Your data on the forum To protect your privacy, please register using a private email account which others don’t have access to. Your email address and username will be used to set up your forum account. MS Society staff will not have access to your password. We will not use your email address to contact you except about the forum unless you have already registered to receive emails from us. To find out more about how the MS Society use and manage your personal data and your rights, you can see our full Privacy Notice below. You can also update your details or change the way we contact you by emailing supportercare@mssociety.org.uk or calling 0300 500 8084. MS Society privacy notice We respect your privacy as a human right. We promise to respect the personal information you provide us. We don’t want to use your personal information in a way you won’t expect. So this privacy notice explains how we protect your privacy, how we use your information and how you can control how we use your personal information. If you want to change the way we use your data or if you have a question about how we use your personal information, please get in touch by: * email: supportercare@mssociety.org.uk * post: Supporter Care Team, MS Society, 372 Edgware Road, London, NW2 6ND Our Data Protection Officer is Claire Stevenson, Data Governance Manager: * email: datagovernance@mssociety.org.uk * post: Data Protection Officer, MS Society, 372 Edgware Road, London, NW2 6ND Who we are In this policy, whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the MS Society group of companies, that is MS Society, Nominees and Trading. This is the full information about these companies: ### Multiple Sclerosis Society Charity number: 1139257 Company number: 07451571 Company type: Private - Limited by guarantee Office of the Scottish Register Number: SC041990 Registered office: MSNC, 372 Edgware Road, London NW2 6ND ### MSS (Trading) Limited Company number 028935015 Company type: Private - Limited company Registered office: 372 Edgware Road, London NW2 6ND ### MS Society Nominees Limited Company number 03667753 Company type: Private - Limited by guarantee Registered office: 372 Edgware Road, London NW2 6ND ### Our local groups We have around 270 local network groups where volunteers provide support and services to the local MS community. These local network groups are included in the references to ‘We’, ‘Us’ and ‘Our’. How we use your personal information We appreciate you have provided us your personal information and will respect the trust that this represents. There will be times when we will need to use and share your personal data. The law says we must use one of the following reasons to do so: * Contract – your personal information is processed in order to fulfil a contractual or potential contractual arrangement. For example: a grant application. * Consent – where you agree to us using your information. For example to receive certain digital information from us. * Legitimate interest – where we use your data in a way we believe you would expect us to because of our relationship. For example to monitor and improve our services. In each case where we use your data based on our legitimate interests, we carefully balance your rights and expectations to make sure processing is fair to you. * Legal obligation – where there is a statutory or other legal requirement to process and share the information e.g. gift aid returns. Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interest as a reason, we also describe below what we believe these legitimate interests are: ### Our processing about you if you are a supporter: * Handling the administration of your gift or donation when received by cash, cheque, credit/debit card, direct debit, standing order and charity vouchers or our online fundraising partners. Our lawful basis is contractual. * Administer Gift Aid and Gift Aid declaration forms. Our lawful basis is a legal obligation. * Keep you informed of fundraising opportunities. Our lawful basis is a legitimate interest to generate funds to support and facilitate our mission. * Assess your ability for gift giving. Our lawful basis is a legitimate interest to generate funds to support and facilitate our mission. * Provide you with membership services. Our lawful basis is a legitimate interest to support our members. * To keep a record of your relationship with us. Our lawful basis is a legitimate interest to generate funds to support and facilitate our mission, campaigning and provision of appropriate services. * Conduct due diligence and ethical screening. Our lawful basis is a legitimate interest to ensure that individuals who we develop relationships with are of good character and ethics. * Providing you with campaign information and requests on issues that are important to people affected by MS. Our lawful basis is a legitimate interest/ consent* to improve supporter interactions. ### Our processing about you if you use our services and support: * Provide you with the service or information you’ve requested. Our lawful basis is contractual/ legitimate interest, so we can efficiently and effectively deal with your requirements. * Provide you with information about and manage events and conferences. Our lawful basis is consent* (electronic marketing) and legitimate interests (other) to send you direct marketing. * Notify you about enhancements to our support and services. Our lawful basis is consent* (electronic marketing) and legitimate interests (service recipient) in improving beneficiary interaction. * Monitoring, improving and protecting our information, products, services and support. Our lawful basis is legitimate interests in improving beneficiary interactions. * Assess whether you’re eligible or suitable for an individual support or research grant. Our lawful basis is contractual. ### Processing about you if you’re a supplier/ contractor: Managing and monitoring personal, contractual, performance and financial information. Our lawful basis is contractual. ### Processing relating to multiple contact types * To improve our website and the range of services and products we provide. Our lawful basis is consent* (cookies) and legitimate interests (other) in improving our offering. * Understand your perspective and requirements through surveys for you to participate in. Our lawful basis is legitimate interests in improving our offering. * Contact you with appropriate marketing messages. Our lawful basis is consent(When we process any of your information on the basis of your consent you may withdraw this consent at any point) (electronic marketing) and legitimate interests (other marketing) in direct marketing. * To detect, investigate and report a financial crime (eg fraud). Our lawful basis is legal obligations / legitimate interestin efficient and effective use of donated funds. * Set up and manage your account. Our lawful basis is legitimate interest in efficient and effective management of our relationship. * Maintaining network and data security. Our lawful basis is legitimate interest in ensuring the safety and confidentiality of your information. * Responding to your comments or complaints. Our lawful basis is legitimate interest in efficient and effective management of our relationship. * CCTV footage on premises. Our lawful basis is legitimate interests to protect the security of our assets and people. ### Our processing about you if you are a volunteer, employee, contractor or applicant: * Assess your application for an employment or volunteering position. Our lawful basis is contractual (staff) and legitimate interest (volunteers) in efficient and effective processing of your application. * Managing personal records and financial information of volunteers including expenses, emergency contacts. Our lawful basis is legitimate interest in efficient and effective management of our relationship. * Managing personal records and financial information of staff including payroll, PAYE, leave and other terms and benefits associated with contract of employment. Our lawful basis is contractual. * Safeguard our members, volunteers, staff and service recipient. Our lawful basis is legitimate interests and legal obligation to safeguarding. * To pass your details when required over to the Health and Safety Executive (HSE), and where appropriate our insurers and our solicitors should you be involved in an accident or incident while on our premises or when taking part in one of our events or activities. Our lawful basis is lawful obligation (HSE) and legitimate interests in facilitation of our legal interests. * When we process any of your information on the basis of your consent you may withdraw this consent at any point. You can easily withdraw the permissions you have given us, at any time either by using our contact details in this policy or by using the methods we tell you about in our communications e.g. using the ‘unsubscribe’ link on our emails. What personal information we hold about you We only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with: * your name * your contact details But we may request other information where it’s appropriate and relevant, for example: * your bank details * your profession * how you would like us to contact you * age or date of birth, where relevant to your participation in an event or activity * accessibility or medical information where relevant to your participation in an event or activity * details of any accident or incident you may have been involved in while on our premises or while taking part in one of our events or activities ### Special category data We recognise some sensitive ‘special category’ data needs more protection. This includes data on: health, race or ethnicity, political opinions, religion, trade union membership, sexuality, biometric and genetic data. Our processing of special category data includes: * information about your suitability or eligibility for a service – for example: information about your MS or the treatments you receive, to help us provide relevant information or support and tailor our services to meet your needs. Or information about your financial circumstances, in relation to your grant application * accessibility or medical information where relevant to your participation in an event or activity On a voluntary basis, we may invite you to provide additional information about your relationship with MS, quality of life and socio demographic information to help us develop an insight into the MS Community. While we mainly hold and use the information you provide directly to us, we may use other sources of information about you, including data derived from the electoral roll or affluence information, where they are from publicly available sources, or where you have given your permission for your data to be shared or sold. We do this to help ensure we only contact you with appropriate communications or requests for support. We take great care in sourcing this information, but if you prefer us not to then please let us know: * email: supportercare@mssociety.org.uk * phone: 0300 500 8084 Monday to Friday 9am to 5pm * post: Supporter Care Team, MS Society, 372 Edgware Road, London, NW2 6ND Cookies We collect anonymised information about your visits to our websites using cookies. The information is invaluable to us to improve our website and ensure you are shown relevant content. More information about how we use cookies and how you can prevent this can be found in our Cookies Policy. Where you collect your personal information from We collect personal information about you in several ways: * on our website when you support us through making a donation, becoming a member or volunteer, applying for or taking part in, organising or attending a fundraising event, registering to take part in other types of non-fundraising events that we hold, accessing one of our group services, joining a campaign, or pledging a gift in your will. * when you contact our Supporter Care team by mail, phone, email or live chat. * when you contact us about one of our services – for example if you ask us to send you a publication, or speak to one of our staff or volunteers about how we can support you. * when you complete one of our online or paper-based surveys or purchase or order an item from our online shop. * when using our social forums. * when you submit an application for a support or research grant. * when you have used a social media platform to contact us – Facebook, Twitter, LinkedIn, Instagram or Google +. * through our network of local groups. * through an accident and incident form when you have been involved in an accident or incident on one of our premises or when attending one of our events or activities. We may collect your personal information from other organisations and sources. For example, if you take part in an event run by another organisation with which we partner, such as the London Marathon, when you raise funds via JustGiving, Give As You Live or similar websites, or through social media platforms e.g. Facebook, Twitter, LinkedIn, Instagram or Google +. When providing information to us through these channels you should check these companies’ privacy policies and settings to understand how they use your personal information. We always check that third parties and other organisations have consent from you to pass your information on to us. Please note, we don’t collect your personal data on our confidential helpline unless you ask us to. Automated decision making, building profiles and targeting our communications We use in-house profiling to make sure communications are relevant and timely, to target our resources effectively, and to provide an improved experience for our supporters. These activities allow us to understand the background of people who support us and help us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, they enable us to raise more funds, sooner, and more cost-effectively, so we can ultimately stop MS. When building a supporter profile we may analyse geographic, demographic and other information relating to you to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example from Companies House, information published in any type of media including magazines and newspapers, listed directorships or typical earnings in a given area. All this type of profiling is done under our internal