Privacy Policy

  1. Introduction

This privacy policy sets out how brainstrust uses and protects any personal data that you give brainstrust when you contact us or use our website.

brainstrust is committed to ensuring that your privacy is protected. Should we ask you to provide certain data by which you can be identified, then you can be assured that it will only be used in accordance with this privacy policy.

Your personal data is very important to us because it allows us to help people living with a brain tumour. We treat your personal data in the manner we would expect our own personal data to be treated. As such, we have committed to three key principles at the heart of our data protection policy.

  1. We will never share your data outside of brainstrust without your specific consent.
  2. When you give your specific consent, we will only process your personal data in a way that helps people living with a brain tumour.
  3. When we use your personal data to provide fundraisers with accurate data to support their activities, this personal data will be made anonymous through aggregation.

This privacy policy is written in accordance with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR). If you have any questions or concerns about it, or would like to make a complaint about a possible breach of local privacy laws, please contact us at brainstrust, 4 Yvery Court, Castle Road, Cowes, Isle of Wight, PO31 7QG, email, or telephone 01983 292 405.

All such communications are examined, and replies are issued where appropriate as soon as possible. If you are unsatisfied with the reply received, you may refer your complaint to the relevant supervisory authority. If you ask us, we will endeavour to provide you with information about relevant complaint avenues that may be applicable to your circumstances.

  1. How do we collect your personal data?

brainstrust is able to collect your personal data in the following ways:

2.1. When you give it to us directly

You may provide us with your personal data when you communicate with us; for example, you may wish to take advantage of the support services we provide, participate in events, fundraise on our behalf or make a donation.

Prior to processing your personal data for any of the purposes stated in this privacy policy, we ensure that there is a legal basis for doing so under the conditions of the GDPR. Under normal circumstances, this legal basis will be your explicit consent to process your data. Whenever we request personal data from you, you will be provided with the means to give us explicit consent to process your data for the purposes outlined in this privacy policy. If this consent is not given, we will not process your data except where processing is otherwise permitted or required by a lawful basis under the GDPR. These lawful bases include:

(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

2.2. When you give third parties permission to share your personal data with us

Your personal data may be shared with us by independent event organisers or fundraising sites like Just Giving. These independent third parties will only do so when you have indicated that you wish to support brainstrust with your consent.

You should always review the privacy policy of any third party when you provide your personal data in order to understand fully how they will process this data.

We may also obtain data about you from a family member or friend who contacts us on your behalf, or from a fundraiser who passes on your details to us. Again, prior to processing your personal data collected in this way, you will be provided with the means to give us explicit consent to process your data for the purposes outlined in this privacy policy. If this consent is not given, we will not process your data except where processing is otherwise permitted or required by a lawful basis under the GDPR (see section 2.1 for a list of lawful bases).

  1. What personal data do we collect about you?

Personal data is any data that can be used to identify you. The type of personal data we may collect about you includes:

  • name
  • contact details (e.g. email address, postal address or telephone number)
  • job title
  • interests
  • relationship to brainstrust (e.g. patient, carer, fundraiser, donor, volunteer)
  • previous interaction with brainstrust (e.g. attendance at events, donations, fundraising activities, support provided to you)

In some cases, you may also provide us with sensitive personal data so that we may provide more effective support. The type of sensitive personal data we may collect about you includes:

  • health information
  • religious beliefs (where relevant to your case)

We would only collect sensitive personal data where there is a clear need to do so in order to ascertain what services are relevant to you or to personalise services and support provided to you. Prior to collecting any sensitive personal data about you, we will make it clear to you what data we are collecting and the purposes for collecting such data.

If you contact brainstrust as someone living with a brain tumour and would like to use our support services, your support contact may collect case notes to enable them to provide you with the most effective support for your needs. Such notes are only taken with your consent and are held in the strictest of confidences between you and your support contact at brainstrust. Case notes are stored on a secure database and are never shared with any third party without first consulting you and seeking your explicit consent.

  1. How do we use the personal data we collect about you?

How we use your personal data is largely determined by the reasons you have provided us with your personal data. We may use your personal data to:

  • provide you with personalised information, support, services or products you request
  • inform you of any changes to our services or policies
  • maintain internal records
  • respond to and investigate any complaints, legal claims or other issues
  • claim Gift Aid on your donations
  • conduct research and analysis to allow us to improve our products and services and meet the needs of those in need of our help
  • update our funders and supporters on the impact of our work
  • update statutory bodies about our work

We may also use your personal data to send you communications about our work and how you can help us. This may include promotional emails about upcoming events, new products, special offers or other information that we think you may find interesting. From time to time, we may also use your data to contact you for market research purposes. We may contact you by email, phone, fax or post. Such communications will only be sent after you have provided us with explicit consent to do so. You may opt out of these communications at any time, and our communications include instructions for how to do so.

