Privacy Policy

Kindred is fully committed to handling personal information in accordance with data protection legislation and best data protection practices.

  • Who are we?
  • How do we collect information from you?
  • What type of information is collected from you?
  • How is your information used?
  • Who has access to your information?
  • Your choices
  • How you can access and update your information
  • Security precautions in place to protect the loss, misuse or alteration of your information
  • Use of 'cookies'
  • Links to other websites
  • Transferring your information outside of Europe
  • Review of this policy
  • What does this all mean?
  • Contacting us with any questions

 

Who are we?

Our organisation, Kindred Advocacy, is a parent-led charity in Scotland dedicated to improving the lives of families of children with disabilities and life-long conditions.  Kindred Advocacy is a registered Scottish charity (no. 000264) and a Scottish Company limited by guarantee (no. 409397). The registered address is 1 St Colme Street, Edinburgh, EH3 6AA.

 

How do we collect information from you?

We obtain information about you when you by telephone and face to face meetings and through our website, and emails.  For example, we collect information when you contact us about services, to make a donation, or if you are registered to receive news from us (e.g. as a member of Kindred Advocacy or of the Exceptional Families Project).

 

What type of information is collected from you?

The personal information we collect might include your name, address, email address, telephone numbers and background information about your family situation, as well as information on your child’s medical condition.  We also retain information about assistance provided by Kindred to your family e.g. trust grant applications, benefits (particularly Disability Living Allowance), education, social work, housing and health.

We will never publish information which will identify your child unless we have your specific permission (and your child’s permission if they are over age 13 and have capacity to consent).  This means that we will take great care if we have information about your child which is unique (e.g. a genetic condition, or other identifying information).

If you have used our website we will have your IP address (this is under review), and information regarding what pages are accessed and when e.g. through Google Analytics (who have their own privacy statement). If you make a donation online to us through JustGiving, your card information is not held by us, it is collected by JustGiving as a third party payment processor, who specialise in the secure online capture and processing of credit/debit card transactions and have their own privacy policy.

 

How is your information used?

We may use your information to:

  • provide you and your family with useful and relevant support and information (please see our ‘Advocacy Agreement’);
  • discuss support for you and your family with other service providers (if you have signed our ‘Mandate’ to give permission);
  • report on our services to funders;
  • process a donation that you have made;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities;
  • process a job application
  • service providers involved in the operation and availability of our website

 

 

We will ask for your consent for each of the above in the tick list on our ‘Confidential Information’ form.

We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity.

 

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf: We use third party service providers for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service. Third party service providers that we use are Office 365, Trello, Survey Monkey, Mailchimp, Bankline, NHS.net, Facebook, Just Giving, Stripe, GoCardless, Donr, Donorfy, Xero and Twitter.

 

You can find information about each services providers' privacy policies and practices through their official websites.

 

Your data and our website provider 

In addition to the above your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

 

  • Your data will be made available to our website provider
  • The data that may be available to them include any of the data we collect as described in this privacy policy.
  • Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  • They will store your data for a maximum of 7 years.
  • This processing does not affect your rights as detailed in this privacy policy.

Our website is hosted by Flywheel and you can view their information on privacy here.

 

Your choices

You have a choice about whether or not you wish to receive marketing information from us. If you do not want to receive marketing communications from us then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone, post or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email enquiries@kindred-scotland.org or telephone on 0800 0315793 (Option 1, Option 1).

 

How you can access and update your information

If you change email address, or any of the other information we hold is inaccurate or out of date, please email FAO Data Protection Officer us at: enquiries@kindred-scotland.org or by writing to DPO, Kindred Advocacy, 1 St Colme Street, Edinburgh, EH3 6AA. Alternatively, you can telephone 0800 0315793.

You have the right to ask for a copy of the information Kindred Advocacy holds about you.

You have the right to request that we delete all data that we hold about you and/or your family.

 

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely.

Once we receive your information, we make our best effort to ensure its security on our systems.

 

Use of ‘cookies’

Like many other websites, the Kindred Advocacy website uses cookies.

'Cookies' are small pieces of information (a small text file) sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual, although they may give information about the device you have used to access our site, such as your IP address, your internet browser and other internet log data.

It is possible to switch off cookies by setting your browser preferences.  Turning cookies of may result in a loss of functionality when using our website.

Here are some of the cookies that we may use:

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Cookie Name Used by Description Expiration
_cfduid Cloudflare Used by the content network, Cloudflare, to identify trusted web traffic. It does not contain any personal information. 1 year
TiPMix Azure Used by Azure when determining which web server they should be directed to.
x-ms-routing-name Azure Used by Azure to handle traffic during code changes. 1 Hour
idsrv Identity Server framework Used by Identity Server framework to authenticate user via cookie when logging into our Platform.
idsrv.session Identity Server framework Used by Identity Server framework to ensure a user's session has not changed when logging into our Platform.
TempMember Website Set when a user first signs up for our site, but does not verify their account via email. It's used to associate the user's actions with the new user account.
TempMember_RequiresVerification Website Contains "true" if the person has recently signed up to the website but has not yet verified their account yet. 12 Hours
cookieconsent_status Website Used to remember if the user has accepted our cookie policy
tid Website Used by the Platform to store user session data. This includes antiforgery tokens and shopping basket data
AspNetCore.Antiforgery.XXXXXX Identity Server framework Built in ASP.NETsecurity feature. Used to prevent Cross-Site Request Forgery attacks against our sites
ASP.NET_SessionId Website Used for authenticating a user's session after logging in. Closes when the user exits the browser. It does not contain any personal information. End of session
.AspNet.Auth Website Used for authenticating the user when logged into the Platform. 2 Hours
ARRAffinity Website Tells our infrastructure which server to handle the request. It does not contain any personal information and is used only for analytical purposes. End of session
MemberLoggedIn Website A binary flag which stores whether a user is logged in or not. It does not contain any personal information. End of session
_stripe_sid Stripe Used by our payment provider, Stripe, in order to process payments on checkout. End of session
_stripe_mid Stripe Used by our payment provider, Stripe, in order to process payments on checkout. 1 year
nsr Stripe Used by our payment provider, Stripe, in order to process payments on checkout. End of session

