Think Ahead Community Stroke Group respects your privacy. We are committed to protecting your personal information and to being transparent about the information we hold about you. This privacy notice explains how we keep your personal information safe, tells you about your privacy rights and how the law protects you.

Purpose of this privacy notice

This notice explains what personal information we collect about you, how we use it and how long we will keep it for. You might give us your personal information when you request a service, sign up to an event, fundraise for us, or even simply by using our website. 

When we collect your personal information, there is always a reason behind it. In addition, we will only ask you for sensitive personal data (also known as special category personal data), for example, health information, when there is a clear reason for doing so and we will tell you what that reason is. 

It is important that you read this privacy notice so that you fully understand how and why we are using your personal information. On specific occasions, we may provide you with additional privacy notices or fair processing notices. We will make it clear when you need to be aware of this, as this privacy notice supplements the other notices and is not intended to override them.

Controller

Think Ahead Community Stroke Group, a company limited by guarantee, registered in England and Wales (No. 6654712) and registered as a charity in England and Wales (No 1128934), is the controller and responsible for the use of your personal information for the purposes set out in this notice.

The information we collect about you

Personal information’ means any information about an individual from which they can be identified. The personal information we collect allows us to provide services to people affected by stroke. It also helps us to better understand our supporters and improve how we engage, communicate and fundraise, for the benefit of all those affected by stroke.

We strongly believe your personal information needs to be safeguarded and protected. As long as you share it with us, we are its guardian. We take steps to collect only what is necessary and we do this for different purposes, but all with one goal in mind: to improve the lives of stroke survivors and their families. Here is a list of the type of personal information we currently use:

  • Identity Information you give to us – this will include your full name and title, date of birth, gender and email address (if relevant).
  • Contact and Financial Details including a billing address, telephone number and your bank account and payment card details.
  • Transaction History of your interactions with us. This will include any donations, Gift Aid, events you have participated in, the services you requested, your interests, preferences, feedback and survey responses and how you use our website and services.   
  • Health Information necessary for providing support services for individuals affected by stroke or to enable you to participate in events which will help you to reduce your risk of a stroke or involve risks to your health.
  • Technical Information which allows us to confirm what browser you are using, the internet protocol (IP) address and computer operating systems that are being used, your login data and other technology on the devices you use to access our website. 
  • Marketing and Communications Preferences for receiving information from us about our support services, research, campaigning, volunteering and fundraising activities (including ways to donate) and how you would like us to communicate with you.

We also collect, use and share statistical or demographic information, which is known as ‘Aggregated Data’. This information does not directly or indirectly reveal your identity and therefore by law, it is not offered the same protection as your personal information. For example, we may aggregate information about how our website is used to calculate how many people are accessing a specific website page, so we can see where improvements need to be made. However, if we use any ‘Aggregated Data’ in combination with your personal information, it can directly or indirectly identify you. To make sure this is safe, we will treat this combined information the same way we treat your personal information and will only use it in accordance with this privacy notice.

Data protection law recognises that certain categories of personal information are more sensitive, such as details about health, race, religious beliefs and political opinions. These are known as Special Categories of Personal Data.  We do not usually collect such information about our supporters unless there is a clear reason for doing so (for example, participating in a marathon, where it is necessary to ask about conditions affecting your health to provide appropriate facilities and support).

We collect Health Information if you are a stroke survivor or carer receiving a support service, if you tell us about your stroke experiences (for example by calling our helpline or volunteering with us). However, we will always make it clear to you when we collect this information, what information we are collecting and why.

If you don’t want to share your personal information with us

If you don’t want to share your personal information with us, you don’t have to.  We will only keep any personal information we are required to keep in accordance with legal requirements or tax and accounting rules, but we will otherwise respect your decision. However, please be aware that if you do not share your personal information with us we may have to stop providing you with our support or other services, and you may not be able to engage with us or participate in our activities (such as campaigning, volunteering and fundraising activities (including donating). We will let you know if this is the case. ​

Keeping your information accurate

It is important to us that the personal information we hold about you is accurate and up-to-date. Please tell us if there are any changes to your personal information during your relationship with us. You can do this easily.

How is your personal information collected?

We collect personal information from and about you through:

  • Direct interactions. You may give us certain information (eg your Identity Information, Contact and Financial Details and Health Information) by filling in forms (in person or via our website) or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
    • request a service (including our support services)
    • purchase our products
    • sign up for an event
    • make a donation to or campaign with us
    • create an account on our website
    • subscribe to our services or publications
    • request marketing information to be sent to you
    • engage with us on social media or message boards
    • enter a competition, promotion or survey
    • give us feedback on our work
  • Third parties or publicly available sources. We may receive personal information about you from various third parties and public sources as set out below:
    • Identity Information and Contact Details from individuals who might provide your information to us.
    • Identity Information, and Contact and Financial Details from third party organisations with whom we fundraise in partnership.
    • Identity Information, Contact and Financial Details, and Health Information from third party organisations to whom you gave permission to share your details with us, including the NHS or charities. For example, when you are referred to us by the NHS to receive our support services, when you buy a product or service, register for an online competition or sign up with a comparison website.
    • Technical Information from analytics providers such as Google based outside the European Economic Area (EEA); advertising networks such as Facebook based outside the EEA; and search information providers such as Google based outside the EEA.
    • Contact, Financial and Transaction History from providers of technical, payment and delivery services.
    • Identity Information and Contact and Financial Details from data brokers or aggregators such as Royal Mail based in the EEA and from publicly available sources such as Companies House and the Electoral Register based in the EEA, as well as from general sources such as newspaper articles and social media posts.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect information about your equipment, browsing actions and patterns. We collect this by using cookies, server logs and other similar technologies. We may also receive information about you if you visit other websites employing our cookies.

Why we use your personal information – the purposes

We will use your personal information only for specific purposes and where we have taken steps to ensure we respect your privacy. We will never sell your personal information to other organisations. 

Here are the main reasons why we use your personal information:

When we provide a service to you

If you engage with our services, helpline or need us to support you in any way, we use your personal information to:

  • provide you with care, information and support through our stroke support services, prevention services and events, helpline (which is provided by phone, post, email and social media channels) and voluntary groups
  • contact or provide your nominated carer, emergency contact, relative or next of kin with relevant information and support
  • comply with our legal obligations such as our safeguarding duty where we have a concern about your welfare
  • provide you with information about stroke services and new research developments. We only give you the information you have asked for, and we only contact you with this information by email, text message or telephone if you have given us your consent. However, if you have provided us with your postal address, we may send you the information by post, unless you have told us that you would prefer us not to.  We do this on the basis of our legitimate interests. You can update your communication preferences at any time or tell us to stop giving you the information.
  • provide you with information about how you can get involved through volunteering, campaigning, donating or fundraising for us.  We only give you the information you have asked for and we only contact you with this information by email, text message or telephone if you have given us your consent.  We will not contact you with this information by post.  You can update your communication preferences at any time or tell us to stop giving you the information.

We will not use your personal information to send you information about our services or fundraising activities if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you for these purposes.

We will also use your personal information to comply with our legal obligations, for example, our obligations relating to health and safety and safeguarding.

When you provide a service to us

If you are a donor or supporter, we use your personal information to:

  • give you the services, products or information you asked for
  • support your fundraising
  • receive and process your donations (including gift aid donations, legacy gifts, in-kind and regular donations for which you may have set up a direct debit)
  • manage the relationship with us when you support us as a volunteer
  • manage our relationship with philanthropy givers and trust organisations
  • manage events, competitions or surveys you take part in and provide you with relevant updates
  • pay for a will where you have used our free will scheme service
  • manage your legacy gift to us
  • provide you with information about stroke services and new research developments and/or information about how you can get involved through volunteering, campaigning, donating or fundraising for us. We only give you the information you have asked for and we only contact you with this information by email, text message or telephone if you have given us your consent. However, if you have provided us with your postal address, we may send you the information unless you have told us that you would prefer us not to. We do this on the basis of our legitimate interests. You can update your communication preferences at any time or tell us to stop giving you the information

We will not use your personal information to send you information about our services or fundraising activities if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a list to help ensure that we do not continue to contact you for these purposes.

Analysis of your Personal Information

We may also carry out analysis of the personal information we collect about you and add publicly available information to create a profile of your interests and preferences. This is so we can contact you in the most appropriate way and with the most relevant information, which enables us to raise funds sooner and more cost-effectively.

We do this on the basis of our legitimate interests

Profiling

If we consider you may be interested to donate to our work, we may analyse your personal information to create a record of your interests and preferences, to allow us to ensure that communications (e.g. by post, telephone, email, text or social media) are appropriate and relevant, and to generally provide you with an improved user experience.

Fundraising is an important element of our charitable work so we may undertake research or analysis to assess your ability to support us financially.  This may include an assessment of your income and/ or wealth and our assessment of your willingness to make donations to particular projects or us more generally.  We may use analysis to help us identify your likely support for particular projects.  All of these activities are undertaken to ensure that we are working in a cost-effective manner and allow us to raise more funds in support of our mission.  

If you would prefer us not to use your personal information for profiling please let us know.

Under 18s

There are occasions when we collect and use the personal information of young people (those who are under 18 years of age) that engage with us.  We will collect a young person’s information if a young person: 
  • has a stroke and needs support with their recovery, and is referred to one of our services. In this situation, we will collect that person’s information (including their health information) in order to be able to provide them with support, information about stroke and their recovery after stroke;
  • attends one of our events, we will collect their contact details (so that we can send them our event pack) as well as information relating to any medical conditions (so we can judge whether they need additional help from us during the event and so that we can keep them safe during the event). We will ask for personal information as well as medical conditions in case they need additional help from us during the event;
  • wants to volunteer for us, we will ask for their contact details in order to make all necessary arrangements for them to volunteer. This includes arranging for them to go on training or managing their activities as a volunteer. We will also ask for sensitive information about them like any medical conditions in order to make sure we provide them with appropriate support whilst volunteering; and
  • participates in sponsorship (either in a group or in school) and contacts us to tell us about it, we use their contact details to write back to them to thank them for their support.

