- Introduction to CRY and the coverage of this policy
Cardiac Risk in the Young (CRY) is a UK registered charity (no. 1050845) that supports families (emotionally and medically) after a bereavement due to a young sudden cardiac death (YSCD). The objective of the charity is to prevent young sudden cardiac deaths through awareness, screening and research, and to support affected families. CRY supports expert cardiac pathology and fast-track cardiology referrals into the NHS to test affected families. CRY also provides literature for the general public written by leading cardiac experts and offers a unique bereavement support programme.
CRY’s registered office, and its principal office, is at Unit 1140B The Axis Centre, Cleeve Road, Leatherhead, Surrey, KT22 7RD. CRY’s Company Registration Number is 3052985. In addition, CRY funds two centres at St George’s Hospital, Tooting, London. These are the CRY Centre for Inherited Cardiovascular Conditions and Sports Cardiology; and the CRY Centre for Cardiac Pathology.
CRY is committed to protecting your personal information and respecting your privacy, irrespective of your connection with the organisation. This includes bereaved families, members of the myheart network, volunteers, supporters, event participants, those who have been screened or are about to be screened at one of our mobile cardiac screening events and general enquirers. CRY is the Data Controller and is registered with the Information Commissioner’s Office (registration number: Z5086772).
This policy includes details on how CRY collects and uses the personal information you provide to us – whether online, via phone, via email, in written letters or in any other correspondence. In some of the ways that we interact with you, additional terms and conditions may also apply that set out further ways in which we will use your personal information. We ensure that we use your information in accordance with all applicable laws concerning data protection of personal information.
This policy explains:
- What information CRY may collect about you;
- How we will use that information;
- The conditions under which we may disclose the information to others;
- How we keep the information secure; and
- Your choices regarding the information you provide to us.
As indicated later in this document, CRY does not, under any circumstances, sell, share, pass on or in any other way distribute personal details to other organisations in order for them to send you information about services or to ask you for donations. CRY also does not buy, or in any way accept, mailing lists from any other organisation.
By interacting with CRY you are agreeing to be bound by this policy. This includes interacting with us via any of our services; using our website; and engaging with CRY via social media, email, phone or other means.
Any questions regarding this policy, or more generally about our privacy and data protection practices, should be sent by email to email@example.com; or in writing to CRY, Unit 1140B The Axis Centre, Cleeve Road, Leatherhead, Surrey, KT22 7RD. Alternatively, you can telephone 01737 363222.
- CRY’s bases for processing data
Under the General Data Protection Regulation 2016 (GDPR) there are a number of data protection principles, which can be summarised as follows:
- Personal data shall be processed lawfully, fairly and in a transparent manner.
- Personal data shall be collected and processed for specified, explicit and legitimate purposes.
- Personal data shall be adequate, relevant and limited to the needs of the intended purposes.
- Personal data shall be accurate and kept up to date and inaccurate data shall be rectified or erased without delay.
- Identification of data subjects is permitted for no longer than required for the intended purpose.
- Personal data shall be processed in a manner that ensures the appropriate security of the data.
In addition, the Data Controller – i.e. CRY – shall be responsible for, and be able to demonstrate, compliance with these principles.
CRY has identified the following legal bases for the processing of personal data.
a. Consent of the data subject.
Processing of personal data is based on explicit consent given by an individual for their data to be processed in a particular manner. For instance, you can consent to receive information from CRY about various cardiac conditions, information about how we support people affected by these conditions and information about how you can support us. You can choose to hear from us by email or post. Certain communications such as reminders for attending screening events are delivered by SMS. Individuals have a right to withdraw consent at any time and to unsubscribe from any and all mailing lists.
Giving consent usually applies to a specific type of data processing – for example, you might give consent for CRY to use your email address to send you regular updates about our work. However, even though you might not give consent for your personal data to be processed in a particular way, your personal data might still be processed in some ways, using one of the other legal bases for processing personal data listed below.
So far as is reasonably possible though, CRY will endeavour to fulfil any and all requests you might make to us with regards the ways in which we process your personal data.
