Privacy policy.

Privacy Policy

Effective Date: 28/04/2025

Freddie’s Ataxia Fund is committed to protecting and respecting your privacy.

Freddie’s Ataxia Fund understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end, we comply fully with the data protection law in force in the UK and General Data Protection Regulations (GDPR).

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage, and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data. 

Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

The rules on the processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

Definitions

Data controller - A controller determines the purposes and means of processing personal data.

Data processor - A processor is responsible for processing personal data on behalf of a controller.

Data subject - Natural person

Categories of data: Personal data and special categories of personal data

Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example, name, passport number, home address, or private email address. Online identifiers include IP addresses and cookies.

Special categories of personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, and religious or philosophical beliefs.

Processing - means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third-party - means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

By using our Website, you agree to the terms of this Privacy Policy.

 

1. Who are we?

The data controller is Freddie’s Ataxia Fund. This means we decide how your personal data is processed and for what purposes.  Our registered address is: 14 Dudhope Street, Dundee, DD1 1JU, Scottish Charity Number SC053779.  When we refer to ‘we’, ‘us’, and ‘our’, we mean Freddie’s Ataxia Fund. For all data, matters contact us at hello@freddiesataxiafund.co.uk

2. The purpose(s) and legal reasons for processing your personal data

We may use your personal data for the following purposes:

●      Enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of any equipment, grants or services and related matters such as, billing, accounting, and donations.  This may also include taking steps at the request of the Data Subject (you) with a view to entering into a contract.

●      Provide you with information, products, or services that you request from us

●      To comply with legal obligations in regard to record-keeping. We may hold your records longer to maintain our financial records accurately.

●      Provide you with information about products or services we offer that we feel may interest you. If you have consented to receive marketing communications by electronic means from us, we will only contact you by electronic means (e-mail or SMS) with information about products and services similar to those which you previously accessed or enquired about from us

●      Notify you about changes to our mission or goals by means of legitimate interest

●      Respond to requests where we have a legal or regulatory obligation to do so

●      To conduct and analyse market research

●      To ensure that content from any of our websites is presented in the most effective manner for you and for your computer. 

3. What categories of personal data we may collect from you?

Accordingly, we may hold and use personal data about you as a donator, a person receiving a donation or fundraiser, or in any other capacity, for example, when you visit one of our websites, complete a form, apply for a grant, offer to fundraise for us or speak to us.  Depending on what services you receive from us this may include sensitive personal data such as information relating to your health. With reference to the categories of personal data described in the definitions section we process the following categories of your data:

●      Information that you give us when you contact us including name, address, contact details (including email address and phone number)

●      The name and contact details (including phone number) of caregivers or family members that you may provide us with.

●      Details of quotes, and other contact and correspondence we may have had with you

●      Information obtained from surveys, fundraising promotions, and fundraising events that you  taken part in

●      Medical information or medical letters that you have provided to us when you are applying for a grant, medical service or piece of equipment from us.

●      Feedback that you provide us

●      Information about complaints and incidents

●      Information you give us when you make a payment/donation to us. We do not store any payment card details.

●      Other information received from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies or health care providers who have obtained your permission to share information about you.

●      Where you have named a carer or someone as your next of kin or emergency contact details and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

●      Personal Information: When you make a purchase or contact us, we may collect your name, billing address, shipping address, email address, phone number, and payment information.

●      Donation Information: We track details of any donations or attempted donations made through our Website.

●      Communications: If you contact us directly (e.g., by email or form submission), we may receive additional information about you.

Our website collects personal data to power our site analytics, including:

●      Information about your browser, network, and device

●      Web pages you visited prior to coming to this website

●      Your IP address

This information may also include details about your use of our website, including:

●      Clicks

●      Internal links

●      Pages visited

●      Scrolling

●      Searches

●      Timestamps

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

The data that we request from you may include sensitive personal data. This includes information that relates to medical conditions (which may include children’s data). By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy.

