Revitalise are a national charity and leading UK provider of breaks and holidays for disabled people and carers. Our Head Office address is: 240 City Road, London, EC1V 2PR. You can contact us vis 0303 303 0145, or if you have any concerns or question regarding the processing of your data you can email us on: firstname.lastname@example.org.
Revitalise are committed to respecting your privacy. This policy explains how Revitalise may use personal information we collect about you. This policy explains how Revitalise comply with the law on data protection and what your rights are. For the purposes of data protection, Revitalise will be the data controller of any of your personal information.
This policy applies to all visitors of Revitalise’s premises and website (and sub-sites) including service users and our supporters, job applicants and anybody who has signed up to hear from us. This policy does not form part of any contract.
Information we collect from you
The information we collect from you is for the use of Revitalise only, unless stated otherwise, and may include:
- Any personal details you knowingly provide us with when using or registering with the site such as email address, name, address, telephone number etc. This may include health data if you provide this when registering for or enquiring about a service.
- Your preferences and use of email updates, recorded by emails we send you (if you receive email updates).
- Your Internet Protocol (IP) Address. This is a string of numbers assigned to your computer that is recorded by our web server when you request any page or component on the website. This information is gathered in order to monitor general usage of the website and help us improve the site but we do not monitor individual website usage.
- Health Data provided when you register for our services, are referred by the NHS, and when you use our services.
- Payment information and any personal details provided when you make a donation or provide a payment to us for any other reason.
Revitalise will also process data about you and in some circumstances other persons involved in your care where you use our services. This information is collected directly from yourself / via your NHS provider where a referral is made. This includes:
- Any personal details including your name, contact details, date birth
- Details of third parties, including your emergency contact details
- Details of your health condition and special requirements / dietary requirements / health requirements etc
- A record of your visit(s) / use(s) of our service(s)
Special Categories of Personal Information
Where Revitalise collect, store, and use “special categories” of personal information which involves information which is more sensitive, we will only collect this information where you provide it to us directly, or where it is provided to us via a referral, i.e. from the NHS. Where we process data about any health conditions, allergies and disabilities we will only process this information where we have a lawful basis to do so.
Where We Collect Your Data
We may collect personal data about you when you interact with us, including; when you visit our website, when you make a donation or attend a fundraising event, when you visit our shops, when you make an enquiry, if you attend an event, or during your time as a service user with us.
If, for any reason, you are providing us with details of others, e.g. family members and emergency contacts they have a right to know and to be aware of what personal information we hold about them, how we collect it, how we use it and how we may share that information. Please share this policy with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
Uses Made of Your Personal Data
Any personal information we process about you, including whether that is collected via this website or in the course of us providing our service(s) to you or during the course of you being a supporter of our charity will be used in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and other applicable laws. The details you provide will be used:
- To process your request for information (e.g. booking or brochure requests, volunteering enquiries).
- To send you email updates where requested.
- We may use your email address to send you our latest offers, news and pictures. In such a case you will be offered the option to opt in and you may unsubscribe or alter your preferences at any time.
- We may use your postal address to send you holiday brochures and make you aware of offers and updates. In such a case you will be offered the option to opt in and you may opt out or alter your preferences at any time.
- We may use your telephone number to contact you occasionally to ask for feedback or to let you know about offers you are eligible for. In such a case you will be offered the option to opt in and you may opt out or alter your preferences at any time.
- To provide our service to you and to ensure that we provide the required care.
- To contact you where your details have been provided by a third party, i.e. where you are an emergency contact for a service user.
- To process your donation or a payment made to us and to thank you for your donation. This includes processing to claim Gift Aid from the HMRC, donations via Wills. We may also use this information for audit purposes.
- For planning fundraising events you may be attending, including processing data about you to ensure dietary requirements or accessibility needs are met.
- To process or respond to your job application.
The information provided by you will be stored on Revitalise’s databases and may be used by us in order to provide our product or service to you, to fulfil any legal obligations, or for the purposes described above.
Lawful Basis for Processing Your Personal Data
The UK General Data Protection Regulation (UK GDPR) requires that we must have a lawful basis for all of our processing activities. Our lawful bases are as follows:
- UK GDPR Article 6(1)(a) The processing activity is carried out with your consent; or
- UK GDPR Article 6(1)(b) The processing activity is necessary for the performance of a contract; or
- 6(1)(c) – Processing is necessary for compliance with a legal obligation
- 6(1)(d) – Processing is necessary to protect the vital interests of a data subject or another person
- UK GDPR Article 6(1)(f) The processing activity is in our legitimate interests of:
- To share information about our work, our services and activities
- To invite you to attend an event
- To ask for your support, process donations, or to thank you for your support
- Other marketing purposes, i.e. to ask you to leave a legacy gift in return for will writing services
- To keep you and your belongings safe while using our service
- To monitor and review our services, report to regulators, referring agencies or others as appropriate
- To carry out necessary activities, i.e. staff performance reviews or disciplinary hearings where your care has been questioned, to deal with complaints,
We only process special category data about you (such as your health information) where we can rely on the following lawful bases:
- UK GDPR Art 9(2)(h) processing is necessary for the provision of health or social care or treatment.
