Privacy

Introduction

Our commitment to you is that we will respect any personal data you share with us, or that we get from other organisations, and keep it safe. We want to be clear when we collect your data and not do anything that you would not reasonably expect. We only ask for information that will inform our engagement with you and provide vital statistical data to underpin research and campaigning for better support for those living gluten free.

There is no national register of people with coeliac disease so researchers come to us as we have the largest pool of people that can potentially help. Your participation in research could be essential in understanding more about the disease, developing treatments and finding a cure. Having the largest database of people suffering with coeliac disease and living gluten free gives us a powerful voice when lobbying the NHS on healthcare, the government on food policy and commercial partners on providing gluten free alternatives. Your participation by receiving our marketing communications is also essential in showing both the need for and support of new initiatives around gluten free food provision and our community’s commitment to improve the lives of everyone who needs to live gluten free.

Please read the following information to understand how we collect your data, the purpose of collecting it, and how we process it. We will notify you of any changes to our privacy policy via our website, member communications and our supporter newsletters.

Version 1.05 Date 22/11/2021

The data we collect

We collect some or all of the following information from you, or via third parties (only when you have consented to them sharing the data with us), or from publicly available information.

From you

Name, address, phone number, email, date of birth, ethnicity, health and dietary information and facial photographs if you choose to provide one for your online account or case study. We collect behavioural data from voluntary surveys and other responses to our communications. Bank or card information is collected when you buy our services and products. When on our website, we will use your IP address, cookies and services like Google Analytics and other statistical services to record your activity on our website to help improve the site and services to you.

From third parties

Personal data may be supplied to us by individuals applying for membership on your behalf, such as a parent, carer or other household occupant or employers signing up an employee for a training course. Unless you are under 16 years of age, we will inform you when this happens when we contact you for service purposes.

Where you have given consent to third party organisations they will share data with us, such as fundraising activities from Just Giving, Virgin Money Giving, and similar sites or social media sites if you’ve consented to share data via your settings.

Public information

We may collect and analyse personal information from public sources to create a summary of your interests and preferences so we can contact you in the most appropriate way, with the most relevant information. We may use public data such as held on Companies House, Office of National Statistics and other government sites containing socio-economic data for postcode areas.

We do not actively seek to populate telephone numbers and dates of birth that you have not given to us, but we may ask you directly. However, this and other information may be provided to us through other sources that you have consented to be made publicly available.

If we retain any information not provided by you, we will record the source it originates from and whether it was publicly accessible.

What we use it for

By data protection law, we can only use your personal data if we have a lawful basis to do so, which will be one of the following depending on what we are using your data for:

  • When it is in our legitimate interest, or
  • When you consent to it, or
  • To fulfil a contract we have with you.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you.

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

Your Relationship With Us
Purpose
Lawful Basis
Members, Donors, Volunteers and other Supporters Provide you with the member services you have subscribed to, products you have purchased, activities you have volunteered for, events you have signed up to or information you have requested. Contract and/or Legitimate Interest (depending on the type and status of your transaction with us)
- in administering any services, products, activities, events or information you have subscribed to.
  Administer your financial transactions with us including any fees, donations and processing any related gift aid.

Legitimate Interest

-in processing any related financial transactions

  Your communication preferences so we can contact you regarding any opportunities to support Coeliac UK, such as fundraising.

Legitimate Interest

-in holding your contact details for processing, and contacting you by post or via live telephone calls

PLUS Consent required for contacting you by email

  To keep a record of our relationship with you and to help us better inform our services to you in the future.

Legitimate Interest

-to analyse data provided by you, directly, through your online behaviour, or publicly available information to help us provide a better service

  Use your health and ethnic data to support the research community for coeliac disease by providing anonymised group data, or for making you aware of any research projects which may be of specific interest to you.

Legitimate Interest

-under the condition of processing data for health or social care purposes if your data was held prior to the Data Protection Act 2018 or by consent if you prefer

Or Consent

- explicit consent required if you provided your data after the Data Protection Act 2018 was implemented

You have the right to  withdraw your sensitive data at any time

Our interest is:

-in providing anonymous data to support research into the condition and treatment

-to use sensitive data to identify any suitable research projects which may be of interest

  Use your experiences (including any photos you may provide) that you have shared with us as case studies to raise awareness, to be used for either/or external media publications, broadcast (ie TV or radio) and online. Or to be used on Coeliac UK’s website, marketing materials and social media posts.

Legitimate Interest

-as a member and wider community service to showcase the impact coeliac disease and gluten related conditions can have on people and why diagnosis, research, fundraising and support services are critical to create a better future for those affected.

With additional consent

-to permit access to personal information to be shared across our communication channels and via other media agencies for the purpose of awareness and engagement, and enable contact by media for the purposes of interviews and news stories

  To send you third party advertising where we believe the products will support living gluten free and/or related health conditions, we will not provide your personal data to third parties for them to market to you directly.

