At Autistic Minds, we treat privacy and confidentiality very seriously.
As a charity we have with ongoing relationships with fundraisers, volunteers, supporters and service users. We use personal information on a day to day basis in order to fulfil our mission to create services and opportunities for the autistic community to build a better future for themselves.
Our use of personal information allows us to make better decisions, fundraise more efficiently and, ultimately, helps us to achieve our vision of a society where autistic adults have equal access to opportunities, support and services, and form an integral part of their communities.
We have developed this privacy notice in order to be as transparent as possible about the personal information we collect and use.
We comply with all aspects of the UK’s data protection legislative framework, which includes the European General Data Protection Regulation (GDPR) and the UK’s own legislation, including the Data Protection Act 2018
Please ensure you read this notice carefully and contact us if you have any questions or concerns about our privacy practices.
Who we are?
We have a dedicated Data Protection Officer (DPO) to ensure appropriate oversight of our data processing activities. The Data Protections Officer can be contacted by telephone on 01443 844764 or by email at [email protected] and can provide any clarity that you may need about this privacy notice.
What this Notice Covers?
The UK-GDPR and Data Protection Act 2018, (DPA 2018) requires Autistic Minds as data controller for your data to detail:
- how we collect your personal information
• the personal information that we collect and use
• the lawful bases we rely on to collect and use personal information, which is why we collect and use personal information
• sharing your personal information
• when we transfer personal information outside the EEA
• how long we keep information
• how we ensure personal information is secure; and
• your privacy rights
You should ensure that you read this general privacy notice alongside any specific privacy notice we may issue to you, from time to time, in relation to your information.
How we collect information
We collect information in the following ways:
- You may give us your information in order to complete a contact form, to sign up for one of our events or sign up for a newsletter, make a donation, purchase our products, register as a volunteer for us, use one of our services or otherwise communicate with us for support or guidance.
- When you use our website, we collect your personal information using “cookies” and other tracking methods.
- In addition, in accordance with common website practice, we will receive information about the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will usually have more details about what information your device makes available to us.
If you wish to give us personal information about another person, please speak to us to ensure that you are legally entitled to give us the information and for advice on informing that person.
Your information may be shared with us by third parties, for example:
- professional fundraising agencies;
• independent event organisers, for example the London Marathon or fundraising sites like Just Giving or Virgin Money Giving;
• if you sign up as a volunteer for us through an external volunteering website;
• if your information is shared with us by one of external partners
We also may receive data about you from suppliers acting on our behalf who provide us with technical, payment or delivery services, and from business partners, advertising networks and search/analytics providers used on our website.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from these services, for example when you publicly tag us in an event photo.
Information available publicly
We may share information on our supporters with information from publicly available sources such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies House in order to create a fuller understanding of your reason for supporting us. For more information, please see our section on “Building profiles of supporters” below.
Categories of Personal Information that we hold
The personal information that we collect includes:
- your name
• your contact details (including postal address if provided, telephone number, e-mail address and/or social media identity)
• your date of birth
• your gender
• your bank or credit card details where you provide these to make a payment
• if you volunteer for us or apply for a job with us, information necessary for us to process these applications and assess your suitability (which may include things like employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have)
• information about your activities on our website(s) and about the device you use to access these, for instance your IP address and geographical location
information about events, activities and products which you have shown an interest in
• information relating to your health (for example if you are taking part in or attending an event for health and safety purposes.
• information you may choose to share with us about your experience of autism
• information as to whether you are a taxpayer to enable us to claim Gift Aid
• age, sexual orientation, disability and nationality and ethnicity information for monitoring purposes; and
• any other personal information you provide to us
Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive. Examples of this type of data include information about health, race, religious beliefs, political views, trade union membership, sex life or sexuality and genetic/biometric information.
We only collect this type of information about you if there is a clear reason for us to do so or where you make it public or volunteer it to us. Wherever it is practical for us to do so, we will make why we are collecting this type of information clear and what it will be used for.
The Personal Data of Children and Vulnerable Adults
We are very careful when we collect personal information about children under the age of 13 and vulnerable adults.
Where we are collecting personal information about children under the age of 13, we provide a privacy notice to their parents or guardians for approval, and where necessary consent.
If you have any concerns please raise these with our Data Protection Officer.
The lawful basis for processing personal information
The UK-GDPR and DPA 2018 require that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).
The lawful basis for processing your personal data is contained within Article 6 of the UK-GDPR which states:
Processing shall be lawful only if and to the extent that at least one of the following applies:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which the controller is subject;
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Sending marketing communications
Our marketing communications include information about our work, campaigns and requests for donations or other support. Occasionally, we may include information from partner organisations or organisations who support us in these communications.
We operate an ‘opt-in only’ communication policy [for electronic communications]. This means that, except as set out below, we will only send electronic marketing communications to those that have explicitly stated that they are happy for us to do so.
We may use information you have given us directly, for example the record of your previous donations to and/or relationship with us, your location and demographics, as well as the type of activity you have been involved with, to tailor our communications with you about future activities.