Processing of personal data is necessary for the performance of a contract between the individual(s) and CRY.
c. Legal obligation
Processing of personal data is necessary for compliance with a legal obligation which CRY is subject to.
d. Vital interests
Processing of personal data is necessary to protect the vital interests of the individual (or of another individual) – e.g. where there is a potential safeguarding issue. At CRY, this legal basis for processing personal data may be particularly relevant for data subjects who have undergone cardiac screening through CRY; have been diagnosed with a potentially life-threatening cardiac condition; or are receiving bereavement support – or other support – from CRY.
e. Public task
Processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority.
f. Legitimate interests of CRY
Processing of personal data is necessary for the purposes of the legitimate interests pursued by CRY (or by a third party); except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects, which require the protection of personal data – in particular where the data subject is a child.
CRY’s legitimate interests include, but are not limited to:
- Reducing the incidence of young sudden cardiac deaths in the UK through raising awareness, research and cardiac screening
- Supporting those affected by a young sudden cardiac death
- Supporting people diagnosed with an inherited or congenital cardiac condition
- Continuing to operate as a charitable organisation by receiving funding and support
CRY will sometimes process personal data on the basis of its legitimate interests. In such cases, a Legitimate Interest Assessment (LIA) will first be conducted and documented, to judge whether legitimate interest is an appropriate legal basis for processing the personal data.
CRY may sometimes use legitimate interests as the basis for sending you information in the post. In such cases, you have the right to request that we stop sending you this type of information – or, indeed, to request that it is sent to you via email instead – and our mailing lists will be updated accordingly.
- Information collection
CRY will collect and process personal data for specified, explicit and legitimate reasons connected to its operational objectives. CRY may collect personal information about you when you enquire about our activities and support services, request CRY literature / information, engage with our social media channels, make a donation to us, purchase items, register for an event or otherwise interact with CRY in a manner that involves providing us with some of your personal details.
We obtain personal data in a number of ways, including:
- When you complete online forms on our websites to purchase products, to make donations, to register for fundraising, support or awareness events, to register for online support groups, or to register for newsletters and similar documents.
- When you use email, phone or letter to contact us.
- When you use our testmyheart website to book an appointment at our cardiac screening events.
For those individuals using CRY’s cardiac screening and support services, personal data is provided by the individual concerned or, in the case of those aged 17 or under, by their parent or guardian. These individuals give their consent for CRY to use their personal data for these specific reasons.
We may sometimes receive personal information about you directly from related / interested individuals such as friends, colleagues or family members. This usually occurs where there has been a young sudden cardiac death (YSCD) and CRY is contacted by several members of the same family (or circle of friends; or group of work colleagues) who may refer to one another during the course of their various interactions with CRY.
In certain cases – such as the CRY Bridges Walk, the CRY Durham Walk or some supporter-led fundraising events – the organiser of a group of supporters may provide limited information about members of that group, but this is done with the consent of each of the individual supporters.
The data we receive from third parties can include information such as your name, postal address, email address, phone number and whether you are a tax payer (so that we can claim Gift Aid). CRY does not receive any credit or debit card details.
We may also gather information about the use of our websites, such as which pages are most visited and which events or facilities are of most interest. We will use this information to improve our websites and to ensure we provide the best services for users. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our websites.
- What type of information is collected from you?
The personal information we collect might typically include your name, postal address, email address, phone number(s), date of birth, donation details and Gift Aid declaration. If you are booking an appointment at a cardiac screening event we will require information about your age and the medical history (particularly cardiac history) of you and your close family. If you wish to participate in a fundraising event on behalf of CRY that involves excessive physical activity or risk, you will be asked to provide certain information about your medical history.
If you contact CRY about our support services we will keep a record of the details you provide about yourself and your family members, including their medical history (particularly any cardiac conditions), to ensure we offer the best support and information that we can.
When you use our websites we will receive information from your computer such as your IP address (the unique number that identifies your computer when you use the internet) and information regarding which pages are accessed and when. This is typical of all websites.
If you make a donation online or purchase a product from us, your credit / debit card information is not held by us. It is collected by our third party payment processors, who specialise in the secure online capture and processing of credit / debit card transactions.
To be clear – CRY does not hold any credit / debit card information from any of its supporters.
