We use cookies to improve your experience. By accepting you agree to our cookie policy
Your privacy is very important to Burning Nights CRPS Support. This privacy policy provides details on the personal information that Burning Nights CRPS Support collects, and the ways in which Burning Nights CRPS Support uses that personal information.
Burning Nights CRPS Support is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
Any personal data provided by you to Burning Nights CRPS Support through any means (verbal, written, in electronic form, or by your use of our website) will be held and processed in accordance with the data protection principles set out in the Data Protection Act 1998 and the General Data Protection Regulation for the purposes for which you have given consent, to provide the services you have requested from us, and to meet the legitimate interests of the charity.
Please read the Data Protection and Privacy Policy to learn about your rights, what information we collect, how we use and protect it.
Charity | Refers to Burning Nights CRPS Support, a registered charity. |
GDPR | Refers to the General Data Protection Regulation. |
Data Subject | A data subject is an identifiable individual person about whom the Charity holds personal data. |
Responsible Person (Data Controller) | Refers to Mr Tom Lowe, ABS Accountancy Ltd. |
Register of Systems | Refers to a register of all systems or contexts in which personal data is processed by the Charity. |
We are fully committed to safeguarding the privacy of our supporters, donors, contacts and visitors; in this policy we explain how we will treat your personal information.
A pop-up cookies box will open when you first use our website and we will ask you to consent to our use of cookies in accordance with the terms of this policy.
This policy outlines how Burning Nights CRPS Support collects your personal information and how we make use of this data. We will outline how we protect your privacy and your rights when it comes to personal data, and demonstrate how we keep your information safe. We are very proud of the values that underpin everything we do at Burning Nights CRPS Support to improve the lives of those affected by Complex Regional Pain Syndrome, including how we make use of personal data.
This policy only applies to data collected by Burning Nights CRPS Support staff and volunteers, and via our own forms and website. Third party agents, and websites which are linked to ours, are not covered by this policy. If you have any queries concerning your personal information or any questions on our use of the information, please contact the Responsible Person or Chair of Trustees using our contact form.
We are: Burning Nights CRPS Support, a charity registered in England and Wales (1166522)
For the purposes of this document when we say "we", "us" or "Burning Nights CRPS Support", we mean all of the registered body above.
If you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Data Protection Officer, ABS Accountancy Ltd, 10 Fairfield Road, Buxton, Derbyshire, SK17 7DW or email info@absaccountancy.co.uk
We aim to respond within 30 days from the date we receive privacy-related communications.
You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.
A Data Controller will be appointed by the Board of Trustees. In the absence of the Data Controller (e.g. on holiday or on sick leave) the Chair of the Trustees will act as the Data Controller. The Data Controller shall implement appropriate technical and organisational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
Directly – We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their contact information, complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, purchase something, if you ask about our activities, complete a survey providing feedback, visit our office or apply for open roles.
We may also obtain personal data directly when, for example, we are establishing a corporate relationship, performing charity services through a contract, or through our hosted software applications. This includes when you phone us, visit our website, make a purchase from our online shop, or get in touch through the post, email, phone, live chat or in person.
Indirectly – We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our clients, donors, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.
Public sources – Personal data may be obtained from public registers (such as Companies House, Charities Commission), news articles, sanctions lists, and Internet searches.
Social and professional networking sites – If you register or login to our website via Gravatar to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
Recruitment services – We may obtain personal data about candidates including volunteers from an employment agency, and other parties including former employers, and credit reference agencies.
We may obtain the following categories of personal data about individuals through direct interactions with us, or from information provided through client engagements, from applicants, our suppliers and through other situations including those described in this Privacy Policy.
Personal data – Here is a list of personal data we commonly collect to conduct our charity activities:
Donations & Fundraising – You may have given us this information whilst making a donation, registering for an event, applying or accessing our services, placing an order on our website or any of the other ways to interact with us. We will mainly use this information:
Counselling & Befriending Requests – Registering with us to request access to our counselling or befriending service can be done online, on paper or in person. Our request process involves providing us with your name, address, telephone numbers and email address. We may also request information on your availability, therapeutic issues, and other details which we deem relevant to processing your request.
Initial Counselling or Befriending Assessment Appointments – At an initial appointment we ask about your current personal, social, medical and financial circumstances. We may also ask about your background and family history, as well as the issues which are affecting you now. We require this information so that we can decide about our offer of counselling to you, to assign you to a counsellor, and to manage the service we provide to you.
Volunteer Placements – Counsellors, Befrienders and other volunteers may apply for placements by form, letter, or email. They may also be interviewed. We may ask about your background, qualifications, experience, and professional memberships. We also ask for your name, address, telephone numbers, email address, and address and telephone details for referees and people we may need to contact for you in emergencies.
