Privacy Policy
Fundraising and Marketing Privacy Notice
MediCinema is committed to protecting your personal data and respecting your wishes and we want you to be confident that we are. We aim to be clear about when we collect your data and not do anything you would not reasonably expect us to do with your personal data. This policy is to help you understand what personal data we collect, how we use it and how we store it and applies to our website and the ways in which we interact with our supporters. A separate MediCinema Services Privacy Notice addresses how we handle personal data within our services. If you no longer wish to hear from MediCinema by email or post please contact us using the details in the “Contact us” section below. If you would like to know more about how we collect and use your personal data, please click on the headings below for further information. If you have any further questions, please contact us using the details in the “Contact us” section below. Any personal data collected will be used and held in accordance with both domestic and EU data protection requirements as dictated by the Data Protection Act 2018, when applicable, the UK & EU GDPR, and any additional or successor legislation or regulation.
1. Where does MediCinema collect my personal information from?
1.1 When you provide your personal information directly to us.
If you sign up to our newsletter, one of our events, make a donation, or communicate directly with our teams for another reason, whether online, on paper, in person, or over the phone, you will be sharing your personal information with us.
1.2 When you provide your personal information through a third-party organisation
MediCinema works with other organisations such as JustGiving, London Marathon and Enthuse, and other charity fundraisers. If you provide your personal information to these third parties and indicate that you wish to support MediCinema or wish to hear from us such as by supporting an event, signing up to hear from us, or making a donation, the organisation you have contacted may share your details with us (including personal information). For information about the type of information receive through these third parties, see the section below “What type of information do you collect”. To learn how these organisations use your personal information, please read their Privacy Policy.
1.3 Publicly available personal information
In some circumstances, we may combine information you provide us with personal information available from external sources such as on your employer’s website, in newspaper and magazine articles in the press, or in public records such as Companies House. This might be in order to ensure that we are contacting you with information that we feel is relevant to you, or in order that we can provide you with a better and more personal experience in your interactions with MediCinema. It also enables us to gain a better understanding of our supporters to improve our fundraising products and services. If you leave us a legacy and information is required for administration purposes in relation to that legacy, we may refer to publicly available sources in order to obtain the information required for these purposes. Occasionally we obtain publicly available information such as contact information or we research information to help us perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors or to ensure that there are no conflicts of interest from potential supporters or organisations prior to our engagement. This might be if, for example, we noticed unusual donation activity. We do these checks to help protect MediCinema from abuse. For further information around this please see the marketing section below.
1.4 Social media
We may refer to personal information available on and through your social media profiles (such as LinkedIn, Twitter and Facebook) in order to provide you with a better and more personal interaction with MediCinema. Your personal settings within those social networks and the privacy policies of those websites and messaging services will determine what information you have given us, and others, permission to access. Please check your settings and the privacy policies of those sites if you’re not sure what permissions you’ve given.
2. What type of information do you collect and what do you do with it?
The type of information (including personal information) that we collect and use and what we do with it will depend upon your relationship with us. If you are kind enough to support us, such as by making a donation, registering to receive our newsletter or do some fundraising, signing up for an event, the data that we need to collect will vary, but may include:
- Your name
- Your contact details, including email, telephone number and postal address
- Your date of birth
- Your bank or credit/debit card details
- Health information (only if we need it, such as if you are taking part in a sporting event)
- Why you’ve decided to support us or make a donation
- Details needed for us to provide you materials such as t-shirt size
- The name and address of your employer, particularly if we are running an event in conjunction with your employer
- If an event is being provided by a third party, the name and contact details of that third party supplier
- Details needed to improve your event experience such as dietary requirements or accessibility needs
- Invoicing information
- A declaration from you to enable us to reclaim Gift Aid on your donations
3. Do you ever collect sensitive personal information?
We will rarely collect information classified as “special categories of personal data” or “sensitive personal data”, such as information about your race, religious beliefs, political opinions and health information for fundraising or marketing purposes. We will only do so if there is a clear reason for doing so, such as if you are attending an event and we need your health information to ensure your safety, or to enable you to participate in an event. If you provide us with your bank or credit card details to process a payment over the telephone or via a postal mailing, we will always endeavour to ensure that your information is handled securely. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed. If you make a payment through our website, the payment will be processed through a secure third party such as Stripe or GoCardless and we will not have access to your full card details. Your card will be processed in accordance with the policies of the processor providing that service that you will be notified of at the time of making payment and we would refer you to their terms and conditions for further information.
