Version 2.0 11th January 2019
Cauda Equina Syndrome Association (‘CESA’) is committed to protecting and respecting your privacy.
We are registered in England and Wales and our registered address is at
5 Cornmill Mews
We have notified the Information Commissioner’s Office that we process personal data (reference ZA757898).
CESA have appointed a Data Protection Officer. You can contact the DPO at [email protected]
Please mark any data protection related correspondence as ‘FOA the DPO’.
- Information we may collect from you
When you visit our website and/or participate (including commenting on our blog posts) we may collect, process and store the following data about you:
– information you provide to us via our website, including the information obtained from your comments, forms you fill in on our website and/or information provided at the time of registering to use our services. To participate in particular areas of our website you will be required to register an account with us and some personal data is required of you. We will ask for your name and e-mail address.
– information that you provide to us in other correspondence, such as by email or in letters which may include personal data relating to your health.
– details of your visits to our website, including the website that you visited us from and the website that you proceed to from our website; as well as how often you use our website and the types of discussions you participate or are interested in; and/or
– if you contact us, we may keep a record of that correspondence e.g. we will keep a record of when you report a problem with our website or services.
We may also collect and process additional information about you and other persons from e-mails or other correspondence that you send to us.
- IP addresses
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
- How do we use your data?
We use information held about you in the following ways:
– to process your information for market research in any field to be used in an anonymised format, including market, health, lifestyle, scientific, or technical research;
– to publish the results of our opinion polls on our website, to include statistical data from your participation such as your location and other opinion polls that you have participated in;
– to allow you to participate in interactive features of our service;
– to provide you with advertising or marketing information, products or services which we feel may interest you;
– to ensure that content from our website is presented in the most effective manner for you and for your computer;
– to verify you are eligible to use our services;
– to notify you about changes to our service;
– to prevent, detect, and investigate potentially prohibited or illegal activities and enforce our Website Terms and Conditions;
– we may, request your consent to use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you. Consent for such services can be withdrawn at any time. At such point we will remove your personal data from our systems as soon as is reasonably practicable.
– to enable us to comply with any legal or regulatory requirements; to protect or enforce our rights or the rights of any third party and for the purpose of safeguarding national security.
The lawful basis for processing your personal data.
We process your information in the following ways:
Your personal data will be processed under Article 6(1)(a) of the General Data Protection Regulation 2016.
(6)(1)(a) Processing shall be lawful only if and to the extent that at least one of the following applies:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes
Your sensitive personal data (Health information) will be processed under Article 9(2)(a) of the General Data Protection Regulation 2016.
(9)(2)(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
We will continue to process your information under the lawful basis described above until you withdraw consent or it is determined that your consent no longer exists.
Sharing your information
Your personal data will never be passed to a third party under any circumstances without your explicit consent.
If you do not want us to use your data used in any of the above ways please contact us at:
5 Cornmill Mews
Or email [email protected]
We may not be able to continue providing our services to you if you do not agree to the way we use your data.
You may opt out of marketing contact at any time. Please let us know by sending an email to us at [email protected]. If you would like us to change the method of communication you may contact us at the same address
Your Individual Rights
Under the GDPR your rights are as follows:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You can view or change your account information in the registered user area on our website at any time and update it as necessary using your username and password. Once we are informed, we will adjust your data accordingly.
You can delete or deactivate your user account at any time. When you delete your membership your personal data is removed from our database unless we are required to save the data by law. It takes two to three business days until your information is completely removed from all records.
The General Data Protection Regulation 2016 gives you the right to access any information held about you. Your right of access can be exercised in accordance with this Act. Any access request made is free of charge unless it is deemed manifestly unfounded or excessive.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
- Storage of information and security
The information you provide to us will be stored and processed on servers based within the United Kingdom, on selected secure portable devices and in paper files. Cauda Equina Syndrome Association reserves the right to transfer data abroad for processing purposes however, this will only be done in compliance with GDPR. Should processing be moved outside of the UK, you will be advised in writing and offered the option to object to this processing before it takes place.
The Cauda Equina Syndrome Association website includes a Secure Socket Layer Certificate (SSL). This ensures that the data that is collected from the website forms is securely encrypted.
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Our website uses “cookies”, which are small, text files that are stored on your computer that can be retrieved to assist in customising your experience with the online service. The information saved supports the functionality of our website, for example by keeping track of your visual preferences or controlling the frequency of “pop-up” windows. It is necessary to accept cookies in order to use our service.
During some processes, data is temporarily stored on your internet browser as you move from step to step. This is only done in order to improve your experience of our website and is only stored for as long as is necessary for you to complete the process.
We use the following cookies:
– Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
– Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
– Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
– Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. Where you have given consent, we may also share this information with third parties for this purpose.
If you want to find out more information about the individual cookies we use and the purposes for which we use them please contact us at [email protected]
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) this may result in limited functionality and you may not be able to access all or parts of our website.
- Security measures
The information in your registered user account and in your profile is password protected, so that only you have access to your personal information. Please note that you are not permitted to provide your password to anyone else.
We will never ask for your password in e-mails that you receive unexpectedly or that you did not request. Please remember to log out of your account and to close your Internet Browser when you leave our website; this is especially important if you use a PC in public locations. At present, this is the safest way to ensure that no one has access to your personal information. We assume no liability for the abuse of login data and passwords used.
All comments, queries and requests relating to our use of your information are welcomed and should be e-mailed to us at [email protected]