Policies

Below you will find all of Arthritis Action’s Policy documents:

• Data Protection Policy
• Privacy Policy
• Cookie Policy
• Volunteering Policy
• Safeguarding Policy
• Advertisement Policy
• Donations Acceptance Policy
• Complaints Policy
• Research Policy
• Disclosure and Barring Service (DBS) Policy
• Diversity Policy

Data Protection

 This document aims to explain what individual information we collect, store and process from our members and supporters.

Arthritis Action promises to respect and look after all personal data you share with us or that we get from other organisations. We will always keep it safe. We aim to be clear when we collect your data about what we’ll use it for, and not do anything you wouldn’t reasonably expect, whether you are a supporter, volunteer or service user. We never sell your personal data to other organisations, and will only ever share it in appropriate, legal or in exceptional circumstances (please see our Safeguarding Policy).

The purpose of this policy is to give you a clear explanation about your data protection rights and how Arthritis Action collects and uses the personal information you provide to us. It explains what we collect, whether online, via the phone, email, in letters or in any other correspondence or from third parties, and how we process and use it to provide vital services to our members and beneficiaries.

By allowing us to use personal data, you are helping us to make better decisions, improve our services for people affected by arthritis and fundraise more effectively.

Our marketing communications include information about our services, research, volunteering, campaigns and fundraising activities. If you would like to change what you receive from us please email us at info@arthritisaction.org.uk to update your communication preferences. If you have any questions regarding this privacy policy, please email info@arthritisaction.org.uk.

1.0 Who is Arthritis Action?

Arthritis Action is a charity registered in England and Wales and incorporated by Royal Charter (charity registration number 292569).

Arthritis Action Ltd (registered company in England and Wales no. 01914825) is the wholly owned subsidiary of Arthritis Action which can trade on our behalf.

2.0 What are your Data Protection Rights?

In all cases you have the:

• Right to be informed whether or not we process your information and how that information is stored and used by us.
• Right to access your information at any time by submitting a request via email at: info@arthritisaction.org.uk. Information will be provided to you within a month of your request being received.
• Right to correct the information we hold about you if it is incorrect or incomplete.
• Right to delete the information we hold about you, this being termed the ‘right to be forgotten’. It is not always possible to delete all information due to legal reasons or processing requirements, but where this is the case this will be explained to you further.
• Right to restrict processing of your information at any time by contacting the relevant department as indicated below or the Data Protection Officer. This may be to change how you support us and how we may contact you in the future.
• Right to move the information you have provided to us to another organisation. We will provide this to you in a form that is accessible to another organisation.
• Right to object to any processing where you feel appropriate consents have not been sought by ourselves. In these circumstances we will investigate your concerns and the decisions we have made accordingly.
• Right to object to automated decision making where your data is processed by machines and decisions made without human intervention. This is also applicable to profiling where decisions may be made automatically to evaluate certain things about you.
• Right to withdraw consent if we have obtained your consent to process your data, you can withdraw this consent at any time by contacting the Data Protection Officer. This will not affect the lawfulness of processing based on consent before its withdrawal.

To request further information on your rights or to request a change as per your rights above, please contact the Data Protection Officer at info@arthritisaction.org.uk.

3.0 How and when we collect information about you

We collect information in the following ways:

3.1    When you give it to us directly

You may give us your details when you sign up for one of our events, receive support from our staff or another service, volunteer with us, order an information booklet, tell us your story, make a donation, fundraise for us or communicate with us.

3.2    When you give it to us indirectly

You may give information to us indirectly when you sign up to events such as the Brighton Marathon or contribute to Arthritis Action via fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do so when you have indicated that you wish to support Arthritis Action and with your consent. You should check their privacy policy when you provide your information to understand fully how they will process your data.

3.3    When you use our website

Like most websites, we use ‘cookies’ to help us make our site, and the way you use it better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

As well as this, cookies can tell us the type of device you’re using to access our website and the settings on that device may provide us with information including what type device it is, what operating system you’re using, what your device settings are, and why a crash has happened. This information helps us understand how people are using our website and show us how to make it better.

Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

3.4    When you access Arthritis Action’s social media

We might also obtain your personal data through your use of social media such as Facebook and Twitter depending on your settings or the privacy policies of these social media messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this:

facebook.com/legal/FB_Work_Privacy

twitter.com/en/privacy

3.5      Associated Practitioners

 We obtain data about clinicians joining our Associated Practitioners’ scheme, in particular information about their practice. This information is held in our online database and made public on our website.

3.6      When the information is publicly available
We might also obtain personal information about individuals who may be interested in giving major gifts to charities or organisations like Arthritis Action. In this case, Arthritis Action may seek to find out more about these individuals, their interests and motivations for giving through publicly available information. This information may include newspaper or other media coverage, open postings on social media such as LinkedIn, and data from Companies House.

4.0 Lawful Processing

The Data Protection Act 2018 requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:

Specific Consent
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.

Performance of a contract
Where we are entering into a contract with you or performing our obligations under it.

Legal obligation
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the Charity Commission or Fundraising Regulator.

Vital interests
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual at one of our events) or a safeguarding issue which requires us to share your information with the emergency services.

