1.0 Introduction and Purpose
Gaining a better understanding of our supporters and beneficiaries through their data allows us to make more informed decisions about the support and services we provide and the fundraising we conduct. It helps us to make more efficient use of our resources and ultimately, to bring us closer to ending osteoporosis for good. Please also see our Supporter Charter which outlines our commitment to ethical fundraising practice. We are also registered with the Fundraising Regulator, commit to the Fundraising Promise and comply with requirements of the Fundraising Preference Service.
The data controller is the National Osteoporosis Society, a charity registered under number 1102712 in England and Wales and in Scotland under number SC039755; a company limited by guarantee registered under number 04995013 in England and Wales with registered offices at Camerton, Bath, BA2 0PJ.
What we do not do
The National Osteoporosis Society does not sell, trade or rent your personal information to others, for marketing purposes or otherwise. Please see our Supporter Charter for more information.
We do not conduct telemarketing, but you may receive calls from us for administrative purposes, for example to check the accuracy of our records and update your details, or in connection with your donation or membership.
Information we may collect and process about you
1.1 Information you give us directly
You may give us information when:
- requesting information from us
- making a donation
- joining as a member
- signing up for an event or training
- filling in a form on our website
- completing an application or expression of interest for a research grant or job vacancy
- corresponding with us by phone, e-mail, post or online
- registering as a member on the website or interacting with us on our social media platforms
- you call our Helpline and receive support and advice.
The information you give us may include your name, address, e-mail address, phone number, date of birth and financial and credit card information. In addition, where you register for our events you may also give us further information, which may include any accessibility or dietary requirements but this will only be used for the event you are attending and not held on file. If you volunteer to be a case study or call the helpline, you may also provide us with information about your experiences of living with osteoporosis.
2.2 Information you give us indirectly
You may give us information indirectly when:
- you register for an event such as a challenge event like the Virgin London Marathon, or a sporting challenge like Ride London,
- use a fundraising platform such as JustGiving,
- book your attendance at an event via a third party
Your information may be shared with us if you have provided your consent or have submitted information to a third party supplier in order that we can provide the service that you have requested.
The NOS does not purchase any data from third party suppliers but data from other organisations may be passed to us if you have given them consent to have your information shared with us or where they are acting on our behalf to provide a service for you.
2.3 Information we collect about you online when you use our website
When you visit our website, the following information may be collected automatically:
- Technical information, including the IP address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and the type of device you are using;
- Information about your visit, including the route into and through our site, length of visit and pages you viewed;
- We may receive information about you if you use any of the other websites we operate or if you donate online through our online payment provider;
In addition when you register on the website and have your own login to access secure areas we will collect the above information in a way that associates the information with your user profile.
There is a notification for all website users that states that cookies will be collected if you use the website. Please see the Cookies Policy within the Information Security Policy for further details of the information collected.
2.4 Information we collect from other sources
We may use information from other sources where you have consented to share it or it is available publicly. This may include information from your social media accounts, from media articles or information in the public domain such as Companies House. We work with third party suppliers including payment providers, delivery services, and credit referencing agencies and may receive information about you from them in order to fulfil a contractual obligation or service.
3.0 How we use the Information
We will process your data when it meets the following conditions:
- You have consented to us processing your personal data,
- The processing is necessary, in relation to a contract which you have entered into; or because you have asked for something to be done so you can enter into a contract.
We will keep a record of the consent you give us to process your information and we rely on this consent to process your data for up to and including 24 months. Please see the below section concerning your rights in relation to your data, including your right to have the processing of your data restricted and your data deleted in some cases.
3.1 Information you give to us directly or indirectly
We will use this information:
- To provide you with the information, products and services that you request from us; including information packs and other literature, information about events or training you have signed up to, events you might be interested in, and information about support group meetings and Health Professional events where you have indicated you wish to receive information from us.
- To administer your donation or your membership fee, including claiming Gift Aid where appropriate; and where you consent to further contact.
- To provide you with information about changes to our services and to inform you about other similar services we offer as part of your membership;
- To record our correspondence with you;
- To evaluate and understand how we can improve our services, including our website;
- To keep you informed about our work and about how your support is making a difference if you have chosen to keep in touch, e.g. you may receive newsletters and stewardship communications and invitations to relevant events.
- To let you know how you can support our work through donating, fundraising volunteering or campaigning where you have consented to receive this information.
- To process an application for a research grant, including sharing your application with the Research Grants Committee.
- We may also use your data to help detect fraud.
3.2 Information we collect about you online when you use our website
The cookies collected by Google Analytics on our behalf help us to provide you with a good experience when you browse our website and also this allows us to improve our site and make information provided more relevant to you.
Please see our Cookies Policy within our Information Security Policy for further information related to specific data collected when you use our website.
We will use this information:
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them;
- in order to gain a better understanding of our supporters and beneficiaries to enable us to improve our services or the effectiveness of our fundraising;
- When you have a login to the Members Area your IP address is combined with your registered profile to help us shape the content most suitable for you.
