Privacy Policy

Registered in England and Wales Company Ltd by Guarantee No. 0817973

A charity registered in England and Wales (no. 1149646).

Updated on 28th January 2022

This privacy statement provides information about the personal information that Beacon collects, and the ways in which Beacon uses that personal information. This privacy statement aims to cover all of our activities.

Beacon may change this policy at any time in line with legislative changes or changes to the policy of the organisation. Please check our website from time to time to ensure you are aware of any changes.

Beacon adheres to the Principles of the General Data Protection Regulation (GDPR).

In this policy document:

“we” or “Beacon” means Beacon;

“you” means any person(s) about whom we collect non-personal and/or personal information.

Our Privacy Principals

Beacon collects data for four main reasons:

  1. To allow us to deliver our projects effectively to our beneficiaries in the rare disease community, and to update them on up-coming opportunities.
  2. For administrative purposes, allowing us to comply with financial regulation, to reimburse expenses to beneficiaries, and to monitor the success of our projects in-line with the terms of existing grant agreements.
  3. To understand the impact of rare diseases on patients, and the effect of our projects on patient groups. This allows us to improve our services and subsequently the lives of rare disease patients.
  4. To allow us to engage directly with those individuals have raised, or are interested in raising, money for the charity.

We aim to contact you only with information that you have asked for, either by consenting to be part of our mailing lists, or by signing up for a specific project. In the latter case we will not contact you outside the life of that project without your specific consent to do otherwise. You can opt out of receiving information at any time.

We will only collect data from you that is needed to deliver our work and aim to keep that data for a limited period. We will never sell your data to a third-party organisation, and never share your information for marketing purposes. We will only pass it on to a third-party organisation where it is necessary to deliver our work (for example providing an event venue with a list of attendees). We will make it clear when we need to do this, for example, we often use third party platforms such as MailChimp and Eventbrite to help us deliver our services.

Beacon will take all reasonable care to protect your personal information through secure working practices and processes. In line with the GDPR we will provide you with a summary of information we hold about you upon request and will remove your information from our records upon request if we are not legally required to hold it.

The following information provides a detailed breakdown of all the data we collect, how we hold it and use it, and the reason behind it. If you would like to learn more about our privacy policy or our work, please contact us using data@rarebeacon.org at any time.

What information do we collect?

We collect several different types of information. In general we collect and store information about those who engage with one of Beacon’s projects. We collect this data in order to deliver the project to you (the beneficiary), to track the success of the project, to measure our impact as a charity, and to deliver financial transparency to both our funders and the charity commission. We work to secure explicit consent to contact you about any unrelated events, and to share your information with any additional party.

1. Your browsing

Lawful basis – Legitimate interest

We collect basic information about the users of our websites (namely the rarebeacon.org website and our Resources Hub). Whenever you access our websites or download information, the web server automatically records the following information: the date and time you accessed our website, how long you were on the site, your internet domain name and the internet browser you use.

Some information may be collected when you use our websites, including information such as your IP address. We also automatically receive and record information on our server logs in order to use services like Google Analytics. This information is used to help us improve our websites, to increase traffic to our sites, and raise the profile of the charity.

To make use of Google Analytics, our websites use cookies. Any YouTube videos embedded in our websites also make use of cookies. A cookie is a series of characters that is generated by our website and stored on your computer. The cookie does not collect or contain personal information about you but allows you to keep logged in and records your use of our website. The cookie does not track your movements on other websites. YouTube may collect personal data through cookies used on their website. To view their privacy policy, click here. You can adjust the settings on your computer to decline any cookies if you wish. This can be done by activating the ‘reject cookies’ setting on your computer.

2. Your contact with us

Lawful basis – Legitimate interest

If you contact us by telephone, e-mail, or by letter, we retain a record of your contact to help us respond to enquiries. We only collect this information if you provide it to us and we do not hold your information for longer than is necessary.

Beacon’s email accounts are provided by Gmail, where all email messages and addresses are stored. You can view Gmail’s privacy policy here. All emails and associated details may be retained in Gmail for a period of up to 5 years before being deleted.

3. Beacon mailing lists

Beacon has two types of mailing lists. Our two periodic mailing lists are open for anyone to join, and all require your consent for us to contact you and hold your data. We also use short term project specific mailing lists – these allow us to provide information about a specific project to those involved with it. If you sign up for a project we will add you to one of these lists in order to fulfil our obligation to you, but will not contact you about other work, or hold your data longer than necessary. Specific details about any project mailing lists are provided when we describe the use of data for those projects below.

Periodic mailing lists

Lawful basis – Consent

We hold contact details for Beacon’s monthly newsletter mailing list and our community mailing list. Beacon’s mailing lists are administered through MailChimp, who store the name and email address of all individuals on the mailing list and track information on engagement with the messages sent. MailChimp’s privacy policy can be viewed here. Beacon holds a digital copy of all mailing lists on our own server, including records of consent.