Legitimate interests
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be running Arthritis Action as a charitable organisation in pursuit of our aims and ideals. For example to:

• send postal communications which we think will be of interest to you;
• conduct research to better understand who our supporters are to better target our fundraising;
• monitor who we deal with to protect the charity against fraud, money laundering and other risks;
• enhance, modify, personalise or otherwise improve our services /communications for the benefit of our customers; and
• understand better how people interact with our website.

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under The Data Protection Act. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

When we use sensitive personal information, we require an additional legal basis to do so under the Data Protection Act, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).

5.0 What information do we collect and how do we use it?

The type of information we collect and how we use it depends on how you support Arthritis Action through the following ways:

5.1 Financial Supporters

If we wish to engage with you and approach you as a financial supporter or if you support us, for by, registering to fundraise, signing up for an event or buying something from us, we will collect:

• Your name
• Your contact details
• Your date of birth
• Your bank or credit/debit card details (only for confirmed supporters)
• Your current interests and donor activities
• Your employment situation

Where it is appropriate we may also ask for:

• Information relating to your health (for example if you are taking part in an event)
• Why you have decided to support us. We will never make the question mandatory, and only want to know the answer if you are comfortable telling us.

We will use your data to:

• Administer your donation or support your fundraising and participation in our activities, including processing Gift Aid
• Keep a record of your relationship with us
• Ensure we know how you prefer to be contacted
• Manage feedback or complaints we receive from you
• To share your story with fellow supporters, with your consent

Some of our supporters choose to give higher donations, and this enables Arthritis Action to have even greater impact on the lives of people affected by arthritis. To help us identify individuals, trusts or companies who may have a philanthropic interest in our work, we undertake in-house research. This research is based on information provided to us by our supporters, along with publicly available sources such as the electoral roll, Companies House records, newspaper articles, company websites, internet searches etc. Knowing more about our supporters and their interests enables us to tailor our communications in the most appropriate way, and to better engage those who have an interest in helping people affected by arthritis and becoming more involved with Arthritis Action.

5.2 Volunteers

Our Volunteers make a real difference to the lives of people affected by arthritis in the many ways they choose to support us – this may be by running a local Arthritis Action Group or by raising awareness in their local community of the work that Arthritis Action does. There are many more types of volunteers and to become one you will need to provide information to allow us to assess your suitability for a particular role, to provide training and to correspond with you about your chosen role and provide additional information about Arthritis Action and its various activities.

The types of information we may collect include:

• Your basic contact details including your name, address, date of birth, telephone number and email address;
• Your bank details will be required in order for you to claim expenses;
• Identification including passport, drivers licence, birth certificate, utility bills etc. in order to carry out Disclosure and Barring Service checks;
• Your photo will be required for identification purposes when carrying out some volunteering roles;
• Details of any Next of Kin/trusted contact and any special needs we may need to be aware of for Health and Safety purposes;
• Details of any referees that support your application to become a Volunteer.

Some of the information collected will be sensitive data that will be destroyed once the purpose for its initial collection has been served. This includes data for DBS checking which is destroyed once appropriate checks have been completed.

Your data is stored securely on Arthritis Action systems. Sensitive data is only available internally to those staff that needs to view it as part of their job role.

We will only use your data for administering your volunteering role with Arthritis Action and also for keeping you informed of the work that is being carried out by other areas of the organisation.

The type of information we collect and how we use it depends on how you receive support from Arthritis Action through the following ways:

5.3 Users of our Information Services

Arthritis Action provides people affected by arthritis and their families with clear, free and impartial information on the issues that matter: care and support, health and mobility, diet and healthy eating; they also offer signposting for in depth advice.

This service may record a variety of information about the user which may include their basic contact details (name and telephone number), age, and any health, disabilities and mobility issues which are directly related to the advice being sought or issues discussed. This information will be stored (including the telephone conversation itself) for training and quality purposes and will not be used or viewed by any other area of the organisation who do not need to know it as part of their work.

The information recorded may be shared with other third-parties to enable us to review the quality of our services and to safeguard the security and wellbeing of the individual in emergency situations – to prevent harm or to assist the emergency services in preventing or detecting a crime.  The public interest in safeguarding may override confidentiality interests in this regard.  However, all information will be shared on a need to know basis only, this being decided by a qualified, designated person at the time.

We will at times call users to the service to ensure we have dealt with their requests and concerns in an effective and diligent manner to evaluate the quality of our services, but also to seek specific consent to use their experiences where we feel would be of benefit to others.

5.4 Membership Services

In order for us to carry out these services we need to collect, store and process a variety of information about you, some of which will be personal and special category (sensitive) information. The types of information we may collect include:

• Your basic contact details including your name, address, date of birth, telephone number, email address and any emergency contact information;
• Information about any health, medical and disability issues, including any mobility issues;
• Information about your property, its location e.g. rural, city etc.;
• Any interests and hobbies you may have in order for us to deliver the services to you of most value;
• Additional information may be collected to enable us to provide personal support, this being decided on a case-by-case basis and discussed with the individual at the time.
• Member and Contact data will not be put onto data sticks. Data sticks will only be used for non-confidential information, for example: information related to presentations and presentations.

