Data Privacy Policy - The Laminitis Site
Updated: May 2018
Who are we?
The Laminitis Site (TLS) is a charitable company, registered in the United Kingdom (no. 8530292) committed to:-
How the EU Data Protection Regulation applies to TLS
The General Data Protection Regulation (GDPR) is a European privacy law that takes effect from May 25, 2018. It sets out the rules governing how companies may collect, store, and use personal data pertaining to and/or originating from individuals in the EU.
What is Personal Data?
Personal data under GDPR includes any information that can be used to directly or indirectly identify an individual that is collected directly or indirectly by an organisation. Some examples of personal data that might be obtained directly are a person’s name, address, email address, or username. Personal data that may be transmitted indirectly includes things like a user’s IP address or the information stored in a browser cookie.
TLS is exempt from appointing a Data Protection Officer because it is a small organisation.
Data Privacy outside the EU
TLS has a global reach. We believe that our application of the GDPR provides data protection for all our users.
TLS Data Privacy Policy
This Policy describes the information we collect from you, how we use that information and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us.
What Personal Data do we collect and receive?
In order for you to interact with TLS we need to collect and process certain information about you. Depending on your level of interaction, that may include:
How we use this information
We use the information we collect for the following purposes:
How is this information shared?
Information that is shared publicly
TLS does not share any of your personal data publicly.
Information that is shared with trusted third-party services
We may share your information with certain trusted third-party services to help us provide, improve, promote, or protect TLS services (like when we partner with payment processors, or use services that help us manage our data). When we share data with the third-party services that support our delivery of the TLS services, we require that they are GDPR compliant and use your information only for the purposes we’ve authorized, and that they protect your personal information at least to the same standards that we do.
TLS Case Studies
Members of Friends of The Laminitis Site may be invited to set up a case study where they can record their horse’s details and progress. A Case Study helps us to respond with the most appropriate information where information specific to an individual horse, pony or donkey is requested and a considerable amount of help appears to be needed. The opportunity to start a Case Study will generally only be offered where the owner agrees that the case study can be made public for education/research purposes (or at least accessible to Friends). Published Case Studies can be anonymous or named, according to the owner’s wishes.
Retention of your data
We will retain your information as long as your account is active.
For inactive accounts we will retain your data as necessary to comply with our legal obligations and for accounting purposes.
We may also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our web site, improve our services or comply with legal obligations.
Your Rights under GDPR
Users residing in the EU are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information.
You can request a downloadable copy of your personal data, or modify or delete the personal information you’ve provided to us by emailing us at [email protected].
We may retain certain information as required by law or as necessary for our legitimate business purposes.
Email and Mobile Notifications
We may communicate with you by email on matters relating to any personal interactions you have with TLS. In addition to this we want to communicate with you only if you want to hear from us. We try to keep emails to a minimum and give you the ability to opt in to, or out of, communications we send.
Data Security
We take security seriously, and the security of your personal data is important to us. We follow industry-standard practices to protect the data we collect and maintain.
Other websites
Our website and social media pages may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
Data Protection Authority
We care about your data security and want to ensure you are happy with how we are looking after it. You have the right to lodge a complaint about how we have handled your data by contacting the Information Commissioner’s Office (details below); however we always welcome approaching us directly in the first instance to allow us to quickly address your concerns.
United Kingdom Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF, United Kingdom
Telephone: +0303 123 1113
Fax: 01625 524510
Web: https://ico.org.uk/global/contact-us/
Children
TLS does not knowingly collect any personal information from children under the age of 13.
If you believe that a child has provided us with personal information, please contact us at [email protected]. If we become aware that a child under age 13 has provided us with personally identifiable information, we will delete it.
Our Lawful Basis for Processing your Data
The above points constitute our legitimate interest as the “lawful basis” for collecting, processing and retaining personal information from citizens or residents of the European Union under GDPR. To the best of our knowledge it also provides the lawful basis for collecting, processing and retaining personal information worldwide.
Updated: May 2018
Who are we?
The Laminitis Site (TLS) is a charitable company, registered in the United Kingdom (no. 8530292) committed to:-
- provide information and education on laminitis;
- fund and carry out research into laminitis and any related subject; and
- care for and provide grants for the care of equids with laminitis.
How the EU Data Protection Regulation applies to TLS
The General Data Protection Regulation (GDPR) is a European privacy law that takes effect from May 25, 2018. It sets out the rules governing how companies may collect, store, and use personal data pertaining to and/or originating from individuals in the EU.
What is Personal Data?
