At ME Research UK we are committed to protecting your privacy. When you interact with us by phone, mail, in person or online, we sometimes receive personal information about you. This page, together with our website terms and conditions, tells you about how we collect, use and store your personal information.
If you have any queries about our privacy policy, please contact us at contact@meresearch.org.uk or call us on 01738 451234.
What this policy takes into account
ME Research UK (‘we’) (Scottish Charitable Incorporated Organisation – Charity No. SC036942) promise to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and to not do anything you wouldn’t reasonably expect.
Developing a better understanding of our supporters through their personal data allows us make better decisions and fundraise more efficiently, and ultimately helps us reach our goal of finding a cure for ME/CFS. We have made improvements to this policy to make it more understandable to supporters.
From May 2018, we are an ‘opt-in only’ communication organisation. This means that we will only send marketing communications to people who have explicitly stated that they are happy for us to do so via your preferred channel(s) (email, SMS, phone or post). Our marketing communications include information about our latest Breakthrough magazine campaigns and fundraising activities.
If you would like to receive such communications, contact us on 01738 451234 or complete our contact form. Except as required by law, we will never share your details with other organisations to use for their own purposes.
We may share your details to allow for delivery of Breakthrough magazines and items consigned to postage companies. This allows us to fulfil our obligations to you.
Under the General Data Protection Regulation (GDPR) you have a number of important rights, and these are set out below.
General
By giving us your personal information, you consent to us collecting and using that information in the ways that we describe in this privacy policy and/or to which you have specifically consented. We do not solicit the submission of sensitive personal data such as information about your health.
If you register or ask to receive our Breakthrough magazine, this may contain marketing material; e.g. leaflets and appeal information. Likewise, if you set up a Standing Order or fundraise for us (and, if via an online site, opt to allow us to make further contact), we will add your details to our Breakthrough postal list. If a Breakthrough magazine or an e-mail is returned, then we will delete details from our mailing list.
We will only send you marketing information by e-mail, SMS or phone if you have given us specific consent. If you withdraw your consent and then subsequently opt in, then your most recent preference will supersede the earlier preference.
You can opt out of us using your personal details for marketing at any time, either by calling us on 01738 451234, by e-mail at contact@meresearch.org.uk, or by writing to ME Research UK, The Gateway, North Methven Street, Perth, PH1 5PP.
How we collect information about you
We may collect and store information about you whenever you interact with us. For example, when you make a donation, fundraise for us or submit an enquiry, or if you register for our services, or apply for a job or volunteering opportunity, or otherwise give us any other personal information.
We may also receive information about you from third parties for a specific purpose, for example, a referee, if you apply for a job with us – but only if you’ve given them permission to share your information.
What information we collect
Supporters & Ambassadors
If you support us, for example make a donation, volunteer, apply to be an Ambassador, organise a fundraising event for us, ask for publicity/fundraising items or purchase Christmas cards, we may, depending on the nature of your interaction with us, collect:
- Your name and address;
- Your contact details, including telephone number and e-mail address;
- Information about what news and publications you would like from us; e.g. our Breakthrough magazine and e-newsletters;
- Information about any donation made; e.g. amount, date and nature;
- Your financial information for any donation or purchase you choose to make. Please note that if you make a donation via our website, we do not retain details of the credit/debit card used to make your donation. When making a payment via ME Research UK’s website, your card and personal details are provided by you directly to one of our providers of payment processing services (e.g. JustGiving or Virgin Money Giving) which handle all payment transactions made via the website on our behalf. Donations via Facebook are processed by Virgin Money Giving. If you make a donation to us directly with a credit/debit card, we do not retain your card details;
- Your bank account details if you choose to support us with a regular standing order;
- Your details required to obtain Gift Aid upon your donation;
- Information that you choose to submit when contacting us or using particular features on our website;
- Information about how you would like to be contacted.
We will mainly use your data to:
- Provide you with the services, products or information you asked for;
- Administer your donation or support your fundraising, including processing Gift Aid;
- Keep a record of your relationship with us;
- Manage your marketing preferences;
- Understand how we can improve our services, products or information.
Others
- If you volunteer for us, apply to become a trustee or apply for a job with us, information necessary for us to process these applications and assess your suitability (which may include things like employment status and previous experience, depending on the context, as well as any unspent criminal convictions or pending court cases you may have);
- If you apply for research funding, information necessary to process your application, such as your employment history;
- Where you have left us a legacy, any information regarding next of kin which you may have provided us with to administer this.
Where we collect information about you from
We collect information in the following ways.
When you give it to us DIRECTLY
You may give us your information in order to apply for a grant, sign up to receive our Breakthrough magazine, make a donation, purchase our cards or communicate with us.
Your Personal Data: Art 13 GDPR Notice
What we need
ME Research UK will be what’s known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special types of information or location-based information. This does, however, include your name, address and email, etc.
Why we need it
We need to know your basic personal data in order to provide you with the service you have requested or to further our charitable aims. We will not collect any personal data from you we do not need in order to provide and oversee this service to you.