Legitimate Interest

-as a member service as product information and offers are related to adhering to the gluten free diet as treatment

Consent

-for those not subscribed to membership

  If you enter a competition via our social media channels or website we will capture what you have entered and may, in specific circumstances, pass your data to a third party but we will inform you of this before you submit your data so you can choose not to participate.

Legitimate Interest

-to allow engagement with wider community outside Coeliac UK

  In the event you enter your details on one of our online forms but don’t complete the submission, we may contact you.

Legitimate Interest

-to see if we can help with any problems you may be experiencing, such as technical issue with our forms or website, or requiring more information

 

We use profiling and screening techniques to better understand your interests and preferences in order to contact you with the most relevant communications.

Apart from an analysis of geographic, demographic and other information relating to you, we may also use information from third party sources when it’s available. Such information is gathered using publicly available data about you, for example listed Directorships or typical earnings in a given area.

Profiling allows us to target our resources effectively, which donors consistently tell us is important to them.

Legitimate Interest

- Profiling allows us to send you information about any applicable local policy changes e.g. prescribing policies or opportunities to engage locally ensuring you have the chance to have your say.

 

- Profiling allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Most importantly, it enables us to raise more funds for the charity, sooner, in a more cost-effective way.

  If you join on behalf of a child under the age of 16 or an adult dependant, all our communications and services will be directed to you as the parent/carer to share with your child or dependant. We will never contact your child directly until they reach the age 16. We will never contact a dependant directly unless we have your explicit consent to do so.

Legitimate Interest

-to help safeguard young children and adult dependants by not allowing them to directly access services which may contain distressing medical information

  Surveys – to capture views on our services or the experiences of people affected by coeliac disease and the impacts of gluten so that we can tailor and improve our offerings and ensure we represent the views of our members. Data from surveys will be reported anonymously unless otherwise mentioned and we have your explicit consent. 

Legitimate interest

- to ensure the charity remains current, and understands and focuses on the needs of its members.

Consent

-if data requirement needs to contain personal data, we will ask for consent

Additional Householders Under Household membership, we ask the primary joiner to supply personal data of others in the household whom they wish to receive services.

Legitimate Interest

-to provide services as requested, unless under the age of 16, but we will inform additional householders that their data has been provided when we start providing services, so they can choose not to share their data

Is It Coeliac Disease Online Assessment participants Provide support through the assessment process or information you have requested.

Legitimate Interest

-assist people with identifying a possible diagnosis of coeliac disease

  Use any health, ethnic or dietary information provided for anonymised research purposes.

Your data is retained on the basis of:

Legitimate Interest

-under the condition of processing data for health or social care purposes if your data was held prior to the Data Protection Act 2018 or by consent if you prefer,

Or Consent

- explicit consent required if you provided your data after the Data Protection Act 2018 was implemented

 

You have the right to withdraw your sensitive data at any time.

 

Our interest is:

-in providing anonymous data to support research into the condition and treatment

-to use sensitive data for participation in research

  To follow up on your diagnosis journey and provide further assistance. Provide marketing information on membership or relevant products and offers.

Legitimate Interest

-assist people with managing a diagnosis of coeliac disease

-contact by post or live telephone calls

PLUS Consent required for contacting you by email.

Catering Training Provide support for the online and face to face catering training courses we provide including administration for the financial transaction and provision of completion certificate.

Contract

  Marketing of our commercial services relevant to the catering/food sector and your role.

Legitimate interest

 -marketing

Health Care Professionals Health care professionals contacted in their professional capacity for the purpose of education and providing materials for their patients on services available from Coeliac UK.

Legitimate Interest

-to advance the standards of healthcare for those with coeliac disease and other conditions.

Research Professionals Researchers and academics contacted in their professional capacity for the purpose of participation in research calls, research events or for recruitment to research related committees within Coeliac UK.

Legitimate Interest

-data provided directly or from a public source

- to help research and advance understanding in coeliac disease and the impact of gluten, provide access to funding to support research

Business Customers To fulfil contractual obligations made with any sale of services or goods or sponsorship agreements.

Contract

  Marketing of other relevant Coeliac UK commercial services.

Legitimate Interest

-to extend availability of GF food by approaching business customers in the relevant sectors to develop and promote their GF offering.

Other Professional Contacts Media, politicians and related others

Legitimate Interest

-to enable the dissemination of information about coeliac disease and the gluten free diet to the community and help to influence changes and improvements to benefit our members

How we keep your data secure and who processes your data

The Charity is the data controller and will perform the processes above with the support of trusted partners and suppliers, who will be held to the same standards of compliance as we are ourselves. We ensure they store the data securely and are contractually obliged to adhere to all the data regulations required by law.

We currently use third party suppliers to collect and/or process your data on our behalf to deliver postal mailings, make live telephone calls to our supporters, send emails, process payments, operate our website and apps, administer our lottery and raffles and analyse supporter trends. We only provide them with the data needed to deliver the specific service. A small number of our suppliers may transfer your data outside the UK, if they do, we will make sure that it is protected in the same way as if it was being used in the UK. We’ll check for one of these safeguards:

  • Transfer it to a non-UK country with privacy laws that give the same protection as the UK or have an adequacy decision to recognise this
  • Have a contract with the recipient that means they must protect it to the same standards as the UK.

