Privacy notice

Last updated: 29 November 2020

Welcome to the AphasiaTEC (“we”, “our”, “us”) privacy notice (“Notice”). We are a non-profit organisation dedicated to assisting those suffering from aphasia. Our goal is to promote social inclusion by preventing people with aphasia from becoming socially excluded due to their condition.

This Notice describes how we process personal information when people engage with us. This includes:

• the people we support, as well as their friends, families and dependents;
• those who have purchased our communication guide;
• those who have subscribed to our newsletter;
• our staff and volunteers;
• our funders or donors;
• event attendees;
• visitors to our website; and
• representatives of our vendors and service providers;

AphasiaTEC is the party responsible for making decisions about how your personal information is processed (the data controller). If you have any questions or comments, please contact us at:

• info@aphasiatec.org.uk
• 13 Harewood Road, London SW19 2HD

1. What information does AphasiaTEC collect about me?

Information you give us

You choose to give us certain information when you engage with us.

This includes:

• Name and contact details: When you engage with us, we may ask you to provide us with some basic details such as your current and previous names, email address, address, telephone number and date of birth.
• Sensitive personal information: Some of the information you choose to provide us may be considered “special” or “sensitive” in certain jurisdictions. For our purposes this mostly applies when people tell us they are suffering with aphasia, which is treated as sensitive health information for the purposes of applicable data protection laws. Other examples include sensitive racial or ethnic origins, sexual orientation and religious beliefs, which we do not routinely collect. By choosing to provide us with information relating to your condition, you consent to our processing of that information.
• Donation or billing details: When make a purchase from or donation to us, you provide us or our payment service provider with information, such as your debit or credit card number or other financial information.
• Payment of expenses: we also collect bank account details from staff and volunteers so we can make payments and reimburse expenses.
• Customer service: If you contact us, we collect the information you give us during the interaction.

Information we receive from others

In addition to the information you provide us directly, we may receive information about you from others, including from:

• your friends, family, and dependents;
• carers and health professionals (e.g. a speech and language therapist, or a communication support group provider);
• your academic institution.

Information collected when you use our services

• Device information: We collect information from and about the device(s) you use to access our services, including:
  • hardware and software information such as IP address, device ID and type, device-specific and apps settings and characteristics, , advertising IDs (such as Google’s AAID and Apple’s IDFA, both of which are randomly generated numbers that you can reset by going into your device’ settings), browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address);
• Usage Information: We collect information about your activity on our services, for instance how you use them (e.g., date and time you logged in, features you’ve been using, searches, clicks and pages which have been shown to you, referring webpage address, advertising that you click on)
• Geolocation: If you give us your consent, we can collect your precise geolocation (latitude and longitude) through various means, depending on the service and device you’re using, including GPS, Bluetooth or Wi-Fi connections. The collection of your geolocation may occur in the background even when you aren’t using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it.

4. What cookies and similar technologies does AphasiaTEC use?

We use and may allow others to use cookies and similar technologies (e.g., web beacons, pixels) to recognize you and/or your device(s). In particular we use WordPress cookies to make our site work, and Google Analytics cookies so that we can better understand how our site is used so that we can improve it.

How can you control cookies?

• Browser and device controls. Some web browsers provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer. The procedure for managing cookies is slightly different for each internet browser. You can check the specific steps in your particular browser help menu. You also may be able to reset device identifiers by activating the appropriate setting on your mobile device. The procedure for managing device identifiers is slightly different for each device. You can check the specific steps in the help or settings menu of your particular device.
• Google Analytics. We use Google Analytics, which is a Google service that uses cookies and other data collection technologies to collect information about your use of the Website in order to report Website trends. You can opt out of Google Analytics by visiting google.com/settings/ads or by downloading the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.

What happens if I disable all cookies?

The changes you make to your cookie preferences may make browsing our website a less satisfying experience. In some cases, you may even find yourself unable to use all or part of our website.

More information

Please see our Cookie Notice  and www.aboutcookies.org or www.allaboutcookies.org to find out more about how cookies work, and how to manage and delete them.

5. What does AphasiaTEC use my personal information for?

To manage and provide our services

This includes:

• training delivery;
• provision of our communication guide;
• delivery of our website and newsletter;
• customer support;
• managing donations and;
• communicating with you about our services and activities, including order management and donations.

To improve our services

• Conduct research and analysis of users’ behaviour to improve our services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behaviour); and
• Develop new features and services (for example, we may decide to build a new interests-based feature further to requests received from users).

To ensure legal compliance

And to comply with legal requirements, assist law enforcement and enforce or exercise our rights.

6. What are AphasiaTEC’s legal basis to process my personal information?

To provide our service/perform our contract

When you have entered into a contract for services with us, we process your personal information in order to perform those services..

Legitimate interests

We may use your personal information where we have legitimate interests to do so. For example, to manage volunteers and donations, or to provide training to people suffering from Aphasia. We also analyse users’ behaviour, and take onboard feedback to improve our offerings, for targeted advertising and for administrative, fraud detection and other legal purposes.

Legal obligation

In some cases, applicable laws may require us to process certain information about you.

Consent

We may ask for your consent to use your personal information for certain specific reasons. You may withdraw your consent at any time by contacting us at the address provided at the beginning of this Notice.

7. Who does AphasiaTEC share your information with and why?

With our service providers and partners

We use third parties to help us operate, deliver and improve our services. These third parties assist us with various tasks, including personal information hosting and maintenance, hosting courses and events, analytics, marketing, , donation/payment processing and security operations.

We may also provide aggregated (anonymised) information to third parties.

A list of these third parties is available on request.

In corporate transactions

We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

When required by law

We may disclose your personal information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.

To enforce legal rights

We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

With your consent or at your request

We may ask for your consent to share your personal information with third parties. In any such case, we will make it clear why we want to share the information.

Anonymised data

We may use and share anonymised data (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioural personal information, geolocation in de-identified form), as well as personal information in an aggregated, hashed, non-human readable form, under any of the above circumstances.

We may also share this information with third parties such as our donors and investors to report on our charitable initiatives.

8. How does AphasiaTEC send information outside of my country?

The majority of the personal information we hold about you is hosted by our service providers within the “European Economic Area”. Some of our service providers are however located overseas including our website and newsletter providers who are located in the US.

When we send your personal information outside of your country we have in place adequate safeguards to do so. This includes EU standard contract clauses approved by the European Commission or other suitable safeguard to permit personal information transfers from the European Economic Area (“EEA”) to other countries.

9. What are my privacy rights?

In certain circumstances, if you are an EEA resident, you may exercise the rights available to you under applicable data protection laws as follows:

• If you wish to access, correct, update or request deletion of your personal information.
• You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
• If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

You can exercise your rights at any time by contacting us using the contact details below.

We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user).

10. How does AphasiaTEC protect my personal information?

We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal information, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.

11. How long does AphasiaTEC retain my personal information?

Your personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law.

12. Can this Notice change?

This Notice may be amended from time to time.  We will post any changes we may make on this page and, where appropriate, notify you via e-mail.  When amendments are made, we will update the “last updated” date at the top of this Notice.