processes and procedures that ensure we have a lawful basis to do so. If you don’t want us to carry out this type of profiling then please let us know by contacting our Supporter Care team on 0300 500 8084 or email supportercare@mssociety.org.uk How we use your personal information for marketing and fundraising Like most organisations we rely on marketing to generate donations and funds to help support our work and make sure the MS Community is aware of the services and support we provide. By using the information you provide to us, or that we receive from publicly available sources, we are able to contact you with specific messages that we feel will be appropriate to you. We only use your personal information for electronic marketing and electronic fundraising where you have given us permission to do so or you have provided permission to other organisations to allow us to market to you, for example, through Facebook or JustGiving. Who we share your data with We do not share or sell your data to any other charity or company for their marketing purposes. However, there are some situations where we use trusted suppliers to help us with administration of the services you have asked us to supply to you for example: * IT companies to help us deliver our range of services * mailing houses to despatch our newsletters, appeals and raffles or invitations for our events and fundraising materials. * agencies who handle your donations on our behalf or administer your online conference bookings. * companies who deliver bespoke events for us (e.g. our bespoke overseas challenges) or who organise events in which we purchase charity places (e.g. the London Marathon). * organisations or individuals who work with us to provide services for you – such as providing you with tailored advice or advocacy services, or local services such as exercise classes or complementary therapies. * companies who help us campaign on your behalf, for example to lobby your local MP. * website hosting companies which we use to administer our website content. * a database company who support us in keeping all our records in order. We also use trusted suppliers to help us with marketing: * email service providers to send our emails and manage your marketing permissions. * emailing houses to send out marketing by post. * telemarketing agencies to contact you by phone or SMS. * organisations which help us keep your information accurate and up to date. Some of our suppliers operate outside the European Economic Area (EEA). This requires us to ensure they provide an adequate level of protection in accordance with the GDPR. Under some circumstances we may disclose or share your information without your consent, for example if we are required by the police, the courts, for safeguarding, or for other legal reasons, including: * the sharing of accident and incident information with the Health and Safety Executive, our insurers and our solicitors. * disclosure and Barring Service, Disclosure Scotland, and AccessNI, to inform our assessment of your suitability for a staff or volunteer role, or to report safeguarding concerns. How we keep your personal information safe We take our obligations to keep your personal data safe and secure very seriously. Within the MS Society, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members and our nominated volunteers are only allowed access to your personal data if they have been sufficiently trained in data handling. We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected to prevent it from unauthorised access. All personal data sent to our trusted suppliers is encrypted. In all cases we require these companies to comply strictly with our instructions and they are not allowed to use your information for their own business purposes. We also require these companies to have sufficient organisational and technical measures in place to ensure the security of your data. How long we keep your personal information We keep your personal information in line with our data retention policy which upholds the principle that information should be kept for no longer than necessary. In certain circumstances we have a statutory obligation to keep your personal information for a set period of time (normally six to seven years). This mainly concerns financial information including your donations or Gift Aid contributions. Your information rights We respect the rights you have over the personal information that we hold about you. You have the following rights: ### To withdraw consent If we process any of your information on the basis of your consent you may withdraw this consent. ### For access to your personal information You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply. ### To have your inaccurate personal information corrected You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies. ### To restrict the use of your personal information You have a right to ask us to restrict the processing of some or all of your personal information in the following situations: * if some information we hold on you isn’t right * we’re not lawfully allowed to use it * you need us to retain your information in order for you to establish, exercise or defend a legal claim * or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so. ### To erase your personal information You may ask us to delete some or all of your personal information. ### For your personal information to be portable If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format. ### To object to our use of your personal information If we are processing your personal information based on our legitimate interests or for scientific/historical research or statistics, you have a right to object to our use of your information. If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible and within 28 days. If you want to exercise any of the above rights, please contact Supporter Care by email: supportercare@mssociety.org.uk We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay. Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO). What to do if you have a complaint If you have a complaint please contact our Data Protection Officer by: * writing to: Data Protection Officer, MS Society, 372 Edgware Road, London, NW2 6ND * or sending an email to datagovernance@mssociety.org.uk. If you are not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office. Links to other websites We link our website directly to other sites, including sites that provide information, services, resources and fundraising opportunities that are not directly associated with us. This privacy notice does not cover the links within our site linking to other websites and organisations. We encourage you to read the privacy statements on the other websites you visit. Changes to this privacy notice This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation needed using the contact details in this policy. We keep our privacy notice under regular review. Updates to this policy will be published to our website and we will notify individuals subscribed to our marketing and service email lists of major changes be email. This privacy notice was last updated on: 21 May 2018.