INFORMATION WE COLLECT
We collect various types of information when you visit our site, communicate with us, or contact us via the helpline, make a donation, purchase our products, sign-up as a volunteer, take part in an event, or register as a STAMMA member. We may also collect your personal data from third parties, e.g., third party fundraising platforms and event organisers.
Information we collect includes:
- Visitors to our site: we collect various types of information, such as browser type, IP address, date and time of visit, average time spent on the website, cookie ID, and any site that referred you to STAMMA.
- Joining our mailing list: we collect information, such as, name, e-mail address, whether you or your child stammers, and whether you are a speech and language therapist.
- Applying to become a STAMMA member: we collect information, such as, name, address, e-mail address, whether you or your child stammers, whether you are a speech and language therapist, and whether you are aged 16 or over.
- Contacting us: we collect your e-mail address, telephone number and other information if you engage with us directly via e-mail or by calling us.
We may also collect certain sensitive personal data (e.g., whether a person stammers). In each case, we will only do so if we have a valid reason and we are permitted by law (see the section, HOW INFORMATION IS USED below).
HOW INFORMATION IS USED
Your personal data will be used by us for the following purposes, among others:
a) Visiting our Site:
- To provide you with the services, products or information you have requested.
- To process payments made via the site e.g., where you purchase a product on the site.
- To personalise your visit to the site and to assist you while you use the site.
- To improve the site by helping us understand who uses the site.
Legal basis : We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be.
b) Making a Donation:
- To process your donation and claim Gift Aid.
- To keep a record of your donations.
- To update you with important administrative information about your donation.
Legal basis: As a charitable organisation, we have a legitimate interest to process donations. To comply with our legal or regulatory obligations.
c) STAMMA Members:
- To manage and maintain our relationships with you.
Legal basis: We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be
d) STAMMA Volunteers:
- To process your application to be a STAMMA volunteer, and to subsequently administer the volunteering arrangement with you.
Legal basis: We have a legitimate interest to manage our charity including for legal, personnel, administrative and management purposes.
- Equal opportunities monitoring – you are not required to provide this information to us.
Legal basis: We have a legitimate interest to manage our charity including for legal, personnel, administrative and management purposes. Where sensitive data are processed (e.g., racial/ethnic origin), this is necessary for reasons of substantial public interest in accordance with the UK Data Protection Act 2018.
- To provide support and to respond to your requests, complaints and enquiries.
Legal basis: We have a legitimate interest to respond to your requests and enquiries for ongoing administration purposes and to ensure that we are effective and efficient as we can be.
- To keep a record of your relationship with us.
- To manage events and to further our charitable objectives.
- To monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use.
- To perform general, financial and regulatory accounting and reporting.
- To meet our legal and regulatory obligations, and to establish, defend and enforce claims.
- To investigate and resolve complaints and manage regulatory matters, investigations and litigation.
- To share data with police, law enforcement, tax authorities or other government and fraud prevention agencies.
- To monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation.
- To share personal data with third parties that acquire or are interested in acquiring all or part of our assets or shares.
Legal basis: We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests. To comply with our legal or regulatory obligations.
- To contact you to tell you about products and services offered by us which we believe may interest you unless you advise us that you do not wish to receive marketing or market research communications from us.
Legal basis: If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details below.
Your Right to Object - Please note that you have a right to object to processing of your personal data where that processing is carried out for our legitimate interest or for direct marketing.
INFORMATION WE DISCLOSE & INTERNATIONAL TRANSFERS
We may share your personal data with selected third parties in order to achieve the purposes described in HOW INFORMATION IS USED, above. This may include sharing your information with trusted partners and suppliers e.g., our IT service providers, fulfilment partners, partners who help us process donations and claim Gift Aid, and partners who help us manage our social media accounts.
We reserve the right to disclose your personal data to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets
- if substantially all of our assets are acquired by a third party, personal data held by us may be one of the transferred assets
- if we are under any legal or regulatory duty to do so; and/or
- to protect the rights, property or safety of STAMMA, its personnel, users, visitors or others.
Some of our suppliers run their operations outside the European Economic Area ('EEA')/UK - this may include a country which may not be subject to the same data protection laws as companies based in the UK. In these circumstances, we will take steps to make sure they provide an adequate level of protection, and implement appropriate safeguards (e.g., data transfer agreements). For further information in relation to these safeguard, please contact us using the contact details below.
RETENTION OF YOUR INFORMATION
We retain personal data as long as it is necessary and relevant for STAMMA. The criteria used to determine the retention periods include:
- how long the personal data is needed to provide the services and operate STAMMA
- the type of personal data collected; and
- whether we are subject to a legal, contractual or similar obligation to retain the personal data.
You have certain rights in relation to your personal data, including the right to:
- request access to personal data we hold about you
- the correction of your personal data when incorrect, out of date or incomplete
- request that we erase your personal data
- opt-out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reason to do so
- request that we restrict the processing of your personal data – i.e., we would need to secure and retain the data for your benefit but not otherwise use it
- withdraw your consent at any time (e.g., for direct marketing); and
- the portability of personal data – i.e., ask for a copy of your personal data to be provided to you, or a third party, in a digital format.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details at the end of this policy.
You also have the right to lodge a complaint about the processing of your personal data with the UK's Information Commissioner's Office.
CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
Where we require your personal data to comply with our legal requirements, failure to provide this information means we may not be able to provide the requested services to you. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.
OTHER IMPORTANT INFORMATION
Links to Other Websites
Changes to the Policy