ECHO (Evelina Children’s Heart Organisation) Website Privacy Notice
Last updated June 2022.
This policy describes the information/data gathering and dissemination practices of ECHO, for the website www.echo-uk.org (the “Site”). ECHO is committed to protecting your privacy online. ECHO will not release any personally identifiable information to a third party such as your name, address, e-mail address, phone number or health information except as described in this policy. If users have questions or concerns regarding this policy, they should first contact ECHO: firstname.lastname@example.org or telephone us at 020 7998 4710.
What Information We Collect and Why
As described below, we collect personal information from members and other visitors primarily so that we can enable them to access ECHO support services, donate money, apply to volunteer or attend ECHO events. But also so that we may enhance our services to our website visitors, make each visit as pleasant and helpful as possible, and track trends and statistics.
We request certain personal information (such as name, address, e-mail, telephone number and health information) in the following sections of our website:
Collection of Health Data
Within the ‘Join ECHO’ member application form we request data regarding specific heart conditions of ECHO members. This information is requested so that we can provide bespoke support to our member families, connecting them with others who have experience of similar health conditions as well as enabling us to provide occasional specialist support. Health data is stored within the ECHO member database which is for use by ECHO staff only. No health data is ever shared with any third party, including hospital staff, and is purely for ECHO use. This data is stored within the ECHO database until such time as a member may request to no longer retain ECHO membership, at which point this data profile will be deleted from the database.
The legal basis for processing
In providing you with ECHO’s services, or to meet any of the purposes listed above, we will process your personal data under Article 6 (1)(b) of the UK General Data Protection Regulations, on the legal basis that processing is necessary for the provision of our services, or in order to take steps at your request prior to entering into a support arrangement with us.
In addition, we may process your personal data on the following legal bases;
When processing special category (health) data, we do so in accordance with Article 9 (2)(a) GDPR with your explicit consent for the processing for the purposes specified above.
In addition, we may process special category data on the following legal bases;
How long will we keep your data?
We will retain your data indefinitely in order to answer any queries you may have in the future. You have the right to request at any time that your data is deleted (see below).
Data Subject’s Legal Rights (an individual’s legal rights if ECHO is holding your personal data):
Your rights are, where applicable:
You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Additional data collected:
The Site may further collect non-personally identifiable information, such as type of browser, operating system, domain name, or IP address. Web servers automatically identify your computer by its IP address. When you visit pages on our Site, our servers may log your IP address. We do not link IP addresses to any personally identifiable information. Your IP Address is used to gather broad demographic information only.
Cookies are routinely used. We use ‘persistent’ and ‘non-persistent’ cookies on our Site to provide you with the best presentation of the information currently available. ‘Persistent’ cookies store text, which is available to us when you return to our Site. ‘Non-persistent’ cookies are temporary information, which is eliminated once you close your Internet browser and/or shut down your computer. Only our Site has access to the information in our cookies. This information about the user enables us to track and personalize the Site to enhance your experience. For instance, by setting a cookie on our Site, we can provide you with storage of items in your shopping cart or save the contents of projects created with our Tile Configurator between visits.
These cookies can in no way be used by us or anyone else to get data from your hard drive, obtain your e-mail address or access sensitive information about you as an individual. Cookies must meet strict specifications to ensure that they are not used to compromise security.
ECHO has security measures in place to provide protection against the loss, misuse and alteration of the information under our control. Strong precautions are taken to protect the information of the users of our Site.
Your information is encrypted and is protected utilizing the industry standard Secure Sockets Layer (SSL) encryption software. While on a secure page, most web browsers will indicate the encrypted nature of your data in some readily identifiable fashion (e.g., the lock icon on the bottom of Web browsers Netscape Navigator and Microsoft Internet Explorer becoming locked, as opposed to un-locked, or open, when you are just ‘surfing’).
While we use SSL encryption to protect sensitive information online, we also protect user information offline. All of the information of our Site’s users, including the sensitive information mentioned above, is maintained in a restricted section in our offices. Only those of our employees who need the information to perform a specific job (for example, our account or customer service representatives) are granted access to personally identifiable information. Furthermore, our employees are kept up-to-date on our security and privacy practices.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, ECHO cannot warrant or ensure the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we make commercially reasonable efforts to ensure its security on our systems.
If you have any questions about the security at our Site, you can send an e-mail email@example.com or telephone us at 020 7998 4710.
By using our Site, you consent to the foregoing collection and use of information by ECHO. This policy may change from time to time, so please check back periodically.
Our Site provides users the opportunity to opt-out of receiving communications from us. To remove your information from our database so that you will not receive future communications please contact:
Tel: 020 7998 4710.
How to make a complaint or contact ECHO
If you would like to make a complaint about the way ECHO processes personal data, or report a concern regarding your own personal data please contact the Data Controller: Samantha Johnson, CEO firstname.lastname@example.org
If you have any questions about this privacy statement, the practices of this site, or your dealings with this site, you can contact:
1 Royal Street
Tel: 020 7998 4710.