ‘Rights of the Individual’ in this policy.

When an individual no longer wants to receive these communications from us, we will operate an unsubscribe facility on our website and we will respect all requests to opt-out from our mass communications. Our ‘unsubscribe’ facility can be accessed following this link https://thecharliegardfoundation.org/unsubscribe

No Sharing

The Foundation does not share your personal information with anyone else. We may, however, request permission from a client to discuss details with collaborative charities to help with individual applications. This request will be discussed before any sharing takes place, and only when consent has been given will any information be shared.

We understand that you have given your details to us in support of our aims and objectives, and not for us to pass your details on, without your knowledge.

If we find a good reason to work together with any other organisation in the future, we will let you know our plans and ask for your approval before sharing your information.

Data Protection Measures

The Foundation has an Information Security Programme which it operates to identify, protect and monitor all data it holds, particularly personal information. This means that there are technical controls in place to protect all computers, devices and services used to store, process and access confidential information, along with access controls, staff training and regular reviews of these measures.

The Foundation uses services on the internet to make its operations more effective, for example – processing donation payments through an online payment provider. In such cases, we will conduct due diligence on each provider to ensure their data protection measures are sufficient to protect the personal information they will process on our behalf.

Before using online providers for data processing, we shall take all reasonable steps to make sure they are suitable. A contract between the Foundation and each data processor will require that your personal information is protected appropriately, and your rights are respected.

The Foundation will always be careful where it stores personal information and how that information may be moved from system to system. Data at rest will always be encrypted and we will ensure that data transfers are always encrypted. Data processing and data storage shall be preferred to occur in the United Kingdom or else in another country or jurisdiction which also ensures the privacy of personal information, such as the European Union.

Rights of the Individual

Individuals have a right to see the personal information that the Foundation holds about them. Any individual may request that inaccurate information is corrected, or even ask that their personal information is deleted.

In some circumstances, the Foundation may be obliged to keep records even after an individual has requested that it is deleted. However, this would be unusual and we would delete any such information as soon as our obligation has expired.

If you want to know what personal information the Foundation holds about you, send a request by post along with proof of your identity to the address at the end of this policy. We may make a £10 charge to cover the costs involved. We cannot respond to requests for personal information made by email because we cannot ensure the privacy of our reply, so requests of this type must be made by post.

Regulators

As an organisation based in the United Kingdom, the Foundation is responsible to the Information Commissioner’s Office (ICO) for its handling of personal information. If any individual is concerned about our approach to privacy, or data handling practices, they should contact us in the first instance, or subsequently contact the ICO for help with their concerns.

The ICO website can be found here: https://ico.org.uk/

Additionally, the Foundation is a charity registered in the United Kingdom with the Charity Commission of England and Wales and our purpose and activities are subject to the scrutiny of the Commission.

The Charity Commission website can be found here: https://www.gov.uk/government/organisations/charity-commission

Policy Changes

The Foundation may change this Privacy Policy from time to time. This may be to improve clarity, communication, or to reflect changes we have made to our privacy practices.

The latest privacy policy is always available on our website:

https://thecharliegardfoundation.org/privacy-statement/

Questions

If you have any questions or feedback about this policy, or your privacy, contact us by email info@thecharliegardfoundation.org or in writing at this address:

The Charlie Gard Foundation
Privacy Officer
Centurion House
London Road
Staines-Upon-Thames
Surrey
TW18 4AX