Medway Asthma Self-Help (MASH) Privacy Notice

The Trustees and Staff at MASH are committed to safeguarding and preserving the privacy of our clients and supporters.

This privacy policy explains what happens to any personal data that we hold and how it is used. We do update this policy from time to time so please do review it regularly.

Information We Collect

a) Volunteers, trustee and employee contact details and other personal information such as applications forms, references, payroll information and correspondence.

b) Supporters, clients and other interested parties are kept on our internal database which is used for correspondence – the information we retain includes contact details provided (surname, initial, salutation, address, telephone number, email). We also keep hard copy consent forms signed by you.

c) In the process of running an asthma support service, we retain contact details for clients, booking enquires and notes regarding our consultations with clients, any test results emerging and recommendations made. We also survey clients regarding their knowledge and control of asthma before and after seeing our nurse and after 2 months where possible.

d) We retain, for a limited period, information of people who have helped us fundraise or supported our fundraisers in sponsored events. This might include names and contact details and if they wish to add gift aid to their donation.

e) MASH retains information of regular donors including bank details.

f) Names and contact details of attendees and participants in our fundraising events.

g) Mentions of people in our charity records such as our MASH timeline or trustee minutes.

Reasons for Keeping

a) We have a legal obligation to retain contact details of all people involved in the running of our charity.

b) MASH has explicit consent for correspondence. Database Authorisation and Membership forms are kept as proof of legal basis for retaining and processing data.

c) We need to keep these for legal purposes. They are essential for the running of our services.

d) We process this information on the basis of legitimate interest.

e) We process this information on the basis of legitimate interest.

f) We process this information on the basis of legitimate interest.

g) We have a legal obligation to retain details regarding the running of our charity.

Use of Your Information

We use the information that we collect from you for the following purposes:

a) We use the information to correspond with you in relation to your role within MASH, to liaise for our events, fundraising and volunteering initiatives, to let you know about meetings and AGMs and for HR purposes, safeguarding. Trustee contact details will be shared with the Charity Commission for regulatory purposes. Volunteer contact details may be shared internally for operational purposes. Employee data may be shared with HMRC for payroll purposes.

b) The information is used to send you correspondence according to your preferences, for example: newsletters, fundraising events, helping out, AGMs and Annual Reports. Your information is not shared externally and only used for the purposes stipulated.

c) We need to keep record of consultations with you for legal purposes and in order to carry out our work. Consultation notes and contact details are not shared with anyone without your consent. Follow up letters with results are given to clients to deliver to their GP/asthma nurse with agreement. Files are kept securely and accessed by internal staff and volunteers who are working in a relevant task and are treated with discretion and confidentiality. Occasional anonymised case studies and aggregated statistics are created to help identify what our service is helping clients with or to showcase our work for reporting, funding or planning purposes or for help with publicity of MASH.

d) The information is used for maintaining financial records and gift aid purposes for a limited time period.

e) The information is used for maintaining financial records and gift aid purposes for a limited time period.

f) The information is used for notifying legitimately interested parties of events which they may have an interest in attending or participating in.

g) The information is used for internal purposes unless there is a legitimate interest to share externally, or we have requested permission to do so.

Storing Your Personal Data

By providing your personal data to us, you agree to this transfer, storing or processing which is primarily undertaken at our offices and occasionally remotely by our representatives or utilising cloud based storage. Personnel files are kept offsite in locked storage. Any other personal data is otherwise kept securely stored in the office, locked or password protected. Our backups are encrypted and password protected.

We do our upmost to ensure that all reasonable steps are taken to make sure that your data is treated stored securely.

Unfortunately the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically, sending such information is entirely at your own risk.

If we become aware of a data breech we will report this to the ICO as per the GDPR regulations.

Disclosing Your Information

We will not disclose your personal information to any other party other than in accordance with this privacy policy, and in the circumstances detailed below:

• Occasionally personal data might be shared within MASH (among staff, trustees and other volunteers) for the purposes of undertaking MASH-related activities.
• You have explicitly agreed to our doing so.
• If we are legally required by law to disclose your personal information.

Access to Information

You have the right to access any information that we hold about you. We will aim to respond within seven working days of your request.

Contacting Us

Please do not hesitate to contact us.

Right to Deletion

You have the right to ask us to delete any data we hold regarding you and to unsubscribe from our communications at any time. You can do this here: http://www.medwayasthmaselfhelp.co.uk/contact-us/ or by emailing us at medwayasthmaselfhelp@btconnect.com or telephoning 01634 855844 regarding these or any other matter relating to this privacy policy.