What we do with it
All personal data is processed by our staff in the UK; however, for the purposes of IT hosting and maintenance the information is located on servers within the European Union. No unauthorised third parties have access to your personal data unless the law allows them to do so or it is necessary to provide the service requested e.g. delivery of cards or published materials. However, we may disclose your information to third parties in connection with the other purposes set out in this policy. These third parties may include:
- if you are a researcher, volunteer advisory panels, any joint funders of research, host institutions and external members of our committees;
- if you are a legacy giver, we may share information with co-beneficiaries;
- if you request items posted, we may use a courier who requires name, address and telephone number/e-mail address to deliver the items.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
How long we keep it
We may, in cases where we are obliged by regulatory authorities or law enforcement/legal authorities, be ordered to retain records beyond the following limits, and we will require to comply with the instruction. We also have statutory duties to retain certain information. We keep your data for as long as it is necessary to provide the services that you have asked for, and to meet our legal obligations to HMRC and other accounting regulations.
As a general rule, we will keep your data for 6 years from the end of your relationship with us. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it, or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
- If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
- Where you make a donation, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
- The information we use purely for marketing/contact purposes will be kept with us until we receive a written request from you indicating that you no longer wish to receive this information.
- We will, where not obliged otherwise, destroy all letters, e-mails and other data after 6 years.
What are your rights?
If at any point you believe the information we process on you is incorrect, you can request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our office on contact@meresearch.org.uk. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Full details of our Privacy Policy can be found at https://www.meresearch.org.uk/privacy-policy/.
When you give it to us INDIRECTLY
Your information may be shared with us by fundraising sites such as JustGiving or Virgin Money Giving. These independent third parties will only do so when you have indicated that you wish to support ME Research UK, and only with your consent. You should check their Privacy Policy when you provide your information to understand fully how they will process your data. If you are a researcher your information may be shared with us by the principal investigator or institution.
Your Personal Data: Art 14 GDPR Notice
What we need
ME Research UK will be what’s known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special types of information or location-based information. This does however include name, address, email, etc.
Why we need it
We need to know your basic personal data in order to provide you with the service you have requested or to further our charitable aims. We will not collect any personal data from you we do not need in order to provide and oversee this service to you. Unless otherwise agreed with you, we only collect basic personal data about you which does not include any special categories of personal information (also known as ‘sensitive personal data’) or location-based information. This information does, however, include your name, address, telephone number, email or work email.
If you do not provide this information then we will be unable to contact you with Breakthrough, research news and ways to support us or to help in your fundraising. We could not fulfil any order for cards or requests for information either. We will not collect any personal data from you we do not need in order to provide and oversee this service to you.
What we do with it
All personal data is processed by our staff in the UK; however, for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No unauthorised third parties have access to your personal data unless the law allows them to do so or it is necessary to provide the service requested e.g. delivery of cards or published materials. However we may disclose your information to third parties in connection with the other purposes set out in this policy. These third parties may include:
- if you are a researcher, volunteer advisory panels, any joint funders of research, host institutions and external members of our committees;
- if you are a legacy giver, we may share information with co-beneficiaries;
- if you request items posted, we may use a courier who requires name, address and telephone number/e-mail address to deliver the items.
How long we keep it
We may, in cases where we are obliged by regulatory authorities or law enforcement/legal authorities, be ordered to retain records beyond the following limits, and we will require to comply with the instruction. We also have statutory duties to retain certain information. We keep your data for as long as it is necessary to provide the services that you have asked for, and to meet our legal obligations to HMRC and other accounting regulations.
As a general rule, we will keep your data for six years from the end of your relationship with us. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it, or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
- If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
- Where you make a donation, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
- The information we use purely for marketing/contact purposes will be kept with us until we receive a written request from you indicating that you no longer wish to receive this information.
- We will, where not obliged otherwise, destroy all letters, e-mails and other data after 6 years.
What are your rights?
If at any point you believe the information we process on you is incorrect, you can request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our office on contact@meresearch.org.uk If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Full details of our Privacy Policy can be found at https://www.meresearch.org.uk/privacy-policy/.
Cookies
Like most websites, we use ‘cookies’ to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier. We do not use cookies to collect any personal information.
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
When someone visits www.meresearch.org.uk we use a third party service, Jetpack, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Jetpack to make, any attempt to find out the identities of those visiting our website.
If we do want to collect personally identifiable information through our website, we will be up-front about this. If you visit our site anonymously, we may however still record information about:
- the areas of the website you visit;
- the amount of time you spend on the site;
- whether you are new to the site, or have visited it before;
- how you came to our website – e.g. through an e-mail link or search engine;
- the type of computer, browser, network location and internet connection you use;
- whether you have given consent for the storage of cookies.
Some third party cookies are set by services that appear on our pages, including Facebook, AddThis, Amazon and JustGiving. They are set by the operators of that service and are not under our control. Most relate to the ability of users to share content on this site. Most browsers let users delete and control cookies. For advice on how to do this, as well as more information about cookies, we recommend visiting AboutCookies.org, and you can learn more by reading our cookie policy.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal data to these websites.
