Privacy Policy

At ADHD Aware we aim to protect all the information we hold, in line with legal requirements. We take your privacy very seriously and we are committed to ensuring we keep your information safe. This Privacy Policy outlines how we collect and use personal data, and meet our data protection obligations.

For questions related to this policy or the processing of personal data or if you need this policy in a different format, please email us at: admin@adhdaware.org.uk.

Who is ADHD Aware?

We are ADHD Aware, a national UK charity working to support adults living with ADHD. You can find more information about the services we provide here.

Who does this Privacy Policy apply to?

This privacy statement applies to you, if your personal data is processed by us:

• as a service user (i.e. if you have contacted us for support services or we provide of our related services to you);
• as a website user when you visit our website;
• as a supplier or facilitator, in the course of receiving services from you;
• as an employee, paid sessional worker, consultant, volunteer or trustee of our board, or an individual who is a prospective employee, paid sessional worker, consultant, volunteer or trustee of our board and you share your personal information with us or if we have obtained your personal information from a third party from a public job board;
• as a member or as a prospective member (i.e. if you have contacted us about being a member), or as an individual who is facilitating the membership of another individual; or
• as any other individual in order to deliver our services or events including funders and commissioners.

What is personal data?

“Personal data” is any information directly or indirectly relating to an individual, or any information that can be used to identify an individual.Personal data is “processed” when any activity is undertaken on your personal data, such as collection, storage, access, use, transfer, disclosure, and deletion.

What types of personal data do we process?

ADHD Aware delivers a number of different services, usually involving volunteers, to a range of adult service users and their family, friends and partners, in Brighton & Hove and nationally. The type of personal data collected and its use may vary from service to service.

It is likely to include some, or all, of the following information; collected on paper in person or by post, digital sources such as our website or social media sites, telephone or text:

• Identifiable – containing details that identify individuals
• Pseudonymised – about individuals but with identifying details (such as name) replaced with a unique code
• Anonymised – about individuals but with identifying details removed
• Aggregated – anonymised information grouped together so that it doesn’t identify individuals (e.g. to report back to our funders about our work).

The types of personal data we process are:

• Your IP address, device type, browser type, length of visit, referral source, language settings, the links you click while using our sites and services, dates, and times of connecting to a website, and other technical communications information (as collected through cookies and other similar technology);
• Information that you provide to us when registering with our website and for the purpose of subscribing to our SMS, email notifications and/or newsletters;
• Your name, address, and other contact details, including e-mail address and (mobile) telephone number;
• Your medical conditions, disabilities (including mental health conditions);
• Information required in order to process membership applications;
• Information concerning our recorded online video chats, online support groups, training sessions, workshops, events, online chat sessions and documentation of e-mails, and any information concerning our conversations via online chat sessions, and any inbound and outbound e-mail communications;
• Information that you share with us in the process of the recruitment of a volunteer or prospective volunteer which can include certain information to co-ordinate criminal background record check;
• Information that you share with us in the process of us processing member applications which can include name and email address;
• Details of your competencies, skills, experience, and education, such as your curriculum vitae (CV), employment history, educational details and qualifications, and third-party references;
• Information related to any pre-employment screening on integrity and capability, depending on the position for which you are applying;
• Your date and place of birth;
• Your gender identity;
• A copy of your ID/passport/proof of identity;
• A photograph of you;
• Your nationality and, if applicable, your entitlement to work in the country;
• Information contained in or relating to any communication that you send to us or send through our website;
• Your health and social needs,
• Your diagnosis or comorbidities;
• Information received from independent fundraising sites such as Just Giving and Golden Giving, as well as social media applications including Facebook, Instagram, Twitter, LinkedIn, Hootsuite and other applications like Eventbrite, Google Analytics, MailChimp, SurveyMonkey and Wufoo. These companies will only provide details if you have given them permission to do so. Please check their privacy policy to see how they process your information. or
• any other personal information that you share with us.

Do we process special categories of personal data?

