Medway Asthma Self-Help (MASH) Privacy Notice

Medway Asthma Self-Help (MASH) Privacy Notice

The Trustees and Staff at MASH take their obligations with regards to data protection seriously and are committed to safeguarding and preserving the privacy of their clients and supporters.

MASH is controller of your personal data. The controller is the entity that determines how and why personal data is processed.

This privacy policy explains what happens to any personal data that we hold and how it is used. We do update this policy from time to time so please do review it regularly.

Information We Collect

For MASH to run an asthma support service, it is necessary to collect, maintain and process personal data about its clients and supporters. We may also need to collect sensitive data relating to your health.

The term “process” means any action taken, also with the help of electronic means, in connection with Personal Data, including collection, handling, use, transfer and disclosure by transmission, dissemination or otherwise making available, as well as recording, organisation, storage, retention, adaptation or alteration, access, retrieval, consultation, alignment or combination, blocking, anonymising, erasure, disposal or destruction.

The personal data that we process may include the following

a) Volunteers, trustee and employee contact details and other personal information such as applications forms, references, payroll information and correspondence.

b) Supporters, clients and other interested parties are kept on our internal database which is used for correspondence – the information we retain includes contact details provided (surname, initial, salutation, address, telephone number, email). We also keep hard copy of any consent forms signed by you.

c) In the process of running an asthma support service, we retain contact details for clients, booking enquires and notes regarding our consultations with clients, any test results emerging and recommendations made. We also survey clients regarding their knowledge and control of asthma before and after seeing our nurse and after 2 months where possible.

d) We retain, for a limited period, information about people who have helped us fundraise or supported our fundraisers in sponsored events. This might include names and contact details and if they wish to add gift aid to their donation.

e) MASH retains information of regular donors including bank details.

f) Names and contact details of attendees and participants in our fundraising events.

g) Mentions of people in our charity records such as our MASH timeline or trustee minutes.

Reasons for Keeping

To enable us to operate our asthma support services efficiently and to ensure any issue you may have is dealt with effectively, efficiently, and fully.

1. We process this information (including retaining it for as long as is necessary) on the basis of legitimate interest.

2. We need some categories of personal data for legal purposes.

3. We have a legal obligation to retain contact details of all people involved in the running of our charity.

4. MASH has explicit consent for correspondence. Database Authorisation and Membership forms are kept as proof of legal basis for retaining and processing data.

We may convert your personal data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct research and analysis, including to produce statistical research and reports. We may share such anonymous aggregated data with third parties. Aggregated and anonymous information does not personally identify you and is therefore not Personal Data (and so not caught within the GDPR or its implementation in UK laws).

Use of Your Information

We use the information that we collect from you for the following purposes:

a) We have a legitimate interest to keep a record of consultations with you in order to carry out our work. Consultation notes and contact details are not shared with anyone without your consent. Follow up letters with results are given to clients to deliver to their GP/asthma nurse with agreement. Files are kept securely and accessed by internal staff and volunteers who are working on a relevant task and are treated with discretion and confidentiality. Occasional anonymised case studies and aggregated statistics are created to help identify what our service is helping clients with or to showcase our work for reporting, funding or planning purposes or for help with publicity of MASH.

b) We use the information to correspond with employees and volunteers in relation to their role within MASH, to liaise for our events, fundraising and volunteering initiatives, to let them know about meetings and AGMs and for HR purposes, safeguarding.

c) Trustee contact details will be shared with the Charity Commission for regulatory purposes. Volunteer contact details may be shared internally for operational purposes. Employee data may be shared with HMRC for payroll purposes.

d)  The information is used to send you correspondence according to your preferences, for example: newsletters, fundraising events, helping out, AGMs and Annual Reports. Your information is not shared externally and only used for the purposes stipulated.

e) The information is used for maintaining financial records and for gift aid purposes for a limited time period.

f) The information is used for notifying legitimately interested parties of events which they may have an interest in attending or participating in.

g) The information is used for internal purposes unless there is a legitimate interest to share externally, or we have requested permission to do so.

Storing Your Personal Data

As mentioned above, MASH takes the protection of your personal data seriously and we have implemented appropriate technical, physical and organisational measures to help us keep personal data (including special categories of personal data) accurate, up to date and protected against unauthorised or accidental destruction, alteration or disclosure, accidental loss, unauthorised access, misuse, unlawful processing and/or damage.

By providing your personal data to us, you agree to this transfer, storing or processing which is primarily undertaken at our offices and occasionally remotely by our representatives or utilising cloud-based storage.

Personnel files are kept offsite in locked storage.

Any other personal data is otherwise kept securely stored in the office.

Our backups are encrypted and password protected.

We do our upmost to ensure that all reasonable steps are taken to make sure that your data is treated stored securely. Unfortunately, the sending of information via the internet is not totally secure and on occasion such information can be intercepted.

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this to the Information Commissioner’s Office.

Disclosing Your Information

We will not disclose your personal information to any other party other than in accordance with this privacy policy, and in the circumstances detailed below:

• Occasionally personal data might be shared within MASH (among staff, trustees and other volunteers) for the purposes of undertaking MASH-related activities.
• You have explicitly agreed to our doing so.
• If we are required by law to disclose your personal information.

Access to Information

You have the right to access any information that we hold about you. If you wish to access your information, please E-Mail dpo@medwayasthmaselfhelp.co.uk and we will aim to respond within thirty days of your request.

Contacting Us

Please do not hesitate to contact us using the contact details below.

Your Rights

You have certain legal rights, which are briefly summarised below, in relation to any Personal Data about you which we hold.

1. Where our processing of your Personal Data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights, and freedoms, or that the processing is necessary for us to establish, exercise, or defend a legal claim.

2. You have the right to ask us to delete any data we hold regarding you and to unsubscribe from our communications at any time. You can do this by telephoning us on 01634 855844 or by emailing us at admin@medwayasthmaselfhelp.co.uk.

3. We will try to resolve any concerns you may have. However, if you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/concerns/).

Policy last updated January 2025