Dementia NI is committed to maintaining high standards of privacy and data protection for our members and those we work with. This Privacy Notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.
Dementia NI is a local charity founded on 15 January 2015 by five people living with a diagnosis of dementia, to ensure that people with dementia have their voices heard on all matters that affect their lives. Dementia NI aims to challenge the stigma of a dementia diagnosis by raising awareness about the symptoms of the illness and educate everyone about what it is like to live with dementia. We campaign for better and more accessible services for people with dementia. Dementia NI enables members to come together in a safe space and to support each other. Without your support we would not be able to continue our work to improve the lives of everyone living with dementia.
We are registered with the Information Commissioner’s Office (ZA255415). Our Charity Number is NIC 104148 and our Company Registration Number is NI.
Dementia NI is a “data controller”. This means that we are required under data protection legislation to notify you of how we will process your personal data both whilst you are involved with the charity and for a defined period afterwards. This notice will explain how we collect your personal data, its use, storage, transfer and security. We will also explain what rights you have in relation to how we process your personal data. It is important that you read this notice, together with any other privacy notice we may provide from time to time so that you are aware of how and why we are processing your personal data. We may update this notice at any time.
2. Data Controller obligations
We are required by law to ensure that when processing any of your personal data that it is:
3. Information we may collect about you can include
You will have given us this information whilst applying to be a member, registering for an event or any of the other ways to interact with us.
We may also collect, store and use the following “special categories” of more sensitive personal information (where applicable):
In the course of our work we may receive information, particularly through our funded projects about personal experiences of those who are involved with our work. We will have agreements in place or receive explicit consent to further use this information.
(Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, health, criminal convictions, sexual orientation or religious beliefs.
If you contact us you may choose to provide details of a sensitive nature. We will only use this information:
We want to ensure that you receive communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to ensure that you receive the best service when you book an event, attend an empowerment group or support us through volunteering and fundraising.
We collect your personal data by a variety of means. Typically this is collected from the registration, application, sign in or evaluation forms which you complete.
We collect information from you in the following ways:
Whilst you are engaged with us we may need to collect additional personal information from you not identified on the above list but before doing so we will provide you with a written notice setting out details of the purpose and the lawful basis of why we are collecting that data, its use, storage and your rights.
5. Usage of your personal data
As a data controller, we will use the personal information that is supplied to us by you or a third party on your behalf for the following purposes:
For the most part we will use your personal data for one of the following lawful bases:
There are other rare occasions where we may use your personal data, which are:
However, there are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for us to process your information to help us to achieve our vision.
Whenever we process your Personal Information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
Some examples of where we have a legitimate interest to process your Personal information are where we contact you about our work via post, use your personal information for data analytics, conducting research to better understand who we help, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission NI.
6. Failure to provide information
We will only ask you to provide information which we believe is necessary. If you fail to provide certain information when requested we may not be able to meet our contractual obligations to you or we may not be able to fulfil our legal obligations.
7. New purpose for using personal data?
We will only use your personal data for the stated purposes, unless we consider that there is a need to use it for another reason and that reason is compatible with the original purpose.
However, if we consider that it is necessary and reasonable to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
There may be circumstances where we have to process your personal data without your knowledge or consent, where this is required by law and in compliance with the above rules.
8. Automated decision making
It is our intention that you will not be subject to automated decision making which will have a significant impact on you, unless we have a lawful reason for doing so and we have notified you.
9. 3rd Party Sharing
Your information may have been gathered through a 3rd party eg completing your course registration through an online form on our website (managed by a 3rd party).
Our work for you may require us to give information to third parties such as:
⁻ medical professionals who refer you to us;⁻ external auditors, e.g. in relation to any professional accreditation and the audit of our accounts;
⁻ our banks; or
⁻ external service suppliers, representatives and agents that we use to make our business more efficient, e.g. document management and storage supplier, IT services providers, finance management companies, external HR consultants, telephony and telecommunications services providers.
We may also distribute images, photographs or video footage of an event we host (which may include your images) to those providing media coverage of the event or on social media platforms. We have a legitimate interest in processing your personal data for such purposes, for example, to furtherance our vision, mission and objectives. This means we do not usually need your consent for such use. However, where consent is needed, we will ask for this consent separately and clearly.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
10. Third party service providers and data security
Third party service providers are only permitted to process your personal data in accordance with our specified instructions. They are also required to take appropriate measures to protect your privacy and personal information. We do not allow your information to be used by the third parties for its own purposes and business activities.
When we add personal details to our information systems, or you complete online bookings it is retained on eTapestry software through our provider Blackbaud. They do not have access to the personal records.
We take looking after your information very seriously. We've implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site. Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
11. International transfer outside of the European Economic Area (EEA)
We may transfer personal information outside the EU. If we do, you can expect the information to be held and used in a way that is consistent with and which respects the EU and UK Laws on Data Protection
12. Data Retention
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for. Our retention policy details the periods of retention for the different types of personal data. We are only allowed to keep your information if we need it for one of the reasons we describe above.
13. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
14. Your Rights
As a data subject you have the following rights:
1. The right to be informed
2. The right of access to make a subject access request – you can request a copy of the personal data we hold about you
3. The right to rectification – you can ask that we correct any personal data found inaccurate or out of date.
4. The right to erasure – you can ask that your personal data is erased
5. The right to restrict processing – tell us to stop using information about you to sell products or services
6. The right to data portability - provide you or someone else (on your request) in a structured, commonly used and machine-readable format with the information you have provided to us about yourself.
7. The right to object - you can tell us you longer would like us to process your data and to stop processing.
8. Rights in relation to automated decision making and profiling – request that we do not make decisions about you that allows computers to make decisions about you based solely on automated processing.
If you would like to exercise any of those rights, please:
You have the right to complain about how we treat your Personal Data and Special Personal Data to the Information Commissioner's Office (ICO) as further detailed below.
15. Your duty to inform us of any changes
In order that we can ensure that the personal data we hold in relation to you is accurate, it is important that you keep us informed of any changes to that data.
16. Important information about this privacy notice
We reserve the right to amend or update this privacy notice at any time. We will provide you with a new notice when we make any updates.
17. How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection representative.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 /028 9027 8757 or via emails: email@example.com. or https://ico.org.uk/global/cont... or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England