5.5 Employees and Job Applicants

We collect and process personal data as part of an individual’s working relationship with the organisation. Once the hiring process is complete, we destroy the files unless a candidate has expressed that they would like us to keep their information for future opportunities.

5.6 Suppliers

We will store contact and financial details of suppliers in order to manage and process contracts and payments.

5.7 Attendees of our Groups

In order for us to carry out this service we need to collect, store and process a variety of information about you, some of which will be personal and special category (sensitive) information. The types of information we may collect include:

• Your basic contact details including your name, address, date of birth, telephone number, email address and any emergency contact information;
• Information about any health, medical and care needs, including any mobility issues;
• Information about your property, its location e.g. rural, city etc.;
• Special category information including your gender, ethnicity, religion and any disabilities to help ensure we are providing an inclusive service;
• Any interests and hobbies you may have in order for us to deliver the services to you of most value;

We will ask further information from you during and after your participation to monitor and evaluate the quality of the service provided, the impact it has had on you, and your satisfaction.

6.0 Keeping your information up to date

Where possible we use publicly available sources to keep your records up to date; for example The Post Office’s National Change of Address database and information provided to us by other organisations as described above (see the How and When we collect data from you section). Where we might use external sources of data to help us provide more accurate communications with you, we will seek assurances from these third parties that any information provided would have been collected lawfully and appropriate consents sought to share that data with other organisations like ourselves.

7.0 How long we keep your information for

We keep your personal data only for as long as we need to use it for the purposes set out in this Policy.

We have adopted a data retention policy that sets out the different periods we retain personal data for in respect of these relevant purposes. The criteria we use for determining these retention periods is based on various legal requirements; the purpose for which we hold data and whether there is a legitimate reason for continuing to store it (such as in order to deal with any future legal disputes); and guidance issued by relevant regulatory authorities including, but not limited to, the Information Commissioner’s Office (ICO).

Personal data that we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it. Some personal data may be retained by us in archives for statistical or historical purposes although we will do this in a manner that complies with applicable data protection law.

We continually review what personal data and records we hold, and delete what is no longer required. We never store payment card data after the transaction has been completed.

8.0 Direct Marketing

We only want to contact supporters, service users and volunteers who want to hear from us in the ways that they have told us. Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing.

If you have given us your consent to contact you by email, telephone and text message, we may contact you for marketing purposes by using that channel. We may also contact you by email or telephone or text message for administration purposes (e.g. where you make a donation).

If you have provided us with your postal address then we may use our legitimate interest to send you direct mail for fundraising or campaigning unless you told us that you would prefer not to hear from us in this way.

If you don’t want to hear from us, that’s fine. Just let us know when you provide your details, or email us at info@arthritisaction.org.uk to let us know.

We will retain your details on a suppression list to help ensure that we do not continue to contact you in future unless we receive a direct response otherwise.

We do not sell or share personal details to third parties for the purposes of marketing.

9.0 Building profiles of supporters and targeting communications

We may use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters. Profiling also allows us to target our resources effectively. It enables us to raise more funds, sooner, and more cost effectively, than we otherwise would.

When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications.

If you would prefer us not to use your personal data for building profiles, please let us know by using the contact details in section 13.

10.0 Sharing your story

From time-to-time we use real-life case studies to demonstrate the impact of our work with external bodies, key stakeholder groups and the general public as a whole. This information may have been directly provided by our customers or indirectly through the various services we offer. This is extremely powerful and where we feel your information can make a real difference to others, we will ask you for your specific consent to use it. We will always make sure we have explicit and informed consent from the individuals concerned for the specific use of this information. We will always keep this information safe and secure.  This information may be shared at events, in promotional materials of fundraising campaigns or in documents such as our impact report.

11.0 How we keep your data safe and who has access

Arthritis Action stores all the information held about you on a secure online database, which is within the UK and the European Economic Area and protected by UK data protection law and other associated legislation.

Arthritis Action take the security of your data very seriously. The organisation has internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.  This includes strict access controls and security of its network and databases (and the information within), and rigorous change controls to ensure only those people who have a need to view, amend or process your information, can do.

12.0 Your information and Third Parties

Arthritis Action does not trade names with other organisations, ‘list swap’ or rent out contact information or other personal data provided to us. We will never pass your details to a third-party to use in the course of their own business activities.

Arthritis Action may disclose your details to a third party if there is a legal obligation to do so. Only that data which is required to fulfil the obligation may be provided and no other information.

13.0 Who to contact for more Information

If you would like to contact us for more information about this policy or any other data protection related matter or to make an access request, please contact the Data Protection Officer at the address or email indicated below.

Please write to:

Data Protection Officer
(Private & Confidential)
Arthritis Action

One Upperton Gardens

Eastbourne

BN21 2AA

For matters relating to different areas of the organisation, please mark any correspondence as ‘Private & Confidential’ and address to: Arthritis Action, One Upperton Gardens, Eastbourne, BN21 2AA.

Complaining to the Information Commissioner’s Office
Where you believe that we have not complied with our obligations under the Data Protection Act and this Privacy Policy, you have the right to make a complaint to the Information Commissioner’s Office (ICO) or through the courts. We would always encourage you to let us know of any complaint you may have and we will respond in line with our complaints procedure.

