NHS Million Privacy Statement

This privacy statement sets out how NHS Million collects, uses, and protects any information that you provide us, and what controls you have over the use of it.

NHS Million is committed to protecting your privacy. If we ask you to provide certain information by which you can be identified when using the website, for example to join our mailing list, it will only be used in accordance with this privacy statement.

WHAT WE COLLECT

NHS Million is the data controller for the data we collect from subscribers to our mailing list. We collect the following information from individuals that wish to be on the NHS Million email list:

  • First and last name

  • Email address

When you provide us with this information by email to NHS Million or via our website you are agreeing to the collection and processing of this data for the purposes listed below.

HOW WE USE THE INFORMATION WE COLLECT

  1. To inform individuals on our mailing list of NHS Million activities, events and news.

  2. To share information, newsletters, news, and information about NHS events and developments from other pro-NHS organisations.

  3. To help build for events that NHS Million is supporting including sharing information about affiliated groups.

  4. For the purposes of internal record keeping.

  5. To get feedback, views and opinions from individuals to inform our policy and practice.

HOW WE STORE AND SECURE YOUR INFORMATION

Our website is hosted by an external company [Squarespace] and if you sign up to our mailing list via the online form this information is securely transferred to Google Drive where we store all information about our subscribers. We also use Mailchimp for our mailings. All organisations are certified with the Privacy Shield Framework which means they meet the standards in the EU General Data Protection Regulation.

NHS Million will not sell, distribute or lease your personal information to third parties unless we have your permission.

SECURITY

NHS Million is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we secure the information we collect online. Your personal data is held by the NHS Million officers under password protected electronic systems.

LEGAL BASIS

NHS Million is relying on the legal basis of Legitimate Interest under article 5(1)(f) of the General Data Protection Regulation (GDPR) to process your personal information. NHS Million believes it is in the interest of its supporters and of the NHS to provide regular updates on its activities and organise events which further its cause.

LINKS TO OTHER WEBSITES

Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, NHS Million cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

The General Data Protection Regulation and Data Protection Act give you a number of rights, not all of which will be relevant in all circumstances.

Right of access: you can request a copy of the personal information which we hold about you.

Right to rectification: if you think any information we hold about you is inaccurate, you can ask us to correct it.

Right to erasure: you can ask us to delete the information we hold about you.

Right to restrict processing: in certain circumstances you can ask us to restrict how we use your information.

Right to object to processing: you can object to our processing your information where it is for our legitimate interests of gaining feedback and opinions.

Rights to data portability: this only applies to information which you have given to us so you can transfer it to another organisation.

CONTROLLING YOUR PERSONAL INFORMATION

You can choose to restrict the collection or use of your personal information in the following ways:

If you have previously agreed to us using your personal information, you may change your mind at any time by emailing info@nhsmillion.co.uk.

You can request details of personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held on you please email info@nhsmillion.co.uk.

If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

This privacy statement may change, please therefore remember to refer back to this page regularly to review any amendments.

ANY CONCERNS OR COMPLAINTS

Should you have any concerns about how your data is being handled, you can contact the Information Commissioner’s Office, who are the data protection regulator for the UK.

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel. 01625 545 700 or local call 0303 123 1113

www.ico.org.uk

This privacy notice may change, please therefore remember to refer back to this page regularly to review any amendments.