This Privacy Notice came into effect on 23rd July 2021 and was last reviewed on 20 July 2023.
At Mencap, we are committed to respecting your privacy and protecting your personal information.
Our privacy promise
We promise to respect all personal information that you share with us, or we receive from other organisations, and keep it safe. We will be clear when we collect your personal information and we will not do anything you would not reasonably expect us to.
This privacy notice, together with our terms and conditions and cookie policy, will explain how and why we use your personal information, to ensure you remain informed and in control of your information.
This privacy notice is divided into different sections; please read the relevant section(s) below for further information.
Controller of Personal Information
We are Royal Mencap Society (registered company in England and Wales no. 00550457) and we are the UK’s leading charity for people with a
learning disability
A learning disability is to do with the way someone's brain works. It makes it harder for someone to learn, understand or do things.
. Our registered charity numbers are 222377 in England and Wales.
Royal Mencap Society is registered as a data controller with the Information Commissioner’s Office under the Data Protection Act 2018 and our registration number is Z5709720.
Within the context of this privacy notice, ‘we’, ‘us’, ‘our’ or ‘Mencap’ refers to Royal Mencap Society (RMS).
Why we collect your data as a Network Partner
We collect your personal data so that we can improve the way we communicate with you and what works best for you as a Network Partner. Collecting your personal data enables us to learn what different choices of communication work best and to ensure we are up to date on developments on the work Network Partners and RMS are doing.
We also collect your data to allow us to connect you with internal RMS teams for collaboration on specific projects, campaigns and policy work, opportunities for resource sharing, support and
guidance
Guidance means being given clear instructions to be able to do something well.
.
We collate data to ensure we have access to the most up to date and relevant contact information when managing compliments and complaints.
Where we collect your personal information from
When we collect personal information from you in the annual return, we will provide you with privacy information at the time we obtain your information.
We require that you submit information on the annual return for your CEO and Chair so that we are able to contact both of these contacts throughout the affiliation year. We may contact your CEO and Chair during the year concerning issues that are important to the sector. If your Chair/ CEO wish to opt out to our communications, please ask that they contact us directly at yournetwork@mencap.org.uk
How we use your personal information
Personal information means any information that may be used to identify you, such as your name, title, telephone number, email address, or postal address.
We may process your personal information internally for our legitimate business needs. We collect your personal information because we need it to help us fulfil your requests, keep in touch with you, and offer you communications that are relevant to you.
This includes things like:
- to provide postal and digital communications with you
- providing any information or services you have requested
- processing financial transactions such as affiliation payments and funding payments for specific projects
- keeping a record of any communications and engagement between us and you, for example emails and phone calls, attending events, signing up to funded projects and collaborating on campaigns
- managing and improving how we communicate with you – how you prefer to be contacted, and what information you want to receive
- creating a profile of what we think might interest you, so that we can offer you relevant communications. We use the information you submit on the annual return to do this
- responding to complaints or queries and research any legal claims
What we mean by ‘legitimate interests’
Legitimate interests means the interest of Mencap in the way we carry out our work to enable us to give you the best service/products.
For example, we have an interest in making sure that any concerns received by RMS are shared with you in a timely manner, so that concerns can be assessed and responded to.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your
rights
Rights are the things everyone should be allowed to do like have a say, or go to school.
under data protection laws. We will always ensure that your personal data will not be used where our interests are overridden by the impact on you, unless we have your
consent
Consent is when you say yes to something, like an operation, or Mencap using your photo for a story. You may have to sign something to say yes. If you can't make your own decisions, someone else can say yes or no for you. They must think about what is right for you.
or are required by
law
Laws are the rules that everyone in the country has to follow. If you don't follow the rules you can get in trouble with the police.
.
How we keep your personal information safe and who has access to it
We ensure that there are appropriate technical controls in place to keep your personal information safe and prevent unauthorised access to it. For example, our online forms are always encrypted (this prevents other people from accessing them) and our network is protected and checked often.
Any payment card details (such as credit or debit cards) we receive on our
website
A website is a page you can go to on the internet like Google or YouTube.
are passed securely to our payment processing provider according to the Payment Card Industry Data Security Standards (PCI DSS).
Electronic data and databases are stored on secure computer systems and we control who has access to them. Our staff receive annual
mandatory
Mandatory means that something must be done.
data protection training and we have data protection policies and procedures in place which teams are required to adhere to.
We regularly review who has access to information that we hold to ensure it is only
accessible
Accessible means something is easy for people to use or join in with. For example: Accessible writing means the writing is easy to read and understand.
by trained staff.
Where we work with external organisations on projects we undertake comprehensive checks on these organisations before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.
When we share your personal information
We may share your personal information with other organisations that you have chosen to engage with on a specific project, (e.g. external funders for a specific project we work together on). We will only provide those companies with the information they need to deliver the relevant service, and we will make sure that your data is treated with the same level of care as if we were handling it directly. These activities will be carried out under a service level agreement for a specific project.
We undertake comprehensive checks on these companies before we work with them and then work closely with them for the duration of our working relationship.
We may need to disclose your personal information if required to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances as outlined in the data sharing agreement we hold with Network Partners.
How long we store your data for
How long personal information will be retained for depends on the type of information it is and what it is being used for. For example:
- we will keep your personal data for 4 years after your last interaction
- data on complaints will be retained for 7 years
Your Legal Rights
The Data Protection Act gives you certain rights on the use of your personal information which are detailed below;
Right to be informed: This privacy notice gives you information about how your data is collected, processed, shared if applicable, and stored.
Right to rectification: If you believe the information we hold is incorrect, you have the right to ask for this be rectified. This is not an absolute right, as in some circumstances there may be a lawful reason for the data to be retained.
Right to erasure: Th eData Protection Act provides an individual with the right to request the erasure of their data. This is also known as the right to be forgotten. This right only applies to data held at the time of the request, and does not apply to data created in the future. This is not an absolute right, as in some circumstances there may be a lawful reason for the data to be retained.
Right to Restrict processing: This is not an absolute right, and only applies in certain circumstances. When processing is restricted, we are still permitted to store the personal data, but we cannot use it.
Right to object: In some circumstances you can object to the processing of your personal data for example for direct marketing purposes including profiling. If we are using your pesonal information in marketing communications you can raise your objection at any time. Objections can be raised either verbally or in writing, and we will stop processing your personal information as soon as the objection has been received.
Right To access: You have the right to request a copy of the personal information that we hold about you. This includes obtaining confirmation that your personal data is being processed.
If you would like to request/exercise any of your rights, you can do this by completing our request form (here) on the OneTrust Platform. You will need one form of ID to complete the request, and OneTrust will provide a secure platform for us to communicate with you about your request. We always aim to respond to your requests without delay, and in any event within one month of receiving your request.
The right to complain
You can make a complaint or raise a concern about how we process your personal information by contacting our Data Protection Officer using the details set out below.
If you wish to exercise any of the rights outlined in this section, please write to Royal Mencap Society’s Data Protection Officer at the following address:
Data Protection Officer
Mencap
East One,
20-22 Commercial Street,
Spitalfields,
London E1 6LP
Or send an email to: dpo@mencap.org.uk
Or alternatively you can complain to the Information Commissioner’s Office: https://ico.org.uk/make-a-complaint/
What are your data protection rights?
This video explains the rights you have with your personal details that Mencap uses.
These rights are part of data protection law in the UK.
A cookie is a small file that is put on your computer when you visit a website. It helps the website to remember you and your preferences.
Find out more about how we use cookies by reading our cookie policy.