Transform MS CIC Privacy Policy

Transform MS CIC is committed to being transparent about the collection, usage and storage of your personal information. This Privacy Notice is designed to comply with your rights under data protection legislation.

It is important that you read this notice so that you are aware of how and why we are using your personal data.

1. Who are we?

Transform MS is a Community Interest Company that delivers activities in the area of Multiple Sclerosis and Health Measurement Science. Our community purpose is to support people with Multiple Sclerosis and their community.  

If you need to contact us should you have any questions or feedback about the way your personal data is handled then please use the details below:

Name: Transform MS CIC

Company Registration Number: 12349146

Address: Room N13, ITTC, Plymouth Science Park, Plymouth, PL6 8BX

Phone Number: 01752 862364

E-mail: info@transformms.org

Date: 30 April 2021

2. Where we collect your personal data

We collect personal data about you in the following ways:

  • When you request or use the services we provide;

  • When you correspond with us in person, online or over the phone;

  • When you visit our website;

  • When you attend an event;

  • When you sign up to receive marketing; and

  • From third parties or publicly available sources.

3. Personal data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Data Categories.jpg

We will only collect personal data that is necessary for the processing activity. Failing to provide the required personal data may negatively affect our ability to carry out core business tasks that may benefit you.

4. How we use your personal data

We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal data which we collect from you, how we use it, and the legal ground on which we rely when we use the personal data.

In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.

Data Use.jpg

5. Who we share your personal data with

In order to provide you with our services and meet our legal obligations, we only share your personal data with third parties in the following circumstances:

  • ·To facilitate marketing, we utilise an email marketing platform.

If requested, we will share your personal data with authorities such as:

  • Professional service providers such as accountants and solicitors;

  • Government agencies such as HM Revenue and Customs;

  • Credit reference and fraud prevention agencies; and

  • Law enforcement agencies.

6. Third party links

Our website, or email communications may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Notice or Policy of every website you visit.

7. Transferring your personal data outside the EEA

The EEA is the European Economic Area, which consists of the EU Member States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside of the EEA, we must tell you.

Limited personal data that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal data will only be transferred on one of the following bases:

  • ·The country that we send the data is approved by the European Commission as providing an adequate level of protection for personal data; or

  • ·The recipient has agreed with us standard contractual clauses (SCC’s) approved by the European Commission, obliging the recipient to safeguard the personal data.

Limited situations on where your personal data may be transferred outside the EEA are as follows:

Partners Data.jpg

To find out more about how your personal data is protected when it is transferred outside of the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Lead using the details found in the beginning of this Policy. Before sharing any information with a third party, we will ensure that there is a data sharing agreement in place requiring that the third party protects personal data in accordance with the GDPR.

8. Personal data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (Including the ICO) of a breach where we are legally required to do so.

9. How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our businesses and the services provided;

  • Any statutory or legal obligations;

  • The purposes for which we originally collected the personal data;

  • The lawful grounds on which we based our processing;

  • The types of personal data we have collected;

  • The amount and categories of your personal data; and

  • Whether the purpose of the processing could reasonably be fulfilled by other means.

After the record has met its designated retention period, we will securely delete or destroy your personal data.

10. Your rights

Under UK data protection legislation, you have certain rights in relation to your personal data that is processed within our organisation. These are the rights that apply to your personal data held within Transform MS CIC:

  • The right to be informed – You have the right to know what information we process about you which is why we have developed this Privacy Policy.

  • The right of access – You have the right to ask for a copy of your personal data.

  • The right to rectification – You have the right to ask for us to correct any information we hold regarding yourself which is inaccurate.

  • The right of erasure – You have the right to have your personal data deleted in the following situations:

    • Where the personal data is no longer required for the purpose(s) for which it was originally collected or processed;

    • Where the processing was based on consent and you have withdrawn your consent;

    • When the personal data was unlawfully processed;

    • When the personal data must be erased in order to comply with a legal obligation.

  • The right to object – You have the right to object to the processing of your personal data in the following circumstances:

    • The purpose of the processing activity is direct marketing;

    • Where the processing is based on legitimate interests; and

    • Processing for purposes of scientific/historical research and statistics.

  • The right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain situations such as:

    • Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;

    • When processing is unlawful, and you oppose erasure and request restriction instead;

    • Where we no longer need the personal data, but you require the information to establish, exercise or defend a legal claim.

If you would like to exercise any of the rights listed above, please get in contact with us using the contact details found in Section 1 of this Policy.

11. Making a complaint

Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Lead (details can be found in Section 1 of this policy).

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioners Office (ICO). Or using the information found below. We would be grateful for the chance to deal with your concerns directly before you approach the ICO so please contact us in the first instance.

Address:  Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF

Telephone: 0303 123 1113