Privacy Policy

PRIVACY POLICY FOR EAST MIDLANDS IMMEDIATE CARE SCHEME

This notice tells you what to expect when we collect personal information. East Midlands Immediate Care Scheme will respect your privacy and look after your personal data.

This Notice contains information about:

1   Who We Are

2   What Is Personal Data And Special Category Data?

3   Why We Collect Your Personal Information

4   How Is Your Data Collected?

5   How We Use Your Data

6   How Long We Keep Information

7   How We Keep Information Secure

8   Your Rights

9   How We Provide The Information

10 Can You See All The Information We Hold About You?

11 Information Sharing And Third Parties

12 Information Collected From Third Parties

1 Who We Are?

East Midlands Immediate Care Scheme, also known as EMICS (Charity No 1188852), is the “data controller” of the personal information we hold for the purposes of the General Data Protection Regulation (GDPR which applies across the EU including the UK) and the Data Protection Act 2018 (the Data Protection Act) which supplements GDPR and extends its application in the UK.

2 What Is Personal Data And Special Category Data?

Personal data is defined in the GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

3 Why We Collect Your Personal Information?

This policy applies to information we collect about:

  • Visitors to our website
  • Volunteers, both clinical and administrative
  • Donors (including individuals, club members, clubs, other charitable organisations, trusts, corporate bodies and executives handling probate and legacies)
  • People who make enquiries about our activities
  • Others connected to our work and charitable objectives

What type of information we may collect:

  • Normal personal data including your name, address, telephone number, date of birth, email address, geographical/location details, bank account details, employment details, National Insurance number, educational qualifications
  • Personal information
  • Special categories of personal data – for example we may process data concerning professional qualifications or career information
  • Details, images or photos when attending emergency call-outs

As a registered charity, most of the personal data we process is data relating to our core objectives.

Data may also be processed because it is necessary for the pursuit of our legitimate interests and/or the legitimate interests of others associated with our work.

There may be occasions where we process data to comply with legal or contractual obligations, particularly in the context of compliance with requests by medical agencies, law enforcement agencies although, even in these cases, our own compliance functions will also generally be engaged.

We will not generally rely on consent as a basis for processing personal data. In the limited circumstances where we may rely upon consent, we will specifically obtain this in the course of collecting the data.

We may also use data to improve our level of service and the quality of our medical activities. Where we do this, we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so. We may for instance, monitor and/or record call-out data for quality, compliance and accuracy purposes.

If You Fail To Provide Personal Data: Where we need to collect personal data by law, or under the terms of a contract (formal or informal) we have with you or medical authorities and you fail to provide that data when requested, we may not be able to meet our Charity’s objective. If you choose not to give us any consent for our marketing and fundraising activities there will be no effect on the services we provide to those in need of our expertise and volunteers’ time.

4  How Is Your Data Collected?

We use different methods to collect data from and about you including through:

Directly: You may give us your identity and contact details by filling in forms or by corresponding with us by post, phone,  email or otherwise. This includes personal data you provide when you:

  • Make an enquiry about our services or make donations to us or apply to become a volunteer
  • Give us some feedback or complete a gift aid form

 

Automated Technologies Or Interactions: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

Third Parties Or Publicly Available Sources: We may receive personal data e.g. computer IP address, about you from various third parties and public sources as set out below:

  • Technical data from various parties eg analytics providers such as Google
  • Contact, financial and transaction data from providers of technical, payment and delivery services
  • Identity and contact data from publicly available sources such as the Charity Commissioners, Companies House and the Electoral Register based inside the EU
  • Referrals from online agencies such as Just Giving
  • Enquiries made electronically or over the telephone

The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include experts including but not limited to other clinicians and medical experts.

Some data is collected when people, or clubs they are members of, or officers of corporate bodies and other charities or legal advisors of potential donors, sign up to receive marketing or register with us for events.

5 How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the clinical care we provide to those in need
  • Where it is necessary for our legitimate interests (or those of an associated third party) and your interests and fundamental rights do not override those interests
  • Where we need to comply with a legal or regulatory obligation
  • Marketing and fundraising purposes

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to managing the Charity’s membership or to sending direct marketing communications to you via email or by post. You have the right to withdraw consent to membership management or marketing and fundraising activities at any time by contacting us at info@emics.org.uk

We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or can contribute to our activities or what may be of interest to you.

You will receive membership related and marketing communications, newsletter and social media posts from us if you have requested information from us or donate to us or if you provided us with your details when you entered a competition and, in each case, you have not opted out of receiving that form of marketing.

As we are a charity, we operate a gift aid scheme approved by HMRC and, as a result, we will retain any required data for the required period, as defined by HMRC, where a donor has elected to provide data to enable us to reclaim gift aid under the approved scheme.

6 How Long We Keep The Information 

We will only keep your personal data for as long as we need it in order to complete the purpose for which we collected it in the first place. Provided we have not identified any of your data as being required for a longer term, we will aim to destroy all papers and data we hold about you upon the expiry of a 7 year period after it was collected, unless we have a legal, regulatory or statutory obligation to dispose of/delete such papers/data prior to this period.  All digital information will be securely retained on our IT systems and anonymised/ redacted where possible.