Events and fundraising
When you have asked for details of one of our events, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
Where you have signed up for an event with a third party (for example the London Marathon) and told the event organiser that you wish to fundraise for us, we may contact you with information and support for your fundraising for that event.
Managing your contact preferences
We make it easy for you to tell us how you want us to communicate, in a way that suits you.
Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine, and you can change your preferences at any time. Just let us know when you provide your data or contact us by email on [email protected] or phone on 01443 844764 to unsubscribe
If you’ve decided you don’t want to be contacted for marketing purposes, we may still need to contact you for administrative purposes. This may include where we are processing a donation you’ve made and any related Gift Aid, thanking you for a donation or participation in an event, or keeping in touch with you about volunteering activities you are doing for us.
Building profiles of supporters
Our work is only made possible thanks to the generosity of our supporters – so it’s vital that our fundraising efforts are as effective as they can be. By developing a better understanding of our supporters through researching them using publicly available sources, we can tailor and target our fundraising events and communications (including volunteering opportunities) to those most likely to be interested in them. This allows us to be more efficient and cost-effective with our resources, and also reduces the risk of someone receiving information that they might find irrelevant, intrusive or even distressing.
After taking a supporter’s communications preferences into account, we use information we hold on them to research their potential to make donations. We may collect additional details relating to their employment and any philanthropic activity. We may also estimate their gift capacity, based on their visible assets, history of charitable giving and how connected they are to us.
We use existing data from our own database and combine this with information from publicly available sources such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies House in order to create a fuller understanding of that supporter. We only use publically available reputable sources. We avoid any data that we believe has not been lawfully or ethically obtained. We’re committed to putting you in control of your data and you’re free at any time to opt out from this activity.
Sharing your personal information
A number of third parties may have access to your personal information or we may share or send it to them. This includes:
- business partners, suppliers and sub-contractors who may process information on our behalf;
- if you are a legacy giver, we may share information with co-beneficiaries;
- marketing agencies that we use
- analytics and search engine providers
- our professional advisers
- IT service providers.
We may also be required to share personal information with regulatory authorities, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
We do not sell, rent or otherwise make personal information commercially available to any third party.
We reserve the right to disclose your personal information to third parties:
• If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets; and/or
• if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets.
Transfers Outside the European Economic Area (EEA)
We do not send personal data outside the EEA. None of the service providers we use to help us run our businesses are based outside of the EEA.
Keeping your information updated
We really appreciate it if you let us know if your contact details change, but to ensure that the information we have is as up to date and accurate as possible, we may use information from external sources such as the post office national change of address database and/or the public electoral roll to identify when we think you have changed address so that we can update our records and stay in touch. We only use sources where we are confident that you’ve been informed of how your information may be shared and used.
We do this so we can continue to contact you where you have chosen to receive marketing messages from us and contact you if we need to make you aware of changes to our terms or assist you with problems with donations.
This activity also prevents us from having duplicate records and out of date preferences, so that we don’t contact you when you’ve asked us not to.
How long we keep personal information
Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our ability to defend legal claims, our legitimate business interests, best practice and our current technical capabilities. We have developed a Data Retention Policy that captures this information. We delete or destroy personal information securely in accordance with the Data Retention Policy.
How we ensure personal information is secure
We are strongly committed to information security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption and pseudonymisation.
Your privacy rights
You have a number of rights in relation to your personal data. Not all of the rights apply in all circumstances. If you wish to exercise any of the rights, please contact us in the ways detailed below:
- You have a right of access to the personal information we hold about you
- You have the right to ask us to correct any information we hold about you that you think is wrong or incomplete
- You have the right to object to any processing of your personal information where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop. There may, however, be legal or other legitimate reasons why we need to keep or use your information. If this is the case, we will consider your request and explain why we cannot comply with it. You can ask us to restrict the use of your personal information while we are considering your request.
- You have the right to object if we process your personal data for the purposes of direct marketing. If you no longer want to receive communications from us, please contact us. We will stop sending you communications, but will continue to keep a record of you and your request not to hear from us. If we deleted all of your information from our direct marketing databases, we would have no record of the fact that you have asked us not to communicate with you and it is possible that you may start receiving communications from us at some point in the future, if we obtain your details from a different source.
- You have the right to ask us to delete your information. This is also known as the right to be forgotten or to erasure. We will not always agree to do this in every case as there may be legal or other legitimate reasons why we need to keep or use your information. If this is the case, we will consider your request and explain why we cannot comply with it. You can ask us to restrict the use of your personal information while we are considering your request.
- Where our processing of your personal information is based on your consent, you have the right to withdraw it at any time. Please contact us if you want to do so.
- You may have a right to obtain the personal information that you have given us in a format that be easily re-used and to ask us to pass this personal information on in the same format to other organisations. Please contact us to find out if this right applies to you.
How to Complain
Please let us know if you are unhappy with how we have used your personal information. You can contact us the following ways:
Email us on [email protected] or call us on 01443 844764.
You also have the right to complain to the Information Commissioner’s Office. Find out how to report a concernhere.
Changes to this Privacy Notice
This privacy notice was last updated on 23rd August 2021. We keep this privacy notice under regular review and may change it from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We would encourage you to check this privacy notice for any changes on a regular basis.