Privacy Policy
Last Updated May 2024
This privacy notice is provided to inform about how and why your personal data is used so that we can be as transparent as possible, and to ensure that you are aware of your rights under data protection legislation.
​
The Company
We are SEDSConnective. Our registered address is Planet House, North Heath Lane Industrial Estate, Horsham, England, RH12 5QE. Our charity number is 1199724. We are registered with the ICO under registration ZB281240. We can be contacted at general@sedsconnective.org.
​
The purpose for processing your data and our basis for doing so.
We process personal data so we can provide support to our members and identify funding for our work. We advocate health, education, employment and social care for our members. We also process personal data to administer the organisation’s Facebook page. In supporting the needs of our members, we also process special category data (health) to assess application for support funding.
When we process your personal data, we must establish our legal basis for doing so and that legal basis can be different depending on circumstances in which we process it. You will see references to the basis of processing e.g.,"(Article. 6.1.f)" and this is a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question.
We process the data you provide through the contact forms on our website, registration to our Facebook group, directly by email or telephone or through the funding application form.
For our Facebook group, we process your online identifier when you register, we do this under Article 6.1.f – ‘Legitimate Interest’ as we have a legitimate interest in maintaining the group on social media for the mutual benefit of SEDS and the members. We may also publish images on social media, we do this under Article 6.1.a – ‘Consent’ which we gain from you prior to using the images.
To apply for funding, we collect from you, your full name, email address, postal address, telephone number, date of birth, bank account details and medical condition. We process this information under Article 6.1.f – ‘Legitimate Interest’ as we have a legitimate interest in assessing the application for funding to ensure it meets our criteria.
We use your medical condition data to ensure we meet the funding criteria of the organisation and that permitted by our funders. To do this, we need to have an additional basis and this is provided for by Article 9.2.d of the UK GDPR – ‘legitimate activities of a not for profit organisation’.
​
As a client, we will process your name and email address, for the purpose of communication you for the duration of our commercial relationship.
If you fail to provide the information required, we will be unable to provide the financial support applied for.
​​
Recipients of your data
​
As a general principle, we will not share your personal data to other recipients without your permission. There are some exceptions to this:
​
-
It is possible, that we might be obliged to disclose personal information in response to a court order or other lawful obligation. Our lawful basis for this is Article 6.1.c -legal obligation.
-
We use the services of an external accountant who may have limited access to your data. Our lawful basis for this is legitimate interest (Article 6.1.f UKGDPR) as we have a legitimate interest in the management of our accounts.
-
We share anonymised data with our funders to demonstrate the type of support being provided and the effectiveness of that support.
-
We use Facebook as a platform to bring together our members as well as other social media platforms to promote our work.
Data processed by third parties on our behalf.
​
We use the services of other organisations in the processing of your data. We use cloud based email and document storage and video conference platforms. Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.
​
Transferring your data outside of the
UK We do not transfer personal data outside of the United Kingdom.
​
Retention periods
We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose. We will retain member funding data for seven years post membership.
​
Security
The UK GDPR requires us to implement technical and organisational measures to protect your data. We have developed policies and procedures to ensure we treat personal data lawfully and keep it secure. We train our staff on the requirements of the legislation and the need for data protection. Our IT systems have protection installed and our online platforms are accessed through user authentication, and we have access controls in place. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website.
​
Your rights
​
The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:
​
-
You have the right to get access to and copies of your personal data.
-
You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
-
You can ask us to rectify any inaccurate information we may be holding.
​
If you want to exercise any of these rights, contact us on the above email address.
​
You also have the right to lodge a complaint about our processing with a supervisory authority — the UK's Information Commissioner's Office.
​
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
​