In order to operate effectively and fulfil its legal obligations, ASSERT needs to collect, maintain and use certain personal data about current, past and prospective members, suppliers and other individuals that contact ASSERT, or with whom it has dealings (each, a “data subject” and together, “data subjects”). ASSERT is dedicated to obtaining, handling, processing, transporting and storing all such personal data, whether held on computer, or paper, lawfully and correctly, in accordance with the safeguards contained in the UK GDPR Act 2016 (the “GDPR”).
ASSERT has a responsibility to protect such personal data, especially sensitive personal data that it collects from data subjects.
ASSERT is committed to the 8 principles of data protection as detailed in the UK GDPR Act 2016. These principles require that personal data must:
- be fairly and lawfully processed and not processed unless specific conditions are met;
- be obtained for one or more specified, lawful purposes and not processed in any manner incompatible with those purposes;
- be adequate, relevant and not excessive for those purposes;
- be accurate and, where necessary, kept up to date;
- not be kept for longer than is necessary;
- be processed in accordance with the data subject’s rights under the DPA;
- be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage;
- not be transferred to countries outside the European Economic Area (EEA) unless the country or territory ensures adequate protection for the rights and freedoms of the data subjects.
What ASSERT collects:
ASSERT collects personal data that data subjects (you) provide to ASSERT, which is information that can be used (or reasonably be used) to identify someone as an individual. ASSERT will only do this when you (as the data subject) have agreed to ASSERT’s request for that personal data. This personal data may include your:
Name, Address, Telephone number, Email address
How ASSERT will use a data subject’s personal data.
By providing personal data, you (as a data subject) agree that, where it is permitted by applicable law or where you have agreed to receive these communications from ASSERT, ASSERT may use your personal data to:
- Respond to your enquiries and requests;
- Improve services for people with Angelman syndrome ;
- Improve the content of our communications;
- Provide you with news and updates;
- Provide you with information about fundraising, conferences, local groups, products and services;
ASSERT will act as a data controller of such personal data.
ASSERT will only collect personal data to serve a specific business, commercial, or legal purpose and only gather the minimum amount needed. ASSERT will use only fair and lawful means to obtain the personal data.
ASSERT will be transparent in dealings with data subjects whose personal data ASSERT holds.
ASSERT will obtain a data subject’s informed consent to process his or her personal data in cases where it is necessary and appropriate to do so in compliance with applicable laws.
ASSERT will not use personal data collected for one purpose for a different purpose without getting the data subject’s consent, unless applicable laws allow or require it.
ASSERT will correct any personal data where it is notified that such personal data is incorrect.
Only authorised paid employees, trustees and volunteers of ASSERT and third party suppliers can carry out processing of personal data, which must be consistent with their individual roles and responsibilities.
Personal data will be held in accordance with the safeguards in ASSERT Security Guidelines.
How ASSERT protects your personal data
ASSERT will take appropriate legal, organisational, and technical measures to protect personal data consistent with applicable privacy and data security laws.
When ASSERT uses a third party service provider, that provider will be carefully selected and required to use appropriate measures to protect the confidentiality and security of personal data.
When we collect your personal information we use strict procedures and security features to prevent unauthorised access. Unfortunately, no data transmission over the Internet is 100 per cent secure. As a result, while we try to protect your personal information, ASSERT cannot guarantee the security of any information you transmit to us and you do so at your own risk.
Sharing personal data with third parties
ASSERT may share the personal data of a data subject in compliance with applicable law.
In certain special cases where permitted by applicable law, ASSERT may disclose your personal data:
- when ASSERT has reason to believe that disclosure of this information is necessary to identify, contact or bring legal action against someone who may be causing injury to you or otherwise injuring or interfering with ASSERT’s rights, property or operations, other users of this website or any mobile application or anyone else who could be harmed by such activities;
- when ASSERT believes that applicable law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation;
Personal data collected may be transferred to, stored and processed in the UK or any other country in which ASSERT, subcontractors or agents maintain facilities, including the United States and countries outside the European Economic Area (EEA).
ASSERT will ensure that if your personal data is transferred outside the UK, it will still be treated in accordance with this ASSERT Policy.
Unless otherwise specified in the website ASSERT will not sell or license your personal data to other third parties.
