LADY GROVER’S FUND PRIVACY STATEMENT

LAST REVIEWED – May 2024

OUR PRIVACY STATEMENT

This Privacy Statement tells you what to expect when you, as Members and Beneficiaries of Lady Grover’s Fund, give your personal and healthcare information to us.

Personal information includes any information that identifies you personally, such as your name, address, email address, telephone number and date of birth. Healthcare information includes any information about your health, treatment, care plan and recovery. Lady Grover’s Fund recognises that your privacy is very important. We want you to be confident with the way we handle your information and with our commitment to protect and respect your privacy. We outline below how The Fund collects, uses and protects this information; for how long we retain it; and how we dispose of it when we no longer need it. We also  inform you of your rights concerning the provision, use and retention of your data.

Our registered address is as follows:

Lady Grover’s Fund, 40rty Caversham Road, Reading, Berkshire, RG1 7EB.

WHAT INFORMATION WE COLLECT AND WHAT WE USE IT FOR

For Members, Lady Grover’s Fund, as data controller [ICO Registration number ZA268815], we may collect, process and store personal data such as name, initials, rank and service, date of birth, address, email address, phone number, bank account details and National Insurance number. We use your personal information to inform you of changes in rules or subscriptions, administer your membership, keep your details current, send you regular communications for other membership related news (e.g. exclusive members offer), including bi-annual newsletters and information relating to our AGMs and subscription rates. We process all membership data under the lawful basis of fulfilling the contract we are entering into with you.

We may also use your contact information to send you members benefits, promotions, offers and more, under the soft opt-in option as per the UK GDPR’s guidance, should you wish not to receive marketing materials please follow the unsubscribe option at the bottom of the communication.  Please note that we would honour your request as quickly as possible, but this process can take up to 30 days.

Where you give us permission to do so, we may use your comments about our performance on our website to inform other members and visitors to the website about how we have helped you. This will be anonymised if so wished.

Where necessary, we record specific healthcare information about you if your condition would lead us to deal with your spouse or holder of a power of attorney, rather than yourself. We will ask you for your consent to collect, hold and process any of your healthcare information which you have provided to us.

For beneficiaries (dependants), we collect personal information; name, relationship to the member, date of birth: for the member’s spouse only, we also collect the National Insurance number. This data is collected under the lawful basis of fulfilling our contractual obligations with our members. Since our objective is to help with the costs of your healthcare, we also collect and retain relevant healthcare information provided by you, or by your parent or guardian if you are a minor, to process your claims. To assess a claim, we need to know the nature of your illness or injury, the treatment received, the prognosis and the type and probable duration of care required. When you make a claim we will ask you for that information, which may be provided by third parties; for example, the member, doctors, hospitals, nursing homes and carers who have been part of your treatment, care plan and recovery. We will ask you, or until you reach 18 years of age, your parent or guardian, for consent to collect, hold and process that information.

HOW WE COLLECT INFORMATION AND KEEP IT CURRENT

We receive and store the information which is given to us by members and beneficiaries in writing, via email, on the phone, or by using the online enrolment form on our website when applying for membership, or when making enquiries or claims. When you contact us, we check your details with you for accuracy, and update them where necessary.

HOW WE SAFEGUARD YOUR INFORMATION

Your information is kept in a secure and confidential environment and is governed by a ‘role base access control’ framework managed by IT. Each individual access requires pre-approval, and all actions are logged and trackable. Data at rest and in transit are all encrypted to the industrial standard and protected within a highly secured cloud environment.

Sensitive healthcare information is held on a different system from standard personal data, with additional tier of security, and access is only granted to those who have an operational need to access in order to perform their role (e.g. to process claims), all actions are logged and trackable.

We use various processors in order to deliver the benefits of your membership, below is a list of 3rd party supplier we use as Data Processor:

We have entered into a contract with OA Advance Ltd to administer the Fund. We will therefore need to share your information with those personnel from OA Advance Ltd who will administer your membership and claims. OA Advance Ltd will not use your data for any purposes other than those for which we use it at present, outlined above. Neither Lady Grover’s Fund nor OA Advance Ltd will ever pass any of your information to other organisations except where required to do so by law or other statutory obligations.
OA Advance Ltd uses Salesforce as a database provider and Financial Force to run its finances. These are US-based systems which have introduced binding corporate rules and EU standard contractual clauses. Both are self-certified under The Data Protection (Adequacy) (United States of America) Regulations 2023 – UK extension to the EU-US Data Privacy Framework and comply with the UK General Data Processing Regulations to ensure they protect your data.

Salesforce’s terms of service and Privacy Policy can be found at https://www.salesforce.com/crm/.
Financial Force’s Privacy Policy can be found at https://www.financialforce.com/privacy/privacy-statement/. 

When you complete the online enrolment form your data is gathered by Gravity forms. This data is automatically transferred to Lady Grover’s Fund’s database which is held on Salesforce.

Gravity forms privacy policy can be found on their website: https://www.gravityforms.com/privacy/

HOW LONG WE WILL KEEP YOUR INFORMATION

We will keep your personal information in our database while you are a member, and for 7 years after your membership ends as required by HMRC for any financial data. We need to keep some of your healthcare details (illness or injury, care package and duration claimed) throughout your membership to ensure that we comply with our rules on chronic and repeat illness. Since any payment we make to you is dependent on the duration and nature of your care, we will keep these details on the database for 7 years after your membership ends to satisfy both HMRC and PRA regulations.

The detailed medical and care reports which you provide in paper form to support your claim, we will keep for 2 years, in order to take account of the next AGM and audit. Thereafter we will destroy them securely in line with our Data Retention Policy.

COOKIES – CONSENT AND CONTROL

Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies, unless those Cookies are strictly necessary; however certain features of Our Site may not function fully or as intended. 

You can choose to enable or disable Cookies in your internet browser (however, please be aware that if you choose to disable cookies then it may impact how the website works). Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

The links below provide instructions on how to control Cookies in all mainstream browsers:

  • Google Chrome: click here.
  • Microsoft Internet Explorer: click here.
  • Microsoft Edge: click here (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist).
  • Safari (iOS): click here.
  • Mozilla Firefox: click here.
  • Android: click here (Please refer to your device’s documentation for manufacturers’ own browsers).

YOUR RIGHTS

The UK GDPR gives individuals eight data subject rights, as follow:

  • Right to be informed: organisations must tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
  • Right of access: individuals have the right to request a copy of the information that an organisation holds on them.
  • Right of rectification: individuals can correct inaccurate or incomplete data.
  • Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data stored on them.
  • Right of portability: in some circumstances, individuals can request that an organisation transfer any data that it holds on them to another company.
  • Right to restrict processing: in some circumstances, individuals can request that an organisation limits its use of personal data.
  • Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.
  • Rights related to automated decision making, including profiling: under most circumstances, individuals have the right to object to having decisions made about them by automated processes or profiling.

OUR COMMITMENT TO DATA SECURITY

To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard, secure and update the information we collect.

HOW TO COMPLAIN

If you have any concerns about our use of your personal information, please contact us using the following contact details:

secretary@ladygrover.org.uk

or writing to

The Secretary, Lady Grover’s Fund, 40rty Caversham Road, Reading, Berkshire, RG1 7EB.

You can also complain to the ICO if you are unhappy with how we have used your data, their details:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk