Dementia UK is committed to protecting and respecting your privacy.
Whenever you share personal data with us we aim to be clear with you and not to do anything that you would not reasonably expect us to do. We will always endeavour to tell you when we are collecting data from you and in this document we describe what we will and will not do with your personal information.
We have set this out in twelve sections:
- The type of personal information we collect
- How we use your information
- How we collect your information
- Information collected by the Admiral Nurse Dementia Helpline
- How we share your information
- The Legal Basis for Processing
- How we keep your data safe and who has access to it
- External Links
- Age 16 or under
- Accessing and updating your personal information
- Changes to this Policy
1. The type of personal information we collect
We receive personal information about you in a number of ways:
(a) Personal information you provide to us
We receive personal information from you when you ask about our activities, order products and services from us (such as publications and email newsletters), use our services, make a donation to us, fundraise on our behalf, share your story with us (where you have given us explicit consent), submit an enquiry, give us feedback, make a complaint, apply for a job, register as a volunteer, or otherwise give us personal information.
The type of personal information we collect will therefore depend on the reason why you are engaging with us. It may include information such as your name, date of birth, email address, postal address, telephone number and credit/debit card details.
Sometimes it may be appropriate for us to ask for information about your health or personal circumstances (for example, when calling our Admiral Nurse Dementia Helpline, or if you wish to take part in a high risk event). We will only do this when we need to.
Occasionally, it may be useful for us to find out why you are supporting us as this helps us understand the benefits of our work. You do not have to answer this question and we only want you to answer if you are happy doing so.
(b) Personal information provided to us by third parties
Sometimes, we receive personal information about you when you engage with other organisations. Details of this are set out in the section ‘How we collect your information’. When this happens we will treat the information in the same way as if you had shared it directly with us.
(c) Extra personal information we generate – analysis of your personal information
From time to time we may keep your records up-to-date and add information to them by checking against external publicly available information. For example, we might use an external service to find your new address. We may also research information about you, either from publicly available information or from information that we have already collected from you. We do this so we can operate efficiently and to ensure you receive information that is relevant to you and the purposes for which you have shared your personal information.
2. How we use your information
We will use your personal information primarily to:
- Administer any donation from you or support your fundraising efforts, including the claim of Gift Aid on your donations (as requested by HMRC)
- Thank you
- Record your involvement with us
- Respond to your request
- Let you know about changes to our services or policies
- Provide any information you have requested from us, and direct you to any services that may be relevant
- Manage your preferences for hearing from us
- Send you communications about our work and how you can help us, for example, information about our fundraising activities, volunteering and campaigns
- Investigate and respond to complaints, legal claims or other issues
- To detect and reduce fraud and credit
2.1 Building profiles
We may also analyse the information we collect about you so that in certain cases we can build a profile and better understand you and target our communications to you appropriately, and with the most relevant information. For example, we may wish to send you invitations to attend special events or to discuss specific fundraising projects. Where we use such profiles it enables us to cost-effectively and efficiently raise funds to support our work.
When building a profile we may analyse geographic, demographic and other information relating to you. In doing this, we may use additional publicly available information about you, for example addresses, listed Directorships or typical earnings in a given area.
Occasionally, we may use your personal information for other purposes consistent with our charitable purposes, but we will notify you about this, and more importantly, obtain your consent.
2.2 Why we build profiles
We believe our collection and use of your personal information is necessary and in the charity’s best interests so that we engage with you in the most effective way, using our resources efficiently, and so that we may raise donations to support the beneficiaries of Dementia UK. In doing so, we do not consider that it will cause undue harm to your privacy.
We believe this because:
- the personal information about you has either been provided by you, generated by your engagement with Dementia UK or is personal information that is publicly available from legitimate sources
- we have made you aware of how we use your personal information and that we undertake this level of research at the point you first provided your personal information to us
- you will expect us to know information about your interests, preferences and the level of potential support you might provide to Dementia UK – in order that we make best use of your time and efforts in engaging with us
3. How we collect your information
Your personal information may be shared with us in the following ways:
- you may give us your information when you sign up for one of our events, make a donation or communicate with us
- your information may be shared with us via referrals from trustees, volunteers or staff members
- your personal details may be available from public sources of personal information. Please see the sections above for more detail
- your information may be shared with us from other online accounts. Depending on your settings or the privacy policies for other online services like Facebook or Twitter, you might give us permission to access information from those accounts. The information we get from those online services depends on your personal settings, and therefore it is recommended that you check them regularly.
