Privacy Notice

Introduction 

The Haemophilia Society is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains how we collect, use, store and protect your personal information, and your rights under data protection law. 

This notice applies to members, supporters, donors, fundraisers, volunteers, event participants, healthcare professionals and website users. 

Who we are 

The Haemophilia Society is the data controller for the personal data we process. 

If you have any questions about this Privacy Notice or how we use your data, please contact: 

Data Protection Lead 

The Haemophilia Society 

52B Borough High Street 

London, SE1 1XN 

Email: [email protected] 

What personal data we collect 

Depending on how you interact with us, we may collect: 

  • Name, address, email address and phone number 
  • Date of birth and gender 
  • Information about your bleeding disorder, treatment or relationship to someone with a bleeding disorder (optional) 
  • Family connections between members, if stated on registration 
  • Donation, payment and Gift Aid information 
  • Records of communications with us 
  • Event attendance and service usage 
  • Technical data such as IP address, browser type and website usage 

We only collect sensitive personal data (such as health information) where necessary and with your consent. 

How we collect your data 

We collect personal data when: 

  • You join as a member 
  • You sign up to an event or service 
  • You make a donation or Gift Aid declaration 
  • You fundraise for us 
  • You volunteer with us 
  • You contact us 
  • You use our website (including via cookies) 

Legal bases for processing 

We process personal data under the following legal bases: 

Consent: Where you have actively agreed to receive communications or provide sensitive information. 

Legal obligation: Where we are required to process data to comply with the law (for example, financial records and Gift Aid). 

Legitimate interests: Where processing is necessary for running the charity, providing services, communicating with members and stakeholders, and improving our work, provided this does not override your rights. 

How we use your personal data 

We use your data to: 

  • Manage memberships, services, events and volunteering 
  • Process donations and payments 
  • Communicate with you about our work, services, events and fundraising 
  • Send legally required communications (such as AGM information) 
  • Improve our services through feedback and surveys 
  • Maintain accurate records and comply with legal obligations 

You can change your communication preferences at any time. 

Marketing and communications 

Members will receive essential communications related to membership rights, including AGM and trustee elections. 

With your consent or where we have a legitimate interest, we may also contact you about: 

  • Services and events 
  • Fundraising activities 
  • Campaigns and news 

You can opt out of non-essential communications at any time by contacting us. 

Sharing your data 

We do not sell or rent your data. 

We may share your data with trusted third parties who support our work, including: 

  • Email platforms (e.g. Mailchimp) 
  • Payment processors (e.g. Stripe) 
  • Event platforms (e.g. Eventbrite) 
  • IT and CRM providers (e.g. Access Charity CRM) 
  • Mailing and fulfilment services 

These organisations only process data on our instructions and under contract. 

We may also share data with regulators or law enforcement where legally required, including for safeguarding purposes. 

International transfers 

Some suppliers process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place to protect your data. 

Data security 

We take appropriate technical and organisational measures to protect your data, including: 

  • Secure systems and encrypted data 
  • Restricted staff access 
  • HTTPS website security 

How long we keep your data 

We retain data only as long as necessary: 

Membership data: until you resign 

Financial and Gift Aid records: at least 7 years after last transaction 

Non-member contacts: reviewed after 2 years of inactivity 

Your rights 

You have the right to: 

  • Access your personal data 
  • Correct inaccurate data 
  • Withdraw consent 
  • Object to processing based on legitimate interests 
  • Request deletion where applicable 
  • Restrict processing 

To exercise your rights, contact our Data Protection Lead. 

Complaints 

If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO): 

www.ico.org.uk/concerns 

Telephone: 0303 123 1113 

Cookies 

We use cookies to improve your experience and analyse website usage. Please see our separate Cookie Policy for details. 

Updates to this Privacy Notice 

We may update this Privacy Notice from time to time. Any changes will be published on our website.