When we receive volunteer applications containing personal information we create or update the information we hold about that person on our systems and files. We use the personal information to process the application and to make a decision about the application itself. We will keep the information for a period of 1 year, after which it will be destroyed unless your application is accepted and you become a volunteer.

If you have opted-in to receive our marketing communications we will be asking for re-consent every 2 years from the date you originally consented. You can unsubscribe from our data at any time during this period.

Information about online forms, the use of our website and the use of cookies is explained in our section about ‘Visitors to our website’.

7 How We Keep Information Secure

We are under a general duty to keep personal data and information confidential. Where we share information, we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place. We use secure portals and encryption tools when necessary to ensure data in transit is protected.

Cookies: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy below.

EMICS uses technology to collect information about the use of the website and to distinguish you from other users in order to improve your experience when you browse the EMICS website.

In order to collect the information our website may use cookies. A cookie is a small file of letters and numbers that is sent to your browser and stored on the hard drive of your computer (or internet enabled device) when you visit a website.

These cookies are used throughout the www.emics.org.uk website. These cookies are used for reporting purposes helping us to collect information about how many people use our site, what parts are accessed and where visitors come from.

Our website may link through to third party websites which may also use cookies over which we have no control. We recommend that you check the relevant third party’s privacy notice for information about any cookies that may be used.

You can configure your web browser to refuse cookies, to delete cookies, or to be informed if a cookie is set. You can find out how to do this by clicking “help” on your browser menu.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/

You should note that by deleting or blocking cookies, our website may not function correctly and you may not be able to access certain areas.

8 Your Rights

Depending on the information we hold about you, and the reason for us holding it, you have certain rights which are set out below. If you have any concerns of this nature, you can email our Data Protection Manager, Mary Boothroyd, at info@emics.org.uk

The Right To Rectification: You are entitled to have your records amended if the personal data we hold is inaccurate or incomplete.

The Right To Erasure: You have a right to request your data is deleted in certain circumstances, ie where it is no longer needed for the purposes it was collected; the (rare) occasions where consent is relied upon as the lawful basis for processing, it is withdrawn and there is no other lawful basis for our continuing to process it; you object to the processing (see below) and there are no overriding legitimate grounds to continue; where the data has been unlawfully processed; or where it has to be erased for compliance with a legal obligation.

The Right Of Access: You have the right to obtain a copy of personal data we hold about you, including the reasons why we hold it, who the data will be shared with as well as details of the period for which the data will be retained.

In most instances, we will provide the information to which you are entitled within one month of receipt of a valid request. Requests which are complex or numerous may, however, take up to three months.

Requests which are considered manifestly unfounded or excessive will be refused.

The Right To Restrict Processing: You have the right to limit the way we use your personal data if you are concerned about the accuracy of the data or how it is being used. You can also stop us deleting your data.

To exercise your right to restriction, you should make the request directly to our Data Protection Manager, Mary Boothroyd, and say what data you want restricted and the reasons why.

The Right To Object To Processing: You have the right to object to the processing of your personal data in certain circumstances. If the charity agrees to your objection, we must stop using your data for that purpose unless it can provide strong legitimate reasons to continue to use your data despite your objections.

You have an absolute right to object to the charity using your data for direct marketing and once you exercise this objection, the charity will stop using the data.

The Right To Data Portability: You have the right to ask us to transfer the information you have given to us from one organisation to another or to give that information back to you.

This right will only be applicable if we are processing information based on your consent or under contract and the processing is automated.

The Right Not To Be Subject To Decision Making Based On Automated Processing: You have the right not to be subject to a decision based solely on automated processing i.e. decisions made entirely by technological means, without human intervention.

This right includes profiling for example any form of automated processing for the purpose of evaluating you as an individual.

We confirm that we do not make decisions based on automated processing as all decisions are made by individual/individuals within the charity.

The Right To Lodge A Complaint With A Supervisory Authority: The Supervisory authority is the Information Commissioner’s Office (ICO) whose contact details are as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. If you are calling from outside the UK, you may not be able to use the 03 number above, so please call +44 1625 545 700.

Fax: 01625 524 510

Website: https://ico.org.uk/global/contact-us/

Email: casework@ico.org.uk

Opening Hours: normal opening hours are Monday to Friday between 9am and 5pm UK time.

9 How We Provide The Information To You

We usually send a hard copy by special delivery post to your residential address or by email. We can make other arrangements in some cases.

10 Can You See All The Information We Hold About You?

You may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that:

  • Is about another person
  • Is subject to legal privilege

If an exemption applies we will explain which exemption applies and we tell you if we have removed any information from the copy we send you.

11 Information Sharing And Third Parties

All of the Charity’s extranet data is stored on servers physically located in the UK.  All facilities will meet or exceed the recommendations of the Department of Health guidance on information storage.

We also store a small amount of hard copy material of a non-clinical nature for corporate governance purposes in the UK.

We also share data with organisations who perform audit and assurance roles for us and those who provide professional advisory services. This includes legal, medical and other professional advisers; again, with whom we have arrangements to ensure their compliance matches with our requirements.

12 Information Collected From Third Parties

As explained more particularly below, we also obtain data from third parties. Generally, when we do this, it is in the exercise of our regulatory functions, powers and duties, including:

  • Complainants, other regulatory bodies, law enforcement agencies and witnesses

Changes To This Notice

We keep this notice under regular review.

Last updated March 2020

EMICS Privacy Policy Page