If you are not satisfied with our reply and/or outcome, or with our handling of your complaint you have the right to make a complaint to the ICO. You can find out more information about reporting a concern on the ICO website or by contacting their helpline number on 0303 123 1113.

Arthritis Action promises to respect and look after all personal data you share with us or that we get from other organisations. We will always keep it safe. We aim to be clear when we collect your data about what we’ll use it for, and not do anything you wouldn’t reasonably expect, whether you are a supporter, volunteer or service user. We never sell your personal data to other organisations, and will only ever share it in appropriate, legal or in exceptional circumstances (please see our Safeguarding Policy).

The purpose of this policy is to give you a clear explanation about your data protection rights and how Arthritis Action collects and uses the personal information you provide to us. It explains what we collect, whether online, via the phone, email, in letters or in any other correspondence or from third parties, and how we process and use it to provide vital services to our members and beneficiaries.

By allowing us to use personal data, you are helping us to make better decisions, improve our services for people affected by arthritis and fundraise more effectively.

Our marketing communications include information about our services, research, volunteering, campaigns and fundraising activities. If you would like to change what you receive from us please email us at info@arthritisaction.org.uk to update your communication preferences. If you have any questions regarding this privacy policy, please email info@arthritisaction.org.uk.

1. Who is Arthritis Action?

Arthritis Action is a charity registered in England and Wales and incorporated by Royal Charter (charity registration number 292569).

Arthritis Action Ltd (registered company in England and Wales no. 01914825) is the wholly owned subsidiary of Arthritis Action which can trade on our behalf.

2. What are your Data Protection Rights?

In all cases you have the:

• Right to be informed whether or not we process your information and how that information is stored and used by us.
• Right to access your information at any time by submitting a request via email at: info@arthritisaction.org.uk. Information will be provided to you within a month of your request being received.
• Right to correct the information we hold about you if it is incorrect or incomplete.
• Right to delete the information we hold about you, this being termed the ‘right to be forgotten’. It is not always possible to delete all information due to legal reasons or processing requirements, but where this is the case this will be explained to you further.
• Right to restrict processing of your information at any time by contacting the relevant department as indicated below or the Data Protection Officer. This may be to change how you support us and how we may contact you in the future.
• Right to move the information you have provided to us to another organisation. We will provide this to you in a form that is accessible to another organisation.
• Right to object to any processing where you feel appropriate consents have not been sought by ourselves. In these circumstances we will investigate your concerns and the decisions we have made accordingly.
• Right to object to automated decision making where your data is processed by machines and decisions made without human intervention. This is also applicable to profiling where decisions may be made automatically to evaluate certain things about you.
• Right to withdraw consent if we have obtained your consent to process your data, you can withdraw this consent at any time by contacting the Data Protection Officer. This will not affect the lawfulness of processing based on consent before its withdrawal.

To request further information on your rights or to request a change as per your rights above, please contact the Data Protection Officer at info@arthritisaction.org.uk.

3. How and when we collect information about you

We collect information in the following ways:

3.1    When you give it to us directly
You may give us your details when you sign up for one of our events, receive support from our staff or another service, volunteer with us, order an information booklet, tell us your story, make a donation, fundraise for us or communicate with us.

3.2    When you give it to us indirectly
You may give information to us indirectly when you sign up to events such as the Brighton Marathon or contribute to Arthritis Action via fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do so when you have indicated that you wish to support Arthritis Action and with your consent. You should check their privacy policy when you provide your information to understand fully how they will process your data.

3.3    When you use our website
Like most websites, we use ‘cookies’ to help us make our site, and the way you use it better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

As well as this, cookies can tell us the type of device you’re using to access our website and the settings on that device may provide us with information including what type device it is, what operating system you’re using, what your device settings are, and why a crash has happened. This information helps us understand how people are using our website and show us how to make it better.

Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

3.4    When you access Arthritis Action’s social media
We might also obtain your personal data through your use of social media such as Facebook and Twitter depending on your settings or the privacy policies of these social media messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this:

facebook.com/legal/FB_Work_Privacy

twitter.com/en/privacy

https://help.instagram.com/519522125107875

https://policies.google.com/privacy

https://healthunlocked.com/policies/privacy

3.5       Associated Practitioners

We obtain data about clinicians joining our Associated Practitioners’ scheme, in particular information about their practice. This information is held in our online database and made public on our website.

3.6       When the information is publicly available
We might also obtain personal information about individuals who may be interested in giving major gifts to charities or organisations like Arthritis Action. In this case, Arthritis Action may seek to find out more about these individuals, their interests and motivations for giving through publicly available information. This information may include newspaper or other media coverage, open postings on social media such as LinkedIn, and data from Companies House.

4. Lawful Processing

The Data Protection Act 2018 requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:

Specific Consent
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.

Performance of a contract
Where we are entering into a contract with you or performing our obligations under it.

Legal obligation
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the Charity Commission or Fundraising Regulator.

Vital interests
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual at one of our events) or a safeguarding issue which requires us to share your information with the emergency services.