 

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Cookie Name Used by Description Expiration
@@History/@@scroll|# Website Used by AppInsights to allow for monitoring of the platform database. It does not contain any personal information and is used only for analytical purposes. End of session
_ga and _gid Google Analytics Used to distinguish between website users in Google Analytics. 2 years
_gat Google Analytics Used to moderate calls to the Google Analytics service. It does not contain any personal information and is used only for analytical purposes. End of session
ai_session and ai_user Website Tracks users as they navigate the website predominately for infrastructure performance insights. It does not contain any personal information. End of session
p.gif Typekit Used by the font provider, Typekit, if you are using one of their fonts. Used for compliance and billing purposes only. It does not contain any personal information. End of session
__utma Google Analytics Stores the amount of visits of a user, the time of their first visit, the previous visit, and the current visit. It does not contain any personal information and is used only for analytical purposes. 2 years
__utmz Google Analytics This performance cookie stores where a user came from (eg. search engine, search keyword, link). It does not contain any personal information and is used only for analytical purposes. 6 months
__unam ShareThis Set as part of the ShareThis service and monitors "click-stream" activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. The ShareThis service only identifies a user if they have separately signed up with ShareThis for a ShareThis account and given them consent. Checks how long a user stays on a site: when a visit starts, and ends. It does not contain any personal information and is used only for analytical purposes. 14 months
cc_cookie_accept Website Stores whether the user has accepted the cookie message or not. It does not contain any personal information and is used only for analytical purposes. 365 days
_BEAMER_XXXXXX Beamer Tracking for what product announcement posts have been seen by the current logged in user in the manager. 1 year
_plantrack Planhat Provides analytical information about the current platform user to Planhat (our CRM) in order to improve your experience working with us. 1 year

 

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Cookie Name Used by Description Expiration
 NID  Google Registers a unique ID that identifies a returning user's device. Can be used for targeted ads. It does not contain any personal information.  6 months
 collect  Google Analytics Used to send data to Google Analytics a user's device and behaviour. It does not contain any personal information.  End of session
 r/collect  Doubeclick.net These cookies are managed by DoubleClick, an advertising platform we use to display adverts.  End of session
IDE,  DSID,

_ct_rmm

 Doubleclick.net These cookies are managed by DoubleClick, an advertising platform we use to display adverts.  2 years
 DisplayName  Website  Keeps track of a donors preference to show their name during a Direct Debit.  End of session
VISITOR_INFO1_LIVE Youtube Used by Youtube if you've embedded a Youtube video in your posts. Tries to estimate a user's bandwidth on pages with integrated Youtube videos. It does not contain any personal information. 179 days
 YSC  Youtube Used by Youtube if you've embedded a Youtube video in your posts. Registers a unique ID to keep statistics of what videos from Youtube a user has seen. It does not contain any personal information  End of session

 

Managing Cookies through browser preferences

It is possible to switch off cookies by setting your browser preferences.
Turning cookies of may result in a loss of functionality when using our website.
How you manage cookies depends on the current version of your browser and you should check for the most up to date information it has available on managing cookies.  The following may be useful for you to find that information:

 

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website.  If you linked to our website from a third party site, please be aware that we are not responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

 

Transferring your information outside of Europe

Although the United Kingdom has left the European Union the principles of the EU General Data Protection Regulation(GDPR) have been incorporated in UK Data Protection law – see the Information Commissioner's Office (ICO) website for more details. https://ico.org.uk/

The information which you provide to us is not transferred to countries outside the European Union (“EU”) and we have no plans to transfer data in future outside the EU.

 

Review of this Policy

We keep this Policy under regular review.

This Policy was last updated in April 22.

What does this all mean?

Our policy means that your personal information will be:

  • Processed lawfully, fairly, and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes.
  • Only collected so far as required for our lawful purposes.
  • As accurate and up to date as possible.
  • Retained for a reasonable period of time, in accordance with retention policies.
  • Processed in a manner which ensures an appropriate level of security.

 

Whether through this notice or otherwise, we hope to ensure that everyone has a good understanding of why Kindred processes personal information and, where we do, the rights they may have.

 

Contacting us with any questions

Please feel free to ask questions regarding this policy and our privacy practices by emailing our Data Protection Officer via enquiries@kindred-scotland.org or by writing to:

DPO, Kindred Advocacy, 1 St Colme Street, Edinburgh, EH3 6AA.

Alternatively, you can telephone 0800 0315793.