Mary Frances Trust (“MFT”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about users of our services (“you/your”).
The purpose of this privacy notice is to explain what personal data we collect about you when you use or enquire about our services.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at firstname.lastname@example.org.
‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.
‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The personal data we collect includes your name; date of birth; your address; your house and/or mobile telephone number; email address; important information about your emotional/mental and physical health; next of kin; GP and other professionals details – this is to help us work together and provide better support for you.
We collect most of this personal data directly from you (or the person that refers you to our service) when you complete the referral form. However, we may also collect information if you contact us via email, post or telephone.
When you visit our website, www.maryfrancestrust.org.uk, some information may be stored to enhance your experience and help you navigate the site, but also to help us make our website user-friendly and useful. For more details on information collected through our website, please check our Cookies Policy.
When providing services to you, we will mostly rely on your consent or our legitimate interests in providing the best service to you. Where we collect or process your special category data, we rely on the basis of our processing being done by a not-for-profit body as a part of our legitimate activities.
However, in some circumstances we may also process your data when it is in your vital interests or where we are required to comply with a legal obligation. In these circumstances we would also rely on the provision of health care basis under Article 9 UK GDPR.
We may also use your personal data to respond to your enquiries and provide you with information about MFT and give you the choice to select services that work for you and that you find interesting. When we do so we rely on our legitimate interests in providing information to interested parties.
Although we do not usually rely on the performance of a contract to process your personal data, where this is the case and you choose to not provide your personal information, we will be unable to provide our services to you.
Most importantly, we will never share any information we hold about you for any marketing purposes. We may, however, share relevant information with your GP or other professionals providing support to you where required. In addition, we may share your personal data with our partners who help organise and set up events and activities on our behalf.
If the sharing of data involves the transfer of special category data for a purpose not already detailed within this notice, we will not do so without your explicit consent. We also provide anonymous statistics about people we provided services for to our funders and commissioners, however, this does not include any identifiable information.
We may also provide anonymised, aggregated or pseudonymised data to our NHS partners for the purpose of research, improving the quality and standards of care provided, research into the development of new treatments, preventing illness and diseases or monitoring safety. This means that the data shared will not include any directly identifiable information about you (e.g. your name) and we will only share this data where we have a valid lawful basis for doing so and appropriate measures to protect the personal data have been implemented. It is important to know that you have a choice about whether you want your confidential information to be used for these purposes. If you do not wish for your data to be used for these purposes then please visit the NHS’s website and register your choice to opt out. Please note that you can change your mind about your decision to opt-out at any point.
When we collect your personal data, it may be processed outside the UK. This is because the organisations we use to provide our services to you are located in other countries.
We have taken appropriate steps to ensure that where personal data processed outside the UK, it has an essentially equivalent level of protection as it has within the UK. We do this by ensuring that:
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and planning.
We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.
In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do to in order to further protect your personal information, such as;
1. Never share a One Time Passcode (OTP).
2. Always send confidential information by encrypted email where possible this reduces the risk of interception.
3. If you’re logged into any online service do not leave your computer unattended.
4. Close down your internet browser once you’ve logged off.
5. Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.
Secure Online Services
You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than Error! Hyperlink reference not valid.
You have certain rights in relation to the processing of your personal data, including to:
Right to withdraw consent
In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.
How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at email@example.com.
You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at: Contact us | ICO or by telephone on 0303 123 1113.
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to:
Mary Frances Trust, 23 The Crescent, Leatherhead, Surrey, KT22 8DY
Alternatively, you can email us at firstname.lastname@example.org
We have also appointed a Data Protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by emailing email@example.com or via our postal address. If sending correspondence to our postal address, please mark the envelope to the ‘Data Protection Officer’.