Centre for ADHD & Autism Support (CAAS) understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone accessing CAAS Services. Any personal data we collect will only be used as permitted by law.
- Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
|“personal data”||means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to CAAS. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and|
|“we/us/our”||means CAAS (Charity No: 1080795). Being registered with the Charities Commission the Trust is governed in accordance with charitable law and applies the Charity Code of Governance in order to develop the highest standards of governance.
- Information About Us
CAAS - supports, educates and empowers individuals with ADHD and/or on the autism spectrum, their families, and the community. Through raising awareness, we change perceptions and break down barriers.
Led and run by trained people who have first-hand experience of family members with one or both conditions, CAAS understands the issues facing service users.
Our support services encompass education, benefits, parenting and care advice with signposting to other agencies if appropriate. We also offer specialised parenting courses, workshops and training.
Our registered address is Television House 269 Field End Road, Eastcote, HA4 9XA.
Our Data Protection Officer is Kay D’Cruz, Financial Controller.
- What Does This Policy Cover?
- Your Rights
As a data subject, you have the following rights under the GDPR, which this Policy and CAAS use of personal data have been designed to uphold:
- The right to be informed about CAAS collection and use of personal data;
- The right of access to the personal data we hold about you (see section 8);
- The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact CAAS using the details in section 3);
- The right to be forgotten – i.e. the right to ask CAAS to delete any personal data we hold about you;
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
- The right to object to CAAS using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
If you have any cause for complaint about CAAS use of your personal data, please contact us on firstname.lastname@example.org.
For further information about your rights, please contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (https://ico.org.uk), or alternatively contact your local Citizens Advice Bureau.
- How do we collect information about you?
- CAAS may collect information from you directly when you interact with us, i.e. when you access our services.
- We may also receive information from you from our partner organisations who refer you into our services.
- When you interact with third partiessuch as when you make a donation through a third-party website e.g. Just Giving and give your permission for your information to be shared with us. Similarly, if you engage with us on social media and messaging services like Facebook, WhatsApp or Twitter you might give us permission to access information from those accounts. The data we are given access to by social media services will vary but will always be in line with the Terms of that particular service.
- Depending on how you interact with us, the information that we collect may include your name, postal address, email address, telephone or mobile number, your contact preferences, taxpayer status (to understand if we can claim Gift Aid), the date or year of your birth, and gender (where this is appropriate, such as when you register for a running event).
- When you visit our website we may gather information, such as which pages you visit or how long you spend reading a particular page. This data helps us to improve your online experience, for example by adding new features or removing elements that make the website difficult to use.
- How Do We Use Your Data?
When CAAS collects personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with CAAS obligations and safeguard your rights under the GDPR at all times. For more details on security see our Data Protection Policy.
We may gather and use information about you in one of the following ways:
7.1 If you choose to register for our services we may ask for information such as your name, date of birth, gender, ethnicity, email address and contact details (personal information). We will also ask for details of your children. We will use this information to:
- Offer appropriate services to you.
- Feedback to our funder (data will be anonymised).
- Feedback to referring organisations or organisations who are also involved in your care (with your express consent)
7.2 If you choose to give us personal information via the internet (for example, in the course of purchasing tickets or merchandising from us), it will be used for the provision of services or anonymised feedback to funders. We will not use this information for marketing purposes.
7.3 Where you have consented to us sending you information by joining CAAS as a member we may also use your data for marketing purposes. This may be information that we think may be of interest to you or information about other organisations’ goods and services that we think may be of interest to you. We do not pass your email address to other organisations for marketing purposes.
7.4 To process your donations or other payments and verify financial transactions
7.6 If you apply for a job we will use your information for the purposes of recruitment and selection, corresponding with you and equal opportunities monitoring and may hold your information for up to one year in case other suitable opportunities arise.
7.7 We may disclose personal data in order to comply with a legal or regulatory obligation.
7.8 We do not store credit card details, nor do we share client details with any third parties without explicit consent.
7.9 We will not sell or lease your personal information to third parties.
Data protection law recognises that certain types of personal information are more sensitive. This is known as 'sensitive' or 'special category' personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person's sex life or sexual orientation.