4. When do we collect personal data about you?

We may collect personal data about you if you:

●      Visit our websites

●      Enquire about making a donation, fundraising or applying for a grant

●      Fill in a form or survey for us

●      Fill in the contact us form on our website

●      Participate in a fundraising competition or fundraising event or other marketing activity

●      Contact us, for example by email, telephone, or social media

●      Make a donation or payment to us via either Squarespace Payments or Go Get Paid

5. How do we use your personal data?

We use the information we collect to:

●      Process your donation, including sending confirmations and updates

●      Manage payments and prevent fraud

●      Communicate with you

●      Provide customer support

●      Improve and optimize our Website and services

●      Send you marketing communications (only if you opt-in)

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable GDPR Laws, financial records retention periods.

Sensitive personal data related to your health will only be disclosed to Charity Trustees in accordance with UK laws. We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to use it.  Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.

6. How long do we keep your personal data?

Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.

 

 

 

7.  Sharing Your Information

We may share your personal information with:

●      Service Providers: We use Squarespace to host our website and manage online transactions. Squarespace Payments securely handle your payment information. We may use Go Get Paid, A Co-op Business Banking App to take payments. We use Google Workspace to manage the Charity.

●      Compliance with GDPR: We may disclose your information if required by law or to protect our rights.

Note: We do not sell your personal information to third parties.

8. Payment Data

All payments made through our Website are processed securely via trusted third-party service Squarespace Payments .

We do not store your full payment card details on our servers.

Payment processors have their own privacy policies, which you can review here:

●      Squarespace Payments Privacy

When you donate via this website, our payment processor Squarespace Payments will also collect personal information from you in receiving the donation. We may collect information like your:

●      Billing address

●      Email address

●      Name

●      Phone number

When you submit information to this website via webform, we collect the data requested in the webform in order to track and respond to your submissions. We share this information with Squarespace, our online store hosting provider, so that they can provide website services to us. We use Google Workspace to manage Freddie’s Ataxia Fund and to store information securely.

9. The security of your personal data

We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data from being lost, destroyed, or damaged.

All information you provide to us is stored securely.

Personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA").

Squarespace uses the European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) and the UK’s International Data Transfer Addendum (UK Addendum) as the legal basis for transferring personal data to third countries, including the United States. 

Squarespace protects your personal data and has put appropriate technical and organizational safeguards in place to meet these standards. To learn more, visit Squarespace Security Measures page.

 

Squarespace, Inc. complies with the Data Privacy Frameworks to provide a legal basis for transfers of personal data to Squarespace, Inc. in the US from, as applicable, the EEA, Switzerland and the UK. Squarespace, Inc. has certified its compliance to the Data Privacy Frameworks. You can find Squarespace Inc certification here. To learn more about the Squarespace Data Privacy Frameworks and DPF Principles, visit the Data Privacy Framework Program site.

By submitting your personal data, and in providing any personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

The transmission of information via the internet cannot be guaranteed as completely secure.  However, we ensure that any information transferred via our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features for prevention of unauthorised access. 

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email.  Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

10. Cookies and Tracking Technologies

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. They can enhance your browsing experience and analyse site traffic. 

These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

You can manage cookies through your browser settings.

Learn more about how Squarespace uses cookies here.

11. Your Rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

●      The right to request a copy of the personal data which we hold about you;

●      The right to request that we correct any personal data if it is found to be inaccurate or out of date;

●      The right to request your personal data is erased where it is no longer necessary to retain such data;

●      The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;

●      The right to object to the processing of personal data, eg opting out of marketing communications.

 

12. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

13. Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on our website. Please check back frequently to see any updates or changes to our privacy policy.

14. Contact us

To exercise all relevant rights, queries or complaints please in the first instance contact our Freddie’s Ataxia Fund, by emailing us at hello@freddiesataxiafund.co.uk.

If this does not resolve your query or complaint to your satisfaction, you have the right to contact the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.