West Midland Adult Cystic Fibrosis Centre is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
The information in this policy is valid for visitors to heartlandscf.org and pertains to the information they share or that is collected about them whilst viewing and interacting with the website's content. This policy is not applicable to information collected offline or via other channels - for this, see the GDPR Patient Information Sheet lower down the page.
If you can't find the information you're looking for within the policy or if you have any additional questions please contact us.
PII (Personally Identifiable Information) we collect and how we use it
If you make a donation, use the marketing sign up consent form, or contact us via the website, we may collect the following information:
- Your name
- Your email address
- Your house name or number and postcode, if you choose to Gift Aid a donation
- You may also include a message if contacting us
We hold PII you submit through forms on the website for a maximum of 12 months. We collect this information in order to be able to process your donation or respond to any message you send us.
Details submitted via the marketing sign up consent form will be held indefinitely, but you may choose to unsubscribe at any time via the link at the bottom of any marketing email.
Data collected by Google Analytics
We use Google Analytics to track user activity on our website. To do this a unique identifier is created when you first visit our website and stored as a cookie so that as you visit other pages on the website, or if you leave and then return to the website, we identify the activity as belonging to the same user. This unique identifier does not directly provide us with any Personally Identifiable Information (such as your name or email address).
We monitor visitor activity to:
- Track how visitors find / arrive at our website (e.g. via a Google search, a social media post, a link on another site)
- Measure how visitors engage with our content (e.g. bounce rate, number of pages viewed per session, time spent per visit)
- Monitor the performance of our website in meeting key goals (e.g. when a visitor makes a donation)
Based on the data we collect with Google Analytics we optimise our online strategy to help the website be discovered by more potential clients and we make changes to the website to improve the experience for visitors.
Your unique identifier is held for 26 months. If you don't wish to have your activity tracked whilst visiting the website you can disable cookies for the website in your browser. The website will continue to function as normal if you disable any or all cookies.
Data we collect in server logs
We store the following information about each request (page visit) visitors make when visiting heartlandscf.org:
- IP (Internet Protocol) Address
- ISP (Internet Service Provider)
- User agent (browser and OS type)
- Date and time of each request
- The URL visited
- In the event of an error additional information about the request will be captured including headers, cookies and the request body (present on PUT and POST requests).
We collect this information to help us monitor traffic to the website, detect and analyse issues and to filter out unwanted traffic (e.g. unregistered web crawlers/bots).
We hold information in the server logs for 90 days. This information we collect does not directly provide us with any PII (Personally Identifiable Information) (such as your name or email address) except where PII is submitted as part of a request that generates an error. For example, if you were submitting your email address as part of sending an enquiry and an issue was raised your email would be collected as part of the error information.
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request copies of your personal data held by us (commonly known as a subject access request).
- The right to rectification – You have the right to request that inaccurate personal data we hold is rectified, or completed if it is incomplete.
- The right to erasure / The right to be forgotten – You have the right to request that we erase personal data that we hold about you. This right is not absolute and only applies in certain circumstances.
- The right to restrict processing – You have the right to request that we restrict the processing of personal data we hold about you. That is, we may hold that data but may not use it. This right is not absolute and only applies in certain circumstances.
- The right to data portability – You have the right to request that we transfer the data we have collected about you; directly to you or to another organisation.
- The right to object to processing – You have the right to object to us processing personal data we collect and hold about you.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
A more detailed overview of your rights under GDPR can be found on the Information Commissioner's Office website.