Employment – In order to apply for job opportunities advertised on our website and elsewhere, and to become an employee of the charity, you will be required to provide your contact details and other personal information contained in your CV (such as employment history and qualifications), as well as contact details of referees. This information is only processed for the purpose of considering your job application, making any offer of employment, and administering your contract of employment.
Website – We use Google Analytics to collect anonymous data relating to user behaviour and ‘web traffic’ statistics. The collection and use of this data by Google Inc. is subject to their own Privacy Policies.
Other Forms – The information you give us on our forms (including all enquiry and application forms) may include your name, postal address, email address, phone number and other messages to us.
Sensitive personal data – When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. If you share your personal experience or the experiences of a friend or relative, we may also collect this health information. If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy. You can of course decide if you want to remain anonymous, if you are happy to share your personal details with staff members/ volunteers or if you would like us to share your story with the media or other parties as part of our work telling people’s personal stories about mental health (for example, on our blog). Examples of sensitive personal data we may obtain include but not limited to:
We do not intentionally collect information from individuals under 13 years of age. We may occasionally receive details about children attending conferences, support groups and other events we host with their parents or guardians. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children for events we organise specifically for young people or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people under the age of 16.
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
If you contact us through our Helplines, Live Chat, through the course of receiving Counselling or through the Befriending service or in other more general communications with us such as blogs or emails, you may choose to provide details of a sensitive nature.
We will only use this information:
When you apply to access a Burning Nights CRPS Support advice or support service we will process your personal information and sensitive – special category data. We will use this information to safely deliver our services to you and in order to meet your assessed needs. Your information is held in a client file and on our client database, and on paper-based records which are held in a locked cabinet with restricted access.
We will also use your data for statistical reports for monitoring purposes to see how our services are performing and how we can improve them. Statistics will not include any information that could be used to identify any individual. We process this information because it is necessary in the performance of a contract, to fulfil our legal and regulatory obligations, and because it is in our legitimate interests to do so.
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
Contract – We may process personal data in order to perform our contractual obligations. People who sell goods and/or services to, and/or purchase goods and/or services from the Charity.
The information collected will additionally contain details of:
The information provided will be held and processed solely for the purpose of managing the contract between the Charity and the person for the supply or purchase of goods/services.
Consent – We may rely on your freely given consent at the time you provided your personal data to us:
Note: this will not involve providing the person’s personal data to another organisation.
The information collected may additionally contain details of any particular areas of interest about which the person wishes to be kept informed.
The information provided will be held and processed solely for the purpose of providing the information requested by the person.
Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:
Legal obligations and public interests – We may process personal data in order to meet regulatory and public interest obligations or mandates. People where there is a legal obligation on the Charity to collect, process and share information with a third party – eg: the legal obligations to collect, process and share with HM Revenue & Customs payroll information on employees of the Charity.
The information provided will be held, processed and shared with others solely for the purpose meeting the Charity’s legal obligations.
a. Taxation (HM Revenue & Customs)
For the purpose of managing an employee’s PAYE and other taxation affairs the information collected will additionally contain details, as required by HM Revenue & Customs, of:
b. Pensions
or the purpose of managing an employee’s statutory pension rights the information collected will additionally contain details, as required by the Charity’s pension scheme (National Employees Savings Trust, NEST), of:
We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
We may use your contact details to provide you with information about our work and events which we consider may be of interest to you (for example updates about fundraising appeals and/or volunteering opportunities via our newsletter). Where we do this via email, SMS or telephone, we will not do so without your prior consent. We may also ask for your consent to send you information by post.
You can opt out of receiving emails from the Charity at any time by clicking the “unsubscribe” link at the bottom of our emails or you can tell us by contacting us at support@burningnightscrps.org In some circumstances, we may send you information in the post under the legal basis of legitimate interest. Again, if you wish to opt out of receiving postal mail from us you can tell us by contacting us at support@burningnightscrps.org.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.
The personal information we collect about you will mainly be used by our staff (and volunteers) at Burning Nights CRPS Support so that they can support you.
We may occasionally share personal data with trusted partners, suppliers or third parties to help us deliver efficient and quality services, but processing of this information is always carried out under our instruction. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:
We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, with our partners who help us to process donations and claim Gift Aid and our partners who help us to manage our social media accounts.
We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
Our data protection rights are highlighted here.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain some personal data for seven years where it is regarding counselling or finance. Please refer to our retention policy for further details. We will dispose of personal data in a secure manner when we no longer need it.
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so, such as other member firms, where necessary for administrative purposes and to provide professional services to our clients or where specific consent has been requested.
"Third parties" includes third-party service providers and other entities within our group OR the members of our charity’s network. The following activities are carried out by third-party service providers: IT [and cloud] services, professional advisory services, administration services, marketing services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may also need to share your personal data with our regulator or to otherwise comply with the law.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
The General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018. Accepted standards of technology and operational security have been implemented to protect personal information from loss, misuse, alteration or destruction.
