MedAccess Trust Privacy Policy
1. Introduction
This privacy policy applies to MedAccess Trust (the “Trust”). We at the Trust take your privacy seriously, and this policy has been drafted in accordance with the requirements of the General Data Protection Regulation (“GDPR”).
The policy describes how we process personal data, which personal data we collect and why we collect it, with whom we share this personal data, how we protect it, and the choices you can make about how we use your personal data. This policy applies to any personal data collected, held or processed by or on behalf of the Trust.
The scope of this policy also includes all the websites, applications, mobile sites, and social media platforms that are owned by the Trust, where personal data is processed.
Please check this policy periodically at www.medaccess.org/medaccess-trust-privacy-policy to inform yourself of any changes.
2. How we collect and use your information
2.1 Visitors to our website
We collect IP addresses, cookies, moments of connection from visitors to our websites, which are analysed by Google Analytics, who collect standard internet log information and details of visitor behaviour patterns. We do this to identify the number of visitors to the various sections of the site. This information is not used to identify anyone. Both the Trust and Google do not make any attempt to discover the identities of visitors to our website. For further information about our use of cookies, please consult our cookie policy.
2.1.1 Newsletter
We will collect your name and email address if you choose to subscribe to our newsletter. We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. For more information, please see:
2.1.2 General enquiries
When you submit an enquiry, we will collect your email address and comments, we will also collect your first name, surname and your company name and phone number if you choose to provide it.
Where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
2.2 People who email us
When you send an email to us we may collect your IP address, email address and other data you have provided within the email or attachments. The information will only be used to address the purposes of your request, it will be recorded in our email and email security systems.
We use Transport Layer Security (“TLS”) to encrypt and protect email traffic in line with security best practices. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
2.3 People who call our contact points
When you call the Trust, we collect Calling Line Identification (“CLI”) information which may include your telephone number. We use this information to help improve our efficiency and effectiveness. We do not record phone conversations.
2.4 Donors and potential donors
During the process of donating or granting to, or otherwise investing in, the Trust, we will collect your first name, surname, email address, comments and any attached documents you choose to provide us with. We will only use the information supplied to us to consider the potential donation, grant or investment, to interact with the submitter throughout the review process, and to provide a final response.
2.5 Use of personal data for direct communication purpose
We will only use your personal data to send communications via electronic means (e.g., email, SMS or MMS) if we have obtained your prior consent or have a legitimate and lawful interest to do so. You can withdraw your consent or object to communications at any point in time, by contacting the Data Protection Representative (“DPR”) at [email protected].
The Trust will only process your personal data to achieve the purposes it was collected for, or for any other legitimate and lawful purpose.
The Trust will notify the processing of personal data to the relevant authorities to the extent required under all applicable data protection laws and regulations.
3. Accurate data
It is important for us to maintain accurate and up to date records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible by contacting the DPR at [email protected].
We will take reasonable steps to make sure that any inaccurate or out-of-date data is deleted, destroyed or amended accordingly.
4. Access and rectification
You have the right to access the personal data we hold about you and, if such personal data is inaccurate or incomplete, to request the rectification or erasure of such personal data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact the DPR at [email protected].
5. Timely processing
We shall retain your personal data in a manner consistent with the applicable data protection laws and regulations. We will only retain your personal data for as long as necessary to comply with the applicable laws and regulations or for the purposes for which we process your personal data. For guidance on how long certain personal data is likely to be kept before being destroyed, please contact the DPR at [email protected].
6. Data security
We shall retain your personal data in a manner consistent with the applicable data protection laws and regulations. We will only retain your personal data for as long as necessary to comply with the applicable laws and regulations or for the purposes for which we process your personal data. For guidance on how long certain personal data is likely to be kept before being destroyed, please contact the DPR at [email protected].
Confidentiality: we will protect your personal data from unauthorised disclosure to third parties.
Integrity: we will protect your personal data from being modified by unauthorised third parties.
Availability: we will ensure that authorised parties are able to access your personal data when needed.
7. Data Protection Representative
The Trust has appointed a Data Protection Representative to monitor internal compliance, inform and advise on our data protection obligations and to act as a contact point for data subjects. The designated DPR for the Trust and their contact information is as follows:
Ed Collier
MedAccess Trust
84 Eccleston Square
London
SW1V 1PX
If you have a query in relation to this policy or our processing of your personal data, you can contact the DPR.
8. Disclosure of personal data
8.1 Categories of recipients
For the above-mentioned purposes, we may disclose your personal data to the following categories of recipients:
- Authorised staff members of the Trust;
- Corporate affiliates of the Trust;
- Our communication agencies: to help us deliver and analyse the effectiveness of our communications;
- Business partners: trusted companies that may use your personal data to provide you with the services and/or the information you requested and/or that may provide you with communications (if you have consented to receiving them). We ask such companies to always act in compliance with applicable laws and this privacy policy and to pay high attention to the confidentiality of your personal data.
9. Use of social networks
The Trust sometimes facilitates the publication of (personal) data via social media such as X and LinkedIn. These social media have their own terms of use which you are required to consider and observe if you make use of them. Publication on social media may have (undesired) consequences, including for your privacy or that of persons whose data you share, such as the impossibility of withdrawing publication in the short term. You must estimate these consequences yourself, for you are taking the decision about the publication on these media. The Trust does not accept any responsibility in that regard.
10. Disclosures outside the EU
Your personal data may be transferred to any of the recipients identified in this policy, some of which may be outside the EU and may be processed by us and any of these recipients in any country worldwide. The countries to which your personal data is transferred may not offer an adequate level of protection. In connection with any transfer of personal data to countries that do not offer the same level of protection as in the EU, the Trust shall implement appropriate measures to ensure an adequate level of protection of your personal data.
11. Your choices and your rights
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your information. We can contact you by post and by phone, and if you give us your prior consent to do so, by email, SMS and other electronics means.
11.1 Your choices
In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (e.g., email, mail, social media, etc.), for which purpose and how frequently, by contacting [email protected].
Please note that by default, if you don’t make a choice, you will receive our communications at the following frequency: at the date of publication.
11.2 Your personal information
You may always contact us by post or email to find out what personal information we have concerning you, the origin of the data and to access or receive a copy of your data.
11.3 Your corrections
If you find any mistake in your personal information or if you find it incomplete or incorrect, you can request that we correct it or complete it.
11.4 Your objections
You may also object to the use of your data for direct marketing purposes (if you prefer, you can also advise us on which channel and how frequently you prefer to be contacted by us).
11.5 Portability
You may request a copy of your personal data from us in a structured, commonly used and machine-readable format. You can also request that we transfer your personal data to another controller. Portability applies when we process your personal data in an automated means with your consent.
11.6 Erasure
Finally, you may request for us to erase any data concerning you (except in some cases, for example, where we are required to retain the data by law).
12. Contact
For any privacy issues, questions or complaints concerning the application of this policy or to exercise your rights within the context of this policy, you may contact our DPR at [email protected].
Alternatively, you may write to us:
MedAccess Trust
84 Eccleston Square
London
SW1V 1PX
United Kingdom