Privacy Policy
Your confidence in the way we look after your data is really important to us. We have prepared this Privacy Policy to explain the types of personal data we may collect about you when you talk to us and how we store, handle and keep that data safe. It also sets out your rights, how to contact us and (if you need to) how to complain in the event you have a problem or complaint.
Who we are
The British Dyslexia Association, like lots of charities, is made up of more than one organisation:
- The British Dyslexia Association Ltd (registered with the Charities Commission in England and Wales under number 289243); and
- BDA (Initiatives) Limited (registered with Companies House 02972167).
To make things simple, we often refer to ourselves as the ‘BDA’.
Protecting your data
When we collect or process your personal data we are regulated by the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ or ‘processor’ of that personal information for the purposes of those laws.
The personal information we collect and use
It won’t be a surprise to know that most of the information we collect about you is needed to deliver the products and services you have asked for (such as support, training, membership, accreditation etc) or to keep you informed about things you might reasonably expect, given our relationship. That tends to include things like:
- Who you are – so we know what to call you
- Where you live - so we can send you things
- Telephone number and email – so we can keep in touch
- If you purchase something from us, financial information
- If you want to work with us, proof of identity
- If you contact us as a parent or carer, information about your children
As you would expect, we must keep records to comply with the law regarding (for example) criminal activity or fraud.
Supporting people with dyslexia
As a charity we need to make sure that we spend our limited funding appropriately and focus on the right things. We may, therefore, use information about members or customers to identify trends and ensure we can spot needs and develop the right new products or services.
Information collected from other sources
Sometimes, we obtain personal information from:
- Local dyslexia associations (Local Associations/LDAs)
- Publicly accessible websites like Ofsted and the electoral roll
- Other websites
- Social media
How we use your personal information
Normally, we use your personal information to:
- Deliver the products and services we have agreed to provide you with and inform you of similar or related products or services
- Provide you with support, assistance and services in relation to dyslexia and related neurodiverse conditions in education or the workplace (‘services’)
- To better understand the needs of dyslexic and non-dyslexic people (as a campaigning organisation) and to generate information and statistics to support our lobbying and campaigning activities and/or inform our policy making
- Occasionally, to verify your identity and your circumstances with third parties
- Send you information about our services. You may opt out of receiving these at any time
- Introduce you to third parties to help us to provide you with our services
- Invite you to events which we, our clients or third parties organise, which we believe you may be interested in. You may opt out of receiving these at any time
Who we share your personal information with
We do not routinely share your personal data with anyone unless there is a good reason to do so. This might include:
- Local Associations – We will share your information with a Local Association if you have given us permission to do so
- Other Third Parties (‘third parties’) – We will share your information with 3rd Parties where it is necessary for provision of our services.
Our Local Dyslexia Associations and most third parties we deal with are inside the European Economic Area. However, occasionally, we may need to pass your data outside the European Economic Area — for further information, including how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’ (below).
As you would expect, we will share personal information with law enforcement or other authorities, if required by applicable law. We will not share your personal information with any other third party.
Information we need vs information that would be helpful to the cause
We often need your personal data to provide you with the services you have requested. However, occasionally we may ask you for permission to capture additional data that would help us expand our understanding of your needs or market other products and services to you. We will inform you at the point of collecting information from you whether you are required to provide the information to receive the service or whether this is optional.
How long your personal information will be kept
We will hold your personal data for as long as it is needed for us to provide you with the services or for the period we are required to retain this information by applicable UK tax law (currently 6 years), whichever is the longer.
Reasons we can collect and use your personal information
Rather than bombard you with requests for permissions, we try to limit the data we keep to that required to fulfil our contractual obligations to you and/or the pursuit of our legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interest is providing you products and services in relation to dyslexia, researching and campaigning on behalf of the 10% of society affected by dyslexia and co-occurring difficulties.
In limited circumstances, we may also rely on the need to protect your interests (or those of a third party) and/or where processing is in the public interest or for official purposes.
Where we process special category personal information, for example children’s and criminal information, we will only do so with your explicit consent.
Transfer of your information out of the European Economic Area
We may transfer your personal information to third parties located outside the European Economic Area (EEA) if they are prospective providers of services to you or if they are journalists who we would like to cover your products or services.
Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision whether certain countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to obligations obliging the transferee to comply with the General Data Protection Regulation and designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
If you would like further information, please contact us. We will not otherwise transfer your personal data outside of the United Kingdom or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Your rights
Under the General Data Protection Regulation you have several important rights including:
- The fair processing of information and transparency over how we use your use personal information
- Access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address
- Requiring us to correct any mistakes in your information which we hold
- Requiring the erasure of personal information concerning you in certain situations
- Receiving the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third party in certain situations
- Objecting at any time to processing of personal information concerning you for direct marketing
- Objecting to decisions being taken by automated means which produce legal effects concerning you or significantly affect you
- Objecting in certain other situations to our continued processing of your personal information
- Restricting our processing of your personal information in certain circumstances
- Claiming compensation for damages caused by our breach of any data protection laws
- Exercising these rights free of charge
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
Exercising your rights
If you would like to unsubscribe from any email newsletter you can click the unsubscribe button/respond asking us to unsubscribe you. It may take up to 21 days for this to take place.
If you would like to exercise any of those wider rights, please:
- email, call or write to us (details of how below)
- Let us have enough information to identify you (e.g. name and property details)
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill) and let us know the information to which your request relates
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach, where we are legally required to do so.
Use of cookies
We use several different cookies on our website. These are used solely to remember your preferences on this site and for Google Analytics. Please see the table for the cookies our site uses and what they are used for.
Cookie Name | Expiry | Description |
---|---|---|
CraftSessionId | End of browser session | Required for the normal running of the website |
CRAFT_CSRF_TOKEN | End of browser session | Security mechanism to prevent Cross-Site Request Forgery attacks on the website |
seenCookieNotice | 1 year | Records whether the user has seen the cookie policy pop-up |
_ga | 2 years | Used by Google Analytics to identify unique users to the website |
_gat | 1 minute | Used by Google Analytics to throttle the request rate |
__ba_sec_trans_ok, __ba_trans_ok, __ba_allow_secure | 1 year | Used by Browsealoud widget to provide accessibility enhancements to the website. |
__stripe_mid | 1 year | Used by Stripe our payment provider for Credit Card transactions |
__stripe_sid | 1 day | Used by Stripe our payment provider for Credit Card transactions |
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
Please find our Complaints Policy here.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at: https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published on 24 May 2018.
We may change this privacy notice from time to time and this will be reflected on our website.
Contact us
Please contact us if you have any questions about this privacy policy or the information we hold about you.
Office 205 Access Business Centre
Willoughby Road
Bracknell RG12 8FB
email: CEO@BDAdyslexia.org.uk