Privacy notice introduction
We can only achieve our vision of a world free from the pain, fatigue and isolation of arthritis with your help. Your ongoing support is invaluable to us and to the millions of people across the UK living with arthritis. That's why taking good care of your personal information and treating it with respect is so important.
Personal data helps us to better understand our donors, beneficiaries and supporters. This in turn allows us to make our decisions, services, fundraising and information the best they can be and to do more to help people with arthritis to live full and active lives.
Being open and transparent about how and why we do things is central to our values as a charity. So, we've produced this privacy notice to explain how, why and when we collect and use your personal information and how we keep it safe and secure.
Before we move on to the detail below, here is our promise to you.
- We will respect your personal details and keep them safe and secure.
- We will never sell or exchange your information with another organisation for their own use.
- We will not send you information you have not asked for or agreed to receive.
- We will respond quickly if you ask us to change your details, stop using your information or if you no longer want to hear from us.
- We will be clear about how and why we will use your personal information when we collect your details.
Your consent matters
Sometimes we will ask for your consent directly, such as when we are processing a donation or when you sign up for a service or event. At other times your consent may be clear from the nature of your contact with us, for example if you email us with a question you are giving consent for us to reply. Where we process data without direct consent, for example where we have a legal obligation or a legitimate interest, we will respect your wishes where it is possible for us to do so.
We will be happy to answer any questions you have about how Versus Arthritis and its trading company store and use your personal information. Just get in touch by calling 0300 790 0400 or email us at supportercare@versusarthritis.org
We can also change your details or deal with requests for us to stop using data or sending marketing communications.
Who we are
In this privacy notice, “we” means Versus Arthritis and Versus Arthritis Trading Limited (formally Arthritis Research UK Trading Limited). On 1 November 2017, Arthritis Research UK and Arthritis Care joined together to help more people with arthritis to live full and active lives, and Versus Arthritis was born on 19 September 2018. This means all data collected by or passed to Arthritis Research UK or Arthritis Care before and after these dates will be managed by Versus Arthritis as set out in this notice.
Versus Arthritis is a charity registered in England and Wales (number 207711) and in Scotland (SC041156), and a company incorporated in England and Wales (number 490500). Our registered address is Copeman House, St. Mary's Court, St Mary's Gate, Chesterfield, Derbyshire, S41 7TD.
Versus Arthritis Trading Limited is a company incorporated in England and Wales (number 891517). Its registered address is Copeman House, St. Mary's Court, St Mary's Gate, Chesterfield, Derbyshire, S41 7TD. It is a wholly owned subsidiary of Versus Arthritis, trading on behalf of Versus Arthritis, to raise funds for the charity’s work.
The Data Protection Officer for both Versus Arthritis and Versus Arthritis Trading is Chris Brown, Data Governance Manager. You can email with concerns about data protection at dpo@versusarthritis.org.
Changes to this privacy notice
We will regularly review this privacy notice. Any significant changes will be clearly described on our websites or we may contact you where we already hold your data and where the change affects you directly.
Your rights
At Versus Arthritis we take your rights very seriously. You can ask us to delete copies of your personal data, stop particular activities, withdraw a consent you have given previously or challenge the results of any decisions or profiling. We will fulfil all requests, providing there are no legal and accounting requirements that stop us from doing so. If you are sure you don’t want to hear from us, either now or in the future, you can ask us to hold a record which will prevent us from contacting you. This may be more effective than completely removing your data. Please contact us at supportercare@versusarthritis.org or call 0300 790 0400 to discuss any concerns. Alternatively you can email our data protection officer at dpo@versusarthritis.org.
You have a right to ask for a copy of the information we hold about you. This can be provided in a machine-readable format for transfer elsewhere. To access your information, please send a description of the information you want to see and proof of your identity by post to Versus Arthritis, Copeman House, St Mary's Court, St Mary's Gate, Chesterfield, Derbyshire, S41 7TD. We cannot accept these requests by email as we want to guarantee that we only provide personal data to the right person.
If you discover that we are holding incorrect information about you, please let us know and we will correct this.