Only individuals who specifically opt in to receive a mailing list, either through our sign up forms or a specific question within event and project registration, will receive messages and have their details stored. You may choose to stop receiving either mailing list at any time through a link provided at the end of all mailing list emails, as part of any event registration process, or by contacting us at data@rarebeacon.org.

4. Your attendance of Beacon events

Lawful basis – Legitimate Interest / contract and Consent

We collect information about delegates at Beacon events. This information is collected directly by Eventbrite (whose privacy policy you can view here) through which we administer all of our events. Data collected may include your name, contact details (email, phone number and address), employer, job role, dietary requirements, and accessibility requirements. Beacon holds a digital copy of these details on our own server allowing us to monitor the impact of our work. If a ticket requires payment, payment information will be collected by Eventbrite but no bank details will be collected or held by Beacon.

Beacon directly accesses delegate details only to administer the event, and to deliver information about the event that you are attending unless you provide explicit permission for your data to be used in other ways. Beacon sends emails to update registered attendees about the event using the Eventbrite platform. Contact details are not transferred to MailChimp for the creation of a new mailing list. Your details will only be added to MailChimp if you explicitly opt to join one of our periodic mailing lists when you register for an event.

We produce delegate lists for some of our events, which are available to any individual attending the event (and by extension the organisations they represent). We will secure your direct consent before adding your details to these delegate lists.

After the event we will keep your data for a year, until that financial year’s accounts are complete, or until the expiry of the project specific grant (whichever comes last). This allows us to effectively measure the impact of our work and to accurately report to our grant givers (though no personal data is shared with them). After this only data that is useful for assessing event attendance will be retained – this does not include contact details.

5. E-learning Portal

Lawful basis – Legitimate Interest

As a Beacon website, we collect data about the use of the Resources Hub in the manner outlined in section 1. Your browsing.

6. The Student Voice Prize – Essay Competition

Lawful basis – Legitimate interest and Consent

We collect information about entrants into Beacon and Medics4RareDiseases (M4RD) annual essay competition, The Student Voice Prize, through our entry forms. This includes name, email address, university of study, course, and address. These forms are stored on Beacon’s servers and are not shared with any party other than our partner M4RD. This information is collected to monitor the impact and reach of the competition, and for the purposes of contacting entrants about the competition and its results. We collect explicit consent to approach entrants with other opportunities relating to their entry, or for them to join one of our mailing lists, or those of M4RD.

All essays are judged anonymously and none of your information is seen by The Student Voice Prize judges. Winner’s information is shared with our partner’s at BioMed Central and M4RD in order to ensure the delivery of prizes, namely article publication. Entrant’s details are deleted after a year, or until that financial year’s accounts are complete (whichever comes last).

We also collect information about patient groups and students who which to take part in our patient group pairing scheme for the Student Voice Prize, through our pairing forms. For the patient group this includes name, condition represented, name of key contact, email address of contact, position of contact, experience of contact, and disease summary. For the student this includes name, university, question being answered, and area of interest. These forms are stored on Beacon’s servers and are not shared with any party other than our partner M4RD. This information is collected to allow pairing of students and patient groups.

7. Webinars

Lawful basis – Legitimate interest

We collect basic information about people who sign up to Beacon’s webinars through Eventbrite, including name, affiliation, and email address. This information is collected only for the purposes of contacting attendees about the webinar and to collect feedback, unless explicit permission is given for other uses. Beacon holds a digital copy of this information on our own server, allowing us to monitor the impact of our work. Attendees details are retained for a year after the project end, or until that financial year’s accounts are complete (whichever comes last).

8. Patient Group Mentoring

Lawful basis – Legitimate interest and Consent

We collect a range of information about both mentees and mentors who take part in our peer mentoring programme. This includes, name, organisational affiliation, phone number, email address, and biographical information pertinent to your role on the mentoring programme. This information is collected to allow us to make the best possible pairings for the scheme, to help deliver the most beneficial training, and to track the impact of our work. When joining the programme we will ask for your consent to share contact information with other members of the patient group mentoring programme. We will not share your information with other parties without your explicit consent.

While you are active on the patient group mentoring programme, we may add you to a mailing list administered through MailChimp, in order easily update you about the programme. MailChimp’s privacy policy can be viewed here.

We will retain your information for up to three years after your involvement in the programme, as it relies on the establishment of a network of active and interested rare disease patient groups and mentors who are willing to learn and support one another. We may contact you directly during this period to ask for you professional assistance as part of the ongoing peer mentoring programme. You will not be contacted through a mailing list during this time, and your details will not be held in a peer mentoring MailChimp list if you are not active in the programme.

9. Fundraising

Lawful basis – Legitimate interest and Consent

We collect the personal information of individuals who take up charity places for Beacon’s fundraising charity events, or who are actively fundraising for Beacon. This is collected to allow effective registration, to support you in your fundraising efforts, and to monitor success. We will not contact you about other things without your explicit permission.

Beacon uses Wonderful, PayPal Giving, and Give As You live Donate to administer its online donations. All three collect and holds information on fundraisers and donors to fulfil this role. You can view Wonderful’s privacy policy here. You can view PayPal’s privacy policy here. You can view Give As You Live Donate’s privacy policy here. We also use Give As You Live Shopping which provides some information donors – this is governed by the same privacy policy. Beacon has access to this fundraising information which is used and stored for accounting purposes, and to assess the impact of our fundraising promotion. We will not contact a donor or fundraiser without your explicit permission.

10. Focus groups and research projects

Lawful basis – Consent

If you volunteer to take part in one of our research projects, with your consent we will store your contact information and any recordings (for example, recordings of interviews or focus groups) along with written notes from the recordings. We will not identify individuals within any resultant publications without securing explicit consent first.

11. Expense claims

Lawful basis – Administration

In the event that Beacon reimburses expenses for an individual attending or assisting with an event or project, we will collect personal data in order to process such payments. We will securely store this information in order to meet the needs of our accounting processes.

12. Social media

Beacon is active on Facebook, LinkedIn, Twitter, Instagram, and Google+. Beacon does not collect data from these social media sources, though we will endeavour to answer messages directed to us through these sources. All messages sent to Beacon in this regard are governed by the privacy policies of the chosen platform.

13. Our staff and volunteers

Lawful basis – Administration

We hold personal information about our staff, trustees, advisory board members and volunteers. We also hold information on recent job and volunteer applicants.

How long do we keep your information?

We keep your information for as long as is necessary to deliver any associated projects effectively for you and track our charity impact. This will normally amount to at least one year, but specific guidelines for each of our projects can be found above. In many cases our funding agreements will require that we retain documentation relating to project finances, attendance, and delivery for a period of five years. Your data will be retained securely in such situations to meet the obligations of our funders and good financial practice.

Your rights

You may ask us to destroy any personal information that we hold on you so that you receive no further information or contact from us. In this circumstance, if you are currently registered for an event or project we will contact you to confirm your wish to continue involvement, and if so remove your data subsequent to completion of the programme. If you have taken part in a research project, your research information will be kept for 3 years or as otherwise detailed to you in the project information sheet, after the end of the project then destroyed securely.

You may ask to have a copy of the information we hold about you and/or your organisation and to amend, update, add to or delete it at any time. Should you wish to restrict the use of your personal information, please contact us by email at data@rarebeacon.org or in writing at the address supplied on the Beacon website.

Who has access to your information?

Our members of staff have access to your personal information. If you provide information through involvement with a specific event or project, that information will also be shared with any organisations that are listed as a project collaborator or co-organiser. Note, a project sponsor or funder is not considered a collaborator and would not receive data through these means. Finally, some information may be shared with event venues to ensure that your needs are met on the day.

As detailed above, we may use third parties to provide services on our behalf, including MailChimp, Eventbrite, and Virgin Money Giving. Those parties only collect and hold the information they need to deliver the service, though data is held in accordance with their own privacy policies.

If you have taken part in a research project, we will not tell anyone you have taken part and we will not share your information with any third party without your consent. Any collaborators with access to your information will be explicitly named when you give your consent.

We may disclose personal information if we receive a complaint about any content you have posted or transmitted to or from one of our sites, if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of Beacon, any child or vulnerable adult, our staff, any visitor or third party. Except as indicated above we will not use or transfer this data to any third parties without your explicit consent permission.

Publications

We publish information leaflets, reports and newsletters for our subscribers and those that interact with Beacon. From time to time these will contain personal information about our beneficiary patient groups, patients, or collaborators. We never publish any information or an explicitly identified image without clear consent from those concerned. We might use quotes from your research information in academic publications and conferences but will always ask your permission if anything in the quotation is identifiable.

Can you access the information we hold about you?

Yes, you have the right to access information stored about you by Beacon. You need to write to us at the address below or email us at data@rarebeacon.org. We will then provide you with the following information:

  • What personal data is stored
  • The purposes for which your data is being processed
  • Who has access to your data

What security measures do we have?

We have implemented technology and policies to protect your privacy from unauthorised access and improper use and will review these measures on a regular basis. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur, we shall endeavour to prevent this.

Links to other websites

Beacon’s websites may contain links to selected websites which we feel may be of interest. Please note that once you use one of these links to leave our website, we do not have any control over that other website. Please exercise caution and refer to their privacy policy and/or terms & conditions of use as we cannot be held responsible for the protection or privacy of any information you provide to a third party.

Any questions about privacy?

If you have any questions or concerns about how we protect your personal information, please contact us.

 

E-MAIL

data@rarebeacon.org

POST

Beacon c/o AdviceHub
66 Devonshire Road
Cambridge
CB1 2BL

TELEPHONE

+44 (0) 1223 865888