Legitimate interests
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be running Arthritis Action as a charitable organisation in pursuit of our aims and ideals. For example to:

• send postal communications which we think will be of interest to you;
• conduct research to better understand who our supporters are to better target our fundraising;
• monitor who we deal with to protect the charity against fraud, money laundering and other risks;
• enhance, modify, personalise or otherwise improve our services /communications for the benefit of our customers; and
• understand better how people interact with our website.

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under The Data Protection Act. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

When we use sensitive personal information, we require an additional legal basis to do so under the Data Protection Act, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).

5. What information do we collect and how do we use it?

The type of information we collect and how we use it depends on how you support Arthritis Action through the following ways:

5.1 Financial Supporters
If we wish to engage with you and approach you as a financial supporter or if you support us, for by, registering to fundraise, signing up for an event or buying something from us, we will collect:

• Your name
• Your contact details
• Your date of birth
• Your bank or credit/debit card details (only for confirmed supporters)
• Your current interests and donor activities
• Your employment situation

Where it is appropriate we may also ask for:

• Information relating to your health (for example if you are taking part in an event)
• Why you have decided to support us. We will never make the question mandatory, and only want to know the answer if you are comfortable telling us.

We will use your data to:

• Administer your donation or support your fundraising and participation in our activities, including processing Gift Aid
• Keep a record of your relationship with us
• Ensure we know how you prefer to be contacted
• Manage feedback or complaints we receive from you
• To share your story with fellow supporters, with your consent

Some of our supporters choose to give higher donations, and this enables Arthritis Action to have even greater impact on the lives of people affected by arthritis. To help us identify individuals, trusts or companies who may have a philanthropic interest in our work, we undertake in-house research. This research is based on information provided to us by our supporters, along with publicly available sources such as the electoral roll, Companies House records, newspaper articles, company websites, internet searches etc. Knowing more about our supporters and their interests enables us to tailor our communications in the most appropriate way, and to better engage those who have an interest in helping people affected by arthritis and becoming more involved with Arthritis Action.

5.2 Volunteers

Our Volunteers make a real difference to the lives of people affected by arthritis in the many ways they choose to support us – this may be by running a local Arthritis Action Group or by raising awareness in their local community of the work that Arthritis Action does. There are many more types of volunteers and to become one you will need to provide information to allow us to assess your suitability for a particular role, to provide training and to correspond with you about your chosen role and provide additional information about Arthritis Action and its various activities.

The types of information we may collect include:

• Your basic contact details including your name, address, date of birth, telephone number and email address;
• Your bank details will be required in order for you to claim expenses;
• Identification including passport, drivers licence, birth certificate, utility bills etc. in order to carry out Disclosure and Barring Service checks;
• Your photo will be required for identification purposes when carrying out some volunteering roles;
• Details of any Next of Kin/trusted contact and any special needs we may need to be aware of for Health and Safety purposes;
• Details of any referees that support your application to become a Volunteer.

Some of the information collected will be sensitive data that will be destroyed once the purpose for its initial collection has been served. This includes data for DBS checking which is destroyed once appropriate checks have been completed.

Your data is stored securely on Arthritis Action systems. Sensitive data is only available internally to those staff that needs to view it as part of their job role.

We will only use your data for administering your volunteering role with Arthritis Action and also for keeping you informed of the work that is being carried out by other areas of the organisation.

The type of information we collect and how we use it depends on how you receive support from Arthritis Action through the following ways:

5.3 Users of our Information Services
Arthritis Action provides people affected by arthritis and their families with clear, free and impartial information on the issues that matter: care and support, health and mobility, diet and healthy eating; they also offer signposting for in depth advice.

This service may record a variety of information about the user which may include their basic contact details (name and telephone number), age, and any health, disabilities and mobility issues which are directly related to the advice being sought or issues discussed. This information will be stored (including the telephone conversation itself) for training and quality purposes and will not be used or viewed by any other area of the organisation who do not need to know it as part of their work.

The information recorded may be shared with other third-parties to enable us to review the quality of our services and to safeguard the security and wellbeing of the individual in emergency situations – to prevent harm or to assist the emergency services in preventing or detecting a crime.  The public interest in safeguarding may override confidentiality interests in this regard.  However, all information will be shared on a need to know basis only, this being decided by a qualified, designated person at the time.

We will at times call users to the service to ensure we have dealt with their requests and concerns in an effective and diligent manner to evaluate the quality of our services, but also to seek specific consent to use their experiences where we feel would be of benefit to others.

5.4 Membership Services.

In order for us to carry out these services we need to collect, store and process a variety of information about you, some of which will be personal and special category (sensitive) information. The types of information we may collect include:

• Your basic contact details including your name, address, date of birth, telephone number, email address and any emergency contact information;
• Information about any health, medical and disability issues, including any mobility issues;
• Information about your property, its location e.g. rural, city etc.;
• Any interests and hobbies you may have in order for us to deliver the services to you of most value;
• Additional information may be collected to enable us to provide personal support, this being decided on a case-by-case basis and discussed with the individual at the time.

5.5 Employees and Job Applicants
We collect and process personal data as part of an individual’s working relationship with the organisation. Once the hiring process is complete, we destroy the files unless a candidate has expressed that they would like us to keep their information for future opportunities.

5.6 Suppliers
We will store contact and financial details of suppliers in order to manage and process contracts and payments.

