Our commitment to you is that we will respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and not do anything that you would not reasonably expect. We only ask for information that will inform our engagement with you personally and provide vital statistical data to underpin research and campaigning for better support for those living gluten free.
There is no national register of people with coeliac disease so researchers come to us as we have the largest pool of people that can potentially help. Your participation in research could be essential in understanding more about the disease, developing treatments and finding a cure. Having the largest database of people suffering with coeliac disease and/or living gluten free gives us a powerful voice when lobbying the NHS on healthcare, the government on food policy and commercial partners on providing gluten free alternatives. Your participation by receiving our marketing communications is also essential in showing both the need for and support of new initiatives around gluten free food provision and our community’s commitment to improve the lives of everyone who needs to live gluten free.
The data we collect
We collect some or all of the following information from you, or via third parties only where you have consented to them sharing the data with us or from publicly available information.
Name, address, phone number, email, date of birth, ethnicity, health and dietary information and facial photographs if you choose to provide one for your online account or case study. We collect behavioural data from voluntary surveys and other responses to our communications. Bank or card information is collected where you buy our services and products. When on our website, we will use your IP address, cookies and services like Google Analytics and other statistical services to record your activity on our website to help improve the site and services to you.
From third parties
Personal data may be supplied to us by individuals applying for membership on your behalf, such as a parent, carer or other household occupant or employers signing up an employee for a training course. Unless you are under 16 years of age, we will inform you when this happens when we contact you for service purposes.
Where you have given consent to third party organisations they will share data with us, such as fundraising activities from Just Giving, Virgin Money Giving, and similar sites or social media sites if you’ve consented to share data via your settings.
We may collect and analyse personal information from public sources to create a summary of your interests and preferences so we can contact you in the most appropriate way, with the most relevant information. We may use public data such as held on Companies House, Office of National Statistics and other government sites containing socio-economic data for postcode areas.
We do not actively seek to populate telephone numbers and dates of birth that you have not given to us but we may ask you directly. However, this and other information may be provided to us through other sources that you have consented to be made publicly available.
If we retain any information not provided by you, we will record the source it originates from and whether it was publicly accessible.
What we use it for:
By data protection law, we can only use your personal data if we have a lawful basis to do so, which will be one of the following depending on what we are using your data for:
- When it is in our legitimate interest, or
- When you consent to it, or
- To fulfil a contract we have with you.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is in the table below.
Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
How we keep your data secure and who processes your data
The charity is the data controller and will perform the processes above with the support of trusted partners and suppliers, who will be held to the same standards of compliance as we are ourselves. We ensure they store the data securely and are contractually obliged to adhere to all the data regulations required by law.
We currently use third party suppliers to collect and/or process your data on our behalf to deliver postal mailings, make telephone calls to our supporters, send emails, process payments, operate our website and apps, administer our lottery and raffles and analyse supporter trends. We only provide them with the data needed to deliver the specific service. A small number of our suppliers may transfer your data outside the EEA, if they do, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll check for one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
- Have a contract with the recipient that means they must protect it to the same standards as the EEA.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
We will periodically assess our trusted partners and suppliers to ensure they are adhering to the required standards.
We may need to disclose your data if required to the police, regulatory bodies or legal advisors. We will only ever share your personal data in other circumstances if we have your explicit and informed consent.
Where you use a third party to provide data to us, for example, Just Giving, they will have their own data protection and privacy policies and we recommend you are aware of these before signing up.
Our communications with you
There are many ways for you to engage with us. The communications you receive from us will be tailored to the nature of that engagement(s).
By joining Coeliac UK as a member, depending on the option chosen, you will receive some or all of the following essential communications and services containing information on living gluten free and related health conditions and on the campaigning, research and fundraising activities of the charity should you wish to join in at any point. A full list of all member services is available here.
- Food and Drink Guide (once a year) via post (also available via website and app)
- Crossed Grain Magazine (three times a year) via post (also available via website)
- E-newsletters via email or website
- Products and offers emails via email or website
- Keeping In Touch emails
- Membership renewal communications by email, or by post if you opt out of email renewal
- Local Groups – communications from your local support group where available
If you wish, you may opt out of any of these key services at any time by logging onto your account on our website or contacting our Helpline on 0333 332 2033.
We may also contact you by post, in addition to the above, with relevant and timely communications on the work the charity is doing. These activities cover areas such as important research into coeliac disease and the effects of gluten: updates and offers on GF products; information on events and our GF community; raffles; lotteries and other giving opportunities and ways you can help us campaign to improve the standards of living gluten free. We believe that by engaging with the charity, you would reasonably expect to be kept informed when opportunities arise, but you may opt out if you don’t feel they are relevant for you at any time.
We will not send these communications by electronic means (including email, fax, telephone) unless you specifically give us consent to do so. We will ask for your consent every three years.
If you use our Is It Coeliac Disease Online Assessment tool, we will contact you to follow up on your assessment results and provide any assistance. We will ask if you want to hear more from us about products and offers, including membership, and how it may benefit if you need or choose to live gluten free.
Otherwise, for anyone else, we will only contact you in response to your engagement with us, or by post where we believe we have a legitimate interest in doing so, or by electronic means if you have given us consent to do so.
We will keep your personal information for as long as you are engaged with Coeliac UK.
After you stop being a member or engaged with us in another capacity, we may keep your data for up to 10 years for one of these reasons:
- To reactivate your account should you wish to re-engage with us.
- You have made a pledge over the longer term such as leaving a gift in your will to the charity.
- To maintain records according to rules that apply to such as gift aid.
We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for anonymised research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
Your data and your rights
You have a right to ask for a copy of the information we hold about you, although we may need to charge an administration fee in certain circumstances. To do so please send a description of what information you would like a copy of, along with proof of your identity to Membership, Coeliac UK, 3rd Floor Apollo Centre, Desborough Road, High Wycombe, Bucks, HP11 2QW. We will supply the information as requested within one month of receipt or advise you if we are unable to comply for any reason. If you find discrepancies in the information we provide, please advise us by calling the Helpline on 0333 332 2033 so we can correct them.
You have a right to ask us to restrict or stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (eg administering your membership or processing your donation or business contract) we will do so. Contact us on 0333 332 2033 if you have any concerns. At your request, we will erase any data we hold unless it is required for legal or financial reasons if you no longer wish for us to hold or process your data.
If you have any questions please contact us on 0333 332 2033 for further information on data protection go to: ico.org.uk/for-the-public/
Version 1.03 Date 02/11/2018
The information on this page was last updated on Friday, 12 July 2019.