Boarding School Survivors – Support (“BSS-Support” /“we” / “our” / “us“) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data will be processed, including personal data that we collect from you, or that you provide to us as an individual member or supporter of our organisation or through using our website (www.bss-support.org.uk), booking one of our events, courses, or otherwise interacting with us.
- About us
- What information we collect and how we use it
- Change of purpose
- Sharing your information
- Storing your information
- Keeping your information secure
- Your rights
- Other websites
- How to contact us
Please read the following carefully to understand how we will treat your personal data.
Boarding School Survivors – Support is a non-profit organisation whose contact address is 40 Lavengro Road, Tulse Hill, London SE27 9EG, website www.BSS-Support.org.uk and is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.
What Information We Collect and How We Will Use It
We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with us and how you use our services. We will only use your personal data where we have a valid lawful basis to do so.
The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.
|What information may we collect about you?||How will we collect information about you?||Why are we processing information about you?||What is our legal basis for processing information about you?|
|Name and contact information (including address, email address and phone number)||We will collect this information from you: i) when you sign up to be a member or supporter of our organisation; ii) when you apply to attend one of our events; iii) when you make a donation to us; iv) when you contact us or otherwise interact with us. If you are an individual in a third party support organisation, we may also collect this information when your name is provided to us by other individuals in the context of offering support.||We process this information in order to: i) perform essential business operations; ii) provide member support, including dealing with enquiries, correspondence and complaints; iii) complete any transactions that you make with us; iv) request payment for events; v) provide and administer events that you have chosen to attend; vi) communicate with you and provide you with any services your request from us; vii) perform valuable research; viii) invite you to events; ix) request donations to our organisations; x) otherwise interact with you in order to fulfil the aims of our organisation. If you are an individual in a third party support organisation, we collect your contact information in order to provide referrals to our beneficiaries who require support.||We process your personal contact information in order to enable us to pursue our legitimate interests to run our organisation and fulfil the purposes set out in the previous column. Where your information is being used for direct marketing purposes (e.g. for the purpose of sending out newsletters or event invites), we will do so on the basis of your explicit and informed consent.|
|Payment information||We will collect this information from you when you: i) make a donation; ii) make a payment for one of our events.||We process this information in order to: i) provide you with services; ii) collect donations from you as a supporter.||We process your payment information in order to enable us to pursue our legitimate interests in running our organisation and fulfilling the purposes set out in the previous column.|
|Feedback, questions and other information your provide us when you contact us||We will collect this information when you interact with us in any way.||We process this information in order to: i) perform essential business operations; ii) deal with your queries and / or complaints; iii) provide support to our members; iv) to provide and improve our services; v) to otherwise communicate with you.||We process information that you provide us with in order to enable us to pursue our legitimate interests in running our organisation and fulfilling the purposes set out in the previous column.|
|Website usage information and account information||We collect this information automatically when you visit our website.||We process this information in order to run our website and protect the security of our website. We also use this information in order to prevent fraud.||We process website usage / account information in order to pursue our legitimate interest in running our organisation, maintaining the security of our computer systems and in order to fulfil the purposes set out in the previous column.|
Special Category Data
We will not routinely collect any special category data from you. The only circumstances in which we might collect and store special category data are where you have provided information to us which is necessary for us to facilitate your access to events or to our services or for onward referral. We will collect this information on the basis of your consent. For example, we might retain information about your mobility, dietary requirements or any needs arising from your religious beliefs. This information will be retained securely and only used for the purpose set out above. You may ask us to remove this information from our records at any time.
More about the information we collect and why
We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you.
If you have any questions or require any further information regarding our use of your personal data please contact us using the information set out in the section How to Contact Us below.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is lawful and compatible with the original purpose.
Sharing Your Information
We may share your personal data with selected third party service providers that support us in certain circumstances. For example, when you make a payment, we will share payment information with banks and other entities that process payment transactions.
We may also share your personal data with other third parties, for example where we are required to provide the names of delegates on a training course or conference to a venue or host. We may also need to share your personal data with a regulator or otherwise to comply with the law.
We require all our third party service providers to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
Which third parties process my personal data?
We may share your personal information with the following third party organisations:
- External auditors
- Our service providers – we may share personal data with the following categories of service provider:
- Infrastructure and IT service providers
- Bulk mail provider (e.g. MailChimp)
- Event venues (provision of access and course content)
- Other support organisation where a referral is requested by you
- Third parties permitted by law
Storing Your Information
The personal data that we collect from you may be transferred to a destination outside the European Economic Area (“EEA”) or United Kingdom. It may also be processed by staff operating outside the EEA who work for one of our service providers. By providing us with your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data receives an adequate level of protection and is treated in a way consistent with EU and UK laws on data protection, including, where relevant, entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA receiving the personal data.
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations or to the extent permitted by applicable laws.
Unless we inform you otherwise (or you request that we erase your personal data) we will retain your personal data for as long as you continue to be an individual member or supporter of BSS-Support or to attend our events. If you cease to be a member for two years then we will delete your information. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Keeping Your Information Secure
We have implemented technical and organisational security measures in an effort to safeguard personal information in our custody and control. All information that you provide to us is stored on secure servers and computers. We do not retain credit and debit card information. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
While we endeavour always to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.
To provide you with increased security, certain personal information stored in your online account is only accessible via your username and password. You are responsible for keeping confidential any passwords that you have to access our services. Please do not share your password(s) with anyone else. We will never ask you for your password in any unsolicited communication. Please notify us immediately of any unauthorised use of your online account credentials or any other suspected breach of security.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights in connection with your personal data
You have various rights in connection with our processing of your personal information, each of which is explained below.
- Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information.
- Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.
- Deletion. You have the right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it. In such case, we would mark stored personal information with the aim of limiting particular processing for particular purposes in accordance with your request, or otherwise restrict its processing.
- Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. If you would like to withdraw consent, including if you would like to opt out of receiving marketing correspondence from us, please contact us at email@example.com or for marketing follow the unsubscribe instructions located in the email (as relevant). Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your online account, relationship, activities, transactions and communications with us. Additionally, if you do request that we stop sharing your personal information with third parties for their direct marketing purposes, it is also prudent you opt out from or contact that third party directly.
- Make a Complaint. You have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.
- If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:
- Telephone: +44 0303 123 1113
- Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
- If you are based or the issue you would like to complain about took place elsewhere in the European Economic Area (EEA), please click here [insert this link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080] for a list of local data protection authorities.
Note that the rights outlined above only extend to personal data.
If you want to exercise any of the above rights, please contact us through our website or by using the information set out in the How to Contact Us and Complaints section below.
You can see, review and change most of your personal data or ask us to stop using your personal data by contacting us through our website www.bss-support.org.uk. This may mean that we can no longer provide you with some or all of our services.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.
- Technical information, including your IP address, your login information, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times and download errors;
In general, cookies are used to retain user preferences and provide anonymised tracking data to third party applications like Google Analytics.
How to Contact Us and Complaints
If you are still not happy, you have the right to make a make a complaint to the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.