NMC Midlands Ltd (working names MD Support Centre and / or Muscular Dystrophy Support Centre) is a multidisciplinary Centre and ‘not for profit’ Charity offering specialised physical therapies and support to people (18+) who live in the UK and have a progressive muscle wasting neuromuscular condition.
Healthcare professionals within the Charity provide specialised therapies and support to those with such conditions (service users). This may also include charity staff engaging with formally identified carers. In addition, the charity encourages volunteer and fundraising activities etc. and therefore staff team members may additionally engage with supporters of the charity. These activities require the charity to keep certain information (personal data) about its service users, any formally identified carers and those supporters who volunteer, this to ensure the charity can carry out its day to day operations, to meet its objectives and to comply with any legal obligations.
Personal information also needs to be held about its own staff and to a lesser degree those agency staff with whom it interacts and who may provide additional services. (Separate staff Data Protection & GDPR Policy)
Historically NMC Midlands Ltd has ensured any personal data was dealt with in line with the Data Protection Act 1998.
From 25th May 2018, a new EU Law, the General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998.
After the UK exists the EU, the GDPR will be enshrined in EU law through a new UK Government Bill, leading to a new UK Data Protection Act.
This Public GDPR Policy provides important detail as to how NMC Midlands Ltd will comply with the new EU Law, the GDPR, in relation specifically to service users, carers and supporters’ personal data.
The General Data Protection Regulation (GDPR) – Two main parts:
- A series of rights for the individual
- A set of principles for how organisations should process individuals’ personal data
The two main parts of GDPR will ensure individuals have rights related to their personal data and how it is used by organisations and to ensure these individual rights are maintained, the GDPR lays out an explicit set of data processing principles that organisations must comply with when processing individuals’ personal data.
You can find out more about GDPR from numerous agencies on the internet and a useful resource relating to UK data protection is the Information Commissioners Office (ICO) – website www.ico.org.uk
With respect to YOUR information, and to comply with GDPR, NMC Midlands Ltd promises to respect any personal data you share with us, or that we obtain from other organisations, and to keep it safe and secure. We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect.
- Your personal data and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
Service users and formally identified carers
We collect data from you in order to provide you with such services as physiotherapy, osteopathy, complementary therapies and any other support services. We will never share your personal information or medical records without your consent, except in the unlikely case of a medical emergency or incident. On occasion our therapists will share information about you with other healthcare professionals on your behalf and only with your knowledge and prior consent, such as sharing information about your physiotherapy plan with your Consultant or GP.
Information collected about your condition may sometimes be used for collective data analysis, for example in order to improve our knowledge or demonstrate the impact of our services, and findings may be shared or published. Data used in this way will always be anonymised and no individual will be identifiable from its presentation.
With regard specifically to personal healthcare related data and medical records NMC Midlands Ltd adheres to ‘The Common Law Duty of Confidentiality’ and the Caldicott Principles. Principles followed to ensure that information that can identify a patient is protected and only used when it is absolutely appropriate to do so.
You can find out more about the Caldicott Principles via www.gov.uk and search for – ‘Caldicott Review: Information Governance in the Health and Care System’
NMC Midlands also complies with GDPR Article 9 – ‘Special Category Data’ in relationship to healthcare records. The handling and protection of such information comes under the category of more sensitive data.
If you support us, for example you make a donation, volunteer, hold an event for us, register to fundraise, sign up for an event or buy something from us, we will usually collect:
- Your name
- Your contact details
- Your debit/credit card or bank details if making a payment by card or by standing order/direct debit
In certain circumstances where it is appropriate, we may ask for:
- Information relating to your health (for example if you are taking part in a high risk or sporting event).
- Your date of birth (if it is relevant to taking part in a high risk or sporting event)
- Your reason for supporting us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.
We will use your data to:
- Provide you with the services, products or information you asked for.
- Administer your donation or support your fundraising, including processing gift aid where applicable.
- Keep a record of your relationship with us.
- Manage your marketing preferences.
- Understand how we can improve our services, products or information.
Whatever your involvement or interest, we aim to be as tailored as we can in our communications to you. We also want to speak to you in the way you’d prefer – whether this be by email, on the phone or in writing. To help us do this, we will sometimes analyse things like what you are interested in and where you live to help us engage with you in a meaningful way. This is important because it means we will endeavour to only provide you with information based on what you have shared with us about your interests.
