about this policy
ADDISS works at both a national and local level in partnership with local support groups to provide information, training and support for parents, sufferers and professionals in the fields of ADHD and related learning and behavioral difficulties.
When doing this, we process personal data about people who receive advice, guidance or support services from us – or provide us with support through campaigns, donations, booking on training courses, or volunteering. We are committed to protecting your privacy and take this responsibility very seriously. We therefore take care to safeguard it. This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights.
References to ‘we’ or ‘us’ are to ADDISS, our trading subsidiary ADD Information Services Ltd, and our local project ADHD in Barnet.
We regularly check this notice to ensure we provide you with the most up-to-date information regarding our data processing activities. We strongly advise you to read this page from time to time to ensure you are happy with any changes that might be made.
If you have any questions about this policy, please contact us using the details in the ‘Contact us, section below.
Why we collect your data
We collect personal data for many reasons, including to provide you with services, communicate with you and send you information you have requested, and administer campaigns and donations. Depending on how you interact with us, we may process data for the following reasons:
- to provide you with advice, support or such other necessary services that you have requested or been referred to
- to record personal details shared during conversations with our national helpline
- to process personal details required for the administration of your booked training course
- to process a purchase of an ADDISS publication
- to record and contact you regarding payments you make to ADDISS
- to administer services ADDISS is providing to you
- to communicate with you regarding ADDISS’s work, fundraising, and campaigning activities
- to process donations and administer Gift Aid information for any donation you make to ADDISS
- to process a purchase via our online shop
- to provide you with information about and to administer events
- for our own internal administrative purposes, and to keep a record of your relationship with us
- to manage your communication preferences
- to process job applications or volunteer placements
- to conduct surveys, research and gather feedback
- to obtain information to improve ADDISS’s services and user experiences
- to carry out research to find out more information about our supporters’ and prospective supporters’ backgrounds and interests
- to comply with applicable laws and regulations, and requests from statutory agencies
Information we collect
We collect the following personal information:
- your full name
- contact details – including your postal address, telephone number(s), and email address
- date of birth
- details of your case when providing you with advice or services
- your bank details
- records of your correspondence and engagement with us
- donation history and Gift Aid details
- information you may enter on the ADDISS website
- photographs, video or audio recordings
- biographical information
- other information you share with us
This information may be collected via:
- any paper forms you complete
- telephone conversations or face-to-face interactions
- digital forms completed via our website, or online surveys
- third-party companies and websites such as Just Giving, GoCardless, Paypal, Nochex
- publicly available sources
- communication via social media
We sometimes also collect sensitive, personal data about individuals. This includes information about health, religion, sexuality, ethnicity, political and philosophical beliefs, and criminal records. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law. For example, we may make a record that a person is in a vulnerable circumstance to comply with requirements under charity law and the Code of Fundraising Practice, to ensure that we do not send fundraising communications to them.
Using your personal data
If you are receiving advice, guidance or support from us, we will need to process your data because of your specific relationship with us.
We will keep all your case information – including notes, letters and information given to us about you – in a confidential record that is specific to you. We use a customer relationship management system (CRM) to support our advice, guidance and support. This means that we can keep the information you provide us, so we are able to see the history and relevant details of your case(s). This ensures that we provide appropriate and accurate advice or support. We take information security very seriously. No one is allowed access to our system or files unless they need this to provide the service to you, or one of the other purpose discussed in this notice.
When you call our national helpline for advice, your call is sometimes recorded in writing. This is used for training purposes, quality assurance, complaint investigations, and to make further improvements to the service we provide to you. You are informed of the recording before any data collection occurs.
We may use your data for statistical reports. These statistics will not include any information that could be used to identify any individual.
We would love to keep you up to date with our fundraising, marketing and campaign activity.
We use a range of marketing activities and channels to contact our supporters – including our website, face-to-face fundraising, direct mail, SMS/text campaigns, email, and telephone.
We will obtain your consent to contact you by email and text message for marketing purposes. We will also obtain consent from all new supporters (who sign up after 25 May 2018) to make marketing calls.
We will send you marketing by post, on the basis of it being within our legitimate interests to do so, unless you opt out. See section 10 (‘Our legal basis for processing data’) for more information about our use of legitimate interests. We will also contact existing supporters by phone on this basis (unless they are registered with the Telephone Preference Service or have opted out of receiving marketing communications from ADDISS).
We send the following marketing materials:
- updates about ADDISS’s work – including newsletters, magazines, and other publications informing you about our work
- campaigns – information about our campaigning activities both in England and Scotland, including how you can support such campaigns, (for example by lobbying influential figures or signing a petition), and updates about the progress of our campaigns
- appeals and fundraising activities – including requests for donations, information about how you can leave us a gift in your will, how you can raise money on our behalf, attend or take part in a fundraising event, communications relating to our lottery and raffles, and updates on the impact that your fundraising activities have had on our work
- shop products – including information about products offered by our online shop
- volunteering – information about how you can help support ADDISS by giving up your time or using your influence to progress our aims, along with updates on the impact of your work
- professional services – including details of the professional services that ADDISS offers, such as training and publications
We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes.
