Privacy Statement for Food for the Brain Foundation – Updated May 2020
Food for the Brain Foundation is committed to protecting the privacy and security of the personal information of our beneficiaries and supporters.
The Charity is a data controller under the General Data Protection Regulation (GDPR). This means that we are responsible for deciding how we collect, hold, use and protect your personal information and we are required to give you certain information about how and why we do this.
This privacy notice describes how Food for the Brain Foundation (“Food for the Brain”, “the Charity”, “we”, “our”, “us”) collect, hold, use and protect personal information that relates, both during and after the time when you are a beneficiary and supporter of the charity. We may update this notice from time to time.
Personal information we may collect about you
Personal information means, broadly, information that identifies (or that could, with other information that we hold or are likely to hold, identify) a living individual. This could include any information provided to us directly by yourself in relation to your support to the charity, either through donations or volunteering with the charity, or as a beneficiary through our educational and research work or indirectly, for example when you visit our websites, some technical details will supplied such as your IP address, and internet browser used.
We also collect cumulative and user-specific information on what pages users access or visit. The information we collect is used for our review purposes, to improve the content of our webpages.
We may hold any or all of the following personal information about you:
- personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number.
- details relating to family, health, lifestyle and social circumstances, such as details about cognitive health and current diet and lifestyle habits.
- employment and education details such as type of job and length of time in education
- financial details such as bank account details to process donations and Gift Aid tax status.
We may also hold other information about you, which is known as ‘special category’ data and requires a higher level of protection – for example, information relating to your mental or physical health. Where we collect this type of information about you, we will give you separate information about our collection and use of this information.
We collect your personal information when you contact us online, by phone, text, email, or post. We also collect data through our digital surveys and tools including the Cognitive Function Test and our Children’s Health Questionnaire.
It is important that the personal information we hold about you is accurate and up-to-date. Please let us know if your personal information changes.
What we may use your personal information for
The Charity may use your personal information for the following purposes:
- to provide email newsletters and updates on our charitable activities and services;
- to contact you e.g. in the event of sending you a password reset or responding to a direct enquiry;
- to administer and collect donation payments including one –off donations, regular payments and standing orders;
- to apply for and collect Gift Aid payments from HMRC;
- in relation to our online tools and digital educational services including the online Cognitive Function Test and Children’s Health Questionnaire where we use your data to provide nutrition and lifestyle advice, send reminders relating to the service and use anonymised data to undertake research into nutrition and lifestyle and cognitive function;
- to notify you about our services and changes to our services;
- for internal record keeping;
- complying with any present or future law, rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes;
- complying with demands or requests made by local and foreign regulators, governments and law enforcement authorities, and complying with any subpoena or court process, or in connection with any litigation;
- to protect our service against misuse, such as the use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits from different countries;
- to analyse and improve the activities, services and information offered through the charity’s websites;
- to create statistics about the use of our services.
We use your personal information in the ways described above for one or more of the following reasons:
(a) we need to comply with a legal obligation to which we are subject; and/or
(b) it is necessary in our legitimate interests (or those of a third party) to do so, and your interests and fundamental rights do not override those interests. For example, our legitimate interests may include:
- providing any clarification or assistance in response to your communications;
- improving our service to you as a beneficiary or donor;
- complying with our record-keeping duties;
- ensuring that we manage payments at the correct time;
- complying with all laws, guidance and codes that apply to the charity, as well as with data requests from regulators, governments, courts and law enforcement authorities;
- minimising disruption to the charity if there is ever a change to our business; and
- monitoring the way in which our websites are used, to help us improve your experience on these. .
We will only use your personal information for the purposes for which we collected it, unless we reasonably need to use it for a different reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis, which allows us to do so.
Keeping your personal information safe
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Further information is available by contacting email@example.com. We also have procedures in place to deal with any suspected data security breach, should one arise.
Transfers of your personal information
We may transfer, store, or process your personal information at a destination outside the European Economic Area (EEA). Where the countries to which your personal information is transferred may not offer an equivalent level of protection for personal information to the laws of the UK, we will take reasonable steps to ensure that your personal information is treated securely and in accordance with this notice. This may include entering into data transfer agreements based on the model clauses approved by the European Commission, to ensure that third parties to whom we transfer personal information in those countries commit to ensuring an adequate level of protection for your personal information.
Sharing your personal information
We may share or disclose your personal information to any of the following recipients:
- Our service providers and partners such as IT contractors, research organisations and payment portals. These providers are also data controllers in relation to your personal information and have to comply with their own legal obligations, industry codes and standards when processing your data.
- other third parties as required by law – for example, local or foreign regulators, governments and law enforcement authorities; local and foreign courts, tribunals and arbitrators or other judicial committees;
If we share your personal information in this way, we require the transferee to implement appropriate security measures to protect your personal information and to treat it in accordance with the law. Except where the transferee is a data controller in its own right, we only permit the transferee to process your personal information in accordance with our instructions.
How long do we retain your personal information?
We will hold your personal information on our systems for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements The period may depend on the type of data and the purpose for which it is held. Further information about retention periods in relation to specific types of personal information can be obtained by contacting firstname.lastname@example.org.
- Your rights regarding the personal information you provide to us
You have the right, in accordance with the law:
- to withdraw your consent to the processing of your personal information, to the extent it is processed on the basis of your consent (as set out above);
- to request a copy of the personal information we hold about you, and to request information regarding the processing of your personal information (this is known as a ‘data subject access request’);
- to request the correction, completion and/or deletion of your personal information, or to request the restriction of processing of your personal information;
- to complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation as a result of unlawful processing of your personal information.
If you would like to exercise any of the rights described above, please let us know by emailing us at email@example.com.
What if you do not provide us with your personal information?
We may not be able to perform actions necessary to achieve the purposes set out above and you may not be able to make use of the services offered by us if you do not provide us with personal information that we may need to comply with our obligations, as set out in section 3 above.
Technical information that we may collect about you
When you visit our website, we may collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), your login information, browser type and version, browser plug-in types and versions, operating systems and platforms. We may also collect information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
You can find more information about the types of technical information that we collect about you, in our separate Cookies Policy at /cookies-policy.aspx.
If you don’t want Google Analytics to keep track of your website visit, you can simply download a tool here which will block Google Analytics.
Changes to our data protection arrangements
From time to time, we may update this privacy notice and the data protection arrangements described above. The most recent version can be found here at www.foodforthebrain.org, with the most recent revision date displayed at the top.
How to contact us
If you have any questions, comments or requests about this privacy notice, please contact our Data Controller by email at firstname.lastname@example.org or on 02083329600