Red Lion Group
Data Privacy Policy

Who is collecting the data?

For the purposes of the General Data Protection Regulations (GDPR) the Red Lion Group (RLG) is a data controller. We, the Trustees, obtain data directly from our members, and others who sign up to our contact list(s) (data subjects). That is, we hold and process personal information. Personal information is information about a living person that is capable of identifying them (the ‘data subject’). Medical information is ‘special category data’ and can only be processed under certain circumstances.

This policy sets out what personal information we hold and how we use and secure it.

This document contains the following sections.

Privacy Policy Members

Privacy Policy Non-members

Making a Complaint

Privacy Policy Members

What data is being collected?

  • Name
  • Contact details (address and email addresses)
  • Date of birth
  • Where members have provided it we may hold the minimum amount of general
    information relating to illness leading to, or likely to lead to, pouch related surgery
    (for example, “ulcerative colitis”).

Can people under the age of 16 become members?

  • Yes, but a parent or guardian must authorise us to hold their information and make
    contact with them.

How do we process your personal data?

RLG complies with its obligations under GDPR by

  • Keeping personal data up to date
  • Storing and destroying it securely
  • Not collecting or retaining excessive amounts of data
  • Protecting personal data from loss, misuse, unauthorised access and disclosure
  • Ensuring that appropriate technical measures are in place to protect personal data

What is the legal basis for processing the data?

RLG has established that it has a legal basis for collecting and processing your data to fulfil services provided by contract i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; This is a lawful process as defined by GDPR article 6(1)(b).

Will the data be shared with any third parties?

Your personal data will be treated as strictly confidential and will only be used within the organisation for the purposes of delivering information and services to you as appropriate to your membership. Trustees will have access to the information on a “need to know” basis.

  • ROAR and other mailings may be posted by a third party, and names and postal addresses may be shared with a third party (e.g. printer) for mailing purposes.
  • We may use GDPR compliant electronic mailing services (for example “Mailchimp”) to send some emails.
  • We won’t send personal information oversees.

How will the information be used?

  • Operate the Red Lion Group web site and deliver the services as defined by our charter
  • Inform members of news, events, activities or services related to pouch matters (e.g. our Information Day).
  • Consider the needs of our members and how we might help meet them (e.g. organise a relevant Information Day programme for members and visitors).
  • Contact members in relation to membership matters (e.g. payment of subscriptions etc)
  • Process gift aid applications.

How long will the data be stored for?

RLG will retain your data whilst you continue to be a member of RLG. If your membership has lapsed, your data may be retained for up to 15 months to allow for membership reminders to be sent the following year. If you resign your membership your personal data will be deleted unless there is a legal obligation to keep it for a longer period (e.g. for financial audit purposes).

What rights does the data subject have?

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data.

  • The right to request a copy of your personal data which the RLG holds about you;
  • The right to request that the RLG corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for RLG to retain such data;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller(known as the right to data portability) ;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data;
  • The right to lodge a complaint with the Information Commissioners Office; Making a Complaint

Privacy Policy Non-members

What data is being collected?

  • Name
  • Contact details (address and email addresses)
  • Contact Preferences
  • Marketing Preferences

How do we process your personal data?

RLG complies with its obligations under GDPR by

  • Keeping personal data up to date
  • Storing and destroying it securely
  • Not collecting or retaining excessive amounts of data
  • Protecting personal data from loss, misuse, unauthorised access and disclosure
  • Ensuring that appropriate technical measures are in place to protect personal data

What is the legal basis for processing the data?

RLG has established that it has a legal basis for collecting and processing your data according to your explicit Consent i.e. the data subject has given consent to the processing of his or her personal data for one or more specific purposes; This is a lawful process as defined by GDPR article 6(1)(a).

Will the data be shared with any third parties?

Your personal data will be treated as strictly confidential. We will not share your information with any third party outside of RLG.

How will the information be used?

Your personal data will only be used by RLG for the purposes of delivering information to you according to your chosen contact preference and regarding your chosen marketing preferences.

How long will the data be stored for?

RLG will retain your data unless or until you explicitly withdraw your consent by unsubscribing. Any email sent to you will include a link that will allow you to change your preferences or unsubscribe. If you unsubscribe, ALL data related to you will be deleted.

What rights does the data subject have?

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data.

  • The right to request a copy of your personal data which the RLG holds about you;
  • The right to request that the RLG corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for RLG to retain such data;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller(known as the right to data portability) ;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data;
  • The right to lodge a complaint with the Information Commissioners Office; Making a Complaint

Making a Complaint

How can the data subject raise a complaint?

To exercise all relevant rights, queries or complaints in the first instance contact the RLG

  • By email to: info@pouchsupport.org
  • By mail to: Red Lion Group, c/o St. Mark’s Hospital, Watford Road, Harrow, Middlesex HA1 3UJ

You can contact the information commissioner’s office