Personal data under GDPR includes any information that can be used to directly or indirectly identify an individual that is collected directly or indirectly by an organisation. Some examples of personal data that might be obtained directly are a person’s name, address, email address, or username. Personal data that may be transmitted indirectly includes things like a user’s IP address or the information stored in a browser cookie.
TLS is exempt from appointing a Data Protection Officer because it is a small organisation.
Data Privacy outside the EU
TLS has a global reach. We believe that our application of the GDPR provides data protection for all our users.
TLS Data Privacy Policy
This Policy describes the information we collect from you, how we use that information and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us.
What Personal Data do we collect and receive?
In order for you to interact with TLS we need to collect and process certain information about you. Depending on your level of interaction, that may include:
- Information you provide by completing forms on The Laminitis Site website - your name, email and postal addresses, country of residence, and Gift Aid preference;
- Details of any requests or transactions you make for payment processing purposes through services such as Paypal payments, the Just Giving Fund, Facebook “donate” services etc. The payment information you submit is collected and used by them in accordance with their privacy policies. TLS does not store your payment information apart from your name, email address, the payment amount and date, and the expiration date for regular payments;
- Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem);
- Information that you submit to TLS in the form of comments, contributions to discussions, or messages to other users;
- TLS may collect information about the ways people visit and interact with our web site, in the form of traffic analytics. You can opt out of being included in Google Analytics here;
- If TLS offers the facility to create a personal user account we will collect login details; and
- If TLS introduces mobile apps we would collect information about your activity on and interaction with TLS mobile apps (such as your IP address, the type of device or browser you use, and your actions on the site).
How we use this information
We use the information we collect for the following purposes:
- To keep your account secure and protect our services;
- To enable us to provide you with our services, and to improve and promote our services;
- To create and administer your personal relationship with TLS, contact you, and customize your experience on TLS (for example, to offer you personal support); and
- To have the potential to track and analyze use of the the TLS website so that we can improve how TLS is performing and provide users with the best experience possible.
How is this information shared?
Information that is shared publicly
TLS does not share any of your personal data publicly.
Information that is shared with trusted third-party services
We may share your information with certain trusted third-party services to help us provide, improve, promote, or protect TLS services (like when we partner with payment processors, or use services that help us manage our data). When we share data with the third-party services that support our delivery of the TLS services, we require that they are GDPR compliant and use your information only for the purposes we’ve authorized, and that they protect your personal information at least to the same standards that we do.
TLS Case Studies
Members of Friends of The Laminitis Site may be invited to set up a case study where they can record their horse’s details and progress. A Case Study helps us to respond with the most appropriate information where information specific to an individual horse, pony or donkey is requested and a considerable amount of help appears to be needed. The opportunity to start a Case Study will generally only be offered where the owner agrees that the case study can be made public for education/research purposes (or at least accessible to Friends). Published Case Studies can be anonymous or named, according to the owner’s wishes.
Retention of your data
We will retain your information as long as your account is active.
For inactive accounts we will retain your data as necessary to comply with our legal obligations and for accounting purposes.
We may also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our web site, improve our services or comply with legal obligations.
Your Rights under GDPR
Users residing in the EU are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information.
You can request a downloadable copy of your personal data, or modify or delete the personal information you’ve provided to us by emailing us at [email protected].
We may retain certain information as required by law or as necessary for our legitimate business purposes.
Email and Mobile Notifications
We may communicate with you by email on matters relating to any personal interactions you have with TLS. In addition to this we want to communicate with you only if you want to hear from us. We try to keep emails to a minimum and give you the ability to opt in to, or out of, communications we send.
Data Security
We take security seriously, and the security of your personal data is important to us. We follow industry-standard practices to protect the data we collect and maintain.
Other websites
Our website and social media pages may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
Data Protection Authority
We care about your data security and want to ensure you are happy with how we are looking after it. You have the right to lodge a complaint about how we have handled your data by contacting the Information Commissioner’s Office (details below); however we always welcome approaching us directly in the first instance to allow us to quickly address your concerns.
United Kingdom Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF, United Kingdom
Telephone: +0303 123 1113
Fax: 01625 524510
Web: https://ico.org.uk/global/contact-us/
Children
TLS does not knowingly collect any personal information from children under the age of 13.
If you believe that a child has provided us with personal information, please contact us at [email protected]. If we become aware that a child under age 13 has provided us with personally identifiable information, we will delete it.
Our Lawful Basis for Processing your Data
The above points constitute our legitimate interest as the “lawful basis” for collecting, processing and retaining personal information from citizens or residents of the European Union under GDPR. To the best of our knowledge it also provides the lawful basis for collecting, processing and retaining personal information worldwide.