We take your privacy very seriously. This policy sets out all the steps we take to safeguard your information, how we collect it and how we use it.
1. Who we are
- Moorfields Eye Charity is the main fundraising and grant making charity for Moorfields Eye Hospital and the UCL Institute of Ophthalmology. We provide targeted funds, above and beyond the responsibility of the NHS, to research cures and find treatments for our patients and millions of people affected by eye disease in the UK and around the world.
- Moorfields Eye Charity is a registered charity in England and Wales (1140697), and is registered as a company in England & Wales (7543237) with the registered address 162 City Road, London, EC1V 2PD.
- References to “we” and “us” in this policy refer to Moorfields Eye Charity.
- Moorfields Eye Charity is a data controller of your personal data.
2. Data protection and your privacy
- Moorfields Eye Charity is committed to providing our supporters and stakeholders with the very best stakeholder care. We aim to ensure that we protect your privacy, do not do anything which you wouldn’t reasonably expect with your personal data, and that you are informed about how we use your personal data.
- Under General Data Protection Regulation (GDPR), Moorfields Eye Charity has a legal duty to protect any personal information it collects from you. We aim to put in place measures to protect your data, and to manage any information you share with us in line with data protection laws.
- The site is a UK-based website and we will therefore comply with the requirements of GDPR relating to the personal information you supply on the site.
- Please read this policy carefully, and any other documents referred to in this policy, to understand how we collect, use and store your personal information.
3. Types of personal data we collect
- The site provides various services which include, but are not limited to, providing information on and encouraging participation in Moorfields Eye Charity’s activities.
- The information we gather (‘information’) may include the name and address of registered users, their credit or debit card number and expiry date, email address and telephone number. We may also gather records of any correspondence we have with you.
- Moorfields Eye Charity captures and stores personal information about an individual who accesses the website where he or she voluntarily chooses to give Moorfields Eye Charity personal information via email, or by using an electronic form on the website, or by enquiring about any of Moorfields Eye Charity’s services or activities.
- We may also collect other personal data from your use of the site, such as your IP address and access times.
4. How we use your data
- In simple terms, your personal data may be used to help us effectively carry out our charitable activities.
- We will use the information you submit to us to process any donation you make, or to provide you with any other information or service you have requested from us.
- When consent is granted to do so, or where we have legitimate interest, we may use the information you submit to the site to notify you by email (with consent only) and post about the activities and services of Moorfields Eye Charity, and how you can support them.
- We may also use your information for analysis and market research purposes to help inform us what appeals and activities are working well.
- We may also use your information for supporter profiling purposes to help inform our legacy programme and fundraising strategy. Charitable fundraising is very important to our work. We may use your data to create a profile of your interests and preferences, and to analyse your ability to provide financial support, so that our communications to you are as appropriate and cost effective as possible. If you wish to opt out of your data being used for these purposes, please contact us on email@example.com or 020 7521 2565.
- We may also use your information to keep a record of our relationship with you, notify you about changes to our service and comply with applicable laws and regulations and requests from statutory agencies.
- We may offer you the opportunity to sign up to a mailing list and/or newsletter, to participate in a survey or a competition, or to receive information by email about any other products and services which we provide. If you sign up for any of these and subsequently change your mind, you may opt out by notifying our supporter care team on firstname.lastname@example.org or 020 7521 2565.
5. Opting out
- Where you have provided your details to us, we may contact you by post and phone for certain marketing and fundraising activities. You can opt out of this activity at any time by contacting us on email@example.com or 020 7521 2565.
6. What legal bases do we rely upon to process your data
The legal bases that we rely on for processing your personal data are:
1. You have provided your consent to us using your personal data for a specific purpose.
- We will ask for your consent to use your personal data to send you marketing emails and SMS.
- You always have the right to withdraw your consent at any time.
2. It is necessary in connection with the performance of a contract with you.
- Sometimes it is necessary to process your personal data so that we can enter into contractual relationships with you. For example, if you donate to us, we will require your personal data to enable us to perform this.