5.7 Attendees of our Groups

In order for us to carry out this service we need to collect, store and process a variety of information about you, some of which will be personal and special category (sensitive) information. The types of information we may collect include:

• Your basic contact details including your name, address, date of birth, telephone number, email address and any emergency contact information;
• Information about any health, medical and care needs, including any mobility issues;
• Information about your property, its location e.g. rural, city etc.;
• Special category information including your gender, ethnicity, religion and any disabilities to help ensure we are providing an inclusive service;
• Any interests and hobbies you may have in order for us to deliver the services to you of most value;

We will ask further information from you during and after your participation to monitor and evaluate the quality of the service provided, the impact it has had on you, and your satisfaction.

6. Keeping your information up to date

Where possible we use publicly available sources to keep your records up to date; for example The Post Office’s National Change of Address database and information provided to us by other organisations as described above (see the How and When we collect data from you section). Where we might use external sources of data to help us provide more accurate communications with you, we will seek assurances from these third parties that any information provided would have been collected lawfully and appropriate consents sought to share that data with other organisations like ourselves.

7. How long we keep your information for

We keep your personal data only for as long as we need to use it for the purposes set out in this Policy.

We have adopted a data retention policy that sets out the different periods we retain personal data for in respect of these relevant purposes. The criteria we use for determining these retention periods is based on various legal requirements; the purpose for which we hold data and whether there is a legitimate reason for continuing to store it (such as in order to deal with any future legal disputes); and guidance issued by relevant regulatory authorities including, but not limited to, the Information Commissioner’s Office (ICO).

Personal data that we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it. Some personal data may be retained by us in archives for statistical or historical purposes although we will do this in a manner that complies with applicable data protection law.

We continually review what personal data and records we hold, and delete what is no longer required. We never store payment card data after the transaction has been completed.

8. Direct Marketing

We only want to contact supporters, service users and volunteers who want to hear from us in the ways that they have told us. Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing.

If you have given us your consent to contact you by email, telephone and text message, we may contact you for marketing purposes by using that channel. We may also contact you by email or telephone or text message for administration purposes (e.g. where you make a donation).

If you have provided us with your postal address then we may use our legitimate interest to send you direct mail for fundraising or campaigning unless you told us that you would prefer not to hear from us in this way.

If you don’t want to hear from us, that’s fine. Just let us know when you provide your details, or email us at info@arthritisaction.org.uk to let us know.

We will retain your details on a suppression list to help ensure that we do not continue to contact you in future unless we receive a direct response otherwise.

We do not sell or share personal details to third parties for the purposes of marketing.

9. Building profiles of supporters and targeting communications

We may use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters. Profiling also allows us to target our resources effectively. It enables us to raise more funds, sooner, and more cost effectively, than we otherwise would.

When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications.

If you would prefer us not to use your personal data for building profiles, please let us know by using the contact details in section 13.

10. Sharing your story

From time-to-time we use real-life case studies to demonstrate the impact of our work with external bodies, key stakeholder groups and the general public as a whole. This information may have been directly provided by our customers or indirectly through the various services we offer. This is extremely powerful and where we feel your information can make a real difference to others, we will ask you for your specific consent to use it. We will always make sure we have explicit and informed consent from the individuals concerned for the specific use of this information. We will always keep this information safe and secure.  This information may be shared at events, in promotional materials of fundraising campaigns or in documents such as our impact report.

11. How we keep your data safe and who has access

Arthritis Action stores all the information held about you on a secure online database, which is within the UK and the European Economic Area and protected by UK data protection law and other associated legislation.

Arthritis Action take the security of your data very seriously. The organisation has internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.  This includes strict access controls and security of its network and databases (and the information within), and rigorous change controls to ensure only those people who have a need to view, amend or process your information, can do.

12. Your information and Third Parties

Arthritis Action does not trade names with other organisations, ‘list swap’ or rent out contact information or other personal data provided to us. We will never pass your details to a third-party to use in the course of their own business activities.

Arthritis Action may disclose your details to a third party if there is a legal obligation to do so. Only that data which is required to fulfil the obligation may be provided and no other information.

13. Who to contact for more Information

If you would like to contact us for more information about this policy or any other data protection related matter or to make an access request, please contact the Data Protection Officer at the address or email indicated below.

Please write to: Data Protection Officer (Private & Confidential), Arthritis Action, One Upperton Gardens, Eastbourne, BN21 2AA.

For matters relating to different areas of the organisation, please mark any correspondence as ‘Private & Confidential’ and address to: Arthritis Action, One Upperton Gardens, Eastbourne, BN21 2AA.

Complaining to the Information Commissioner’s Office
Where you believe that we have not complied with our obligations under the Data Protection Act and this Privacy Policy, you have the right to make a complaint to the Information Commissioner’s Office (ICO) or through the courts. We would always encourage you to let us know of any complaint you may have and we will respond in line with our complaints procedure.

If you are not satisfied with our reply and/or outcome, or with our handling of your complaint you have the right to make a complaint to the ICO. You can find out more information about reporting a concern on the ICO website or by contacting their helpline number on 0303 123 1113.