If needed, we will process some ‘special categories’ of personal data relating to you. As this information is more sensitive, we take extra care to determine whether such special categories of personal data are necessary for your application. We may collect special categories of personal data which are considered more sensitive, such as your health data, criminal history, or your racial, ethnic origin or religious background.

We only process criminal history information if are moving forward with a recruitment process.

What are the legal grounds we rely on when processing your personal data?

Data privacy laws require us to have a lawful ground for processing your personal data. Depending on the purposes for which we process your personal data, the lawful basis may differ.

1. We have a contractual obligation.
2. We need it to perform a public task.
3. Your consent. You are able to remove your consent at any time. You can do this by contacting admin@adhdaware.org.uk.
4. We have a legal obligation.
5. We have a vital interest.
6. We have a legitimate interest.

Contractual necessity

We need your data to enter into a contract with you and for the purpose of performance in a contract.

Public task

We may use your data if you wish to take part in various research projects or focus groups (such as NHS related research or focus groups).

Consent

You give your agreement for us to use your data. You are always free to withdraw your consent.

Legal obligation:

Legally, we are obliged to process your personal data with our contractual commitments to you.

Vital interests

We use your data to protect your vital interests or those of others.

Legitimate interest

We have a legitimate interest in processing your personal data, which is not outweighed by your interests, fundamental rights, and freedoms.

When and how do we use the personal data?

Website Users

Personal data may be obtained by visiting our website and signing up to our services therein. We analyse how visitors use our website to improve the user experience of website visitors. We use Google Analytics to do this. We may contact you if you complete but don’t submit an online form to see if we can assist with any problems you may be having with our website.

Cookie Policy

When visiting the ADHD Aware website, cookies are used to store certain information to make the site function and improve your overall experience of our site. Further information can be found in our Cookies Policy which you can find here.

Enquiries

As a part of the services we offer, we may obtain your data by phone or email.

Recruitment

If you apply for a job or voluntary position with us, we will use your data in the recruitment process.

Fundraising

As a charity, we rely on donations and support from others to help us fund the work we do. From time to time, we will contact supporters and volunteers with fundraising material and communications. This might be about sponsorship, and appeal, a competition we’re running, or to suggest ways you can help us to raise funds (e.g. a sponsored event or activity).

We will only contact you about getting involved in this way if you have either given your consent or if there is a balanced legitimate interest to do so.

You are in control and you can change your contact preferences at any time, but we hope that you will find our communications useful and informative. You can decide not to receive communications or change how we contact you at any time. If you wish to do so please email us at admin@adhdaware.org.uk.

Internal Volunteer or Staff Training

We offer internal training to our volunteers and staff.

Events

We organise and deliver different events, workshops and support sessions (such as drop-in and information sessions, usually involving volunteers to a range of adults).

Marketing

This may include news and information about, the work we do, volunteering opportunities at the organisation, the services we provide, our events, activities and groups, appeals and fundraising (including donations and also competitions, raffles etc).

When you receive a communication, we may collect information about how you respond to or interact with that communication, and this may affect how we communicate with you in future.

Contacting members

In order to send communication, information, newsletters and any governance information, we contact our members by way of email and SMS.

Communicating about what we do

This may to our service users or providing reports to funders and commissioners for monitoring purposes.

Staff and volunteers

Used to help the organisation in the efficient running of sessions, events, dealing with queries and governance. Such data may be shared with specific volunteers or partner organisations where necessary to deliver the events.

Photographs

Images of individuals that might be used by us for communication purposes, such as on our website, in our annual report or in a newsletter. We will get the permission of all identifiable individuals who appear in a photo or video before recording the footage. Consent will be sought form individuals in order to use individual’s image and explain what it will be used for, why and who might look at the pictures.

Training offerings

Personal data may be obtained for the purposes of organising our training sessions or corporate training and monitoring attendance. We may also receive data if we conduct focus groups, feedback forms or surveys.

Contractual relationships

If we establish a contractual relationship, then we will process the personal data of the relevant employees and the representatives of that contractual party in the administration of the new relationship and as part of our due diligence checks.