3.3 Information we receive from other sources
We may combine this information with data you have provided to us directly or indirectly in order to gain a better understanding of our supporters and beneficiaries to enable us to improve our services or the effectiveness of our fundraising. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
3.4 Information we share with others
We may pass your data to third parties, such as mailing and distribution houses, postal service providers and payment processing companies for the fulfilment of services on our behalf. This includes your name and address and your payment details. If you have registered for an event or to participate in training, we may also need to share your details with the event organiser and this may include information related to your dietary and accessibility requirements in addition to your name and contact information. See Appendix 1 for what information we pass on, to whom and why.
We ensure that the third party suppliers we work with comply with the relevant Data Protection legislation at the point of their selection. In addition to this we commit to regularly reviewing those third party suppliers to ensure they are meeting requirements and handling your data securely.
We ensure that data is transmitted securely to third party suppliers and is only given to those who require it in order to deliver a service to you. We take responsibility for sharing only accurate information and ask that you contact us to let us know of any changes to the information you have given us in order that our records can be updated. We work with all third party suppliers to ensure they meet the requirements of our Data Retention Policy.
4.0 Fundraising and direct marketing
At the point of giving us your details you will have the opportunity to opt in and consent to receiving further information and updates from the charity including monthly newsletters and promotional material for upcoming events and fundraising initiatives.
If you select to receive fundraising and marketing communications we will use your data to keep you informed about our work and how your support is making a difference, as well as giving you the opportunity to make donations towards our work or get involved through activities such as campaigning or volunteering.
We will rely on this consent to process your data for direct marketing for up to 24 months following consent, and after that time we will presume you wish not to be contacted unless you renew your consent to keep in touch. We will not contact you with direct marketing unless you have chosen to receive this information.
If you later decide that you would prefer not to receive such communications, wish to update your contact information, or would like to change the channels by which you receive information, you can let us know at any time. We ensure that all of our forms and fundraising materials include a section about your communication preferences and how to opt out.
We may use your data to ensure that the communications you receive are most likely to be of interest to you and to improve the efficiency and cost-effectiveness of our fundraising. In order to do this we may use the information you provide us with to tailor the communications we send to you, for example, we may use your geographical location to inform the communications we send you in order to invite you to local events, or as someone who has previously supported a specific appeal we may send you information about further appeals. In some cases, we may also use publicly-available data from third-party sources such as Companies House or social media sites to tailor our communications with you and send you information that is most relevant to you.
An internal set of guidelines is given to staff who are involved in this process to ensure we operate ethically and comply with legislation and good practice guidelines.
5.0 How we store your personal data and keep it safe
Please see our Data Protection and Information Security Policies for further details about how we ensure that your data is not held for longer than necessary and is retained and destroyed securely, in line with legal requirements, good practice and to ensure we provide you with a high quality service.
When you call with a general enquiry, speak to one of our Helpline Nurses or a member of our Supporter Development Team your call will be recorded. Please see our Call Recording Policy for further details.
All of the information you provide to us is stored on our secure servers and we ensure we have the necessary technical and organisational measures in place to protect your data. Any donations you give will be encrypted using SSL technology.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
6.0 Your Rights
The General Data Protection with effect from 25th May 2018 will ensure that all individuals have the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure, unless your data is being processed in line with a legal requirement
- The right to restrict processing, except for processing related to a legal requirement
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
You can contact us using the contact details at section 8 of this Policy if you believe the information we process about you is incorrect and wish for it to be corrected or deleted. If you object to the way in which your personal data is being processed, wish to raise a complaint about how we are processing your data, or wish to withdraw your consent for the processing of your data.
In order to access the information we hold about you (this is known as a ‘subject access request’) please see the Subject Access Request Policy for further information. We ask that you request this in writing from us using the contact details at section 8.0 of this Policy. We will require you to confirm your identity before we can release this information.
To see more information about your rights, or if you are not satisfied with our response to any request you make or concerns you raise regarding your personal data, or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Their contact information can be found at https://ico.org.uk/concerns
8.0 Contact us
Please contact us if you wish to amend your communication preferences, update your contact information or to see what information we hold about you.
Membership & Supporter Team
National Osteoporosis Society
or email us: firstname.lastname@example.org
or call us on 01761 473287.
Organisations we share your data with in order to fulfill a service:
For what purpose
Who does this affect
Name and address
Mailing Houses, e.g. Priority Mailing, Springer, Membership Plus, Echo DMS, TPM, Gillards, and postal downstream access providers e.g. One Post
In order to mail Osteoporosis News (Priority Mailing) and Osteoporosis International (Springer); Membership Packs and Membership renewal letters (Membership Plus); appeals and stewardship communications (Echo DMS); and to fulfil retail orders (Gillards) and mail bulk publications orders (TPM)
Members, supporters and organisations requesting bulk publications
Name, address, email address and Gift Aid status
Raffle provider, Woods and mailing house, Echo DMS
In order to participate in the raffle or receive appeals
Members and other supporters
Name, address, email address and phone number, Direct Debit/ credit card details
The Unity Lottery, Sterling Management Centre Ltd
In order to participate in the lottery
This applies to those who have registered to participate in the NOS Lottery.
In addition to data being shared for the purposes of processing payments, data can be shared with us by these agencies to inform us who they have provided a service to.