If you complete any online forms on CRY websites, or register to use any restricted-access areas of CRY websites, then the following will also apply:
- All CRY websites collect personal information when you complete an online form or register with us;
- The forms you complete and / or websites you register with will collect information such as your name, email address and post code;
- Once you register with a CRY website to gain access to restricted content / areas, you will not be anonymous to us when you subsequently sign in;
- As part of the registration process and for continued use of CRY services, you agree that any registration information you give to CRY will always be accurate, correct and up to date;
- We collect and retain information about your online transactions with us so that we can process your transactions and deal with future queries;
CRY does not usually collect sensitive personal data about supporters unless there is a clear reason for doing so – such as ensuring someone is medically cleared to participate in certain fundraising events; or ensuring that we have a full picture of a family’s cardiac health history in order to provide appropriate information and guidance as promptly as possible.
We often collect family health information when individuals first contact us to tell us about their experiences relating to a young sudden cardiac death (YSCD), but we make it clear what we are collecting and why it is important.
- Where we store your information
All data and personal information held by CRY are stored on secure computer servers that are physically located in the UK. CRY is considered to be the Data Controller for all personal information collected and stored.
Some data may be collected on paper – for example, notes taken during a phone call. If this occurs it is transferred to an electronic format as soon as is practically possible, by keying in or scanning as appropriate. If any hardcopy documents containing personal data need to be kept for some reason, they will be stored in secure locations as per CRY’s information security, information governance and clear desk policies.
CRY and its IT service provider, Tier One, are both ISO 27001 certified with regards to information security.
- Keeping your records
CRY keeps records for as long as required in accordance with:
- legal requirements;
- tax and accounting rules;
- CRY’s research programme and
- the needs of the purpose for which the data was collected.
Where or when your information is no longer required, we will ensure it is moved and / or disposed of in a secure manner.
- Keeping your information up to date
The accuracy of your information is important to us. You have the right to:
- view the information we hold about you;
- have data corrected or removed;
- restrict how we process your data; and
- object to how data is used.
If you would like to update the details we hold about you or change your preferences for how we contact you, please call 01737 363222 or email firstname.lastname@example.org. Alternatively, you can write to us at: CRY, Unit 1140B The Axis Centre, Cleeve Road, Leatherhead, Surrey, KT22 7RD.
Under the General Data Protection Regulation 2016 (GDPR) you have a right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. If you contact us to request a copy of the personal information we hold about you, we may require you to prove your identity with one or more pieces of approved identification.
Please send requests to CRY’s Data Protection Officer by writing to the CRY office address, above, or by sending an email to email@example.com. We will respond within 1 month of receiving your request and will generally provide the information in the same format as you make your request to us – that is, printed hardcopies if you write to us or electronically if you email us. Please provide as much information as possible about the nature of your contact with us, to help us locate your records.
8. Using your information
CRY will process data in a way that is fair, ethical and carried out under one of the legal bases indicated in Section 2. Data subjects have the right to make choices as to how, and how much of, their data is processed. By submitting personal information to CRY, you enable us (and where applicable, any third parties we may use) to provide you with information, goods, services and online content; and to raise funds for our ongoing campaign objectives.
We may use your information for a number of purposes including, but not limited to, the following:
- Providing you with communications that you have requested and / or may be of interest to you. This may include information about campaigns, fundraising activities and services;
- Processing donations we may receive from you;
- Supporting your fundraising activities (note: our Fundraising Principles state that we will never directly ask you for donations, but we do provide advice and guidance for those who choose to fundraise for CRY);
- Creating and managing a Memorial Fund for you (if requested by you);
- Processing orders that you have submitted for CRY merchandise, Christmas cards, etc;
- Carrying out our obligations arising from any contracts entered into by you and CRY;
- Processing applications to participate in fundraising or awareness or support events;
- Processing bookings to attend cardiac screening events;
- Providing bereavement support and myheart support services;
- Notifying you of changes to our services
- Inviting you to participate in interactive features on our website when you choose to do so;
- Administration purposes – for example, we may contact you regarding a donation you have made or an event you have registered for;
- Internal record keeping, including the management of any feedback or complaints;
- Identifying your approximate location from your IP address, in order to block disruptive use of / access to CRY websites, to record website traffic or to allow your web browser to personalise the way our information is presented to you (e.g. Google Translate);
- Analysing and improving the services offered to make them as user-friendly as possible;
- Where it is required or authorised by law, we may assess your personal information for the purposes of credit risk reduction or fraud prevention.
We review our retention periods for personal information on a regular basis. We are legally required to retain some types of information to fulfil our statutory obligations (e.g. the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
CRY does not sell, share, pass on or in any other way distribute personal details to other organisations, in order for them to send you information about their services or to ask you for donations. CRY does not buy, or in any way accept, mailing lists from any other organisation. Also, CRY does not use agencies to request donations / support on the charity’s behalf. CRY may disclose your personal information to third parties if we are under a duty to comply with any legal requirements; or in order to enforce or apply our rights; or to protect CRY.
Because the above purposes can require different legal bases for the processing of the data, the information below provides further explanation for certain areas.
8.2 Administration and day-to-day activities
When you contact CRY and ask for a reply, we will process your personal information on the basis of your request. We may process your personal information on the basis of CRY’s legitimate interests or your vital interests. We process your personal information for administrative purposes in order to provide you with the most appropriate information and support; to thank you when you have supported CRY; and to respond to any feedback or complaints.
From time-to-time, we may also process individuals’ personal information on the basis of legitimate interest in order to send personalised correspondence to existing supporters about initiatives, events or services that may be of particular interest to them.
When we are notified via the Fundraising Preference Service that an individual does not wish to receive any communications from us, we consider this to be a legal obligation. We will, therefore, use this legal basis in order to process the individual’s personal information for the purpose of updating our records to ensure that we do not contact this individual again in future.
The majority of communication about our fundraising activities is classed as direct marketing, so we will generally only send you emails about fundraising activities when we have your consent to do so.
There may be some exceptions however, such as when you register and pay to take part in one of our fundraising events. In such cases, you have entered into a contract with us and we may, therefore, use this legal basis (contractual) to give you a welcome call, send you information about the event, send any materials that you have requested, ask you for an update on progress towards achieving your fundraising target, support you with any related fundraising activities and to safely deliver the event.
If you contact CRY to enquire about undertaking your own fundraising activity for us, we believe that it is in our legitimate interest to process your personal information in order to respond to your request in the most appropriate and helpful manner. In a similar way, if you set up a Memorial Fund within CRY (in memory of a young person who has died due to young sudden cardiac death) we will process your personal information in order to send you details about the fund; and for ongoing administration of the fund.
We may also use legitimate interest as the legal basis for sending you fundraising information in the post – however, you can contact us and opt out of this at any time.
If you are an executor of a will in which CRY is a beneficiary, we will contact you in relation to the bequest as we are legally obliged to do so.
8.4 Processing donations and Gift Aid
When you make a donation, by whatever means, we are legally obliged to process your personal information to ensure that we receive the associated funds and keep an accurate record of them.
We use third party web applications to enable online donations. You should check the privacy policies of these third parties when you provide information to them, to understand fully how they will process your data.
If you give us your permission to claim Gift Aid, then we are legally obliged to use your personal information to make the relevant claim from Her Majesty’s Revenue and Customs (HMRC).
8.5 Support services
If you wish to access our support services, we believe that it is in our legitimate interest – and in some cases, your vital interest – to process the personal information you provide us with to offer you the best support available. If we need to pass on your details to a third party, such as a counsellor, we will only do so with your permission.
We also believe that it is in our legitimate interest – and sometimes the vital interests of data subjects – to send personalised correspondence about our support services to certain individuals based on their cardiac condition and / or previous relationship with CRY. This may include invitations to specific events, individual offers of support or information about new services.
Families have reported that CRY’s very existence provides support after a young sudden cardiac death, even if they are not actively involved with the charity. Whenever a bereaved family contacts CRY and provides us with their contact details (in order for us to initially send them helpful information in the post) we will also add them to a list to receive future postal mailings about the work of CRY and the new support resources we are developing. Individuals can contact CRY at any point to request that they stop receiving this additional, ongoing support information.
If you enquire about becoming a volunteer for CRY, we will rely on our legitimate interest to send you information about how you can get involved in this way. This will include:
- information about the charity’s activities;
- information about volunteering activities;
- requests from supporters for volunteer help, including assistance with fundraising activities;
- details of the tasks you have volunteered to undertake; and
- thanking you for your support.
We may also ask you how many hours you have contributed, for our own internal auditing purposes.
If we need to put you in contact with another volunteer or third party to enable you to carry out a volunteering task, we will only do so with your permission.
If you are a registered volunteer with CRY and you do not wish for your personal information to be processed in this way, please contact CRY at firstname.lastname@example.org or call 01737 363222.