Invoices to our service users, contractor, facilitators or suppliers
We will process the personal data of the relevant employees and the representatives when processing invoices and in the administration of the new relationship.

Complaints

We will process your contact details and any supporting information to administer, investigate, and respond to your complaint. For any grievances, we may also process certain details to administer, investigate, hold meetings with you and respond to your grievance. With your consent, we may also process information such as providing an automatic transcript as a feature produced by our online meeting providers to accommodate the provision of detailed notes to allow for reasonable adjustments as well as any contact details of any accompanying person you involve in a complaint or bring to such meetings.

Legal Claims

We will process personal data if we make or receive a legal claim in respect of the contract we have with you. We may share your personal data with legal specialists for the purpose of defending our legal rights.

For legal and regulatory compliance purposes
In some cases, we may be instructed by relevant government or supervisory authorities to process or share your personal data to comply with a regulatory requirement, court order or assist with an investigation.

Who do we share your information with?

Your information may be shared with specific volunteers or partner organisations where necessary to deliver the service requested.  At the point of referral you will be informed of the details relating to any data sharing agreements with relevant partners. This will either be on your consent form, or in discussion with staff about specific onward referrals.

We may need to disclose your details in certain situations like:

• If required to the police, regulatory bodies or professional legal advisors;
• To protect a person who is in a dangerous or life threatening situation;
• If our volunteers or paid staff would otherwise be breaking the law or allowing someone else to break the law; or
• if there is a court order for disclosure.

You can request a copy of this by emailing admin@adhdaware.org.uk.

How long do we keep your information for?

We hold your information only as long as necessary for each purpose we use it.  Personal data held on paper is destroyed securely when it is no longer needed. Data held electronically is regularly reviewed and data that is no longer needed deleted.

Personal data will be stored for as long as:

• A volunteer is being considered for, or fulfils a role.
• A prospective submits a member application until the member is no longer considered a member or a membership is terminated.
• An individual is classified as an ADHD Aware employee, unless longer or shorter retention is required by law or by a funder.
• For marketing and fundraising purposes we would balance the organisation’s legitimate interest to contact you about our work, based on your recency of support and level of engagement with the charity – with your rights as an individual to be forgotten.
• If you request that we stop sending you marketing materials/cancel you from our database we may, if you agree, keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.

We will remove personal data from ADHD Aware databases and destroy personal data held on paper or in electronic form if asked to do so by a former volunteer or service user, or if an organisation that has provided personal data ceases to exist.

In the instance where a volunteer, who has been working with service users (who are potentially vulnerable), wishes to withdraw their consent for us to store data relating to them, we have a legitimate interest to maintain a record of their volunteering in line with our data retention policy in case of allegation or investigation. We will store the minimum information required for the purpose and will inform volunteers if this happens. This data will not be processed for any purpose (such as marketing or promotion) other than that intended (in case of allegation or investigation relating to a vulnerable service user).

How do we keep your information safe?

We are committed to keeping your personal data safe and secure and we take all necessary steps to make sure your details are held securely. We will never sell or share your information with other charities or organisations unless stated for the purposes of providing a service.

Personal data such as attendance sheets will be held on paper and be stored in a locked wallet and only accessed when needed. We will ensure that all personal information held electronically – including that held on our database Mailchimp, in e-mails and letters – is accessed and secured by minimum strength passwords or encryption and appropriate anti-virus, anti-spyware and firewall software.

We use industry standard efforts to safeguard the confidentiality of your personally identifiable information on our website.

When we use external organisations and companies to collect or process personal data on our behalf, we check they have security and privacy policies in place before we work with them. For service delivery, we also put a contract/service agreement in place that sets out our expectations and requirements

What are your rights?

Under data protection law, you have rights including:

Your right of access

You have the right to ask us for copies of your personal information.

Your right to rectification

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing

You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. 

Please contact us at admin@adhdaware.org.uk. if you wish to make a request. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Please refer to the following guidance: Information Commissioner’s guidance.

Contact information

If you have any concerns about our use of your personal information, please contact us at admin@adhdaware.org.uk.