3. It is necessary for compliance with a legal obligation to which we are subject.
- This would include where we have to retain certain records, for example, to manage health and safety, for the detection and prevention of crime, safeguarding obligations, for maintaining suppression lists to ensure we comply with marketing laws, for tax reasons (such as those related to gift aid donations) and undertaking due diligence before accepting certain donations or entering into certain relationships.
4. It is within our legitimate interests.
Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate interests or a third party’s legitimate interests (as long as the processing is fair, balanced and does not unduly impact individuals’ rights).
We will rely on this ground to process your personal data when it is not practical or appropriate to ask for your consent, and where we are confident that this will not unduly impact your rights.
Our legitimate interests include raising funds for activities to support our charitable objectives, including helping Moorfields Eye Hospital to provide the best possible care for its patients, investing in state-of-the-art equipment, educating the researchers and clinicians of tomorrow, and funding research to find better and more effective treatments for blinding diseases.
We also have a legitimate interest in publicity and income generation, campaigning and fundraising in order to support these objectives and undertaking due diligence to establish the provenance of donations that are made, or may be made, to us.
We will also rely on our legitimate interests for the proper administration of the charity, and to manage our operations (for example, maintaining appropriate records and databases, for the detection and prevention of crime and safeguarding all those who access our premises and facilities).
When we process your personal data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We will not use your personal data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
7. Data storage and security
- When you submit your information to us on the site, we take steps to ensure that your information is treated securely. Unfortunately, it is not possible to guarantee the total security of any data transmitted over the internet. While we strive to protect your information, Moorfields Eye Charity cannot ensure or warrant the security of any information you transmit to us and you therefore do this at your own risk. Once we receive your transmission, we take reasonable steps to ensure its security on our systems, but we take no responsibility for any unauthorised access or loss of personal information that is beyond our control.
- Please remember that other methods of internet communication, such as emails and messages sent via a website, may not be secure unless they are encrypted.
- Your information is only accessible by staff, volunteers and contractors who are bound by appropriate policies and procedures to protect your information.
8. Data retention
- Moorfields Eye Charity is committed to ensuring that its approach to data retention complies with legislation and aligns with best practice in the industry.
- The personal data that we hold will be destroyed or erased from our systems when it is no longer needed for the purposes for which it was collected. The amount of time may depend on the reason for which we are processing the data and the type of data being processed.
- In line with our Data Retention Policy, which is available on request, the Charity will retain certain personal data as considered necessary to support the ongoing fundraising, grant making and operational activities of the charity.
9. Data sharing
- We care about your details and we will never sell your contact details for marketing purposes.
- We will not sell, distribute or disclose your information without your consent, unless we believe in good faith that the law requires it or we have another clear legal basis to do so.
- If you have subscribed to any of our e-communications or e-newsletters, we will not sell or rent this contact information to anyone.
- Whilst we may allow our staff, consultants and/or external service providers acting on our behalf to access and use your personal data for the activities we have described in this policy (eg. to provide services or products to you, deliver mailings, to analyse data and to process payments), we only permit them to use it to deliver the relevant information, goods or services, and only if they apply an appropriate level of security protection.
- We may need to disclose your personal data upon request to regulatory and government bodies as well as law enforcement agencies. We may also merge or partner with other organisations and in so doing, acquire or transfer personal data but your personal data would continue to be used for the purposes set out above.
- The personal data we collect from you may be transferred to, shared and/or otherwise processed by organisations or companies outside the European Economic Area (“EEA”). Where your personal data is transferred outside the EEA, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data (for example, by entering into EU Commission approved standard contractual clauses).
10. Your data protection rights
- We have a Data Protection Policy (DPP) in place, detailing the ways in which the charity may process your data and how you can manage this. Our DPP can be viewed below and information on how we process data is available on request.
- If there are significant updates to this policy, and if reasonably practicable we will notify you of this.
12. What to do if you aren’t happy
- You are also entitled to make a complaint to the Information Commissioner’s Office (ICO). For further information see the ICO’s guidance below.