You can withdraw your consent, unsubscribe from or update your marketing preferences at any point by emailing email@example.com.
Any electronic communications, such as emails, will have a link to unsubscribe from future electronic communications, so you can manage your own communication preferences.
If you make any changes to your consent, we will update your record as soon as we possibly can. It may take up to 60 days for our systems to update and stop any postal communications from being sent to you. Email communications will, however, be stopped immediately. If you tell us you do not wish to receive marketing, fundraising or campaign communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us (as described below). You can also opt out of receiving marketing communications from us by signing up to the Fundraising Preference Service.
Where possible, we cleanse and remove out of date data by checking it against publicly available records such as deceased records. This helps us to improve the delivery rate of our mailings and minimise wasted expenditure.
Administrative communications to supporters
In addition to the fundraising and marketing communications that you receive from ADDISS, we will also communicate with you by post, telephone, and email in relation to administrative and transactional matters. For example, we will call you after you have set up a Direct Debit to confirm your details, and upon cancellation. There may also be other occasions where we need to contact you about your donation – for example, if there is a problem with a payment or in relation to your gift aid declaration.
On occasion, we will also contact you about an event that you have signed up to participate in, to – for example – check that fundraising pages have been set up and to provide any other necessary information.
As mentioned above, we may still need to communicate with you for administrative purposes even where you have opted out of marketing communications from us.
Supporter research and analysis
We may use profiling and database segmentation techniques to analyse your personal information, and create a profile of your interests, preferences and ability to donate. This allows us to ensure communications are relevant and timely, to provide an improved experience for our supporters. It also helps us understand the background of our supporters so that we can make appropriate requests to those who may be willing and able to donate more than they already do, or leave a gift in their will. This enables us to raise funds quicker and in the most cost-effective way.
We use information that is already in the public domain (information that has been published in print or online) to identify high net worth individuals who may be interested in supporting our work with a major gift. These publicly available sources of information include Companies House, the electoral register, the phone book, the Charity Commission’s Register of Charities, Who’s Who, LinkedIn, company annual reports, and articles in newspapers and magazines.
We are also legally required to carry out checks on individuals who give us large donations, to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud.
When you purchase an item from our online shop, we will collect certain information from you – including your name, address, phone number, email address, Gift Aid status, marketing preferences, and payment details – so that we can process your purchase or contact you if we have any queries regarding your purchase.
When you provide ADDISS trading subsidiary with your data, it is held and processed by such entity and ADDISS. Depending upon the communication preferences you select when registering your details, we may then also contact you for fundraising and marketing purposes, about the activities listed in the fundraising and marketing communications section of this policy.
Depending on your settings or the privacy policies for social media messaging services like Facebook, Twitter, and Instagram, you may receive targeted advertisements through our use of social media audience tools. For example, Facebook’s ‘Custom’ and ‘Lookalike’ Audiences’ programmes enable us to display adverts to our existing supporters when they visit Facebook, or other people who have similar interests or characteristics to our supporters. We may provide your data (including your email address) to Facebook, so it can determine whether you are a registered account holder with them, or so that Facebook create a ‘lookalike’ audience. Our adverts may then appear when you access Facebook. We only work with social media networks that provide a facility for secure and encrypted upload of data, and immediately delete any records not matching with their own user base. For more information, or to manage your social media ad preferences, please see Facebook’s ‘About Custom Audiences’ guide and its Data Policy.
Our website also uses web beacons or pixels through third-party service providers that allow us to track conversions and activity on our website as – well as generating advertisements that appear on Facebook and other search engines, like Google, for you and other potential users. Please see our Cookies Policy for more information.
If you receive an email, open it, don’t open it, select a link and/or browse our website, we collect this information to ensure that the information we send to people is received and relevant.
Applying for an ADDISS job
When you apply for a job with us, your personal data will be collated to monitor the progression of your application, and the effectiveness of the recruitment process through the statistics collected. Where we need to share your data – such as for gathering references, obtaining a Disclosure and Barring Services – you will be informed beforehand, unless the disclosure is required by law. These checks are only done after a position has been offered only to the successful candidate. On the application form, you are asked to complete the referee details, and can tick permission to contact referee. If tick yes, once offered a role, we will automatically send out reference requests. If you tick no, we will contact successful candidates for permission first.
Personal data about unsuccessful applicants are held for 12 months after the recruitment exercise is complete for that vacancy. You, as an applicant, can ask us to remove your data before this time if you do not want us to hold it. If we feel there is another suitable vacancy available, we will contact the applicant prior to sharing your application details with the relevant manager.