We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
However, no data transmission over the internet can’t be entirely secure, as a result, while we will take every reasonable endeavour to protect your personal information, we cannot guarantee that any information you submit to us will be free from unauthorised access, use, intrusion or destruction. Therefore, we cannot guarantee the security of your personal information, or your use of our website.
We hold all data securely and we shall only process the client personal data:
You have the right at any time to request a copy of the personal information we hold on you.
Should you wish to receive a copy of this, or would like to be removed from our database, unless there is a Legitimate or a legal requirement that prevents us from doing so. Please contact us at info@absaccountancy.co.uk.
All employees, subcontractors, volunteers and principals are required to keep personal information confidential and only authorised personnel have access to information.
You can ask to review the personal information we hold about you and ask to change or delete any of this information. You can do this by email info@absaccountancy.co.uk.
We are registered with the Information Commissioner as a data controller. Details of our registration can be viewed at http://www.ico.gov.uk/ under registration code ZA145429.
We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.
If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account, or it is no longer needed to provide the Services to you. Please refer to our retention policy for further details
When you apply for a job, volunteering opportunity or work for us we collect personal and sensitive information about you. We do this to:
Your information is stored on our computer system, on our CRM (Donorfy) and in a staff/volunteer file held by our Chair of Trustees or Board.
If you are unsuccessful in your job or volunteering application, we will hold your personal information for 6 months after we’ve finished recruiting the post/opportunity you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes, but this does not contain any information that could be used to identify individual job applicants.
Once you stop working for us, we will keep your information for 7 years.
Burning Nights CRPS Support collects standard Internet log information including your IP address, browser type and language, ISP and geographic location. To ensure that our website is well managed and maintained to facilitate navigation, we or our service provider may also use cookies (small text files, which are stored in a user’s browser.) Or Web beacons (electronic images that allow the website to count visitor numbers who have accessed a particular page) Additional information on cookies and other tracking technologies can be found at http://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies
Cookie Definitions – Burning Nights CRPS Support’s website inhabits both Google Analytics cookies and those set in the site build which are used to gain information to improve end users experiences and interactions with the Burning Nights CRPS Support site.
Google sets cookies in order to evaluate the use of your site (burningnightscrps.org).
Our websites may contain links to other sites. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
Burning Nights CRPS Support cannot be held responsible for the content, security or privacy practices of any external website.
We cannot guarantee that our Website is free from viruses or other malicious code. You therefore agree that it is ultimately your responsibility to satisfy yourself that your own information technology/equipment used to access the Website is protected against such viruses and/or codes.
If you are uncomfortable with Cookie tracking, you can take the following actions:
We use social media to inform, educate and engage new potential supporters. We may target ads using social media at audiences that look like they have an interest in Burning Nights CRPS Support’s work.
If you have given us consent to use your image or become a case study to help promote our work we may post this on our Social Media outlets.
We want to remind you that information shared on social media, on our pages or in private messages may be used or sold by the provider, such as Facebook, Twitter or Youtube, for commercial purposes.
We use Facebook as a social media platform to communicate with our existing and potential supporters. We use both paid ads and unpaid organic posts on the platform. We use cookies to measure the success and effectiveness of our paid advertising by ensuring that our ads are served to the relevant people.
We also use Facebook cookies to retarget to supporters who have previously engaged with us through our website.
These cookies also help us to build custom audiences and lookalike audiences so you can receive relevant adverts from us when you use Facebook. This is so we can raise awareness among users of Facebook who share similar interests to you. Your data is sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account.
Please read Facebook’s Privacy Policy.
If you subscribe to our mailing list, you will be automatically be subscribed to receive email updates. You will only receive information that you have opted in to receive.
Depending on your preferences, we will contact you for the following reasons:
We use Mailchimp to manage our email marketing. Our agreement with Mailchimp is based on one of the approved means of protecting the data of UK citizens (it uses what are called the Standard Contractual Clauses, and you can see them here). We only send you our newsletter with your consent.
The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems. We don’t rent or trade email lists with other organisations and businesses.
We gather statistics around newsletter opening and clicks using industry standard technologies to help us monitor and improve our newsletter.
We transfer all contacts to our own database, Donorfy, which is hosted in the North Europe data centre which is located in Dublin, Republic of Ireland. This system is kept updated with your marketing preferences.
You can change your email marketing preferences at any time, by clicking ‘unsubscribe’ or ‘manage preferences’ on any of our emails or by contacting: support@burningnightscrps.org
Your communications with our teams (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
This policy will be reviewed at least annually. If we make significant changes, we will publish them clearly on our website or contact you directly with more information.
We are fully committed to safeguarding the privacy of our website visitors; in this policy we explain how we will treat your personal information.
A pop-up cookies box will open when you first use our website and we will ask you to consent to our use of cookies in accordance with the terms of this policy.