We will periodically assess our trusted partners and suppliers to ensure they are adhering to the required standards.

We may need to disclose your data if required to the police, regulatory bodies or legal advisors. We will only ever share your personal data in other circumstances if we have your explicit and informed consent.

Where you use a third party to provide data to us, for example, Just Giving, they will have their own data protection and privacy policies and we recommend you are aware of these before signing up.

Our communications with you

There are many ways for you to engage with us. The communications you receive from us will be tailored to the nature of that engagement(s).

By joining Coeliac UK as a member, depending on the option chosen, you will receive some or all of the following essential communications and services containing information on living gluten free and related health conditions and on the campaigning, research and fundraising activities of the charity should you wish to join in at any point. The list of services for each member package is available here.

  • Food and Drink Guide (once a year) via post (also available via website and app)
  • Live Well Gluten Free Magazine (twice a year) via post (also available via website)
  • E-newsletters via email or website
  • Products and offers emails via email or website
  • Keeping In Touch emails
  • Membership renewal communications by email, or by post if you opt out of email renewal
  • Local Groups – communications from your local support group where available

If you wish, you may opt out of any of these key services at any time by logging onto your account on our website or contacting our Helpline on 0333 332 2033.

We may also contact you by post or by live telephone calls, in addition to the above, with relevant and timely communications on the work the Charity is doing. These activities cover areas such as important research into coeliac disease and the effects of gluten; updates and offers on gluten free products; information on events and our gluten free community; raffles; lotteries and other giving opportunities and ways you can help us campaign to improve the standards of living gluten free. We believe that by engaging with the charity, you would reasonably expect to be kept informed when opportunities arise, but you may opt out if you don’t feel they are relevant for you at any time.

We will not send these communications by email, fax or automated telephone calls unless you specifically give us consent to do so. We will ask for your consent every 3 years.

If you use our “Is It Coeliac Disease” online assessment tool, we will contact you to follow up on your assessment results and provide any assistance. We will ask if you want to hear more from us about products and offers, including membership, and how it may benefit if you need or choose to live gluten free.

Otherwise, for anyone else, we will only contact you in response to your engagement with us, or by post or live telephone call where we believe we have a legitimate interest in doing so, or by email if you have given us consent to do so.

Retention

We will keep your personal information for as long as you are engaged with Coeliac UK.

After you stop being a member or engaged with us in another capacity, we may keep your data for up to 10 years for one of these reasons:

  • To reactivate your account should you wish to re-engage with us.
  • You have made a pledge over the longer term such as leaving a gift in your will to the charity.
  • To maintain records according to rules that apply to such as gift aid.

We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for anonymised research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.

Your data and your rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and have provided further information about the rights that individuals have and how to exercise them below.

Right of Access

You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at dpo@coeliac.org.uk, or write to us at: 

Coeliac UK, 3rd Floor Apollo Centre, Desborough Road, High Wycombe, Bucks, HP11 2QW

You may be asked to provide the following details:

  • The personal information you want to access
  • Where it is likely to be held
  • The date range of the information you wish to access.

We will need you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex.

Right to stop processing

You have a right to ask us to restrict or stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (eg administering your membership or processing your donation or business contract) we will do so. Contact us on 0333 332 2033 if you have any concerns. You also have the right to ask the Coeliac UK to stop using your personal data for direct marketing purposes. To stop receiving an email from Coeliac UK, please click on the unsubscribe link in the relevant email received from us or you can manage your marketing contact preferences using ‘My Account’ on the website or contact us using the details below.

Amendment of personal data

We want you to remain in control of your personal data. You can update or amend your personal data via ‘My Account’.

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections based on your updated information.

Alternatively, you may:

Call us: 0333 332 2033

Write to: Coeliac UK, 3rd Floor Apollo Centre, Desborough Road, High Wycombe, Bucks, HP11 2QW

The verification, update or amendment of your personal data will take place within 30 days of receipt of your request.

Other data subject rights

This privacy policy is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion (‘right to be forgotten’), to restrict or object to our processing of personal data and the right to data portability. There may be other legal reasons why we need to process your personal data, but please tell us if you don’t think we should be using it. If you wish to exercise any of these rights, please send an email to dpo@coeliac.org.uk, or write to us at the address above.

EU Citizens Data Protection

Coeliac UK takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative for the purposes of GDPR in the European Union. DataRep has locations in each of the 27 countries and Norway & Iceland in the European Economic Area (EEA). If you want to raise a question to Coeliac UK, or otherwise exercise your rights in respect of personal data, you may do so by contacting DataRep via email, webform or post – all details are here.

If you have any questions please contact us on 0333 332 2033. For further information on data protection go to: ico for public

Version 1.05 Date 23/12/2021

The information on this page was last updated on Monday, 29 November 2021.