Once you have taken up employment with ADDISS, we will compile a file relating to your employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to your employment. Once your employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it from our files.
We may collect data about professional contacts and partners with whom we work, or to whom we provide professional services – such as training or publications. Personal data collected in this way will be processed in accordance with data protection legislation and this policy.
We may send our professional partners information and updates about our work (primarily by email). Such contacts can opt out of receiving this information at any time.
We maintain a record of information related to MPs and other holders of public office, to enable us to undertake our campaigning activity in furtherance of our charitable aims. This will include keeping a record of contact details such as address, telephone number and email address as well as publicly available voting records and committee and group memberships.
Our legal basis for processing personal data
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
- a person’s consent (for example, to send you direct marketing by email or SMS)
- a contractual relationship (for example, to provide you with goods or services that you have purchased from us)
- processing that is necessary for compliance with a legal obligation (for example to process a Gift Aid declaration, and carrying out due diligence on large donations)
- ADDISS’s legitimate interests (please see below for more information)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
- Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes, and intergroup transfers of data between ADDISS and ADDISS Trading
- Administration and operational management: including responding to solicited enquires, providing information and ADDISS services, research, events management, the administration of volunteers and employment, and recruitment requirements
- Fundraising and Campaigning: including administering campaigns and donations, and sending direct marketing by post (and in some cases making marketing calls), sending thank you letters, analysis, targeting and segmentation to develop communication strategies, and maintaining communication suppressions
If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below.
Disclosure of your personal data
We will not share any of your personal data to any third party – except where:
- the transfer is to a secure data processor, which carries out data processing operations on our behalf (please see section 13 for more information)
- we are required to do so by law, for example to law enforcement or regulatory bodies where this is required or allowed under the relevant legislation
- it is necessary to protect the vital interests of an individual
- we have obtained your consent
We will never share or sell your personal data to a third-party organisation for marketing, fundraising, or campaigning purposes.
Security of your personal data
We use appropriate technical and organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We encourage you to review the privacy statements of websites you choose to link to from the ADDISS website, so that you can understand how those sites collect, use and share your information. We are not responsible for the privacy statements, security, or other content on sites outside of the website.
Use of data processors
We may use a third-party supplier to manage mailings for fundraising appeals, campaigns, conduct research surveys, or storage of your personal information on our behalf. At present we do not use such services and all our mailings are handled in house.
We may use a third-party supplier to moderate comments and reviews made on our websites.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
Transfers of data outside of the European Economic Area
We use Microsoft Office 365 and dropbox which are multi-tenant cloud services, for our internal office use. This means that internal documents and information generated by us are stored in cloud services hosted within the European Economic Area (EEA).
However, in some limited cases, we may use data processors that process and/or store data outside of the EEA – for example, payment processors such as Stripe.
In these cases, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information, for example, by entering into a contract that includes prescribed clauses about the use of data and (if the company is based in the United States, checking that it is accredited under the EU-US Privacy Shield).
Retention of your data
Whatever your relationship with us, we will only store your information for a specified amount of time, as set out in our internal data retention policy.
The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under, such as financial regulations, Limitations Act, Health and Safety regulation etc., or any contractual obligation we might have – such as with government contracts or if we have a business case, such as with research data. For business case data, we will anonymise the data so no individual is identifiable.
Subject to the above, we will typically store data relating to donors and people who have taken campaign actions for seven years after their last donation or interaction, and people to whom we provide services to for seven years after completion of those services. Personal data about unsuccessful applicants are held for 12 months after the recruitment exercise is complete for that vacancy.
Once the retention period has expired, the information will be confidentially disposed or permanently deleted.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.
DATA RETENTION ON THIS webSITE
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information, and can delete any additional information relating to the user upon request.
You have many rights under data protection legislation. These include:
Right of Access
You have the right know what information we hold about you and to ask, in writing, to see your records.
We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.
This is called a data subject access, and can be done by emailing or writing to us.
Right to be informed
You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
Right to withdraw consent
Where we process your data based on your consent (for example, to send you marketing texts or emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future.
Right of rectification
If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records, please get in touch with us using the details in the ‘Contact us’ section below.
Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
If you have any complaints about the way in which we have used your data, please get in touch with us using the details in the ‘Contact us’ section below. We would be happy to help and discuss your concerns.
If you have any questions about this policy, would like more information, or want to exercise any of the rights set out in section 15 above, you can get in touch with us in the following ways:
Phone: 020 8952 2800
Post: ADDISS PO Box 340, Edgware, Middlesex HA8 9HL
Our Data Controller
Mrs Andrea Bilbow OBE
Our Data Protection Officer
Mr Danny Eastman
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.