Donate Become a member

Privacy Policy

The purpose of this Privacy Policy is to describe the types of information that Genetic Alliance UK collects from you when you contact us, sign up to our mailing lists or use our services, and to explain how we use that information. This is in line with the General Data Protection Regulation (GDPR) which came into effect 25 May 2018. This Privacy Policy refers to the storage and usage of all data, however, it is only personal data not available in the public domain which is covered by the new GDPR legislation – not, for example, work contact details or role information.

What information do we collect about you?

We may collect personal information that you share with us about you or your family when you contact or interact with Genetic Alliance UK.

The personal information we collect may include:

  • Information that is relevant to the product or service you are signing up for when registering with Genetic Alliance UK or our long-standing projects SWAN UK (as a family/individual) and/or Rare Disease UK.
  • Questions, queries or feedback you send us via email, post or the website.
  • Phone calls to us.
  • Any personal information that you disclose in the course of participating in our research or surveys (see also Participating in Research section).
  • Personal data you share with us when you place orders for merchandise or make a donation via email, over the phone on our website.
  • Information you have posted via social media – this includes counting your name for our engagement statistics. SWAN UK operate private Facebook Groups for individuals and families who register to join the SWAN community and often ask questions to gather feedback or additional information to help improve services or monitor issues within the community. Wherever we plan to in some way save this information in our database, we will put this as part of the post.   Information given in person during an event or meeting with a member of staff or volunteer. This only applies to personal information given at the registration of an event, or in the event of a safeguarding disclosure which requires our action in line with UK law.
  • Your IP address, details of how you use the website and of which version of web browser you used when you visit the website geneticalliance.org.uk, and any microsites for campaigns such as undiagnosedchildrensday.uk and rarediseaseday.uk. We cannot personally identify you using this data.
  • Information on how you use the website, using cookies and page tagging techniques to help us improve the website. We cannot personally identify you using this data.

Genetic Alliance UK never buys data nor do we auto enrol people onto our products or services. For details of how you can request all the information we hold on you or how to be forgotten see Your Rights section for more information.

 

Information about member organisations

We do not keep information for longer than necessary and we will retain it as long as we are providing products or services to you. 

If your membership of Genetic Alliance UK ends then we will keep financial information for up to 7 years due to legal and contractual requirements after which time we will delete your personal information from our database.  

If your membership of Genetic Alliance UK ends and we have had no contact with you for 3 years then we will delete your personal information from our database. 

 

What do we use your information for?

We may use your information to:

  • Administer your membership, product or the service you have signed up for.
  • Provide information to you.
  • Inform you of news and events in the field of genetic, rare and undiagnosed conditions.
  • Offer you the opportunity to take part in research or to inform you of related research taking place.
  • Inform you of member patient organisations work or related businesses.
  • Ask for your opinion or feedback.
  • Promote fundraising activities.
  • Promote campaigns we are running.

Specifically for individuals and families joining the SWAN UK community to:

  • Connect you with your Regional Parent Rep.
  • Connect you with other families in your area (we wouldn’t do this without your express consent).
  • Invite you to local events.
  • Send you the quarterly newsletter and e-news.
  • Offer you the opportunity to take part in research or policy work.
  • Advertise a media opportunity we have.

Data collected when you visit our website

Whenever you browse our website, read pages, or download information, the web server Google Analytics automatically records certain information about your visit from the computer or device you use to access our site. This information does not identify you personally. It just tells us how many visitors come to our site, when they visit, how many pages they access, their internet browser (for example, Microsoft Explorer or Firefox), their computer operating system (for example, Windows XP) and the site they were on before they linked to ours (for example, Google if they found us from a search engine). We also use other software to help us understand how people move around our site, and also to test how accessible our website is to people with disabilities. With this information, we can improve our site for all our visitors and make it more useful for everyone.

 

Cookies on our website

A cookie is a line of text and numbers that is created by our website and stored on your computer when you visit our site. The cookie does not collect or contain personal information about you and poses no security or virus risk to your computer. When you return to our site, the cookie associates your computer with the information that you gave us when you first visited or registered. It helps us evaluate how often visitors return to the site. Of course, you can still make full use of the site if you specifically choose to delete or not to accept the cookie on your browser.

Social media and other websites

Although our social media channels and Facebook groups are monitored regularly by staff, we have no control over information you or others may submit, post or share on social media or other websites – even where we link to them from our own website or they link to our website. When you use these sites you do so in accordance with the separate terms and conditions and policies of these sites.

 

Where your data is stored

We keep your data stored through Google Suite and using Beacon (for Genetic Alliance UK and our long-standing project Rare Disease UK) and Salesforce (for individuals and families registering to join the SWAN community).  A copy of this data is automatically stored on our staff computers if saved on a spreadsheet or google sheet. All staff computers and google suite access is password protected and updated as appropriate.

We also store data on Brevo, and on our website (stored on UK surveys that adhere to GDPR standards).

For research projects we store your survey data on a password protected SurveyMonkey account, accessible only by research staff. Audio recordings of interviews and focus groups, accompanying handwritten notes, and paper copies of survey responses, are stored in a locked cupboard in a secure office.

 

Keeping your data secure

We take our responsibilities very seriously and we have procedures and security features in place to try and keep your data secure once we receive it.

Access to your information is restricted to staff, formal volunteers, contractors and partners who need it to perform their work and who may only access this data in accordance with our Data Protection Policy. Sensitive information you give us is kept separate from other information and access is restricted to only members of staff working specifically on the SWAN UK project. The exception to this is case studies. As part of our policy and public affairs work, we will often contact patients we have an existing relationship with to see if they are open to media or publicly telling their personal story. If you give consent to this, those case studies are kept on file for up to 5 years to be used for media. You can withdraw consent for these to be used at any point by contacting anyone in the staff team.