If you are not happy about how your data is managed, and wish to make a complaint, please contact us at supportercare@versusarthritis.org or call 0300 790 0400. If you are unhappy with how a complaint is handled, you are entitled to contact the Information Commissioner’s Office (ICO). You may also contact the ICO about a data protection issue without first making a complaint to us. You can find more information about the ICO and your rights on their website.
How we keep your data safe
We use appropriate technical controls to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.
If you use a debit or credit card to make a donation or buy online or over the phone, we or our contracted suppliers will manage the transaction securely in line with the PCI DSS standards. All credit and debit card details are securely destroyed once the payment or donation has been processed.
Regular reviews ensure your personal information is only accessible by appropriately trained staff, volunteers and contractors.
We regularly perform administrative functions our systems and IT services and have a legitimate interest to do so. These include updating systems, moving data between systems, and data verification and management. We also run administrative data processing activities to ensure data is correct and accurate. We use specialist ICT service providers for this and some data may be stored in the cloud.
We sometimes use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.
Your personal information may be transferred to, and stored at, a destination outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA who work for us or for our suppliers. We will ensure that your information is held in compliance with the European data protection regulations.
We will only share your details in exceptional circumstances. This could be if we are under a duty to disclose your personal information to comply with any legal obligation (for example to government bodies and law enforcement agencies), where we have good reason to believe that a person’s vital interests are at stake (for example where a child reports abuse or someone reports serious self-harm or intends to harm someone else) or to enforce or apply our rights or to protect the organisation.
We will only ever share your data in other circumstances if we have your informed consent.
We keep records for as long as legal requirements and tax and accounting rules demand. We retain contact details for both marketing and suppression purposes until a request is made to remove information. We may also keep internal records of any contact with you indefinitely. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Children's data
Any information collected from or about children will be managed in a way appropriate to the age of the child. This information is usually collected when children attend our events or fundraise for us, but it can also be sensitive personal data about children who are receiving support from our Young People and Families service.
Wherever possible and appropriate we will seek consent from a parent or guardian before collecting information about children and we will make sure advertising for events is age appropriate.
How we collect information about you
- When you give it to us DIRECTLY
You may give us your details when you fundraise for us or generously donate, receive support from our services including a helpline, volunteer with us, join one of our networks, enter our raffle or lottery, order an information booklet, tell us your story, make a donation, purchase our products or communicate with us. Sometimes your information is collected by an organisation working for us, for example a professional fundraising agency, but we take responsibility for your data at all times.
We will collect and process all the information you give us, as well as responses given to you by our staff or AVA, our arthritis virtual assistant.
We may also collect and retain your information if you send feedback about our services or make a complaint.
- When you use our websites
When you visit our websites, information about your visit is recorded and stored on your own computer, using cookies. Cookies are text files which identify your computer to our server. Cookies in themselves do not identify the individual user, just the computer used. You can find more information on how we use cookies below. Beyond this you will remain anonymous unless you log in.
When you log in and browse Versus Arthritis site, including our online shop, you will remain logged in for 20 minutes after you last access a page or until you log out. You can ask us to keep a record of your favourite content or for our online shop to keep information on recent transactions so we can deal with future queries.
- When you give it to us indirectly
Your information may be shared with us by independent event organisers, for example the London Marathon or fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do so with your consent. Please check the privacy notice of these organisations when you provide your information to understand fully how they will process your data.
Your personal details may also be collected if they are included in other information that is sent to us. For example, if you are named as a third party in an email we receive or you are a co-beneficiary of a legacy request. In these cases, we will not add your details to our direct records but may keep copies of the information for up to 10 years. From time to time it may be necessary for us to apply to the probate registry to receive a copy of a supporter’s Will to evidence their generosity to our auditors and comply requirements placed upon us by the Charity Commission. To help preserve charitable resources, we may receive a copy Will, or share a copy Will with charitable co beneficiaries who have also been fondly remembered by the same supporter.
- When you give permission to other organisations to share your details
Information we get from other organisations may depend on your privacy settings or the responses you give, so please check them regularly. This information comes from the following sources:
Referral by a healthcare professional – many of our services for people with arthritis are accessed following a referral or recommendation by a healthcare professional. Consent to be referred will have been obtained by the healthcare professional. In these cases, your personal information will be used to identify suitable services, but your consent will be requested before enrolment.