Sometimes ASSERT uses selected third parties to provide support services in the normal course of business. These parties may, from time to time, have access to your personal data to enable them to provide those services to ASSERT. ASSERT requires all third parties providing such support services to meet the same standards of data protection as ASSERT’s own. Any third party will be prohibited from using your personal data for that third party’s own purposes. In particular, ASSERT will not allow service providers to use your personal data for the marketing activities of that service provider.
Information from Outside Sources
Where permitted by applicable law, ASSERT may also collect legally obtained information from third parties to add to its existing user databases. Some of this information may be personal data of data subjects. ASSERT may do this to better target information offerings and promotional campaigns in which ASSERT believes you would be interested. Such personal data will only be collected and used by ASSERT in accordance with the basis on which it was originally provided by the data subject, or as otherwise permitted by applicable law.
Website and mobile application usage information
ASSERT also automatically collects information about your computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, GPS location data, mobile phone service provider, and mobile phone operating system. ASSERT aggregates this information to understand how visitors to ASSERT websites use the websites so that ASSERT can improve these and the services that ASSERT offers.
GPS location data does not typically identify individual users. This information includes:
- the total number of visits to ASSERT websites and mobile applications;
- the number of visitors to each page of ASSERT websites and mobile applications; and
- the domain names of website visitors’ internet service providers.
ASSERT uses Google Analytics as the main form of website statistics tracking. Any visitors to ASSERT websites who don’t want their data used by Google Analytics can install the Google Analytics optout browser addon.
ASSERT website and mobile applications may use technology called “cookies.” A cookie is a small text file that is placed on your hard disk by a server. Cookies allow ASSERT website and mobile applications to respond to you, the data subject, as an individual. The website or mobile application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
For instance, ASSERT server may set a cookie that keeps you from having to enter a password more than once during a visit to a website.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or receive a warning before a cookie is stored if you prefer. Please refer to your Internet browser’s instructions or help screen to learn more about these functions and to specify your cookie preferences. See https://www.aboutcookies.org
If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or any other websites that you visit.
Links to other websites
ASSERTs website (and any mobile applications, if any) may from time to time provide links to or embed third party websites. This ASSERT Policy does not apply to those third party websites. If you choose to enter such a linked site, you agree that ASSERT is not responsible for the availability of such websites and ASSERT does not review or endorse and shall not be liable, directly or indirectly, for:
- how these third party websites treat your personal data;
- the content of such third party websites; or
- the use that others make of these third party websites.
Please ensure you check the data protection policy posted on a third party website or mobile application you access before entering any personal data.
Use of IP addresses
An IP address is a set of numbers that is automatically assigned to your computer whenever you log on to your Internet service provider or through your organisation’s local area network (LAN) or wide area network (WAN). Web servers automatically identify your computer by the IP address assigned to it during your session online.
Access to information – Subject Access Request
ASSERT will retain your information only for the period necessary to fulfil the purposes outlined in this ASSERT Policy unless a longer retention period is required or permitted by applicable law. Anyone who is the subject of personal data held by ASSERT has the right to make a subject access request to request the updating, correcting or removal of personal data that has been provided to us, at any time, using the contact information provided at the end of this ASSERT Policy. Applicable laws may also give you the right to access information that you have provided to ASSERT.
ASSERT reserves the right to charge £10 for responding to such requests. If, as the result of a subject access request, any personal data is found to be incorrect it will be amended. ASSERT will deal promptly with subject access requests and will normally respond within 40 days. If there is a reason for delay, the person making the request will be informed accordingly.
ASSERT will update this ASSERT Policy to take account of changes in working practice or applicable law. If the changes that ASSERT makes are material, ASSERT also may post a notice regarding the changes on its websites or mobile applications. ASSERT encourages you to periodically review this ASSERT Policy to stay informed about how ASSERT is helping to protect the personal data that ASSERT collects. Your action in continuing to use ASSERT websites and mobile applications constitutes your agreement to this ASSERT Policy and any updates. Subsequent changes in this ASSERT Policy will not apply to personal data that were collected before the change is made. ASSERT reserves all of its all legal rights.
References to “ASSERT,” “we,” “us” and “our” are references to the Angelman Syndrome Support Education & Research Trust. Please address any questions, comments and requests regarding this ASSERT Policy to ASSERT using the contact information below. If you contact ASSERT, please provide information as to how ASSERT may contact you.
To contact ASSERT in the UK, call 0300 999 0102 or email email@example.com