The Hyperactive Children’s Support Group (HACSG) is committed to ensuring that your personal data is processed fairly and lawfully, is accurate, is kept securely and is retained for no longer than is necessary. This “Privacy Notice” sets out what data we collect, how we process it and who we may share it with and why. It also explains your rights with respect to the Personal Data that we may collect from you; that is data that identifies you as an individual or from which you may be identified.
Why do we need this Privacy Notice?
On the 25th May 2018 the General Data Protection Regulation (GDPR) became applicable and the current Data Protection Act (DPA) updated by a new Act giving effect to its provisions.
GDPR requires us to ensure that personal data will be:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
This Policy sets out the manner in which HACSG as a Charity will collect, process and store the personal data of families, children and other clients and how we ensure that it is processed fairly and lawfully.
Who are We and what do we do?
The Hyperactive Children’s Support Group (HACSG) was founded in 1977 and is a registered charity, the main aim of the HACSG is to provide help, information and ideas for a Nutritional, Dietary approach for Hyperactivity / ADHD. HACSG provides a number of online resources via its website www.hacsg.org.uk, downloadable information, printed publications, information packs and nutritional testing services.
The charity is based in Chichester and can be contacted in writing at: The Hyperactive Children’s Support Group, 71 Whyke Lane, Chichester, West Sussex, PO19 7PD Or by email to: hacsg@hacsg.org.uk Or by telephone: 01243 539966 (Mon – Fri 1430 -1630)
Who in the Charity is responsible for ensuring that we meet our obligations for data protection?
As a Not-for-Profit Organisation HACSG is not required to register with the “Information Commissioner’s Office” (ICO) – the ICO is the Regulator in the UK for Data Protection. This, however does not absolve the Charity from the responsibility to adhere to the Principles of Data Protection and the Data Protection Lead within the Organisation is Sally Bunday, she can be contacted via the methods outlined above.
HACSG contracts an external ICT Company to provide assistance and support on all aspects of Data Protection.
Why do we need to hold and process your personal data?
Some of the services that we provide require us to interact with you in a variety of ways. These range from the simplest example, where we need your email address if you wish to receive our quarterly newsletter, to more complex interactions such as our “Nutritional Testing” programme where we work with a reputable Laboratory. Other examples include some limited financial information where donations are made or products are purchased to allow us to fulfil the contract. HACSG may also process personal data if at least one of the following applies:
- In order to protect the vital interests of an individual.
- Where a Safeguarding issue exists.
- There is explicit consent.
- For the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
- For reasons of public interest in the area of public health
- For reasons of substantial public interest based on law, which is proportionate in the circumstances and which provides measures to safeguard the fundamental rights and the interests of the data subject.
HACSG may also collect “Anonymised Data” (that is data which cannot be used to identify an Individual or Individuals) for the purposes of research and publication of trends, effectiveness of interventions and techniques that achieve a general improvement in child welfare and achievement.
What sort of personal information could we be collecting about you and processing?
What data do we collect? As an organisation we collect and store some personal details that relates to your interaction with the organisation, this could include your:
- Full name and address.
- Childs name and age and details of a diagnosis or suspected condition.
- Email contact details.
- Telephone contact information.
- Your areas of interest relating to the Organisation.
We may also collect some financial information relating to payment for services, publications etc. Online payments are made through PayPal who pass only very limited information to HACSG. PayPal has its own privacy policy which can be viewed at: Paypal Privacy
Users of the PayPal Service for donations or purchases should note that some information collected may be stored on Servers located outside the European Economic Area. PayPal may collect and store the normal information required for a financial transaction shown below:
- Full name and address.
- Credit or Debit card details.
- Additional information where occasionally required to prevent fraud and to protect users of the service.
Users of the “Nutritional Testing” service supply the following additional information to BioLab Medical Unit:
- Child’s age and gender. DNA samples for testing.
- Family GP information.
- Further personal information required for accurate testing.
Consent & Children
The UK Government has invoked a derogation under the GDPR with respect to the minimum age for consenting to 13. Therefore, the following applies:
- Data processed for Children under the Age of 13 must be consented by a Parent or Guardian.
- Children aged 13 – 16 should also sign any consent forms, this is often best done jointly with a Parent or Guardian but is not necessary.
Do we pass or share your personal information with anyone else?
We will not give your information or personal details to anyone outside HACSG other than those listed below without your consent, unless we are required by the law to do so.
- Management of our database is undertaken by our ICT Support Company (MARCOM Computing). MARCOM Privacy Policy
- MailChimp holds names and email addresses for the purposes of distributing the E-Newsletter. MailChimp Privacy Policy
Users of the “Nutritional Testing” service supply the following additional information to “Biolab Medical Unit”. Results of tests are passed to HACSG to permit advice and strategies to be formulated:
- Child’s age and gender.
- DNA samples for testing.
- Family GP information.
- Further personal information required for accurate testing.
- Those taking part in this program will, with their “Express Consent” receive information from supplement suppliers.
The Organisations above are “Data Processors” on behalf of HACSG and are subject to “Data Processing Agreements” that limit the processing of the data to that required by HACSG.
Your data will never be sold to any Organisation(s) and would only be passed to a Third Party assisting with the aims of HACSG with your express Consent.
How long will we retain your data?
Some data such as records of financial transactions will be kept for seven years for audit and tax purposes. At HACSG our principle is not to retain any data or personal information for longer than is necessary in relation to the purposes for which it was collected. We will always be driven by best practice to ensure that Information will be held in accordance with the latest guidelines and for a period not exceeding current recommendations.
What are my rights regarding the data you hold about me?
Under GDPR (the new regulation) you have significantly enhanced rights which include:
- Being informed of data processing (which is covered by this Privacy Notice).
- Accessing information (also known as a Subject Access Request (SAR)) that we hold on you. In some circumstances there can be a charge for this.
- Having inaccuracies corrected promptly.
- Having information that we hold about you erased except where there is a statutory or legal requirement for us to collect process or hold it. (Right to be forgotten).
- Restricting processing of your data except where there is a contractual, statutory or legal requirement to process it.
- Data portability where relevant.
- Intervention in respect of automated decision making (automated decision making is not operated within HACSG).
- Withdrawing consent (see below).
- Complaining to the Information Commissioner’s Office (ICO) (See below).
Can I stop you holding and processing my data?
Withdrawal of Consent The lawful basis upon which HACSG processes personal data is as follows:
- Services supplied by or purchases made from HACSG – to fulfil our Contract to you under the consent that you have provided.
- Where we process data solely on the basis that you have consented to the processing, you will have the right to withdraw that consent.
To exercise any of these rights you must in the first instance contact the Data Controller (DC) in writing or by email to: hacsg@hacsg.co.ukI. If you are unhappy with the way your request has been handled, you may wish to ask for a review of the DC’s decision by challenging it in writing within 28 days.
Complaints to the ICO If you are not content with the outcome of the internal review, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted our internal review procedure. The Information Commissioner can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF