Kindred is fully committed to handling personal information in accordance with data protection legislation and best data protection practices.
- Who are we?
- How do we collect information from you?
- What type of information is collected from you?
- How is your information used?
- Who has access to your information?
- Your choices
- How you can access and update your information
- Security precautions in place to protect the loss, misuse or alteration of your information
- Use of 'cookies'
- Links to other websites
- Transferring your information outside of Europe
- Review of this policy
- What does this all mean?
- Contacting us with any questions
Who are we?
Our organisation, Kindred Advocacy, is a parent-led charity in Scotland dedicated to improving the lives of families of children with disabilities and life-long conditions. Kindred Advocacy is a registered Scottish charity (no. 000264) and a Scottish Company limited by guarantee (no. 409397). The registered address is 1 St Colme Street, Edinburgh, EH3 6AA.
How do we collect information from you?
We obtain information about you when you by telephone and face to face meetings and through our website, and emails. For example, we collect information when you contact us about services, to make a donation, or if you are registered to receive news from us (e.g. as a member of Kindred Advocacy or of the Exceptional Families Project).
What type of information is collected from you?
The personal information we collect might include your name, address, email address, telephone numbers and background information about your family situation, as well as information on your child’s medical condition. We also retain information about assistance provided by Kindred to your family e.g. trust grant applications, benefits (particularly Disability Living Allowance), education, social work, housing and health.
We will never publish information which will identify your child unless we have your specific permission (and your child’s permission if they are over age 13 and have capacity to consent). This means that we will take great care if we have information about your child which is unique (e.g. a genetic condition, or other identifying information).
How is your information used?
We may use your information to:
- provide you and your family with useful and relevant support and information (please see our ‘Advocacy Agreement’);
- discuss support for you and your family with other service providers (if you have signed our ‘Mandate’ to give permission);
- report on our services to funders;
- process a donation that you have made;
- seek your views or comments on the services we provide;
- notify you of changes to our services;
- send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities;
- process a job application
- service providers involved in the operation and availability of our website
We will ask for your consent for each of the above in the tick list on our ‘Confidential Information’ form.
We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: We use third party service providers for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service. Third party service providers that we use are Office 365, Trello, Survey Monkey, Mailchimp, Bankline, NHS.net, Facebook, Just Giving, Stripe, GoCardless, Donr, Donorfy, Xero and Twitter.
You can find information about each services providers' privacy policies and practices through their official websites.
Your data and our website provider
In addition to the above your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
- Your data will be made available to our website provider
- Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
- They will store your data for a maximum of 7 years.
Our website is hosted by Flywheel and you can view their information on privacy here.
You have a choice about whether or not you wish to receive marketing information from us. If you do not want to receive marketing communications from us then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone, post or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email firstname.lastname@example.org or telephone on 0800 0315793 (Option 1, Option 1).
How you can access and update your information
If you change email address, or any of the other information we hold is inaccurate or out of date, please email FAO Data Protection Officer us at: email@example.com or by writing to DPO, Kindred Advocacy, 1 St Colme Street, Edinburgh, EH3 6AA. Alternatively, you can telephone 0800 0315793.
You have the right to ask for a copy of the information Kindred Advocacy holds about you.
You have the right to request that we delete all data that we hold about you and/or your family.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely.
Once we receive your information, we make our best effort to ensure its security on our systems.
Use of ‘cookies’
'Cookies' are small pieces of information (a small text file) sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual, although they may give information about the device you have used to access our site, such as your IP address, your internet browser and other internet log data.
It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.
Here are some of the cookies that we may use:
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|Cookie Name||Used by||Description||Expiration|
|_cfduid||Cloudflare||Used by the content network, Cloudflare, to identify trusted web traffic. It does not contain any personal information.||1 year|
|TiPMix||Azure||Used by Azure when determining which web server they should be directed to.|
|x-ms-routing-name||Azure||Used by Azure to handle traffic during code changes.||1 Hour|
|idsrv||Identity Server framework||Used by Identity Server framework to authenticate user via cookie when logging into our Platform.|
|idsrv.session||Identity Server framework||Used by Identity Server framework to ensure a user's session has not changed when logging into our Platform.|
|TempMember||Website||Set when a user first signs up for our site, but does not verify their account via email. It's used to associate the user's actions with the new user account.|
|TempMember_RequiresVerification||Website||Contains "true" if the person has recently signed up to the website but has not yet verified their account yet.||12 Hours|
|tid||Website||Used by the Platform to store user session data. This includes antiforgery tokens and shopping basket data|
|AspNetCore.Antiforgery.XXXXXX||Identity Server framework||Built in ASP.NETsecurity feature. Used to prevent Cross-Site Request Forgery attacks against our sites|
|ASP.NET_SessionId||Website||Used for authenticating a user's session after logging in. Closes when the user exits the browser. It does not contain any personal information.||End of session|
|.AspNet.Auth||Website||Used for authenticating the user when logged into the Platform.||2 Hours|
|ARRAffinity||Website||Tells our infrastructure which server to handle the request. It does not contain any personal information and is used only for analytical purposes.||End of session|
|MemberLoggedIn||Website||A binary flag which stores whether a user is logged in or not. It does not contain any personal information.||End of session|
|_stripe_sid||Stripe||Used by our payment provider, Stripe, in order to process payments on checkout.||End of session|
|_stripe_mid||Stripe||Used by our payment provider, Stripe, in order to process payments on checkout.||1 year|
|nsr||Stripe||Used by our payment provider, Stripe, in order to process payments on checkout.||End of session|
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
|Cookie Name||Used by||Description||Expiration|
|@@History/@@scroll|#||Website||Used by AppInsights to allow for monitoring of the platform database. It does not contain any personal information and is used only for analytical purposes.||End of session|
|_ga and _gid||Google Analytics||Used to distinguish between website users in Google Analytics.||2 years|
|_gat||Google Analytics||Used to moderate calls to the Google Analytics service. It does not contain any personal information and is used only for analytical purposes.||End of session|
|ai_session and ai_user||Website||Tracks users as they navigate the website predominately for infrastructure performance insights. It does not contain any personal information.||End of session|
|p.gif||Typekit||Used by the font provider, Typekit, if you are using one of their fonts. Used for compliance and billing purposes only. It does not contain any personal information.||End of session|
|__utma||Google Analytics||Stores the amount of visits of a user, the time of their first visit, the previous visit, and the current visit. It does not contain any personal information and is used only for analytical purposes.||2 years|
|__utmz||Google Analytics||This performance cookie stores where a user came from (eg. search engine, search keyword, link). It does not contain any personal information and is used only for analytical purposes.||6 months|
|__unam||ShareThis||Set as part of the ShareThis service and monitors "click-stream" activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. The ShareThis service only identifies a user if they have separately signed up with ShareThis for a ShareThis account and given them consent. Checks how long a user stays on a site: when a visit starts, and ends. It does not contain any personal information and is used only for analytical purposes.||14 months|
|cc_cookie_accept||Website||Stores whether the user has accepted the cookie message or not. It does not contain any personal information and is used only for analytical purposes.||365 days|
|_BEAMER_XXXXXX||Beamer||Tracking for what product announcement posts have been seen by the current logged in user in the manager.||1 year|
|_plantrack||Planhat||Provides analytical information about the current platform user to Planhat (our CRM) in order to improve your experience working with us.||1 year|
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
|Cookie Name||Used by||Description||Expiration|
|NID||Registers a unique ID that identifies a returning user's device. Can be used for targeted ads. It does not contain any personal information.||6 months|
|collect||Google Analytics||Used to send data to Google Analytics a user's device and behaviour. It does not contain any personal information.||End of session|
|r/collect||Doubeclick.net||These cookies are managed by DoubleClick, an advertising platform we use to display adverts.||End of session|
|Doubleclick.net||These cookies are managed by DoubleClick, an advertising platform we use to display adverts.||2 years|
|DisplayName||Website||Keeps track of a donors preference to show their name during a Direct Debit.||End of session|
|VISITOR_INFO1_LIVE||Youtube||Used by Youtube if you've embedded a Youtube video in your posts. Tries to estimate a user's bandwidth on pages with integrated Youtube videos. It does not contain any personal information.||179 days|
|YSC||Youtube||Used by Youtube if you've embedded a Youtube video in your posts. Registers a unique ID to keep statistics of what videos from Youtube a user has seen. It does not contain any personal information||End of session|
Managing Cookies through browser preferences
It is possible to switch off cookies by setting your browser preferences.
Turning cookies of may result in a loss of functionality when using our website.
How you manage cookies depends on the current version of your browser and you should check for the most up to date information it has available on managing cookies. The following may be useful for you to find that information:
- https://support.google.com/chrome/answer/95647 (Chrome);
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- https://www.opera.com/help/tutorials/security/cookies/ (Opera);
- https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
- https://support.apple.com/en-gb/guide/safari/sfri11471/mac (Safari); and
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Links to other websites
Transferring your information outside of Europe
Although the United Kingdom has left the European Union the principles of the EU General Data Protection Regulation(GDPR) have been incorporated in UK Data Protection law – see the Information Commissioner's Office (ICO) website for more details. https://ico.org.uk/
The information which you provide to us is not transferred to countries outside the European Union (“EU”) and we have no plans to transfer data in future outside the EU.
Review of this Policy
We keep this Policy under regular review.
This Policy was last updated in April 22.
What does this all mean?
Our policy means that your personal information will be:
- Processed lawfully, fairly, and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Only collected so far as required for our lawful purposes.
- As accurate and up to date as possible.
- Retained for a reasonable period of time, in accordance with retention policies.
- Processed in a manner which ensures an appropriate level of security.
Whether through this notice or otherwise, we hope to ensure that everyone has a good understanding of why Kindred processes personal information and, where we do, the rights they may have.
Contacting us with any questions
Please feel free to ask questions regarding this policy and our privacy practices by emailing our Data Protection Officer via firstname.lastname@example.org or by writing to:
DPO, Kindred Advocacy, 1 St Colme Street, Edinburgh, EH3 6AA.
Alternatively, you can telephone 0800 0315793.