Arthritis and Musculoskeletal Alliance

DATA PROTECTION NOTICE

Who are we?

The Arthritis and Musculoskeletal Alliance (ARMA) is a registered charity number 1108851. We collect, hold and use personal information to help us provide you with services you have requested, such as our newsletter or membership of our projects.

We are data controllers in respect of the personal information that we hold. Because we use your personal information, we have to provide you with certain information in order to comply with new data protection legislation set out in the General Data Protection Regulation (GDPR).

This notice explains how the ILC-UK processes your personal information. Please read this notice (and any other privacy information that we send to you) so that you are aware of how and why we are using your personal information.

We may change this notice from time to time. Please visit the webpage or contact us in order to receive the most up to date version of this notice.

ABOUT YOUR PERSONAL INFORMATION

What information do we collect and process?

We collect and process your personal information because you are or were an employee, or signed up to one of our services.

We may collect and process the following categories of personal information about you:

  • personal contact details – names, titles, addresses, telephone numbers and email addresses;
  • employee information – dates of birth and gender; National Insurance numbers, payroll numbers, bank account details, tax status, salary and employment information.

How do we collect your personal information?

When you join ARMA as an employee, you provide personal details that we retain as your employer.

When you subscribe to our newsletter, interact with our website, or join one of our projects you give us the information needed to provide you with the relevant service.

This information may be updated. Updated information may come from:

  • you (e.g. if you get in touch to let us know a new address);
  • other third parties (e.g. if HMRC provides us with information so that we can deduct the correct level of tax from your salary).

Why do we process your personal information?

We use this information to:

  • set up your employee record for ARMA;
  • manage your employment with ARMA;
  • send you information that is relevant to the service you have asked to receive;
  • comply with our legal and regulatory duties.

Website metadata

Comments sections

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

If you post in the comments, an anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies and Logging-in

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Website Analytics – IP Address

ARMA also gathers analytical data via our website to track its performance and security. For GDPR purposes, this analytical data relates the IP address.

Why IP address data is collected

IP address data is collected indirectly, via the web browser, as part of the process to validate a website visitor as a real person (rather than a robot), and to protect the website from spam and malefactors.

  • We do not and will not share IP address data.
  • We do not use IP address data other than for distinguishing between groups of subscribers and website visitors.

You have the right to have associated IP address data expunged from our records where it is associated with personal data mentioned earlier, such as names and email addresses.

Although an IP address can indicate the general locality of a website visitor, it cannot be used to locate a person’s physical address to any accuracy. It also usually only has temporary relevance to a region, especially so with dynamic IPs.

What are our legal grounds for processing your personal information?

Your consent

When you subscribe to one of our services or projects you give your consent for us to hold and process your data as required to provide the service. We will never share that data with anyone else without your explicit consent. You can unsubscribe to a newsletter or leave any project or service at any time by letting us know or using the unsubscribe link at the foot of the newsletter.

In order to comply with our legal obligations

It may be necessary for us to process your personal information in order to comply with these legal obligations (e.g. retaining certain information about the ILC-UK’s employees for tax purposes).

In order to fulfil our legitimate interests

Processing your personal information is also lawful if it is based on our ‘legitimate interests’. We have a legitimate interest in promoting the charitable purposes of ARMA and in running, promoting and marketing the ILC-UK.

In order to rely on this legal ground, we have:

  • considered the impact the processing has on your interests and rights; and
  • implemented appropriate safeguards to ensure that your privacy is protected as far as possible.

YOUR RIGHTS

In certain circumstances, you have the following rights in respect of your personal information:

  • the right to object to us processing your personal information;
  • the right to request access to personal information relating to you;
  • the right to request that we correct any mistakes in your personal information;
  • the right to request to restrict or prevent processing of your personal information;
  • the right to request to have your personal information transferred to another data controller (e.g. if you decide to transfer your pension benefits to another pension scheme); and
  • the right to request to have your personal information deleted.

Please contact us if you have any questions about this privacy notice or the information we hold about you.

Please email projects@arma.uk.net or call 020 3856 1978.