Data Protection

Privacy and Data Protection Policy

Privacy Notice and Data Processing Statement – How We Use Your Information
This statement is to help you understand how and why we collect personal information about you and what we do with that information. It also explains the decisions that you can make about your own information. If you have any questions about this notice please contact the Administrator.
What is personal information?
Personal information is information that identifies you as an individual and relates to you.
As part of your application, this will also include details of all other people associated with your case such as other family members. Details held include your contact details together with personal, financial and medical information. We may also hold information such as your religion or ethnic group.
How and why does the RMF collect and use personal information?
We set out below examples of the different ways in which we use personal information and where this personal information comes from. The RMF’s primary reason for using your personal information is to provide financial assistance to you and/or your family.
• We obtain information about you from application forms and from enquiries made. We may also get information from professionals such as doctors, financial institutions, other medical charities and from local authorities. Our Trustees require full disclosure of all information to enable them to complete a full analysis of the requirements of each applicant prior to making any award.
• We may have information about any family member or family circumstances which might be sensitive.
• We may need information about any sanctions, court orders or criminal petitions which relate to you.
· We may use information about you, without identifying you, if we need this for historical research purposes or for statistical purposes.
Financial information
· We will process financial information about you in relation to the assessment of your financial circumstances. In some cases, we get information about you from third parties such as credit reference agencies or similar.
· We may hold information about bankruptcy petitions and statutory demands.
· We may obtain information about you from publicly available sources such as Companies House, Land Registry and Zoopla to assess your financial circumstances.
· If your application relates to assistance with educational expenses, we may share information with the school bursary
· Failure to supply information may result in the refusal of an award.
Sharing personal information with third parties
· We may need to share information with other medical charities to enable those charities to work together with the RMF to jointly provide you with assistance. The relevant medical charities have all signed, and are parties to, a data sharing agreement.
· On occasion, we may need to share information with the police.
· Occasionally we may use financial advisors to assist you with your financial planning. We will need to share your information with them, as this is relevant to their work.
Our legal grounds for using your information
This section contains information about the legal basis that we are relying on when handling your information.
Legitimate interests
This means that the processing is necessary for legitimate interests except where the processing is unfair to you. The RMF relies on legitimate interests for the majority of ways in which it uses your information.
Specifically, the RMF has a legitimate interest in:
• Providing financial assistance;
• Safeguarding and promoting the welfare of you and your family.
In addition, your personal information may be processed for the legitimate interests of others. For example, another charity will have a legitimate interest in knowing how and when financial assistance has been given.
If you object to us using your information where we are relying on our legitimate interests as explained above please speak to the Administrator.
Necessary for a contract
We will need to use your information in order to perform our obligations under our contract with you. For example, we need your name, contact details and financial information such as bank details so that we can make any payments awarded to you.
Legal obligation
Where the RMF needs to use your information in order to comply with a legal obligation. We may also have to disclose your information to third parties such as the courts, the local authority or the police where legally obliged to do so.
Vital interests
For example, to prevent someone from being seriously harmed or killed.
Public interest
The RMF considers that it is acting in the public interest when providing grants.

The RMF must also comply with an additional condition where it processes special categories of personal information. These special categories are as follows: personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information and health information.
Substantial public interest
The processing is necessary for reasons of substantial public interest.
Vital interests:
To protect the vital interests of any person where that person cannot give consent, for example, if they are seriously hurt and are unconscious.
Legal claims:
The processing is necessary for the establishment, exercise or defence of legal claims. This allows us to share information with our legal advisors and insurers.
Medical purposes
This includes medical treatment and the management of healthcare services.

We ask for your consent to use your information in certain ways. If we ask for your consent to use your personal information you can take back this consent at any time. Any use of your information before you withdraw your consent remains valid. Please speak to the Administrator if you would like to withdraw any consent given.

Sending information to other countries
Although extremely unlikely, we may send your information to countries which do not have the same level of protection for personal information as there is the UK. For example, we may:
• store your information on cloud computer storage based overseas; or
• communicate with you by email when you are overseas (for example, when you are on holiday).
The European Commission has produced a list of countries which have adequate data protection rules. The list can be found here:

If the country that we are sending your information to is not on the list or, is not a country within the EEA (which means the European Union, Liechtenstein, Norway and Iceland) then, it might not have the same level of protection for personal information as there is the UK.
We will provide you with details about the safeguards which we have in place outside of this privacy notice. If you have any questions about the safeguards that are in place please contact the Administrator.
For how long do we keep your information?
We keep your information for as long as we need to in order to assist by the provision of advice or grants. We will keep some information after you are no longer a beneficiary, for example, so that we can find out what happened if you make a complaint or if you make a further application for assistance.
In exceptional circumstances, we may keep your information for a longer time than usual but we would only do so if we had a good reason and only if we are allowed to do so under data protection law.
We can keep information about you for a very long time or even indefinitely if we need this for historical, research or statistical purposes. For example, if we consider the information might be useful if someone wanted to write a book about the RMF. The table below shows for how long we keep different types of your information, which is in line with other medical charities.
Type of information Retention period or the criteria used to determine the retention period
Contact details Kept whilst there is a reasonable chance that you may need assistance
Financial records Kept whilst there is a reasonable chance that you may need assistance
Summary Case papers Kept indefinitely as part of historical records

Storage of Data
We keep your papers safely under lock and key in a secure location which is only accessible by staff. Staff ensure that papers are not left unattended on desks, unless the room is secure, and that keys are kept safe. Only staff have keys.
Papers not required are disposed of securely by placing them in confidential waste bins.
Prior to quarterly Trustee meetings, Trustees are sent summary papers by post in sealed envelopes. Following each meeting, Trustees papers are disposed of by placing them in confidential waste bins.
Any data stored electronically is held on the Epsom College secure network and is governed by their Information Security Policy.

What decisions can you make about your information?
From May 2018 data protection legislation gives you a number of rights regarding your information. Some of these are new rights whilst others build on your existing rights. Your rights are as follows:
· if information is incorrect you can ask us to correct it;
· you can ask what information we hold about you and be provided with a copy. We will also give you extra information, such as why we use this information about you, where it came from and what types of people we have sent it to;
· you can ask us to delete the information that we hold about you in certain circumstances. For example, where your data is no longer necessary in relation to the purpose for which it was originally collected or where we no longer need the information. Where personal data is processed to comply with legal obligations or for other specific reasons, this request may be refused;
· you can ask us to send you, or another organisation, certain types of information about you in a format that can be read by computer;
· our use of information about you may be restricted in some cases. For example, if you tell us that the information is inaccurate we can only use it for limited purposes while we check its accuracy.
The Administrator can give you more information about your data protection rights.
Further information and guidance
The Administrator is the person responsible at the RMF for managing how we look after personal information and deciding how it is shared.
Like other organisations we need to keep your information safe, up to date, only use it for what we said we would, destroy it when we no longer need it and most importantly – treat the information we get fairly.
This notice is to explain how we use your personal information. The Administrator can answer any questions which you may have.
Please speak to the Administrator if:
· you object to us holding your information. We will stop using your information if you tell us not to; or
· you would like us to update the information we hold about you; or
· you would prefer that certain information is kept confidential.
If you consider that we have not acted properly when using your personal information you can contact the Information Commissioner’s Office – ico.org.uk.