Third party organisations – you may have provided permission for an organisation to share your data with third parties, including charities. For example, when you buy a product or service, register for an online competition or sign up with a comparison site.
- When you use social media
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp, LinkedIn, Instagram or Twitter, you might give us permission to access information from those accounts or services, either directly or indirectly. Where you follow us via social media we will not automatically add you to our own records. However, if we receive a direct request from you (for example to make a donation, use one of our services or request a booklet) we will treat your details as having been received directly.
- Public information
We may also obtain and store information about you that is available publicly from third party sources, such as from Companies House or details published in the media.
Your supporter record
If you support us, for example sign up to receive regular news and updates, make a donation, volunteer, register to fundraise, sign up for a workshop or an event, lobby or campaign for us or buy something from us, we keep a record of your support.
The law may require us to store information for up to seven years. Though we know some people will not want us to keep hold of their data indefinitely, keeping a record of past support does help us to maintain and build good relationships with people with an interest in our work.
If you choose to leave us a legacy in your Will we will keep a record of you and your pledge indefinitely. This will help us to manage your wishes when the time comes and ensure the process runs smoothly for your family.
Our standard data retention policy is to keep your personal information for 10 years, from your most recent active support. After this point we will normally remove any information that may identify you personally. However, if you ask us to hold your details to block marketing communications, either directly or via the Fundraising Preference Service, then we must keep a record indefinitely.
We apply a similar 10-year rule to personal data collected as part of our work. This may include information gathered through legitimate activities via contractors, suppliers or third parties.
If you do not want us to keep a record of your personal information, or want to discuss our data management, then please contact us at supportercare@versusarthritis.org or call 0300 790 0400.
How we use your information to:
Run our services
We run services to provide support to people living with arthritis and their families. We collect personal data to provide those services, which include our helpline, online community, information provision and local support sessions.
We will always obtain your consent before sharing information with your GP, orthopaedic surgeon, or other healthcare professional.
Keep you informed about what we do
We may need to contact you by post, email, telephone or text message about a service you have signed up for or a donation or order you have made. We will never do so without good reason. We may also contact you occasionally with critical legal and technical information and updates to this privacy notice. Wherever possible, we will respect your preferences about how you want us to contact you.
We use specialist suppliers to process and manage communications.
Direct Marketing
We want to keep our supporters updated about what we are doing to improve the lives of people with arthritis and explain how you can help. However, we understand not everyone wants to receive these updates. We only send marketing materials to supporters who want to hear from us, in the ways they want to hear from us. Our forms have clear questions about preferences and all our messages include information on how to opt out.
We will never send a marketing email or text message or make a phone call without your direct consent. If you have given us your postal address, we may send you direct mail unless you have told us that you don’t want to hear from us in this way.
We may send you information about a range of topics including, but not limited to, the latest news about our services, the research we fund, events you can get involved in, joining one of our branches, volunteering, leaving a legacy, entering a raffle or making a donation and how you can campaign for us. We always try to make our messages relevant to you, by reviewing how you have supported us in the past.
If you don’t want to hear from us or only want to be kept informed about particular topics, that’s fine. Just let us know when you provide your details, click the 'unsubscribe' link in any email we send or contact us at supportercare@versusarthritis.org or call 0300 790 0400. If you opt out, we will keep your details on a suppression list to ensure we don’t contact you in future, unless you tell us otherwise.
We may contact professionals, for example people working in the healthcare industry, at corporate or business addresses directly by any channel, without opt-in consent. However, we will always offer an opportunity to opt out of receiving marketing materials.
If we already have your permission to contact you, you will need to ask us to stop sending information rather than simply deciding not to opt in when asked.
We will never sell or share your personal details to other organisations for their own use. But we may need to share data to use analytical tools and mailing services provided by suppliers.
Direct marketing is vital to spreading our message and is in our legitimate interest. For sending marketing by email, SMS and telephone we will obtain your consent first, unless we are clear we are contacting you only in a professional capacity. For postal marketing we may choose to obtain your consent in place of legitimate interest where we believe it to be fairer. We will also seek your consent before contacting you via social media. For service and technical communications, we rely on legitimate interest, but will aim to respect your preferences as to whether we contact you by email, phone or post.