With your consent, we will contact you with recent news and updates, to let you know about the progress we are making. Additionally, but only in keeping with your prior consent and related preferences, we may contact to ask for financial and non-financial support. We make it easy for you to tell us how you want us to communicate, in a way that suits you. We will always include information on how to unsubscribe or request no contact (Opt-Out) from us if you have previously Opted In. If you decide you don’t want to hear from us or no longer want to hear from us even though you did previously, that’s not a problem, please just get in touch to let us know and we will make sure your wishes are followed.
We do not and never have sold or shared personal details with third parties for the purposes of marketing. But, if you attend an event run in partnership with another named organisation, i.e. a skydive or a sporting event run by a third party, your details may need to be shared with the organisation involved in running that event. We will be clear what will happen to your data in this circumstance when you register for such an event.
- Where we collect information (personal data) about you from
We collect information in the following ways:
NOTE: As a service user or formally identified carer, healthcare related information will be handled as outlined previously in this document. The detail below may additionally apply to other personal data related to ‘supporter’ interests.
WHEN YOU GIVE IT TO US – DIRECTLY.
As a supporter you may give us your information in order to receive our publications or newsletter, sign up for one of our events, tell us your story, make a donation, purchase a product from us or communicate with us. We will give you the opportunity to Opt In to receiving marketing and fundraising information from us.
Such information will also be offered if you register as a service user or formally identified carer and the same Opt In policy will apply.
WHEN YOU GIVE IT TO US – INDIRECTLY.
WHEN YOU GIVE PERMISSION TO OTHER ORGANISATIONS TO SHARE IT.
Depending on your media IT settings or the privacy policies for social media and messaging services like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
You may also provide permission for third party organisations to share your data with other third parties, including charities. You may do this when you buy a product or service, register with a website that runs competitions or register with a comparison site.
The information we get from those services depends on your settings or the responses you give, so you should regularly check them.
WHEN WE COLLECT IT AS YOU USE OUR WEBSITES OR APPS.
Like most websites, we use ‘cookies’ to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The website uses a cookie for Google Analytics. It does not capture or store personal information, but merely logs the user’s IP address which is automatically recognised by the web server. This is used to record the number of visitors to our site and volumes of usage.
(For more information about Google Analytics visit the Google Analytics website).
If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings on your browser. However, this may affect the functionality of the website.
- How we keep your data safe and who has access
We ensure that there are appropriate technical controls in place to protect your personal details.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff with a legitimate interest for access and those registered professionals / 3rd parties for whom you have provided explicit and informed consent.
We use software provided by external companies to store or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and, put a contract in place that sets out our expectations and requirements.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
- Keeping your information up to date Where possible we will keep your records up to date. We really appreciate it if you let us know if any of your contact details change.
- Your right to know what we know about you, make changes or ask us to stop using your data.
You have a right to ask us to stop processing your personal data. If it’s not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event) we will do so.
Speak to us in person, contact us 02476 101711 or email firstname.lastname@example.org if you have any questions or concerns.
You have a right to ask for a copy of the information we hold about you. If you spot any mistakes, please let us know and we will correct them.
If you want to access your information, send a description of the information you want to see and proof of your identity by post to MD Support Centre, Hereward College Campus, Bramston Crescent, Tile Hill Lane, Coventry CV4 9SW. We do not accept these requests by email for security reasons.
We will acknowledge your requirement on receipt of the formal request and appropriate verification of identity, and will then provide this information within 30 days, free of charge, provided the request is not complex or numerous in content.
In circumstances where the request is complex or numerous, this may merit a further 2 months before the information is provided and may necessitate an administrative fee. We will advise in advance under such circumstances. In exceptional circumstances where exemptions may apply we will reply appropriately and in compliance with GDPR.
You also have the right for any personal data we hold and for which previous consent has been given, to be erased. Such a request can be in writing or given verbally. We will act on your request within one month and in compliance with GDPR.
- Changes to this policy
If you have any questions or concerns about any aspect of this policy, you can contact us on 02476 101711 or email email@example.com