We take extra care to manage the information of young people.  For example, when we collect information about a young person, we will make it very clear at the time why we are collecting this personal information and how it will be used.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

The legal bases which allow us to use your personal information

The legal basis that we rely on for using your personal information will depend upon the circumstances in which we collect and use it, but will in most cases be because:

  • you have provided your consent to allow us to use your personal information in a certain way
  • it’s necessary to carry out for the performance of a contract with you
  • it’s necessary in order for us to comply with a legal obligation
  • it’s in our legitimate interests to do so. This means the interest of our organisation in conducting and managing our affairs to enable us to give you the best support and services and the best and most secure experiences. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Recipients of your personal information

Rest assured, we take steps to keep your personal information safe, and we never share, sell or swap your personal information with any third parties for the purposes of their own marketing or to monetise your personal information.

Sharing your information with third parties we work with

However, we sometimes share your personal information with third parties we work with.  When we share your personal information with organisations that act for us as service providers, we take the following steps to keep your personal information safe and protect your privacy:
  • we provide them with only the personal information they need to perform their specific services;
  • we require them to only use your personal information for the exact purposes we specify;
  • we require them to keep your personal information secure; and
  • if we stop using their services, we require them to delete or anonymise.

Examples of the kinds of service providers we work with are those who provide us with advertising, marketing, research or IT administration services.

Sharing your information with third parties for their own purposes

We may also need to share your personal information with third parties for their own purposes.  We will only do this in specific circumstances.  For example, we may need to share your information with: 
  • health providers across the UK like the NHS or other charities, to whom we might refer you for additional support as part of delivering a service to you
  • HM Revenue & Customs, regulators and other authorities in the United Kingdom who require reporting of processing activities in certain circumstances
  • our professional advisors including our lawyers, bankers, auditors and insurers; and
  • third parties to whom we may choose to transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to take over other organisations or merge with them. If a change happens to our organisation, then the new entity must use your personal information in the same way as set out in this privacy notice.

Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to those employees, volunteers, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to confidentiality obligations. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so

How long will you use my personal information for?

We will only use your personal information for as long as is necessary to fulfil the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from its unauthorised use or disclosure; the purposes for which we process it and whether we can achieve those purposes through other means; and the applicable legal requirements.

In some circumstances you can ask us to delete your personal information: see ‘request erasure’ below for further information.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this anonymous information indefinitely without further notice to you. 

International Data Transfers

Sometimes we will need to share your personal information with third parties such as our service providers, who are based outside of the UK or EEA.  The EEA is the European Economic Area and includes all EU member states as well as Norway, Liechtenstein and Iceland.

For example, we use a third party to host our campaigns, which stores the information we ask it to host on our behalf on its servers in Canada.

The European Commission considers that some non-EEA countries do not have adequate levels of protection in place to safeguard personal information.

Therefore, if we do share your personal information with any third party outside of the EEA in this way, we take steps to ensure that your personal information receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal information. You have the right to:
  • request access to your personal information and receive a copy as well as check we are processing it lawfully.
  • request correction of any incomplete or inaccurate information we hold about you. However, we may need to verify the accuracy of the new data you provide to us. 
  • request erasure of your personal information where there is no longer a good reason for us to hold it. This may also apply where you have successfully exercised your right to ‘object to processing’ (see below); where we may have processed your information unlawfully; or where we are required to erase your personal data to comply with local law. Please note however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). This applies where there is something about your particular situation which makes you want to object to as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes or where we process your personal information for research purposes. In some cases, we will be able to demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.
  • request a restriction on processing of your personal information. This applies in the following scenarios: (a) if you want us to establish the accuracy of your personal information; (b) where our use of it is unlawful but you do not want us to erase it; (c) where you need us to hold the personal information, even if we no longer require it, to enable you to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to do so. 
  • request us to port your personal information to you or to a third party. We will provide to you, or your chosen third party, your personal information in a structured, commonly used, machine-readable format. Please note this right only applies to automated information for which you initially provided consent for us to use or where we used the information to perform a contract with you. 
  • withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of processing carried out prior to this withdrawal. If you do withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights
 
If you wish to exercise any of the rights set out above, please contact us.
 
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please do contact us in the first instance.
 
No fee usually required
 
There is no fee to access your personal information (or to exercise any of your other legal rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
 
What we may need from you
 
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to safeguard your personal information. We may also contact you to ask for further information in relation to your request to speed up our response.
 
Time limit to respond
 
We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.   

Website Third-Party Links

When using our website, there may be links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share information about you. We do not control these third-party websites, plug-ins or applications, and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Changes to this Privacy Notice

This Privacy Notice was last updated on 19 June 2018 and will be reviewed and updated from time to time.

Where there is a significant change to our Privacy Notice, we will use reasonable endeavours to notify you.​