Personal data means any information that relates to an identified or identifiable individual. It could be information that directly identifies you such as your name, or other information such as online identifiers such as an IP address.
When we process your personal data, we will comply with the rules set out in the data protection legislation. This includes the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Miricyl is a charity (SCIO: SC047522) which aims fund research and campaign for infants, children, young people and their families affected by mental illness.
When we process personal data about you, we are the data controller for that information. This means that we are responsible for complying with the rules and protecting your personal data.
What personal data do we process about you and what is our lawful basis for processing?
The personal data that we process about you will vary depending on why and how we are interacting with you. We will only process a minimal amount of personal data about you when it is necessary, lawful to do so and in accordance with the data protection legislation.
When we process personal data about you, we need to have a lawful basis to do so. There are six lawful grounds for processing personal data under the UK GDPR.
The personal data that we process, why we process it and our lawful basis for processing it is outlined below:
There may be other instances where we need to process your personal data which are not outlined above. This could be when we have a safeguarding concern , or for the purposes of the prevention and detection of crime.
If we need to do this, we will only do so when it is necessary, lawful to do so and in accordance with the requirements set out in the data protection legislation.
How do you collect my personal data?
We collect your personal data directly from you, for example when you donate to us via our website or make contact with us.
Do I need to provide you with personal data?
You are not obliged to provide us with any personal data as a legal requirement or under contract.
However, if we were unable to process your personal data, we would be unable to conduct the activities described within this notice, such as accept a donation, meet our legal obligations to maintain accounting records or achieve our core aims and objectives.
Who do we share your personal data with?
We will never sell your personal data to other organisations.
We may use ‘data processors’ to process your personal data. These organisations provide us with services and process personal data on our behalf. When we use a data processor, we will have a contract with them to ensure that they protect your personal data and only use it for the purposes we have authorised them to.
Some of our data processors include:
- Organisations that provide us with IT infrastructure;
- Organisations that provide us with communications services;
- Donation facilities such as ‘Donorbox’, who process our online donations; and
- Partner organisations who run events, challenges, campaigns or petitions.
How long will you keep my information for?
We will only retain your information for as long as is necessary to fulfil our purposes. After this period of time, we will securely anonymise or delete your personal data.
Please contact us if you would like to know for exactly how long we will keep your personal data for.
Do you transfer my personal data outside of the United Kingdom?
We do not transfer or share your personal data outside of the UK or European Economic Area (EEA). However, some of our data processors may host your personal data outside of the UK or EEA. When this is the case, we will ensure that your personal data is protected and ensure that:
– The country has an ‘adequacy regulation’ with the UK. This means that the data protection laws of that country are considered to provide equivalent protections and rights as the UK has. A list of ‘adequate’ countries can be found on the ICO website; or
– We have a contract in place with the organisation to ensure that there’s adequate protections for your personal data and there are enforceable data protection rights. These are known as ‘standard contractual clauses’ (SCCs).
Automated decision making
We do not subject your personal data to automated decision making, including profiling.
Data Security
When we process your personal data, we will implement appropriate organisational and technical measures to ensure that your personal data is protected from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to.
How can I withdraw my consent?
Consent is not the only lawful basis for processing personal data, and we may rely on a variety of lawful grounds identified within this privacy notice.
Where we rely on consent to process your personal data, you can withdraw that consent by contacting us with the details below.
What are my information rights?
When we process your personal data, you have a number of information rights that you can request from us. Your information rights are:
The right to be informed about how we process your personal data;
The right of access (subject access requests);
The right to rectification;
The right to erasure (right to be forgotten);
The right to restrict processing’
The right to data portability;
The right to object to the processing of your personal data; and
Rights relating to automated decision making, including profiling.
These rights are not absolute and may not apply in some circumstances. For example, if you request access to your personal data, we may remove information that relates or could identify others to protect their privacy. If we need to restrict any of these rights, we will let you know in response to your request.
You can make a request relating to your information rights, or request further information from us by contacting us:
By email: info@miricyl.org
In writing: 2 Eglinton Crescent, Edinburgh, EH12 5DH