We will only collect and use your personal information where we have a legal basis to do so and will always respect your rights.
Where we use your information, it may be because you have consented to us doing so, or because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we promise never to do it in an intrusive way or to cause distress, and to always respect your rights. Other reasons may include using information because we have a legal obligation to do so or because we are fulfilling contractual obligations.
Examples of why we use your personal information include:
The personal information we collect about you will depend on how and why you are engaging with us. It could include (but is not limited to):
If you shared with us any sensitive information, including your medical history, the information you have provided will be kept by CFC and will be treated with the strictest of confidence. It will not be shared with a third party without your consent unless we have a statutory obligation to do so.
We use your personal information for the following purposes:
We never give or sell any personal information to other charities or organisations. However, there are some circumstances where we would share your data with third parties. For instance:
The General Data Protection Regulation (GDPR) states that we must let you know if we send your information outside of the European Economic Area (the EEA, i.e. the 28 European Union Member States, as well as Iceland, Norway and Liechtenstein), which do not always provide the same level of data protection as the UK, for the purposes of achieving our aims and objectives as a charitable organisation. When we do make such transfers, we have provision in place with our providers, including suitable security measures, to ensure that your personal information is protected in accordance with EU GDPR standards.
We will use publicly available sources to ensure that the information we hold is accurate and up to date. For example, where you have signed up for a redirection service, we will use the Post Office’s National Change of Address database to keep in touch. We may use other services to cross-check the accuracy of the contact details we hold for you.
The periods for which we keep your information depend on the purpose for which your information was collected. We will not keep your personal information for longer than necessary for the organisation’s purposes or for legal requirements.
We maintain the highest standards of data privacy and security to protect your personal details and other information about you because we want you to feel completely confident about engaging with us. We regularly review our processes and procedures to protect your information from unauthorised access and use, accidental loss and/or destruction.
If you have entered one of our organised events we may also access your personal contacts via reputable operators such as RiderHQ, British Cycling etc. who also have robust privacy policies.
We receive information about service users from our referring agencies within the NHS and other registered charities via a secure email network.
If you have any feedback or would like to make a complaint about how we handle your personal information, please contact us so we can investigate and address your concerns. You also have the right to complain about how we collect and use your personal information to the UK data protection regulator, The Information Commissioner’s Office (ICO)