Medway Asthma Self-Help (MASH) Privacy Notice
The Trustees and Staff at MASH take their obligations with regards to data protection seriously and are committed to safeguarding and preserving the privacy of their clients and supporters.
MASH is controller of your personal data. The controller is the entity that determines how and why personal data is processed.
This privacy policy explains what happens to any personal data that we hold and how it is used. We do update this policy from time to time so please do review it regularly.
Information We Collect
For MASH to run an asthma support service, it is necessary to collect, maintain and process personal data about its clients and supporters. We may also need to collect sensitive data relating to your health.
The term “process” means any action taken, also with the help of electronic means, in connection with Personal Data, including collection, handling, use, transfer and disclosure by transmission, dissemination or otherwise making available, as well as recording, organisation, storage, retention, adaptation or alteration, access, retrieval, consultation, alignment or combination, blocking, anonymising, erasure, disposal or destruction.
The personal data that we process may include the following
a) Volunteers, trustee and employee contact details and other personal information such as applications forms, references, payroll information and correspondence.
b) Supporters, clients and other interested parties are kept on our internal database which is used for correspondence – the information we retain includes contact details provided (surname, initial, salutation, address, telephone number, email). We also keep hard copy of any consent forms signed by you.
c) In the process of running an asthma support service, we retain contact details for clients, booking enquires and notes regarding our consultations with clients, any test results emerging and recommendations made. We also survey clients regarding their knowledge and control of asthma before and after seeing our nurse and after 2 months where possible.
d) We retain, for a limited period, information about people who have helped us fundraise or supported our fundraisers in sponsored events. This might include names and contact details and if they wish to add gift aid to their donation.
e) MASH retains information of regular donors including bank details.
f) Names and contact details of attendees and participants in our fundraising events.
g) Mentions of people in our charity records such as our MASH timeline or trustee minutes.
Reasons for Keeping
To enable us to operate our asthma support services efficiently and to ensure any issue you may have is dealt with effectively, efficiently, and fully.
We may convert your personal data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct research and analysis, including to produce statistical research and reports. We may share such anonymous aggregated data with third parties. Aggregated and anonymous information does not personally identify you and is therefore not Personal Data (and so not caught within the GDPR or its implementation in UK laws).
Use of Your Information
We use the information that we collect from you for the following purposes:
a) We have a legitimate interest to keep a record of consultations with you in order to carry out our work. Consultation notes and contact details are not shared with anyone without your consent. Follow up letters with results are given to clients to deliver to their GP/asthma nurse with agreement. Files are kept securely and accessed by internal staff and volunteers who are working on a relevant task and are treated with discretion and confidentiality. Occasional anonymised case studies and aggregated statistics are created to help identify what our service is helping clients with or to showcase our work for reporting, funding or planning purposes or for help with publicity of MASH.
b) We use the information to correspond with employees and volunteers in relation to their role within MASH, to liaise for our events, fundraising and volunteering initiatives, to let them know about meetings and AGMs and for HR purposes, safeguarding.
c) Trustee contact details will be shared with the Charity Commission for regulatory purposes. Volunteer contact details may be shared internally for operational purposes. Employee data may be shared with HMRC for payroll purposes.
d) The information is used to send you correspondence according to your preferences, for example: newsletters, fundraising events, helping out, AGMs and Annual Reports. Your information is not shared externally and only used for the purposes stipulated.
e) The information is used for maintaining financial records and for gift aid purposes for a limited time period.
f) The information is used for notifying legitimately interested parties of events which they may have an interest in attending or participating in.
g) The information is used for internal purposes unless there is a legitimate interest to share externally, or we have requested permission to do so.
Storing Your Personal Data
As mentioned above, MASH takes the protection of your personal data seriously and we have implemented appropriate technical, physical and organisational measures to help us keep personal data (including special categories of personal data) accurate, up to date and protected against unauthorised or accidental destruction, alteration or disclosure, accidental loss, unauthorised access, misuse, unlawful processing and/or damage.
By providing your personal data to us, you agree to this transfer, storing or processing which is primarily undertaken at our offices and occasionally remotely by our representatives or utilising cloud-based storage.
Personnel files are kept offsite in locked storage.
Any other personal data is otherwise kept securely stored in the office.
Our backups are encrypted and password protected.
We do our upmost to ensure that all reasonable steps are taken to make sure that your data is treated stored securely. Unfortunately, the sending of information via the internet is not totally secure and on occasion such information can be intercepted.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this to the Information Commissioner’s Office.
Disclosing Your Information
We will not disclose your personal information to any other party other than in accordance with this privacy policy, and in the circumstances detailed below:
Access to Information
You have the right to access any information that we hold about you. If you wish to access your information, please E-Mail dpo@medwayasthmaselfhelp.co.uk and we will aim to respond within thirty days of your request.
Contacting Us
Please do not hesitate to contact us using the contact details below.
Your Rights
You have certain legal rights, which are briefly summarised below, in relation to any Personal Data about you which we hold.
Policy last updated January 2025