Privacy Policy

Personal data means any information that relates to an identified or identifiable individual. It could be information that directly identifies you such as your name, or other information such as online identifiers such as an IP address.

When we process your personal data, we will comply with the rules set out in the data protection legislation. This includes the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

 

Miricyl is a charity (SCIO: SC047522) which aims fund research and campaign for infants, children, young people and their families affected by mental illness.

 

When we process personal data about you, we are the data controller for that information. This means that we are responsible for complying with the rules and protecting your personal data.

 

What personal data do we process about you and what is our lawful basis for processing?

The personal data that we process about you will vary depending on why and how we are interacting with you. We will only process a minimal amount of personal data about you when it is necessary, lawful to do so and in accordance with the data protection legislation.

When we process personal data about you, we need to have a lawful basis to do so. There are six lawful grounds for processing personal data under the UK GDPR.

The personal data that we process, why we process it and our lawful basis for processing it is outlined below:

 

Purposes for processing

Personal data we process

Lawful basis for processing 

 

Processing donations

 

Name

Address

Email

Debit card details

 

 

Legitimate Interest

Our legitimate interest is to raise funds to achieve our goals, aims and objectives

 

Maintaining financial records including records of donations, accounts and transactions

 

Name

Contact details

Legal Obligation

Maintaining records about the organisation such as meetings, activities, reports or statutory returns

Name

Role at the organisation

Legitimate Interest

Our legitimate interest is to maintain appropriate business records and documentation to ensure the functioning of the organisation.

 

Legal obligation

 

Responding to your comments or queries, or when you communicate with us on social media

 

Name

Email address

Social media username

 

Legitimate Interest

Our legitimate interest is to respond to your communications and interact with supporters.

Supporting you volunteering for us or during an internship  

 

Name

Email address

Legitimate Interest

Our legitimate interest is to maintain records and manage activities you are involved in to help you support the organisation.

 

Paying expenses (travel etc) 

Name

Contact details

Bank Account details 

 

Legitimate Interest

Placing cookies on our website

Online identifiers

Legitimate Interest (essential cookies)

Our legitimate interest is to ensure the functioning of our website

 

Consent (non-essential cookies)

 

Signing you up to our e-newsletter or letting you know about our work by email or SMS

 

Name

Email address

 

Consent

Contacting you about our work and activities by post or phone

 

Name

Address

Legitimate Interest 

Our legitimate interest is to raise awareness and to conduct direct marketing about our organisation

 

Signing a petition or campaign

Name

Email address

 

Legitimate Interest

Our legitimate interest is to raise awareness, campaign and conduct other activities to achieve our core aims and objectives.

 

Signing up to an events and challenges

Name

Email address

Address

 

Consent

Keeping you informed about events or challenges you have signed up for

Name

Email address

Address

Legitimate Interest

Our legitimate interest is to inform you of important information to support your participation.

 

 

 

Maintaining records of Trustees

Name

Email address

Address

 

Legitimate Interest

Our legitimate interest is to maintain appropriate business records and documentation.

 

Legal obligation

 

Posting news, stories, updates or content such as events or ‘meet our team’ on our website

Name

Photo (where relevant)

Legitimate Interest

Our legitimate interest is to promote our work and raise awareness of our work in public with your permission.

 

Consent

 

 

 

There may be other instances where we need to process your personal data which are not outlined above. This could be when we have a safeguarding concern , or for the purposes of the prevention and detection of crime.

If we need to do this, we will only do so when it is necessary, lawful to do so and in accordance with the requirements set out in the data protection legislation.

 

How do you collect my personal data?

We collect your personal data directly from you, for example when you donate to us via our website or make contact with us.

 

Do I need to provide you with personal data?

You are not obliged to provide us with any personal data as a legal requirement or under contract.

However, if we were unable to process your personal data, we would be unable to conduct the activities described within this notice, such as accept a donation, meet our legal obligations to maintain accounting records or achieve our core aims and objectives.

 

Who do we share your personal data with?

We will never sell your personal data to other organisations.

We may use ‘data processors’ to process your personal data. These organisations provide us with services and process personal data on our behalf. When we use a data processor, we will have a contract with them to ensure that they protect your personal data and only use it for the purposes we have authorised them to.

Some of our data processors include:

– Organisations that provide us with IT infrastructure;

– Organisations that provide us with communications services;

– Donation facilities such as ‘Donorbox’, who process our online donations; and

– Partner organisations who run events, challenges, campaigns or petitions.

 

How long will you keep my information for?

We will only retain your information for as long as is necessary to fulfil our purposes. After this period of time, we will securely anonymise or delete your personal data.

Please contact us if you would like to know for exactly how long we will keep your personal data for.

 

Do you transfer my personal data outside of the United Kingdom? 

We do not transfer or share your personal data outside of the UK or European Economic Area (EEA). However, some of our data processors may host your personal data outside of the UK or EEA. When this is the case, we will ensure that your personal data is protected and ensure that:

–  The country has an ‘adequacy regulation’ with the UK. This means that the data protection laws of that country are considered to provide equivalent protections and rights as the UK has. A list of ‘adequate’ countries can be found on the ICO website; or

– We have a contract in place with the organisation to ensure that there’s adequate protections for your personal data and there are enforceable data protection rights. These are known as ‘standard contractual clauses’ (SCCs).

 

Automated decision making

We do not subject your personal data to automated decision making, including profiling.

 

Data Security

When we process your personal data, we will implement appropriate organisational and technical measures to ensure that your personal data is protected from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to.

 

 

 

How can I withdraw my consent?

Consent is not the only lawful basis for processing personal data, and we may rely on a variety of lawful grounds identified within this privacy notice.

Where we rely on consent to process your personal data, you can withdraw that consent by contacting us with the details below.

 

 

What are my information rights?

When we process your personal data, you have a number of information rights that you can request from us. Your information rights are:

  1. The right to be informed about how we process your personal data;
  2. The right of access (subject access requests);
  3. The right to rectification;
  4. The right to erasure (right to be forgotten);
  5. The right to restrict processing’
  6. The right to data portability;
  7. The right to object to the processing of your personal data; and
  8. Rights relating to automated decision making, including profiling.

 

These rights are not absolute and may not apply in some circumstances. For example, if you request access to your personal data, we may remove information that relates or could identify others to protect their privacy. If we need to restrict any of these rights, we will let you know in response to your request.

 

You can make a request relating to your information rights, or request further information from us by contacting us: 

By email: info@miricyl.org

In writing: 2 Eglinton Crescent, Edinburgh, EH12 5DH

Using our contact form: www.miricyl.org/contact-us/

 

 

 

 

 

 

 

 

WordPress Lightbox
Scroll to Top