North East Autism Society is committed to protecting your privacy. We have a responsibility to keep your personal details confidential and will only collect, process and store information about you that we have openly collected from you with your consent. This policy explains how we will handle the personal information you provide to us and what we learn about you from your visit to our web site.
As the UK transitional arrangements expired on 31 December 2020, there are some practical changes for Data Protection and the GDPR.
To comply with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) regulations 2019 please note that every policy, notice and procedural guide that refers to “GDPR” shall now be read as “UK GDPR”.
The rights, responsibilities and data protection that the Data Protection Act 2018 and the GDPR are not changed. Our procedures and arrangements will not change.
We get information from your emails, tracking visits to our website and when you complete any of our on-line forms.
We collect personal information that can be used to identify you. It can include your name, date of birth, email address, postal address, and telephone/fax number. By submitting personal data manually or in electronic form to this website, or by using this site, you give your consent that all personal data you submit may be processed in the manner and for the purposes described below.
We also collect any information that you give us in an email or have filled in on an on-line form.
1.1 We are committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we will handle your personal data.
1.3 This privacy and cookies policy was last updated on 18 May 2018.
2.1 This document was created using a template from SEQ Legal (http://www.seqlegal.com).
3.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases of the processing.
3.2 We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
3.3 We may process your account data ("account data"). The account data may include your name and email address. The source of the account data is you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
3.4 We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, and social media ids. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
3.5 We may process your personal data that are provided in the course of the use of our services ("service data"). The source of the service data is you. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
3.6 We may process information that you post for publication on our website or through our services ("publication data"). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
3.7 We may process information contained in any enquiry you submit to us regarding products and/or services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is consent.
3.8 We may process information relating to transactions, including donations or purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
3.9 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
3.10 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
3.11 We may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.12 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.13 Please do not supply any other person's personal data to us, unless we prompt you to do so.
4.1 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
4.2 We may disclose transaction and correspondence data to our suppliers or subcontractors insofar as reasonably necessary for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
4.3 Financial transactions relating to our website and services are handled by our payment services providers, Stripe and PayPal (for one-off payments) and GoCardless (for regular direct debit payments). We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at:
• Stripe (https://stripe.com/gb/privacy)
• Paypal (https://www.paypal.com/ie/webapps/mpp/ua/privacy-full)
• GoCardless (https://gocardless.com/legal/privacy/)
4.4 Your data may also be available to our website provider (Raising IT) to enable us and them to carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
(a) Your data will be made available to our website provider.
(b) The data that may be available to them include any of the data we collect as described in section 3 above.
(c) Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
(d) They will store your data for a maximum of 7 years.
4.5 In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5.1 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 We will retain and delete your personal data as follows: all data categories will be retained for 7 years, at the end of which period it will be deleted from our systems.
6.4 We use some third party software to store your personal data.
6.5 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7.3 We may notify our website visitors of changes to this policy by posting an update in the news section of our website, or via our social media channels (Facebook and Twitter).
8.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
8.2 We may withhold personal information that you request to the extent permitted by law.
8.3 You may instruct us at any time not to process your personal information for marketing purposes.
8.4 In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
10.1 Our website and services are targeted at persons over the age of 18. If you are under 18 you must ensure that you have parental consent to view our content. By using our website or agreeing to our terms and conditions, you warrant and represent to us that you are at least 18 years of age or that you have gained parental consent to do so.
10.2 If we have reason to believe that we hold personal data of a person under the age of 18 in our databases, we will delete that personal data.
11.1 You can update your personal information in the ‘Sign Up’ section of our website. Or you can let us know if the personal information that we hold about you needs to be corrected or updated by contacting us directly – see section
12.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
12.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
12.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies
(a) we use cc_cookie_accept to store whether the user has accepted the cookie message or not (expires after 365 days);
(b) we use ASP.NET_SessionId to authenticate a user's session after logging in. This closes when the user exits the browser (so expires at the end of the session);
(c) we use ARRAffinity to tell our infrastructure which server to handle the request (expires at the end of the session);
(d) we use MemberLoggedIn as a binary flag which stores whether a user is logged in or not (expires at the end of the session);
(e) we use ai_session and ai_user to track users as they navigate the website, predominantly for infrastructure performance insights (expires after 1 day);
(f) we use DisplayName to keep track of a donor’s preference to show their name during a direct debit payment (expires at the end of the session).
(a) __utma – this stores the number of user visits, the time of their first visit, the previous visit, and the current visit. It does not contain any personal information and is used only for analytical purposes. It expires 2 years from the set-up date.
(b) __utmz - this performance cookie stores where a user came from eg search engine, search keyword, link. It expires 6 months from the set-up date.
(c) _ga and _gid – these are used to distinguish between websites users in Google Analytics. They expire after 2 years / 2 hours.
15.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) Chrome: https://support.google.com/chrome/answer/95647?hl=en;
(b) Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences;
(c) Opera: http://www.opera.com/help/tutorials/security/cookies;
(d) Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies;
(e) Safari: https://support.apple.com/kb/PH21411; and
(f) Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
15.2 Blocking all cookies will have a negative impact upon the usability of many websites.
15.3 Blocking cookies on our website will not affect functionality, but you will be unable to save your form details and site preferences.
16.1 This website is owned and operated by North East Autism Society.
16.2 We are registered as North East Autism Society with the Charity Commission in the United Kingdom. Our registered number is 1028260.
16.3 We are a Company Limited by Guarantee (no. 2859620) registered in England and Wales. Our registered office is Unit 15 Lumley Court, Drum Industrial Estate, Chester-le-Street, DH2 1AN
16.4 Our principal place of business is at the address provided in 16.3.
16.5 You can contact us by writing to the business address given above, by using our website contact form, by email: email@example.com or by telephone: 0191 410 9974.
17.1 If you have a complaint about us, or the treatment of your data, you can contact the Charity Commission. The Charity Commission is the independent watchdog for charities. You can make a complaint about a charity on their website at www.gov.uk/complain-about-charity.
17.2 If you have a complaint about our fundraising activities you can also complain to the Fundraising Regulator. To find out how to go about making a complaint, go to the Fundraising Regulator website: www.fundraisingregulator.org.uk/make-a-complaint/complaints/