Sensitive information will only be collected where necessary, for example, we may need to collect ethnicity information to monitor back to funders, or health information from you when you register for a challenge event. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.
You have the right to withdraw your consent to CAAS using your personal data at any time, and to request that CAAS delete it. Doing so will restrict your ability to use CAAS Services. Please see Our Data Protection Policy for further details on Data Subject Access, Rectification of Personal Data, and Erasure of Personal Data.
- How and Where Do CAAS Store Your Data?
We make sure that appropriate physical, technical and human controls are in place to ensure we take good care of your information.
However, the transmission of information over the internet is never completely secure and as a result, while we strive to protect your personal information, CAAS cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your data, we make every effort to try to ensure its security both on our systems and while in transit between our systems and our partners who work on our behalf.
We only keep your personal data for as long as CAAS need to in order to use it as described above in section 7, and/or for as long as CAAS have your permission to keep it.
Paper copies of data are stored in locked cupboards. Digital data is kept on secure Dropbox servers. We use Mailchimp for Email Marketing. Dropbox and Mailchimpcomply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. You can learn more about Privacy Shield at www.privacyshield.gov.
Steps we take to secure and protect your data include:
8.1 Ensure visitors are received and supervised at all times in areas where personal data is stored.
8.2 Ensure computer systems containing personal data are password protected and laptops/mobile devices have appropriate encryption.
8.3 Ensure that staff know that passwords must be treated as private to the individual and must not be disclosed to others.
8.4 Ensure that only those who need to use the data have access.
8.5 Instruct staff to not leave their workstation/PC signed on when they are not using it.
8.6 Instruct staff to lock away any hard copies of personal data, or remote storage devices containing personal data, when not in use.
8.7 Instruct staff to exercise caution in what is sent via email and to whom it is sent.
8.8 Provide the means to securely dispose of information (electronic and on paper).
8.9 Ensure that paper files are stored in secure locations and only accessed by those who need to use them.
8.10 Instruct staff not to disclose personal data to anyone other than the data subject unless they have the data subject’s consent, or it is a registered disclosure, required by law, or permitted by a General Data Protection Regulation (EU) 2016/679 exemption.
8.11 Instruct staff not to leave confidential information on public display in any form.
8.12 Provide all staff with a copy of CAAS Data Protection Policy and Confidentiality Policy, to provide training on data protection, and to ensure that all staff are aware of their obligations under the GDPR.
- Disclosure for law enforcement purposes
CAAS reserves the right to access and disclose personal information to comply with applicable laws and lawful government requests to operate its systems properly or to protect itself or others. We may attempt to obtain the prior consent of the individual before disclosing the personal information, but we have no obligation to do so.
- Children and young people
CAAS provide services to Children and Young People. If you're aged 16 or under, you must get your parent/guardian’s permission before you provide any personal information to us. Consent will be sought from parents/guardians, as well as the young person, before accessing services
Any information we actively collect personal information from anyone under the age of 18 We will do so in compliance with the General Data Protection Regulation (EU) 2016/679.
- Vulnerable Circumstances
We understand that additional care may be needed when we collect and process the personal information of vulnerable members, supporters and volunteers. In recognition of this, we observe good practice guideline in our interactions with vulnerable people. All staff and volunteers are required to attend Safeguarding Children and the Protection of Vulnerable Adults Training.
- How Can You Access Your Data?
12.1 You have the right to ask for a copy of any of your personal data held by CAAS (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact CAAS on email@example.com. Alternatively, please refer to Our Data Protection Policy.
12.2 You have the right to see a copy of the data that CAAS hold about you in a form that is acceptable to you. We will provide a copy of the data in one of the following electronic formats: Pdf, docx, xlsx, xlsm.
12.3. When making an SAR, you are required to provide two forms of identification. Acceptable forms of identification include; Passport, Driving Licence, Birth Certificate, Bank Statement and Utility Bill (from last 3 months).
- Contacting Us