To change the way you receive news and information from brainstrust, please email or call us on 01983 292405.

  1. Who do we share your personal data with?

We will not sell, distribute or lease your personal data to third parties unless we have your permission or are required to do so by law. We may use your personal data to send you promotional information about third parties that we think you may find interesting, but only after you give us your explicit consent to do so.

When we collect your personal data, we use strict procedures and security features to prevent unauthorised access. However, no data transmission over the internet is 100% secure. As a result, while we try to protect your personal data, brainstrust cannot guarantee the security of any data you transmit to us, and you do so at your own risk.

  1. What data do we collect when you use our website?

You can visit our website without giving away your personal data. brainstrust uses Google Analytics and cookies in order to improve our service and user experience and analyse how our website is used. Aside from the approximate location (IP address), the data collected by Google Analytics is mostly anonymous traffic data, including browser information, device information and language.

We do not collect additional data, such as your age, gender, interests or payment details.

The collected data is used to provide an overview of how people are accessing and using the brainstrust website. It is not used for any additional purpose, such as to profile those who access our website.

All orders in our online shop are handled by Shopify, and payment transactions are handled by Stripe. In order to fulfil your orders, we receive your name, contact details and details about the items you purchased from Shopify. We do not receive your payment details. We retain these details for our accounts, which are held on a secure system, and to fulfil our customer service commitments in the event that you have any queries about your order. We do not use your personal data in any other way if you have not given us explicit consent to do so. At the checkout, you will be provided with a means to give your explicit consent for brainstrust to further use your personal data if you wish to stay in contact with us. We advise you to review the privacy policies of Shopify and Stripe, as we are not responsible for the personal data that they hold about you.

  1. Cookies

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this data for statistical analysis purposes, and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

  1. Links to third party websites

Our website may contain links to enable you to easily visit third party websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over third party websites. Therefore, we cannot be responsible for the protection and privacy of any data which you provide whilst visiting third party websites, and such websites are not governed by this privacy policy. You should exercise caution, and we advise you to review the privacy policy applicable to the website in question.

  1. Privacy and our online community

When you post personal data on a discussion board on our website or social media accounts, your data is publicly accessible. Such data can be viewed online and collected by third parties. We are not responsible for the use of this data by third parties.

When posting content, we strongly recommend you avoid sharing any personal data that can be used to identify you (such as your name, age, address, name of employer, etc.). We are not responsible for the privacy of any identifiable data that you post on the public pages of our websites or social media accounts.

  1. Offensive or inappropriate content

If you post or send content which may reasonably be deemed to be offensive, inappropriate or objectionable anywhere on brainstrust websites or social media accounts, or otherwise engage in any disruptive behaviour on any service, brainstrust may remove such content and block your access.

Where brainstrust reasonably believes that you are or may be in breach of any applicable laws, for example on hate speech, brainstrust may disclose your personal data to relevant third parties, including to law enforcement agencies or your internet provider. brainstrust would only do so in circumstances where such disclosure is permitted under applicable laws, including data protection law.

  1. Under 16s

If you are aged 16 or under, we must have the permission of your parent or guardian before you provide any personal data to brainstrust. We will not process the personal data of any child aged 16 or under without the explicit consent of a parent or guardian.

  1. Security

We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect about you.

Under normal circumstances, we do not share your personal data with individuals or organisations in third countries not regulated by the GDPR. In the event that we do share your data outside of the United Kingdom and European Union, this will be done on an individual basis for specific purposes, and it will not be done without first consulting you with regards to those specific purposes and obtaining your specific consent.

  1. Controlling your personal data

Under data protection law, you have the right to access, update, delete or restrict the processing of any personal data we hold about you. We will retain your personal data for the period necessary to fulfil your needs in relation to brainstrust, unless a longer retention period is required or permitted by law. We regularly retain data for historical and statistical analysis so that we can report regularly to our funders and statutory bodies. The data is aggregated and non-identifiable.

If you wish to update, delete or restrict any of the personal data we hold about you, please email or call us on 01983 292405. We will respond to any request regarding your personal data as soon as possible and within 28 days. It is important that your personal data is kept up to date so that we can continue to provide you with information and support, so please let us know as soon as possible if any of your personal data changes.

You have the right to obtain confirmation that your personal data is being processed and obtain a copy of the personal data we are holding about you. This information is obtainable free of charge, but a reasonable fee may be charged if your request is manifestly unfounded or excessive. If you would like a copy of the personal data held on you, please email or call us on 01983 292405. Information will be provided promptly and within 28 days of your request.

  1. Changes to our privacy policy

brainstrust may update its privacy policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated privacy policy. This policy was last updated January 2018.