Your information may also be collected by an affiliated fundraising group, who will store it on password protected excel spreadsheets, accessible only by relevant group members. Dementia UK will only hold your details on our central database and contact you if you have given us permission to do so.
4. Information collected via the Admiral Nurse Dementia Helpline
Any data collected via the Admiral Nurse Dementia Helpline is stored and managed separately to other data provided to the charity.
Our Admiral Nurse Dementia Helpline is there to assist with the care of vulnerable individuals. As such we treat this sensitive information with the utmost confidence and respect and will not share this information with any third party, except in the specific circumstances detailed in section 4.1 below. The information is stored on a database which can only be accessed by our registered nurses who are governed by the Nursing and Midwifery Council and their Code of Practice and a small number of staff who help to administer the service. It is possible that any call to the Admiral Nurse Dementia Helpline may be recorded in order that we can monitor the quality of our service. Copies of all recorded calls will be retained, but only for as long as required for these purposes.
The information that you give to our Admiral Nurses (dementia specialist nurses) will only be used to:
- provide advice in respect of the care of the relevant person (if you are calling about another person) or about your own health;
- monitor any advice we have given you; and
- to contact you in relation to any communications between us and any advice we have given you.
We will also use some of the information to evaluate our Helpline and assess trends, such as who is using it and the types of enquiry that are being made. However, all information used in this way will be anonymised.
Whenever you contact the Admiral Nurse Dementia Helpline on behalf of another person, you must ensure that you have the right to share personal information with us relating to the individual. This will usually be the case if you are their primary carer and you have their expressed consent or, if they lack capacity to make their own informed decisions and a decision needs to be made for them and you are acting in their best interest in accordance with the Mental Capacity Act.
We will only hold the information provided via the Admiral Nurse Dementia Helpline for so long as it is necessary for the intended purposes or as is required by law.
4.1 How we share information provided to the Admiral Nurses Dementia Helpline
Exceptional circumstances may include:
- Where we are legally required to do so by a court order or other law enforcement agencies, professional regulators, and/or safeguarding agencies.
- Where you or someone you are calling about is at risk of serious harm, neglect, death, or other significant threat to self or personal safety and wellbeing and lack capacity under the Mental Capacity Act 2007.
- Where you have told us that a child may be experiencing harm or other threats to their personal safety and well-being, either from their own actions or the actions of others.
- Where disclosure is deemed necessary to prevent a crime or serious offence being committed.
We may also share any information you provide to us with the relevant GP in circumstances where we are legally required to do so, or if we consider it is in the best interests of the person living with dementia to do so.
Occasionally, our Admiral Nurses will be asked to help you fill out forms for other services (for example a Support Group.) Our nurses will only ever do this when you request this and provide your explicit consent. We cannot be held responsible for the privacy of other websites not managed by us.
5. How we share your information
We will not sell your details to any third parties, but we may sometimes share your information with our trusted service providers who are authorised to act on our behalf. For example when you indicate that you would like to receive information from us in the post or via email, we may provide your name and address or email address (as applicable) to a third party sub-contractor who will compile and send out the relevant mailings on our behalf. This third party will not use or process the information for any purpose other than compiling and sending out the relevant mailing. The information you receive will be information which you have agreed to receive from us and the third party will not contact you for any other purpose.
In addition, from time to time we may exchange your personal information with other organisations for the purposes of fraud and credit risk reduction. We may also share information with our financial and legal advisers for the purposes of obtaining advice and protecting our legal rights.
6. The Legal Basis for Processing
Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example when we send you marketing material via post, phone, text or e-mail). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Information Commissioner or Fundraising Regulator, or to use information we collect about you for due diligence or ethical screening purposes.
Performance of a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance Christmas cards) or applying for a job with Dementia UK.
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance if there were to a safeguarding issue which required us to share information provided to us via the Admiral Nurses Dementia Helpline (see Section 4.1).
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).