What we do with your data
We will use your personal information to:
- provide you with the services, products or information you asked for;
- administer your donation or support your fundraising, including processing Gift Aid;
- keep a record of your relationship with us;
- respond to or fulfil any requests, complaints or queries you make to us;
- further our charitable objectives;
- send you correspondence and communicate with you;
- process applications for funding and for administration of our role in the projects we fund;
- safeguard our staff and volunteers;
- conduct due diligence and ethical screening;
- process your application for a job or volunteering position;
- audit and administer our accounts;
- meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies;
- carry out fraud prevention and money laundering checks;
- establish, defend or enforce legal claims.
How we protect your personal information
Security
We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way, for so long as we hold your data. We limit access to your personal data to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorised access.
Keeping your personal data up to date
If your personal details change you may update them by accessing the relevant page of our website, or by contacting us using the contact details below. We will endeavour to update your personal data within thirty (30) days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and as up-to-date as possible.
Where we store your personal data
All the personal data we process is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance this information is located on servers within the European Union or European Economic Area (‘EEA’).
International Transfers of Your Personal Information
Given that we are a UK-based organisation and many of our recipients are based in the UK, we will normally only transfer your personal information within the EEA, where all countries have the same level of data protection law under the GDPR. We do not anticipate that any of your data will be transferred outwith the UK, EU or EEA, but should this be the case please note that some countries outside the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.
Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient of data implements appropriate safeguards (such as by entering into standard contractual clauses which are approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice; where appropriate we will seek your consent.
If you have any questions about the transfer of your personal information, please contact us using the details below. Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure, However, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.
Lawful basis for processing your personal information
The GDPR requires us to rely on one or more ‘lawful basis’ to use your personal information. We consider the basis listed below to be relevant:
- Where you have provided your consent for us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you emails, information, process donations or send Breakthrough magazines or fulfil Christmas card orders).
- Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
- Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, purchase of Christmas cards).
- Performance of a contract/take steps at your request to prepare for entry into a contract.
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract; e.g. applying to work/volunteer with us, or being funded to undertake research.
How long we keep your personal data
We may, in cases where we are obliged by regulatory authorities or law enforcement/legal authorities, be ordered to retain records beyond the following limits, and we will require to comply with the instruction. We also have statutory duties to retain certain information. We keep your data for as long as is necessary to provide the services that you have asked for, and to meet our legal obligations to HMRC and other accounting regulations.
As a general rule, we will keep your data for six years from the end of your relationship with us. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it, or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
- If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
- Where you make a donation, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of six years after which time it will be destroyed.
- The information we use purely for marketing/contact purposes will be kept with us until we receive a written request from you indicating that you no longer wish to receive this information.
We will, where not obliged otherwise, destroy all letters, emails and other data after six years.
Keeping your information up-to-date
Please contact us to update your name, address or contact preferences. This can be done online at www.meresearch.org.uk/about-us/sign-up/. Or contact us via mail at ME Research UK, The Gateway, North Methven Street, Perth, PH1 5PP, email at contact@meresearch.org.uk or call us on 01738 451234.
You can also unsubscribe from our email list at www.meresearch.org.uk/about-us/unsubscribe/.
Your rights
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include: where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes, or to unsubscribe from our email list at any time. You also have the following rights:
- Right of access: You can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
- Right of erasure: You can request that we delete your personal information from our records as far as we are required to do so. In some cases, we may suppress your personal information in order to stop further communications with you, rather than delete all of your personal information.
- Right of rectification: If you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate.
- Right to restrict processing: You have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.
- Right to object: You have the right to object to processing where we are (i) using your personal information for direct marketing or (ii) using your information for statistical purposes.
- Right to data portability: Where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering in a contract, and in either case we are processing your personal information using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.
Please note that some of these rights only apply in certain circumstances. At all times you have the right to make a complaint to the Information Commissioner’s Office www.ico.org.uk if you think that any of your rights have been infringed by us. For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please:
- contact us using our contact details below,
- let us have enough information to identify you,
- let us have proof of your identity and address,
- let us know the information to which your request relates.
You can request details of the personal information we hold about you. If you want to update the information we hold for you, or you think any information we have about you is incorrect or incomplete, please get in touch as soon as possible.
Please write to: ME Research UK, The Gateway, North Methven Street, Perth, PH1 5PP, or email at contact@meresearch.org.uk or call us on 01738 451234.
Release of data to law enforcement agencies
We may be required to disclose information about you: (i) if we are required to do so by law, regulation or legal process (such as a court order) including lawful requests by public authorities to meet national security or law enforcement requirements; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) for the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights; or (iv) when we believe disclosure is necessary or appropriate in connection with an investigation of suspected or actual illegal activity.
These obligations may mean that we are require to retain your data for a period outwith our normal destruction schedule as mentioned elsewhere in this policy.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to our Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the website. Your continued use of the services and the website shall be deemed your acceptance of the varied Privacy Policy.