Basingstoke & Alton Cardiac Rehabilitation Charity provides cardiac rehabilitation and primary prevention of cardiovascular disease. Our mission is to significantly improve the quality of life of people in our community.
At the Cardiac Rehab Centre, we value our supporters and we’re committed to protecting your privacy and so we make sure we protect any personal information you give us. This policy will let you know exactly how we use and protect your personal information. And if you have any questions about it please just send us an email to firstname.lastname@example.org – we’d be delighted to help. Our postal address can be found below.
By giving us your personal information, you agree to the use of it as set out in this policy.
What personal information do we collect?
Personal information is information that can be used to identify you.
This personal information may include your name, email, postal address, phone numbers, date of birth, emergency contact details, financial details, medical/health information, UK tax payer information (for Gift Aid), credit or debit card information, records of responses to appeals or campaigns as well as how you came to find us or about our services or events.
When and where do we collect your personal information?
When we collect this personal information, we only ask you for it when there is a clear reason for doing so, such as part of exercising with us, making a purchase or donation, or when you sign up to our newsletter or e-news. To make sure we always have the most up to date information about how to contact you, we may from time to time contact you to update your records to reflect changes to your personal information.
Information will usually come directly from you or it may come from a medical third party we consider legitimate and trustworthy, in circumstances where it is appropriate, and where you will have a clear expectation that your details would be passed on by them for these purposes.
Why do we collect it?
To process personal information as part of provision of exercise rehabilitation if you are an exerciser with us.
To provide you with information such as services, health information, fundraising or volunteering opportunities that are or legitimate interest or according to your preferences
To send you items you have ordered through our webshop or from the Centre
To personalise your experience using our website when you choose to do so; such as auto completing forms on our website.
To analyse and improve our services offered to you.
To make our marketing and promotion campaigns more targeted and relevant.
For internal record keeping, such as the management of feedback or complaints
Where it is required or authorised by law
How do we use your personal information and for how long do we hold it?
We may use your information to send you communications by mail, e-mail, telephone or social media. In some cases, this may require getting your additional permission. Our communications include news and updates about our work and how you can help us and get involved, for example, volunteering, attending events and other fundraising activities.
We hold personal information relating to:
Donations you have made to us for 7 years since the date of your last donation.
Legacy donations – if you pledge a legacy gift we will retain personal information data until 7 years after the legacy is received.
Entering raffles, lottery or competitions for 5 years.
Purchasing services such as training or venue hire, which will be kept for 3 years.
Subscribing to a newsletter – you can unsubscribe at any time.
Exercise class information may be retained for 5 years since the last class you attended.
We are legally required to hold some personal information to fulfil statutory obligations, for example the collection of Gift Aid or to support certain financial transactions.
Your personal information will not be retained for longer than necessary in relation to the purpose for which it was originally collected, or for which it was further processed, subject to certain legal obligations mentioned above. It will only be stored in relation to the purposes for which you have supplied it as an exerciser, a customer of our online shop, a volunteer, a donor, a subscriber to a newsletter and/or e-news, or a person raising a query or complaint.
With whom do we share your information?
We will never sell your details to any third parties, but we may sometimes share your information with trusted third parties:
service providers such as TakePayments, Paypal, Stripe or Go Cardless for processing payments in a secure environment. The Cardiac Rehab Centre is Payment Card Industry (PCI) compliant and uses external PCI compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.
Medical professionals with whom you have a relationship, where you have an expectation that the information will be shared relating to exercise and health matters
We may disclose your personal information to third parties if required to through a legal obligation (for example to the police or a government body).
All our partners are trusted and work under Data Protection Law. We work with them to ensure a high standard of controls and contracts are followed so your information is handled appropriately.
How secure is my information?
When you give us personal information, it may be stored and processed outside of the UK. We take steps to ensure that your information is treated securely. Unfortunately, no information shared over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you do so at your own risk. We always do our best to make sure your information is secure on our systems.
How can you update your personal information and your contact preferences?
We want you to have total control over how you hear from us and get involved with our vital work.
You can update your personal information and your contact preferences by emailing email@example.com or calling 01420 544794
Withdrawing Consent and other rights under the Data Protection Law
The law allows you to withdraw your consent to any specific usage at any time without needing to specify a reason. You can do so by emailing firstname.lastname@example.org or calling 01420 544794.
You are also entitled to get in touch to exercise any of your rights as listed below:
To request access to your personal information;
Objection to processing of your personal information;
Objection to automated decision-making and profiling;
Restriction of processing of your personal information;
Rectification of your personal information; and
Deletion of your personal data.
Having verified your identity, you are entitled to be told about your data that we hold:
The purposes of the collection, processing, use and storage of your personal data and the source if it was not obtained from you.
The categories of the personal data stored about you.
The envisaged period of storage for your personal data or the rationale for determining the storage period
No administration fee will be charged to make changes to your personal data.
If you wish to file a complaint with respect to the way our policy has been implemented, please contact the Chief Executive at email@example.com or call 01420 544794.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR. You can do so by calling the ICO helpline on 0303 123 1113 or via their website.
The Cardiac Rehab Centre is registered under the Data Protection Act 1998 as a Data Controller under number Z8758493.