Privacy Policy

Any information given to Arthritis Action by Members will be held and used for the purpose of helping them with their arthritis; used for the purpose of contacting them regarding their membership; and used for mailing updates, general information, and copies of our Members’ magazine. All information provided by Members shall be treated as proprietary and confidential.

Cookies: We do not use cookies for collecting user information and we will not collect any information about you except that required for system administration of our web server.

Log files: We use our records of the pages users have visited on the website to analyse trends, administer the site and track user’s movements. Our records do not contain any personal information about users.

Links: This website may from time-to-time contain links to other sites. Please be aware that Arthritis Action is not responsible for the privacy practices of other web sites. We encourage our users to be aware when they leave our site and to read the privacy statements of other websites.

Notification of changes: If we decide to change our privacy policy, we will post those changes on this page so our users are aware of what information we collect and how we use it.

Disclaimer

Ideas expressed in contributors’ articles on this website are not necessarily official policy of Arthritis Action.

Whilst every care has been taken in compiling this information, Arthritis Action will not be held responsible for any loss, damage or inconvenience caused as a result of any inaccuracy or error in these pages.

When the Arthritis Action website has links to other addresses on the World Wide Web, the existence of these links does not imply validation of the content or any information or endorsement of the goods or services offered. We cannot guarantee that these links will work all of the time and we have no control over the availability of linked pages.

Cookie Policy

Donations Acceptance Policy

This policy is aligned with the Codes of Fundraising Practice set out by the Institute of Fundraising.

The Trustees and the Executive Management Team (EMT) of Arthritis Action take overall legal responsibility for decisions relating to donation acceptance or refusal. They must be able to demonstrate that they have acted in the best interest of the Charity. On a day-to-day basis, the Chief Executive Officer, along with other members of the EMT, are responsible for making decisions in relation to the acceptance or refusal of donations.

Trustees and EMT must not receive any personal benefit (individually or collectively) from donations or other material support offered to the Charity.

Guidelines for accepting donations

• Donations from individuals or corporates must align with the vision, mission and values of Arthritis Action. Arthritis Action has the right to refuse donations that do not fall within these guidelines, would impact our independence as a Charity or cause harm to our beneficiaries.
• Before partnering with a donor offering a large donation, or any corporate, Arthritis Action will conduct due diligence checks to ensure there is no involvement in any criminal acts or corruption.
• Anonymous donations of £25,000 or more need to be reported to the Charity Commission as a serious incident. Anonymous donations that are lower than £25,000 will be dealt with and considered on a case-by-case basis.
• Arthritis Action will not accept donations from industries that could cause controversy to the Charity, such as tobacco, alcohol or arms manufacturing.
• If working with pharmaceutical companies, their funding must not exceed 10% of our total budgeted income and will be considered on a case by case basis.
• Any cause-related marketing or endorsement partnership must align with our principles of self-management and healthy lifestyles.
• Donors of any kind will not be given access to our database of Members and supporters.
• Arthritis Action will not partner with anyone aiming to affect our policies.

Complaints Policy

Arthritis Action is committed to providing a good quality self-management approach and the highest possible quality of member care at all times. We recognise, however, that we may sometimes get things wrong or make mistakes. We do not look on complaints as unwanted. In fact, they may help us to see where our services or practices might be improved. So do let us know where you feel we have made a mistake or done something that you found unsatisfactory or unacceptable. Even if you do not think your particular concern amounts to a ‘complaint’ we would still like to know about it. You may help us to deal with something we would otherwise overlook.

Making a complaint

1. If you feel able, you should talk to the person concerned with your issue or complaint.
2. The next step is to talk with the staff member’s line manager.
3. If the complaint is not resolved the next step is to talk to the Director of the Arthritis Action service involved.
4. If the matter is still unresolved you should make a formal complaint to The Chief Executive Officer. On receipt of a formal complaint you will receive a reply within 5 working days and a copy of the Arthritis Action’s Complaints Procedure.
5. If the matter remains unresolved your complaint will be forwarded to the Board of Trustees, via the Chair of the Trustees, for consideration.

Repeat complainers

Arthritis Action has not experienced repeat complainers but if it did:

Each complaint would be dealt with as above.

Any repeat complaints/complainers will be forwarded to the Chief Executive Officer and Chair of Trustees who will review:

1. If the complaint is raising legitimate concerns.
2. If the complaint is being, or has been investigated properly.
3. Whether any decisions reached so far were the correct ones.
4. Whether communications with the person making the complaint were adequate, taking into considerations any needs the complainant may have.
5. Whether the complaint is now providing any significant new information that might affect the previous decisions made.

Arthritis Action is committed to providing a good quality self-management approach and the highest possible quality of member care at all times. We recognise, however, that we may sometimes get things wrong or make mistakes. We do not look on complaints as unwanted. In fact, they may help us to see where our services or practices might be improved. So do let us know where you feel we have made a mistake or done something that you found unsatisfactory or unacceptable. Even if you do not think your particular concern amounts to a ‘complaint’ we would still like to know about it. You may help us to deal with something we would otherwise overlook.

