|

|

|

These guidelines are based on the Data Protection Act 1998 (the Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

They relate to the collection and processing of personal information received from visitors of the Brain and Spine Website. This may be a name, address or any other piece of information that can be traced back to an individual.

The Brain and Spine Foundation processes such information about web visitors and volunteers for research, campaigning, administrative and fundraising purposes. When handling such information, the Brain and Spine Foundation, and all staff or others who process or use any personal information, must comply with the Data Protection Principles which are set out in the Act.

In summary these state that personal data shall:

• be processed fairly and lawfully;
• be obtained for a specified and lawful purpose registered with the Information Commissioner;
• not be processed in any manner incompatible with this registered purpose,
  be adequate, relevant and not excessive for the purpose;
• be accurate and up-to-date;
• not be kept for longer than necessary for the purpose;
• be processed in accordance with the data subject's rights;
• be kept safe from unauthorised processing, and accidental loss, damage or destruction; and
• not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
  
  

Personal information
All personal information is kept securely (in a password protected and virus protected location) and destroyed securely when it is no longer required (by being shredded or deleted or recorded over). Personal information is not disclosed to any unauthorised third party.

Third party suppliers and contractors
Third party suppliers and contractors may in the course of their work come into contact with information held by the Brain and Spine Foundation. Such individuals and organisations are required to sign a privacy agreement to state that they:

• will not disclose the data of anyone connected to the Brain and Spine Foundation (except to the Brain and Spine Foundation itself) and will treat such information as strictly confidential;
• will ensure that access to this data is restricted only to staff who have been briefed on data protection compliance and who have agreed to act in accordance with boundaries of the act; and
• will comply with the Data Protection Act when handling data on behalf of the Brain and Spine Foundation.
  
  

Rights to access information
Users of the website (and of other Brain and Spine services) have the right to access any personal data about them that may be stored by the Brain and Spine Foundation. Please address requests to the Brain and Spine Foundation, 7 Winchester House, Kennington Park, Cranmer Road, London SW9 6EJ.

Users 16 and under
If you are aged 16 or under, please get your parent/guardian's permission beforehand whenever you provide personal information to the Brain and Spine Website. Users without this consent are not allowed to provide us with personal information.