- 9(2)(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent.
The above bases also require a condition from the Data Protection Act 2018 Schedule 1 which is Part 1, paragraph 2 (d-f) related to the provision of health or social care and management of health or social care systems and services.
For some of your personal information you will have a contractual requirement to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to properly perform our contract with you and may not be able to provide you with our services.
Where you have given us your consent to use your personal information, you have the right to withdraw this consent at any time. You can do this by contacting us as described in the “Contacting us” section below.
Please note that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent, and we may still be entitled to hold and process the relevant personal information, to the extent that we are entitled to, on bases other than your consent.
Disclosure of your Personal Data
We will not disclose any of your information to any third parties without your consent except in the following circumstances:
- Where the sharing is necessary for the provision of your care we may be required to share your data with the NHS via the Care and Health Information Exchange. Your data may then be shared with authorised third parties including NHS Trusts Councils and GPs as necessary to support you.
- If required by law, court order or requested by other government or law enforcement authority.
- Occasionally we may need to use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our website, issuing emails and brochures on our behalf and processing donations. In all cases your data is protected and cannot be used independently by the third parties.
- In the case of events you are attending with us, we may need to pass your details to co-organisers or co-sponsors without contacting you first.
- We might agree with other similar organisations to occasionally write to each other’s supporters, for the mutual benefit of both, but this would not involve the sharing of your data.
Third parties will not be allowed to use your personal information for their own purposes and we do not sell information to others.
When we do share your information, for the reasons outlined above, it may be with the following organisations:
- The NHS
- Outsourced marketing support
- Email marketing systems
- Bookings systems
- Local authorities
- IT and CCTV Support
- Website host
- Property Management System
- Booking engine/channel manager
- Applicant tracking system
We do not disclose your personal information to anyone else except as set out above.
Transferring Your Data Internationally
We will only transfer your data of the UK where there are appropriate safeguards and transfer mechanisms in place.
How Long we Keep Your Personal Data
The duration for which we retain your personal data will differ depending on the type of data and the reason why we collected it from you. Generally we will retain service users data for 7 years following your last use of our service and supporter data for 2 years after your last interaction with us. We may process data for longer where necessary to comply with a legal obligation.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address. You may be able to update some of the personal information we hold about you by contacting us using the details in the “Contacting Us” section below.
Your Rights in Relation to Personal Data
You have the following rights concerning your data:
Right of Access
You have the right to obtain confirmation from Revitalise as to whether personal data concerning you are being processed and, where that is the case, access to that data.
Right to Rectification
You have the right to oblige Revitalise to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.
Right to Erasure
You have the right (under certain circumstances, but not all) to oblige Revitalise to erase personal data concerning you.
Right to Restriction of Processing
You have the right (under certain circumstances, but not all) to oblige Revitalise to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.
Right to Data Portability
You have the right (under certain circumstances, but not all) to oblige Revitalise to provide you with the personal data about you which you have provided to Revitalise in a structured, commonly-used and machine-readable format.
You also have a right to oblige Revitalise to transmit those data to another controller.
Right to Withdraw Consent
If the lawful basis for processing is consent, you have the right to withdraw that consent.
Right to Object to Direct Marketing
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.
Rights in Relation to Automated Decision-Making and Profiling
Revitalise does not perform any automated decision-making based on personal data that produces legal effects or similarly affects you.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
We combine data that you have provided to us with information from publicly available sources, and from vendors to understand our supporters better, so we can send you information you are interested in, to predict how you might be able to help us in future, and to make sure we do not send marketing to vulnerable individuals, meaning we can raise money in an efficient and ethical manner. We will also use this data to research where the greatest need for funding is.
If you would prefer that we do not carry out this type of analysis, please contact us.
Your Right to Lodge a Complaint with a Supervisory Authority
If you wish to exercise any of your rights concerning your personal data, you should contact Revitalise’s Privacy Officer at DPO@revitalise.org.uk. If you are not satisfied with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:
Information Commissioner’s Office
(t) 0303 123 1113
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contacting us” section below.
Changes to This Policy
In the event of any query or complaint in connection with the information we hold about you, please email email@example.com, or write to us at:
Revitalise Marketing Department
240 City Road
Our Privacy Officer, Rebecca Young can be contacted at DPO@revitalise.org.uk
Version dated 19/06/23