We consider our legitimate interests to include the following activities carried out by Dementia UK
- Where you have signed up to fundraise for us at an event, to contact you about the event and support you in your fundraising journey. We may also share your personal information with the third party event organiser so they can administer the event
- To update your address using third party sources if you have moved house
- To capture details from you when you call our Admiral Nurse Dementia helpline so that we can provide you with appropriate support and care
- To thank Next of Kin for donations collected in memory of a loved one
- To contact prospective company supporters by email, phone and post to: find out information about their giving policies, make them aware of Dementia UK and tell them about opportunities to support us.
- To contact prospective Trust funders by email, phone and post to find out more about their giving criteria and to apply for funds.
- To contact prospective supporters by post where information in the public domain indicates they may be interesting in supporting Dementia UK.
- To contact people who have previously supported the charity where we believe they will be interested in supporting us again.
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for health and social care reasons, your vital interests, or, in some cases, if it is in the public interest for us to do so).
7. How we keep your data safe and who has access
Dementia UK is responsible for collecting your personal information. We use rigorous procedures and strict security features when we collect your personal information in order to prevent unauthorised access. However, no data transmission over the Internet is 100% secure and although we try to protect your personal information, Dementia UK cannot guarantee the security of any information you transmit to us and you do so at your own risk.
We have appropriate technical controls in place to protect your personal details (for example our online forms are always encrypted and our network is protected and routinely monitored).
Regular reviews are carried out to establish who has access to information that we hold. This ensures that your information is only accessible by appropriately trained staff, volunteers and contractors.
We may, in some limited circumstances, have an obligation to disclose your details to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
7.1. Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work on our behalf. Information which we collect will be stored on our secure services which are hosted in the UK, EU, and in the United States of America. By submitting your personal data, you agree to this transfer, storing or processing.
7.2. How long we will hold onto your personal data for
We will only hold the information provided to us for so long as it is necessary for the intended purposes or as is required by law. We have specific, defined data retention periods for different data types, which are determined by legal and operational considerations. For instance, if you give us a donation, we are required to keep a record of this for seven years because of legal obligations.
8. External Links
The Dementia UK website may include links to other sites, not owned or managed by us. We cannot be held responsible for the privacy of information collected by websites not managed by us.
Cookies mean that a website will remember you. Cookies are small text files that sites transfer to your computer (or phone or tablet) to make interacting with a website faster and easier.
The information gathered from cookies help us to: review how our website is being used and therefore help us to improve our website and online services; simplify your ability to navigate through the website; personalise and improve the service offered to you by understanding your preferences and establishing which areas of the website are most relevant to you and know if the website is operating effectively.
In addition, the type of device you are using to access our website and the settings on that device may provide us with information about your device, including its type, what specific device you have, what operating system you use, the device settings, and why a crash may have happened. The operating system provider or the manufacturer of the device will have more details about what information your device makes available to us.
10. Aged 16 or under
If you are aged 16 or under, you must get your parent/guardian’s permission before you provide any personal information on our Website.
11. Accessing and updating your personal information
We will use publicly available information to update your details wherever possible. However, it is a great help to us if you are able to let us know if your details have changed.
You can request access to any information we hold about you, free of charge. Please provide us with a description of the information you want and also send proof of your identity. If there are any discrepancies in the information we provide, please let us know and we will correct them.
You can request at any time to for us to delete some or all of your personal information and in certain cases, and subject to certain exceptions, you have the right for this to be done.
If we are processing your personal information based on our legitimate interests or for scientific/historical research or statistics, you have a right to object to our use of your information.
If you are unhappy with how we are using your personal information we would like to hear about it. You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office (link is external), the UK data protection regulator.
If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.
For any of the situations mentioned above and throughout this Policy where contacting the charity has been suggested, please contact us at: Supporter Care
Or by emailing email@example.com
Or calling 0300 365 5500.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO (link is external)).
12. Changes to this policy
This policy is written in accordance with the General Data Protection Regulation (2018) and describes how Dementia UK collects and uses personal information given directly or indirectly by people who engage with us and or visit our Website.
Dementia UK is registered under the Act as a Data Controller under number Z1250036. If you have any questions about the policy, please contact our Data Protection Officer at Dementia UK, 37th floor, One Aldgate, London, EC3N 1RE or email firstname.lastname@example.org or call 020 8036 5400.
This policy was last updated in May 2018.