4. How does MediCinema use the personal data it collects?
MediCinema uses your personal data in different ways, depending on the nature of our relationship with you. If you make a donation, register to receive our newsletter or sign up for an event or do some fundraising, we need to collect this data for numerous reasons, in order to:
- provide you with the services, products or information you asked for
- administer your donation or support your fundraising
- process gift aid
- keep a record of your relationship with us
- Make sure we know how you prefer to be contacted
- Understand how we can improve our services, products or information
- We may also use your data for the following:
4.1 Direct Marketing
We will use the details you provide to us to communicate with you about the work we are doing, how your support is helping and other ways you can help in the future, such as through volunteering, events or fundraising. We may also send you appeals asking for a donation to support our work. We will never send you electronic marketing communications, such as fundraising emails, or contact you by telephone unless we have your express consent that you wish to hear from us in this way. If you do subscribe to MediCinema emails or the e-newsletter, we will understand that you are granting us the right to use that email address for email marketing. If you don’t currently hear from us by email or receive our e-newsletter and would like to do so, or if you would like to update your preferences, please contact us using the details in the “Contact us” section below. You can also unsubscribe from MediCinema emails by clicking the ‘unsubscribe’ link at the bottom of any of our emails. We may contact you by post if we believe we have a legitimate interest in doing so and that contacting you in this way will not have unduly adverse consequences for you. This might be if, for example, you have a history of making donations and have not indicated that you no longer wish to receive these appeals by post. If you hear from us via the post and no longer wish to do so, please contact us using the details in the Contact us section below. We are committed to communicating with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it is quick and easy to let us know that you no longer want to hear from us by using the contact details in the Contact us section below or by posting us an updated consent form that you may receive in the post.
5. When might you give my personal information to another party?
We will never share your information with a third party who intends to use it for their own marketing purposes and there are very limited instances where we will share your personal data with a third party. This could include:
5.1 To assist with the administration of fundraising.
For example, if you have indicated that your employer may be willing to match fund any donations you make to MediCinema, we may need to contact your employer.
5.2 For the administration of events.
For example, an event venue may require the provision of the names of attendees in advance, for security purposes.
5.3 Where there is a legal or regulatory requirement to disclose your personal information.
Such as from HMRC or the courts, we have a genuine and real concern regarding a person’s well-being, or where disclosure is necessary for taxation and criminal investigation purposes.
5.4 Where we have your written consent.
5.5 In order to prevent fraud and crime.
We may perform due diligence checks to ensure we are not being abused, such as by fraudsters or criminals posing as genuine donors for example money laundering proceeds of crime and tax avoidance. We do these checks to help protect MediCinema from abuse.
6. How long will you keep personal information about me?
We will only keep information about you for the length of time it is necessary to do so to engage with you in the way that you have requested and in accordance with our legal requirements and tax and accounting rules. When your personal data is no longer needed, we will ensure that it is disposed of in a secure manner. If you would like us to delete any information we hold about you, please contact us using the details in the “Contact us” section below.
7. What rights do I have in relation to the personal information you hold about me?
Under GDPR, you have certain rights about the processing of your data. These are:
7.1 The right to be informed
we will be transparent with you about our use of your data.
7.2 The right of access
if you want to see the information we have about you, you can ask us to send it to you and we will do so. This also gives you the right to be aware of and check the lawfulness of our processing of your data. We will only charge a fee for you to access the data we hold on you if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
7.3 The right to rectification
if the information we have about you is inaccurate or incomplete, you can tell us verbally or in writing and we will correct or complete it within one calendar month.
7.4 The right to data portability
you can request your data in an accessible format so you can use it for your own reasons across different services. You can also ask us to send your data directly to another organisation.
7.5 The right to restrict processing
you can ask us to restrict our use of your data to specific purposes.
7.6 The right to erasure
also known as the ‘right to be forgotten’, this gives you the right to ask us to erase any or all data we have on you. Please note there may be circumstances when it isn’t possible for us to fulfil your request in full, for example when we are legally obliged to keep your data, but we will always talk this through with you.
7.7 The right to object
if you no longer want us to use your data, you can object to us doing so and, unless we are legally required to keep your data or there is a similar reason we need to process it, we will stop.
7.8 The right to withdraw consent
if you give us your consent to keep or use your data, you can change your mind and withdraw this consent at any time. For example if you give your consent to receive our e-newsletter you can withdraw this consent and unsubscribe at any time by clicking on the unsubscribe link found at the bottom of all our newsletter emails. You can also withdraw your consent by emailing info@medicinema.org.uk or calling 020 7188 3697. Please note this right only applies when we are keeping or using your data on the basis that we have your consent.
8. Complaint Procedure
If you would like to complain to us about our handling of your personal data, please contact:
info@medicinema.org.uk
or by post:
MediCinema, Conybeare House, Guy’s Hospital, London, SE1 9RT
If you wish to lodge a complaint or seek advice from a supervisory authority please contact:
The Office of the Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Website: www.ico.org.uk
9. Contact us
If you would like to speak to someone about the handling of your personal data, please contact:
info@medicinema.org.uk or by post MediCinema, Conybeare House, Guy’s Hospital, London, SE1 9RT.