Held In Our Hearts’ Privacy Policy

We understand that your privacy is important and that you care about how your personal data is held and used. We are committed to protecting and respecting your privacy and letting you know how we hold and use your personal information. We may change this Policy from time to time so please check this page to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy. References to “we”, “us” or “our” in this privacy statement are references to Held In Our Hearts, a charity registered in Scotland under charity number SCO24375 and a company limited by guarantee and registered in Scotland under company number SC374997. This statement relates to the various contact types associated with Held In Our Hearts, including families, supporters and healthcare practitioners and how we will process your personal data. Any questions regarding this Policy and our privacy practices should be sent by email to info@heldinourhearts.org.uk or by writing to Held In Our Hearts, Craiglockhart Leisure Centre, 177 Colinton Road, Edinburgh, EH14 1BZ. Alternatively, you can telephone on 0131 622 6263.
  1. What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
  1. What are my rights?

Under the Data Protection Legislation you have the following rights, which we will always work to uphold:
  • The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 9.
  • The right to access the personal data we hold about you. Part 9 will tell you how to do this.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 9 to find out more.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 9 to find out more.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
  • For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 9.   It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 9.
    1. What type of information is collected from you?

    When you make contact with us for access to our services, making a donation, registering for an event, requesting training or for more general communication enquiries, we may ask for personal information. If you interact with us online whether that is making a donation, ordering a product from our shop or browsing our website, we also collect personal data. The personal data collected may include:
    • Your name, e-mail address, telephone numbers, work/home address etc);
    • Details of contact that we have had with you regarding accessing our support services
    • Details about your loss
    • Our correspondence and communications with you
    • Information about any complaints and enquiries you make to us
    • Information we receive from other sources
    • Your IP address and information regarding what pages are accessed and when
    • Your bank details for regular donations and information for Gift Aid declarations
    Please note that if you make a donation online or purchase a product from us on our website or donate on a third party site like JustGiving, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
    1. Use of ‘cookies’

    Like many other websites, the Held In Our Hearts website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service. It is possible to switch off cookies by setting your browser preferences.  Turning cookies off may result in a loss of functionality when using our website. Main Cookies used on our site: Google Consent – CONSENT (Google consent management) Google Analytics – _ga (user tracking) Facebook  – act, c_user, datr, fr, presence, sb, spin, wd, xs (third party cookies from Facebook video) These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information anonymously. This includes: the number of visitors to the site, where visitors have come to the site from, and the pages they visited. For more information on Google Analytic’s privacy policy visit here: – http://www.google.com/analytics/learn/privacy.html
    1. How is your information used?

    We may use your information to:
    • Provide bereavement support services
    • Process a donation that you have made
    • Process a Gift Aid declaration
    • Process a web order you have submitted
    • Contact you about an event or fundraising activity you have registered to do
    • Deal with entries into a competition on social media
    • Seek your views or comments on our support services with your explicit, written consent
    • Use case studies or testimonials for grant applications/reports, social media, media and marketing materials but only with your explicit, written consent
    • Notify you of any changes to our services (such as support group meeting changes)
    • Send you e marketing communications which you have consented to and these may include information about events, activities and other fundraising activities
    • Send you communications by post with information about our events and activities
    • Process a grant or job application
    We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
    1. Legal bases for processing your personal data

    In accordance with the General Data Protection Regulation that came into effect in May 2018, we use the following legal bases to process your personal information:
    • Consent – the data subject has given their consent to the processing for one or more purpose. We ask you to give your clear consent to opt in to receive our e-marketing communications about our charity’s fundraising events and activities, in accordance with the new e-Privacy Regulation.
    • Legal obligations – that the data controller is subject to. We are legally obligated to process and hold financial records for tax purposes and in the event of any necessary audit. We also need to process personal information in relation to Gift Aid claims with the HMRC.
    • Legitimate interest: this can be used where the processing is necessary for the purposes of the legitimate interests pursued by an organisation, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects which requires protection of personal data; a lawful and fair balance must be struck. We use this when processing special categories of personal data that are related to your health, in order for us to be able to provide bereavement support services to you.
    • Legitimate interest: we use this to process your personal data if you are doing a fundraising event for us or you have requested a product or service from us or if you have accessed our service and we wanted to share news by post.
    • Contract: Processing is necessary for the performance of/or to enter into a contract. We use this legal basis to process any personal data necessary to ensure contractual obligations for any product or service that we are providing to you.
    • Vital interests: of the data subject or other person. This basis for processing your personal information would only be used in the event that there was a risk of immediate of immediate harm to you or potential harm to other people.
    1. Who has access to your information?

    All personal data that we have is secured safely and we have a database that is password protected. Any paper records are locked and secure at all times. Staff are given regular GDPR training and all new staff members are inducted in how to ensure the safe processing of personal data. We will not share your information with third parties for marketing purposes but if you register for an event to fundraise for us, that is organised by a third party, your details will need to be shared. We will make this clear at the time of registration. Third-Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send you mailings). However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the company for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. When you are using our secure store pages, your payments are processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details in Part 9. We may transfer your personal information if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
    1. Your choices

    You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct e-marketing communications about our charity’s news and events any more, then you can opt our here – https://heldinourhearts.us11.list-manage.com/unsubscribe?u=ccd74eddeed9f9ca0bdd35552&id=4c78b3c40f Alternatively you can email us on info@heldinourhearts.org.uk or call 0131 622 6263. We will not contact you for marketing purposes by email, phone or post unless you have given your prior consent.  
    1. How you can access and update your information

      The accuracy of your information is important to us. You have the right to request a copy of the information we hold about you so that you can ensure its accuracy. You can do this by the following methods: Send an email to the administrator here and request the information held about you; Email: info@heldinourhearts.org.uk Telephone: 0131 622 6263 Write to us at: Held In Our Hearts, Craiglockhart Tennis Centre, 177 Colinton Road, Edinburgh, EH14 1BZ
    1. Right to erasure

    If you wish to have all data about you erased, please submit your request to info@heldinourhearts.org.uk and it will be dealt with as soon as possible.
    1. Security precautions in place to protect the loss, misuse or alteration of your information

    When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
    1. How long we retain your data

    We retain your personal data for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation) (see separate privacy notes for individual retention periods). In addition, personal data may be securely archived with restricted access (and other appropriate safeguards) where there is a need to continue to retain it.
    1. Links to other websites

    Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website and organisation‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
    1. People aged 16 or under

    We are committed to protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information. We would never knowingly contact a young person, aged 16 or under to ask them to be involved in any of our activities. When we do have young people, who choose to fundraise for us, correspondence is through their legal parent or guardian.
    1. Transferring your information outside of Europe

    As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
    1. Contact for further information

    If you have questions or a complaint about the way your personal data has been processed by Held In Our Hearts, please email info@heldinourhearts.org.uk and we will look into this for you as a matter of priority. If you wish to take your complaint further, you can contact the Information Commissioner’s Office (ICO), which is the independent regulatory authority who exist to uphold information rights in the UK. For more information, visit their website or call their helpline on 0303 123 1113.
    1. Review of this Policy

    We keep this Policy under regular review. This Policy was last updated in February 2024.