ROSETTA LIFE PRIVACY & DATA PROTECTION STATEMENT
Last updated Friday 6 June 2018
ROSETTA LIFE offers those living with life-limiting conditions the creative means to explore personal narratives of illness and convey these live, digitally or through public screenings to an audience of their choice.
Rosetta Life is a registered charity and limited company and is funded by trusts, foundations, individual donors and supporters. Our registered Charity Number in England and Wales is 1090851 and our Company Registration Number is 3735375.
Using personal information allows us to deliver our creative health initiatives and provide you with relevant information about the work that we do. As a registered charity, it also helps us to engage with potential donors and supporters.
At Rosetta Life we are committed to protecting your personal information and being transparent about what information we hold about you. WWW.ROSETTALIFE.ORG, WWW.STROKEODYSSEYS.ORG AND WWW.DREAMADIFFERENCE.ART are owned and managed by Rosetta Life. When you use these websites you are agreeing to the terms set out below
WHY DO WE HAVE THIS POLICY?
The purpose of this policy is to give you a clear explanation of how we collect the information from you directly and how we use it.
We use your information in accordance with all applicable laws concerning the protection of personal information, and we never sell your data to any third parties.
This policy explains:
- What information we collect about you
- How we may use that information
- In what situations we may be required to disclose your details to third parties
- Information about how we keep your personal information secure, for how long we maintain it and your rights to be able to access it.
If you have any queries about this policy, please contact the Data Protection Officer at Rosetta Life at firstname.lastname@example.org
We collect various types of information in a number of ways:
Information you give us
For example, when you participate or volunteer in one of our projects, when yoy make enquiries via email, or make a donation, we’ll store personal information you give us such as your name, email address, postal address, telephone number and bank information, where relevant. We will also store a record of your payments and donations, if applicable.
Information about your interactions with us
For example, when you visit our websites, we collect information about how you interact with our content and pages. When we send you a mailing we store a record of this, and in the case of emails containing our newsletter, we keep a record of which ones you have opened and which links you have clicked on.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not collect this type of information about our participants unless there is a clear reason for doing so. As an example, we collect health information about participants in our Rosetta Life Stroke Odysseys Project.
WHY WE USE YOUR DATA – LEGAL BASIS
There are four bases under which we may process your data:
When you join or attend one of our projects, or make a donation to us, you are entering into a contract with us. In order to perform this contract, we need to process and store your data. For example, we may need to contact you by email or telephone to organise participation in our projects, or in the case of problems with your payment.
Legitimate Business Interests
In certain situations, we collect and process your personal information for purposes that are in our legitimate organisational interests. However, we take care that the way we use your personal data ensures it does not override your personal interests. We describe below all situations where we may use this basis for processing.
With Your Explicit Consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
In some cases, the processing of your personal information is necessary for us to comply with the law during the delivery of our projects. This might include emergency contact, background checks, and health and medical information.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have participated in in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first interaction with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We send notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please get in touch. If you change your mind about being contacted in the future, please click on the opt out options included in emails and we will remove you from our mailing lists.
We may also contact you about our work by telephone, however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your participation in various projects (see above).
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
- We may analyse data we hold about you to ensure that the content and timing of communications that we send you remain relevant.
- We may analyse data we hold about you in order to identify and prevent fraud.
- We may analyse information we hold about you in order to improve our website and the content and pages with which you interact.
- We may analyse information we hold about you for the execution of background checks or for employment/volunteering opportunities.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedom.
You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit – such as participation in a project or specific activity.
While we will never sell your personal data, there are certain circumstances under which we may disclose your personal information to third parties. These are as follows.
To our own service providers who process data on our behalf and on our instructions. In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
To specific named visiting companies and artists whose performances you have attended. In these cases, we will always ask for your explicit consent before doing so.
YOUR RIGHTS TO PERSONAL INFORMATION
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
We optionally allow you to store your bank, PayPal, or card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
Maintaining your personal information
We store your personal information indefinitely so that we are able to link any subsequent donations or payments back to a single unique record, which we will hold for you on our system. Additionally, for the delivery of some projects , we are required to hold information on your participation for 7 years after your involvement, or 7 years after your age 18 birthday for participants of programmes who are minors.
If there are aspects of your record that are inaccurate or that you would like to remove, you can use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security of Your Personal Information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
Consent. If you wish to subscribe to our marketing communications, we will use your name and email address to send communications to you. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may elect to stop receiving our marketing emails by following the unsubscribe instructions included in such emails.
Access to information. You have the right to access information held about you.
Right to deletion, rectification and data export. We permit you to delete, rectify and export information you have provided to us, subject to the conditions of our legal obligations.
Retention. We retain personal data for as long as we provide services to you or where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, announce upcoming events you may be interested in, or fulfil your request to “unsubscribe” from further messages from us. If none of these obligations apply we will delete Personal Data within 12 months of your participation ending.
Right to your personal words and images. We will always ask for consent from you to publish still and moving images of your likeness, audio recordings of your voice, and printed quotations of what you say. Our consent forms are designed to give you total control of how we can use this data, and we will always abide by your preferences. As with all consent-based items, you may withdraw your consent at any time by contacting us via the information below.
Cookies are pieces of information that a website can transfer to an individual’s computer hard drive for record keeping. Cookies can make websites easier to use by storing information about your preferences on a particular website. The information remains on your computer after the internet session finishes but you can delete them using some browsers, manually or using system utilities. Most internet browsers are pre-set to accept cookies.
User preferences cookies
Our web publishing software saves a cookie on your computer to remember if you prefer us to save your details when you use the comment form or not. This gives you the option to make new comments without re-entering your details each time.
How to turn cookies off
If you would like to turn off cookies, you can usually do this using your web browser. Click the Help menu in your browser to find out how. Remember that cookies can be essential to the functionality of some websites (e.g online shops and services which you log in to) so make sure you are aware how your favourite websites are using cookies before turning them off for these sites.
Contact Details and Further Information
3 Brook End