Last updated: 29th November 2018
The Nightingale Trust is strongly committed to protecting your personal information. This privacy statement describes how we handle personal information collected through www.nightingaletrust.co.uk.
We use and store your data to fulfil a contact when an interest in training is placed and for marketing when provided with your consent. You may withdraw marketing consent or restrict which channels at any time.
1. Who we are
We have appointed a Data Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions or want to exercise your rights as an individual, their contact details can be found below.
We are registered with the Information Commissioner’s Office (ICO), our registration number is ZA117946.
2. What data we collect
To enable us to successfully process your interest in our nutrition courses or educational support funding, we will ask you to provide the following personal details:
· Full Name
· Email Address
· Postal Address
· Telephone Number
We also collect the following data to help our site function correctly and to improve our services to you:
· Website traffic statistics
· Anonymous site usage and user behaviour
3. How we collect your data
We use a number of different methods to collect data from and about you, including:
3.1. Direct interactions
You may give us identity and contact details when interacting with us electronically, via telephone or in person, these include
· Requesting information regarding training via website
· Subscribing to our newsletter
· Requesting charity information to be sent to you
· Entering a competition, promotion or survey
As you interact with our website, we may automatically collect technical data about your device, browsing actions and patterns. We collect this data using cookies and other similar technologies. All technical data and tracking will be collected anonymously unless otherwise stated in this policy.
3.2. Third party and publicly available sources
We may receive data about you from various third parties, with whom we partner with:
· We work with other, related charities and health trusts
4. How we use your data
We will only use your data when and where we require it and where the law allows us to. Most commonly for the following purposes:
· Where we need to communicate with you for training enrolement
· Where required by law or regulation
· Where you consent
Where you give consent to the processing of your data, you have the right to withdraw consent at any time by contacting us on email@example.com
We use the data you provide us to successfully process and dispatch your orders and to send you relevant communications about our products and services.
The Nightingale Trust will always treat your data with respect, only collecting what we need, and we will never pass or sell your data to third-parties except to those who are vital to processing orders or to provide communications.
These are called ‘data processors’ and all companies based within the EU are bound by the relevant General Data Protection Regulations (GDPR). For those outside the EU, The Nightingale Trust have ensured they only share data with companies that are part of the EU-US Privacy Shield, which ensures that data is processed in a GDPR compliant manner.
To provide you with up to date fundraising news, activities and other relevant charity information we will share your data with communication service provider: Mailchimp.
We ensure that explicit consent is given before we send any email communication and you are free to opt out at any time.
When clicking links within our Mailchimp campaigns, we also keep track of the links clicked and products purchased. Your product purchase history may be used to improve our recommendations to you.
We work with Trustpilot to collect and collate customer feedback to help us improve our service. When placing an order, we share order details with Trustpilot to allow a scheduled feedback reminder and to verify the feedback as a genuine purchaser.
More details can be found on Trustpilot’s Data Processing Agreement.
This data is stored securely and we will never share this data with any third-party other than with the NHS Trust laboratory that provides your results.
Occasionally we create anonymised statistical data trends based on aggregated data collected during the vitamin D testing for research and marketing purposes. No identifiable information will ever be shared, and you are free to opt-out of this profiling at any time.
5. Data retention
Unless instructed otherwise, your data will be retained for a period of 10 years after your last interaction with us.
Interactions include making a purchase, opening a marketing email, filling in a form or survey and other similar activities.
6. Cookies and tracking
Some of our pages utilise small files called “cookies” and other tracking technologies. A cookie is a small text file saved onto your device that is used to track site activity, purchase history and retain site settings.
You can block cookies and delete existing ones by changing the settings in your browser. Please visit the help section of your browser to learn how to do this. Please note, that if you do this some elements of the website may not work correctly.
6.1. Google Analytics
We use Google Analytics remarketing code to log when users visit specific pages or take specific actions on our website, this allows us to provide relevant advertising through Google and third-party services to display tailored adverts on pages across the internet.
6.3. Facebook & Twitter Pixels
We use both Facebook and Twitter pixels on our site which allow us track the pages visited and items purchased by users which may be used to create personalised Facebook and Twitter remarketing ads.
The pixels also allow us to carryout conversion tracking by reporting on the actions people take after visiting our website through an ad. This helps us measure the effectiveness and improve the relevancy of our advertisements.
No personal information is contained or collected as a result of using these pixels.
We work with a number of specially selected affiliates who create and share content around our brand and are each provided with a unique affiliate link. When accessing betteryou.com through this link, we will store information about orders you have placed. The cookie will be stored on your device for 30 days, any purchases made during this period will be tracked. No identifiable information is shared.
7. Payment methods
We do not process or store credit or debit card information on internal servers. All card payments are securely processed by Virgin Money payment gateway.
8. Your legal rights
As an individual, you have the right to request:
8.1. Access – Commonly known as “Subject access request”, this allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
8.2. Rectification – You can update incorrect or incomplete data we hold about you, though we may ask for proof to confirm the accuracy of this new data.
8.3. Erasure – This allows you to ask us to delete or remove personal data if; it is no longer necessary in relation to the purposes for which they were collected or processed, where the personal data have been unlawfully processed or the personal data has to be erased for compliance with a legal obligation.
Where we have a legal requirement to hold data for auditing purposes (financial transaction data), we may choose to anonymise your data.
8.4. Restrict processing – You may object to processing or require a restriction of processing your personal data during the following scenarios:
· If you want us to correct the data’s accuracy
· Where the use of the data is unlawful but you do not wish for us to erase it
· Where you need us to hold the data if we no longer require it as you need it to establish, exercise or defend legal claims
· You have objected to our use of your data but we need to verify whether we have overriding legitimate basis to use it.
8.5. Data portability / transfer – You may request for us to transfer your data to a third party. We will provide your data in a csv format. This right only applies to data for which you initially provided consent – excluding purchase and transaction history.
8.6. Withdraw consent – You may withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw consent, your data will still be processed where necessary to complete a contract we have entered with you. If you withdraw consent, this may impact how we provide products and services to you. We will advise if this is the case at point of withdrawal.
9. Processing requests
You will not have to pay a fee to access your personal data or exercise any other right. However, a reasonable fee may be charged if your request is clearly unfounded, repetitive or excessive. In any of these cases, we may refuse to comply with your request.
9.2. Information required
We may need you to provide further information or to prove your identity before we are able to process your request. This is a security measure to ensure that personal data is not disclosed to anyone who doesn’t have the right to receive it. We may also ask for additional information to help speed up your request.
9.3. Time limit
We will try to respond to all legitimate requests within one month. Occasionally, for additional or complex requests, this may take us longer than this but we will notify you at every stage.
10. Our Contact Details
For anything relating to your data or to exercise your rights, please email our appointed Data Privacy Manager at firstname.lastname@example.org
You have the right to make a complaint about our data processing activities at any time to the ICO (www.ico.org.uk). We would appreciate the chance to deal with your concerns before your approach the ICO, so please contact us in the first instance.