Any personal data provided as part of a research project is only accessible by research team staff.

Beacon is the charity’s main database provider and is use to hold details of our members, industry supporters, fundraisers, donors and professional contacts. Read Beacon’s security information here.

Salesforce is the charity’s other database provider and is currently only used for individuals and families registering to join the SWAN UK community. Access to the database is restricted to only SWAN UK members of staff.  Read Salesforce’s security information here.

All staff and volunteers with access to your information are appropriately DBS checked and are subject to confidentiality agreements and agree to abide by our confidentiality agreement and code of conduct. Third party contractors (such as mailing houses), who are given your data in order to fulfil a service for Genetic Alliance UK have also signed agreements to state that your data will only be used for the purposes outlined by Genetic Alliance UK and will be destroyed on completion of that work.

Transmitting information over the internet is generally not completely secure, and we can’t guarantee the security of your data in transit. Any data you transmit to us over the internet is at your own risk.

 

How long do we hold your data?

While we are providing products or services to you, for example regular e-newsletters, we will store your data in order to provide that service for as long as you want it. If you ask to ‘be forgotten’ and would like all information removed on you, we will do this and provide written confirmation that we have removed all of the information we hold on you (this applies to our own website and related microsites, we will be unable to remove your information or posts from any social media sites). The only exception to this is where such a request would contravene an existing reason/law that is of higher importance than your own to be forgotten. 

For example, if you have bought a ticket to an event in the future, and have then asked to be instantly forgotten, it is our duty as a service/product provider to keep you informed of that event – over the right to immediately be forgotten. See Your Rights section for more information.

If you have taken part in a research project, your research information will generally be kept for 3 years after the end of the project (subject to approval by a research ethics committee) and then securely destroyed or as otherwise stated in the participant information sheet. See Taking part in research section for more information.

More broadly Genetic Alliance UK has a Data Retention Policy in place to make sure we meet legal requirements for the retention and disposal of records in accordance with relevant legislation. This policy ensures that we take a consistent approach to managing records throughout their lifecycle and regardless of their format.

 

Sharing your information

We rely on a number of trusted suppliers and partners working with us to provide a range of services to you. In order to provide you with these services we may need to share some of your personal information with our suppliers and partners from time to time so they can process it for us according to our instructions. We will never share more than is necessary to provide the service in question. For example, to send you a printed copy of a newsletter we need to give your address details to our print supplier.

In addition we may also have to pass on your personal information if we have a legal obligation to do so. We will never share your information with any other organisations for commercial purposes or other purposes. For the purpose of communicating with our supporters, members and general public, we use and store data with the following companies. You can view the way that they handle your data by clicking on them:

Brevo – for all of our e-communications and sign ups

Google – used for all of our office administration, for example Gmail

Beacon – is our main database. It is hosted on a UK server with restricted access for staff only.

SalesForce – is our SWAN UK database. It is hosted on a UK server with restricted and relative access for staff only.

 

Online donations and purchases

When you are using our secure online donation page or purchase our merchandise or products online or over the phone, you are going through to a partner company and the information you give such as your credit card number and contact information is provided to them so the transaction can take place. Below are the companies we use for these services. You can click on them to find out how they use and store your data:

World Pay

PayPal

JustGiving

Stripe

GoCardless

 

Taking part in research

The storage and security of any personal information submitted as a research participant is outlined in earlier sections of this document. In analysing and reporting research findings, we anonymise data and make every effort to minimise the risk of identification e.g. by removing specific clinic names from data. These arrangements are also detailed for each research project in the participant information sheet and approved by national research ethics committees where appropriate.

 

Data breaches

In accordance with the new GDPR legislation (May 2018), all data breaches of personal data will be reported to the Information Commissioner’s Office within 7 days.

 

Your rights

You can contact us to request a copy of any information we hold about you, ask us to correct or remove any inaccurate information or ask us to delete some or all of the information we have collected about you and your family at any time, and at no cost.

You have the right to be forgotten – which means Genetic Alliance UK will remove all information that it holds on you.  The only exception to that is if we have a legal obligation to keep your data in order to fulfil a contract (commercial or service) with you. If you want to be ‘forgotten’ please contact the office on the details below. This cannot apply to social media, you are responsible for posts you have made on our social media site, and therefore must remove them yourself.

It is your right to request any personal information that we hold on you as part of an ‘access request’.  This comes at no cost to you and we are committed to providing that information to you within 1 month. Please send your access requests to [email protected].

You can unsubscribe from any of our communications at the bottom of each of our mailings, or by unfollowing us on social media channels. If you want to call us to be unsubscribed manually from anything that we send you, please contact the office and we will do that for you.

It is our commitment that we will only collect relevant information on you. If you have been asked to fill in your details and want to know why we have asked for a specific piece of information, contact us and we will explain why.

It is our policy to ensure that it is clear whenever you interact with us, what you are signing up to receive. If you ever have questions on that, please don’t hesitate to get in touch.

 

Changes to our privacy policy

We regularly review and update this policy to make sure it is accurate and simple to understand. This policy was last updated in November 2023.

 

How to contact us

We’re here to help. If we can be of any assistance, or if you would like more information about this policy, please: email us at [email protected]; write to us at Genetic Alliance UK, c/o Creative Works, 7 Blackhorse Lane, London E17 6DS; or call us on 0300 124 0441.