Research Policy

Arthritis Action is committed to working in partnership with individuals, charities and organisations that undertake research with the aim to empower people with arthritis to manage their condition and reduce the need for medical intervention.  The research should be aimed at:

1. Preventing the onset of arthritis
2. Developing a cure for arthritis
3. Enabling people to better manage their arthritis symptoms

Our aim is to facilitate research and be known as a resource for researchers.

Proactive Research

Arthritis Action will network and keep in contact with other Arthritis and MSK charities to keep abreast with potential research opportunities. Arthritis Action will not normally fund research directly as our policy is to invest in the provision of member services. We will, however, consider collaboration with other organisations as our aim is to work with people who are funding research and who want a partner to:

1. Assist them to develop their research
2. To trial a technological product or aid
3. To trial an approach or new technique

Reactive Research

Arthritis Action is open to hearing from people who are undertaking studies, for example PhD and Masters Courses.  Arthritis Action will inform members of opportunities to become involved with these research studies.

For more information please contact: info@arthritisaction.org.uk

Disclosure and Barring Service (DBS) Policy

Arthritis Action has a duty of care to anyone who comes into contact with the Charity. It is committed to the fair treatment of its staff, potential staff, volunteers, members and users of its services, regardless of race, gender, religion, sexual orientation, responsibilities for dependants, age, physical/mental disability or offending background.

Arthritis Action actively promotes equality of opportunity for all with the right mix of talent, skills and potential and welcomes applications from a wide range of candidates, including those with criminal records.  Arthritis Action selects all candidates for interview based on their skills, qualifications and experience.

Arthritis Action would only submit an application for a criminal record check to the DBS after a thorough risk assessment has indicated that one is both proportionate and relevant to the position concerned.  Where a DBS check is identified as necessary, all application forms, job adverts and recruitment briefs will contain a statement that an application for a DBS certificate will be submitted in the event of the individual being offered the position.

This Policy will be available to those applying for positions at the time of recruitment.

We also comply fully with the Code of Practice issued under section 122 of the Police Act 1997.  As a result, we make every subject of a criminal record check submitted to the DBS aware of the existence of this Code and undertake not to discriminate unfairly against them as a result of any convictions or other information revealed.  A copy of the Code of Practice can be found on the following website.  https://www.gov.uk/government/publications/dbs-code-of-practice.

Arthritis Acton

1. will only ask for details of convictions and cautions that we are legally entitled to know about.
2. will only submit a criminal record check to the DBS after a thorough risk assessment has indicated that one is proportionate and relevant to the position concerned. For positions where a criminal records check is identified as necessary, all application forms, job adverts and recruitment briefs will contain a statement that an application for a DBS certificate will be submitted in the event of the individual being offered the position
3. ensures that all its employees who are involved in the recruitment process have been suitably trained to identify and assess the relevance and circumstances of offences and have received appropriate guidance and training in the relevant legislation relating to the employment of ex-offenders.
4. ensures that an open and measured discussion takes place about any offences or other matter that might be relevant for the position. However, failure to reveal information that is directly relevant to the position sought could lead to a withdrawal of an offer of employment.
5. undertakes to discuss any matter revealed on a DBS certificate with the individual seeking the position before withdrawing a conditional offer of employment.

Diversity Policy

Arthritis Action’s commitment to equality, diversity and inclusion
Equality, diversity and inclusion are central to everything we do at Arthritis Action. We aim to celebrate the diversity of people affected by arthritis, and to support everyone to overcome the barriers to their full inclusion and participation in society.

What do we mean by diversity and inclusion?
We are all different. We come from different backgrounds, have different family structures and relationships, come from different geographical places, have different faith and belief systems, see the world differently and have different abilities. Diversity is about positively valuing and harnessing these differences.

Inclusion refers to a person’s experience – whether that’s at work, when using public services or in wider society – and the extent to which each person feels valued and included.

Arthritis Action understands that positively valuing diversity and inclusion can make the Charity better; helping us learn, innovate and deliver benefits for the people we’re here to help. We strive to value and harness diversity in everything we do, including making our services and products inclusive and accessible to everyone.

What is Arthritis Action’s position on diversity and inclusion?
Arthritis Action will not tolerate any discrimination, victimisation or harassment on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex or sexual orientation.

We are committed to tackling the inequalities and exclusion experienced by people affected by arthritis, and promoting equality and inclusion of those people from diverse backgrounds in all areas of our work.

How do we do promote inclusion in our work?
We respect and value the diversity of our staff and volunteers. Our Trustees and Executive Management Team are responsible for leading and modelling our commitment to promoting equality and valuing diversity to create an inclusive culture, for driving change and monitoring progress, facilitating the sharing of best practice across our organisation, and ensuring that Arthritis Action meets our obligations under the Equality Act 2010 and all other relevant legislation.

Why do we do this?
Society cannot improve for anyone while people are treated unfairly because of their age, or their ethnicity, gender, religion or belief, sexual orientation, or because they are disabled.

It is unlawful for organisations to discriminate on the grounds of gender, gender identity, race, religion and belief, sexual orientation and disability in employment and training, and in the provision of goods, facilities, and services, except in very limited circumstances.

We believe an inclusive society where everyone is treated with dignity and respect will help to develop greater social cohesion, tolerance, stability and prosperity in the wider society.

Last reviewed April 2021