You can opt out of all future marketing communications or data processing by making a direct request or registering your preferences through the Fundraising or the Telephone Preference Service. We will then keep your details on a suppression list to ensure we don’t contact you in future, unless you tell us otherwise.
Raise vital funds to support our work
Processing donations
When you make a donation or give us permission to claim gift aid, we must collect certain information about you to satisfy our legal obligations under audit and accounting rules.
If you use a debit or credit card to donate to us in person or over the phone, we will ensure this transaction is made securely in line with the PCI DSS standards by us or our contracted suppliers. All credit and debit card details are securely destroyed once the payment or donation has been processed.
How your personal information is used when you:
Use our website
We use information we collect about your internet browsing to identify your approximate location, to block disruptive or unauthorised use, to record or limit traffic and to improve our site to ensure content is accessible to you. If you enter your details onto an online form, but do not send or ‘submit the form, we may contact you to see if we can help with any problems you may be experiencing with the form.
We also use cookies, as set out in our cookies policy and use third party services to manage and administer our website functionality.
Are a healthcare professional
If you ask for information in your capacity as a healthcare professional or join one of our professional networks, we will mainly use your data to:
- manage participation in our professional networks
- provide you with the information, services or products you asked for
- administer your organisation’s donation or support fundraising and participation in our activities
- keep a record of your organisation’s relationship with us and your role in this
- send you relevant marketing materials (see Direct marketing)
- understand how we can improve our services, products or information
- manage your feedback.
As well as your contact details, we will also store details about your role and who you work for. We may also ask for information about your experiences linked to arthritis.
Where one of our service customers provides us with your details as their personal GP or other clinician we have a legitimate interest to store your name on their file and to contact you with their consent.
Have your research funded by us
We store contact details and financial details of researchers and suppliers to manage and process grant applications, grants, contracts and payments. This includes details of staff and co-researchers/sponsors provided by Principal Investigators. Where partial information is provided we will complete the details using publicly-available information.
We keep a directory of researchers and suppliers so we can issue future offers. We may also contact people not in our directory where publicly-available information indicates a grant may be of interest. Grant processing and management in this way is a legitimate interest for Versus Arthritis.
If you join one of our networks, panels or committees for researchers and reviewers we will use your personal details for administration and to communicate with you.
Work for, or represent, a third-party organisation
If you ask for information in a professional capacity, for example as an employee of a company that supports us or supplies services or a Trustee in a registered Trust we will mainly use your data to:
- provide you with the information, services or products you asked for
- administer your organisation’s donation or support fundraising and participation in our activities
- keep a record of your organisation’s relationship with us and your role in this
- send you relevant marketing materials (see Direct marketing)
- understand how we can improve our services, products or information
- manage your feedback.
We store contact details and financial details of suppliers to manage and process contracts and payments. We retain a directory of suppliers that we may want to work with in the future.
As well as your contact details and any financial information we require to process transactions, we will also store details about your role and who you work for. We may also ask for information about your experiences linked to arthritis.
Provide services to us or apply to work for us
Applying to work for us
If you are employed by Versus Arthritis, we will process your data in accordance with your employment contract and to fulfil our legal obligations, records will be retained in accordance with legislation.
If you apply to work at Versus Arthritis, we will process your data for the purpose of the recruitment process and if unsuccessful in your application, we will hold your personal data for 12 months after the closing date to manage any queries or issues that may arise.
Should you wish to request that we do not retain your data, please contact dpo@versusarthritis.org
Sharing social media content with you
Using social media is a great way for us to update you on our work, and let you know the difference your support is making.
If you use Facebook or Instagram and have opted in to receiving communications from us, we will use these platforms as part of our relationship with you. We will upload your contact details in encrypted format to enable these platforms to determine whether you are a registered account holder with them. Your data is not retained by the social media provider and is deleted if it does not match with an existing account. This allows us to show you communications which we think will be of interest to you.
We may also use your data to identify audiences with similar interests, behaviours and demographics to existing Versus Arthritis supporters. This will allow us to promote Versus Arthritis content to people who we think may be interested in finding out more about the work we do. We believe this is the most efficient way for us to reach more people, meaning we use our funds more effectively.
If you do not wish us to use your data in this way, you can either contact Versus Arthritis direct or you can do this via Facebook.