LADY GROVER’S FUND PRIVACY STATEMENT

Our Privacy Statement

This Privacy Statement tells you what to expect when you, as Members and Beneficiaries of Lady Grover’s Fund, give your personal and healthcare information to us.

Personal information includes any information that identifies you personally, such as your name, address, email address, telephone number and date of birth. Healthcare information includes any information about your health, treatment, care plan and recovery. Lady Grover’s Fund recognises that your privacy is very important. We want you to be confident with the way we handle your information and with our commitment to protect and respect your privacy. We outline below how The Fund collects, uses and protects this information; for how long we retain it; and how we dispose of it when we no longer need it. Also we inform you of your rights concerning the provision, use and retention of your data.

What information we collect and what we use it for

For Members, Lady Grover’s Fund, as data controller, collects and stores personal information; name, initials, rank and service, date of birth, address, email address, phone number, bank account details and National Insurance number. We use your personal information to inform you of changes in rules or subscriptions, administer your Membership, keep your details current, send you an annual newsletter and inform you of AGMs. We process this data under the legitimate interest of fulfilling the contract we are entering into with you. Where you give us permission to do so, we may use your comments about our performance on our website to inform other Members and visitors to the website about how we have helped you. This will always be anonymised. Where necessary, we record specific healthcare information about you if your condition would lead us to deal with your spouse or holder of a power of attorney, rather than yourself. We will ask you for your consent to collect, hold and process any of your healthcare information which you have provided to us.

For Beneficiaries (Dependants), we collect personal information; name, relationship to the Member, date of birth: for the Member’s spouse only, we also collect the National Insurance number. This data is collected under the legitimate interest of fulfilling our contract with the Member. Since our purpose is to help with the costs of your healthcare, we also collect and retain relevant healthcare information provided by you, or by your parent or guardian if you are a minor, to process your claims. To assess a claim we need to know the nature of your illness or injury, the treatment received, the prognosis and the type and probable duration of care required. When you claim we will ask you for that information, which may be provided by third parties; for example the Member, doctors, hospitals, nursing homes and carers who have been part of your treatment, care plan and recovery. We will ask you, or until you reach 18 years of age, your parent or guardian, for consent to collect, hold and process that information.

How we collect information and keep it current

We receive and store the information which is given to us by Members and Beneficiaries in writing, via email, on the phone, or by using the online enrolment form on the website when you apply for Membership, and when you make an enquiry or a claim. When you contact us we check your details with you for accuracy, and update them where necessary.

How we safeguard your information

Your information is kept in a secure and confidential environment and is accessible only to permitted processors whose access is password-protected. Personal information can be seen by those who administer your Membership.

Sensitive, healthcare information is accessible only by those who process claims and thus need to have this information. Healthcare information is separated on our database from personal information by passwords which are unique to each claims processor, selected by them and changed regularly.

We have entered into a contract with OA Advance Ltd to administer the Fund. We will therefore need to share your information with those personnel from OA Advance Ltd who will administer your membership and claims. OA Advance Ltd will not use your data for any purposes other than those for which we use it at present, outlined above. Neither Lady Grover’s Fund nor OA Advance Ltd will ever pass any of your information to other organisations except where required to do so by law or where it has engaged a database manager to support its functions. OA Advance Ltd uses Salesforce as a database provider and Financial Force to run its finances. These are US-based systems which have introduced binding corporate rules and EU standard contractual clauses. Both are self-certified under the EU-US Privacy Shield and comply with General Data Processing Regulations to ensure they protect your data. Salesforce’s terms of service and Privacy Policy can be found at https://www.salesforce.com/crm/. Financial Force’s Privacy Policy can be found at https://www.financialforce.com/privacy/privacy-statement/ .
When you complete the online enrolment form your data is collected using a data gathering device called Clicktools. This data is automatically transferred to Lady Grover’s Fund’s database which is held on Salesforce. Clicktools privacy policy and terms of use can be found on the parent company’s website: https://www.calliduscloud.com/privacy-policy/. Callidus Cloud is a US company, data compliant to the standards mentioned above for Salesforce and Financialforce.

How long we will keep your information

We will keep your personal information on our database while you are a Member of the Fund and for 7 years after your Membership ends as required by HMRC for any financial data. We need to keep some of your healthcare details (illness or injury, care package and duration claimed) throughout your Membership to ensure that we comply with our rules on chronic and repeat illness. Since any payment we make to you is dependant on the duration and nature of your care, we will keep these details on the database for 7 years after your Membership ends to satisfy both HMRC and PRA regulations.

The detailed medical and care reports which you provide in paper form to support your claim, we will keep for 2 years, in order to take account of the next AGM and audit. Thereafter we will destroy them securely.

Your rights

You have the right to:

Our commitment to data security

To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard, secure and update the information we collect.