Your Data

Our Privacy Notice – how SIA keeps your data safe
Spinal Injuries Association (SIA) understands that your privacy is important to you and that you care about how your personal data is used, stored and shared. We respect and value the privacy of everyone who joins SIA as a member, supports and participates in our fundraising, donates to SIA, visits our website or uses any of our services.

We are a “data controller” for the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (GDPR).  This means that we are responsible for, and control the processing of, your personal information.

This notice explains how we use information about you and how we protect your privacy.

Your rights
Your rights are set out in Data Protection Law .  Below we explain how we protect these rights, including what we will use your data and personal information for and how we will use it. Our policy on Privacy and Data Protection has been designed to make sure that we are protecting your legal rights.

Personal information we collect directly from you
Personal information includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us.  You may give us this information when joining SIA as a member, making a donation, registering for an event or to use our services, placing an order on our website or any of the other ways to interact with us

We may use this information:

  • To process your request to join SIA and to provide you with membership services
  • To provide you with advice and advocate on your behalf
  • To process donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To process applications for participation in fundraising events, including choosing between applications where events are oversubscribed.
  • To update you on our campaigns, services, fundraising and membership events.
  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
  • To keep a record of your relationship with us.
  • To invite you to participate in surveys or research
  • Where you volunteer with us, to administer the volunteering arrangement.

You don’t have to provide this information, but without it we can’t provide the services you have requested, process your donation or sign you up for a particular event.

Sensitive Personal Information
Data Protection law recognises that certain categories of personal information are more sensitive. Sensitive personal data is information about your health, race, religious beliefs and political opinions.

If you contact us to use any of our services for spinal cord injured people and their families, you may choose to provide details of a sensitive nature so that we can provide assistance.

We only collect ‘sensitive personal data’ about our members and service users when there is a clear reason for doing so.

We will only use this information:

  • For the purposes of dealing with your enquiry, providing the correct advice to you, advocating on your behalf at your request and providing membership services. When we do, we will always tell you the reason why the data is needed and how we will use the data in order to meet your needs.
  • We will not pass on your details to anyone else without your consent except in exceptional circumstances allowed by law.

Data Protection law sets out the legal grounds under which we can use your personal information and sensitive data.  You can find out here how Data Protection Law allows us to use your personal information.

Click here for more details about why we collect your personal information.

We will only use your personal information in a way or for a purpose that you would reasonably expect, and that does not conflict with any previously expressed preferences. If you want to change the way we contact you, you can let us know here.

If we use your personal information for research and analysis, we’ll always keep you anonymous unless you’ve agreed that your personal information can be used for that research.

We don’t sell your personal information to anyone else.

Information that you may give others permission to share with SIA
A family member or friend, or another organisation such as a NHS Spinal Injuries Centre providing you with support, may refer you to SIA. They should ask for your permission before they do this. We will always tell you where the information has come from, and SIA will treat that information in line with this Privacy Policy.

When you provide information to an independent event organiser, such as the London Marathon, or Fundraising websites such as Just Giving, you may have indicated that you wish to support SIA and given permission for them to share your data.

Publicly Available Information
SIA receives support from Charitable Trusts and Foundations, Companies and Philanthropic Giving. There are many people involved in supporting charities this way and SIA needs to decide who are the most appropriate to approach for support. This involves consulting publicly available information such as directories of companies and trusts, the Charity Commission, business profiles such as LinkedIn and information published in articles and newspapers in order to identify those with a connection to our work. Once SIA has made contact with individuals, their personal information will be treated in line with this Privacy Policy.

Who do we share your information with?
We use other organisations to help deliver some of our services and activities. Where we do this, there is always an agreement in in place to make sure that the organisation complies with data protection law.

You can be assured that whoever we share your information with, we will have received confirmation that they are protecting your rights under GDPR in the same way as SIA.

In very rare instances the law requires organisations to share information because there’s a good reason that’s more important than protecting your privacy. This would be:

  • in order to find and stop crime and fraud; or
  • if there are serious risks to the public, our staff or to other professionals;
  • to protect a child; or
  • to protect adults who are thought to be at risk.

For all of these reasons the risk must be serious before we can override your right to privacy. You will find more information about this in our Safeguarding policies.

How do we protect your information?
We’ll hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include: controlling access to systems and networks so that only authorized SIA staff can access your personal information; regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches); and training our staff in how to handle information and how and when to report when something goes wrong.

Where in the world is your information?
All of the information we currently hold is stored on systems in the UK.

How long do we keep your personal information?
If you’re a member of SIA we will hold your data for the length of your Membership, (or as long as is required by audit regulations or other legislation). If you’re not a member, we will retain your data for as long as it takes to deliver the service, assistance or information you have requested.

Where can I get advice?
SIA’s Data Protection Lead makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact our Data Protection Lead by telephone on 01908 604191, or by e-mail at [email protected].

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.