Campaigns to recruit new volunteers are considered to be direct marketing so we will only email you for this purpose when we have your consent to do so.
When we tell you about our campaigns and ask you to support these, this is classed as direct marketing. We will only send you emails about our campaigns when we have your consent to do so; but we may send you campaign information in the post on the basis of CRY’s legitimate interests. An exception to this is the sending of information by email to government officials, policy-makers or employees at organisations that have a mutual interest in the subject matter, in which case we consider the communication to be in the public interest.
8.8 Press and PR purposes
The stories of those who have been affected a young sudden cardiac death, or who live with a cardiac condition, can be a very powerful way of demonstrating the impact it can have on people’s lives and how the services we provide can help.
We only use this information in the press or in PR materials when we have the explicit permission from those involved to do so.
8.9 Monitoring, evaluation and reporting
To ensure that we can effectively achieve our objectives, we monitor and evaluate the effectiveness of our activities through survey forms, gathering feedback and investigating complaints. We also need to report to our supporters and other stakeholders about how well our various initiatives and activities are going. In both instances, we believe it is in our legitimate interest to process data subjects’ personal information for this purpose.
This means we may use the information that you give us to help us understand the effectiveness of our campaigns, our fundraising activities, our cardiac screening services and our support services. This is in order to improve those activities and to help plan for the future. However, for such evaluation purposes, we only share personal information with our supporters and other stakeholders if it is anonymised or if we have your explicit permission (see Press and PR purposes, above).
8.10 Human Resources
If you are a member of staff at CRY, we have a legal obligation to process your personal information for a number of purposes including payroll, pensions, insurance, notifying Her Majesty’s Revenue and Customs (HMRC) of your employment status and ensuring health and safety requirements are met.
- Subject Access Requests (SARs) – viewing / deleting your data
Where CRY holds any personal information about you – for example, if you have been screened by CRY, have made a donation to CRY or have used CRY’s support services – you have a legal right under GDPR to make a Subject Access Request (SAR) to CRY, in order to either see a copy of the information that CRY holds about you, or to request that your personal information is deleted from CRY’s systems. Following guidance from the Information Commissioner’s Office (ICO), CRY may require you to provide proof of ID in order to complete a SAR. Furthermore, for legal reasons, it may not be possible for CRY to irrevocably delete certain medical or finance data – though in such instances, CRY would endeavour to anonymise the relevant data so far as possible within its legal obligations.
To make a Subject Access Request, please contact CRY’s Data Protection Officer by emailing email@example.com or writing to CRY’s Head Office.
- Your choices regarding marketing / direct communications from CRY
You have a choice about whether or not you wish to receive information from us. If you want to receive direct communications from us, then you can indicate your preferences by ticking the relevant boxes situated on the form(s) we use to collect your information. You can also subscribe to certain types of regular mailings (email and / or postal) by using this form on the main CRY website: www.c-r-y.org.uk/subscribe.
When CRY contacts you directly to make you aware of new campaigns, recent research publications, and upcoming events it is classed as marketing. We may contact you for marketing purposes by email if you have given consent to be contacted in this manner. You may opt out of marketing emails at any time by clicking the ‘unsubscribe’ link found at the bottom of all such emails. We may also send you service communications via email – for example, regarding a donation or an order for goods or services.
We may contact you for marketing purposes by post – either where we have your consent to do so or where we believe it can be justified according to CRY’s legitimate interests. We will not send you direct postal mail if you have told us that you would prefer not to receive such information.
We will not contact you for marketing purposes by phone or text message unless you have given your prior consent – although some service reminders (e.g. for cardiac screening appointments) will be sent to you via text message.
You can change any of your marketing preferences at any time – including telling us that you don’t want us to contact you at all for marketing purposes – by emailing firstname.lastname@example.org or by calling the CRY office on 01737 363222. You may also unsubscribe from email / postal mailings by using this form on the main CRY website: www.c-r-y.org.uk/unsubscribe.
- Information disclosure
CRY will only disclose your personal information to third party service providers who are operating under written contract with us to help us fulfil one of our activities – such as our mailing house, our database provider, counsellors and medical professionals. We will not share or sell your personal information with any other organisation for their marketing, promotional or commercial benefit.
Please note that we may be obliged to disclose your personal information to relevant authorities if it is in the public interest or if we are required to by law – for example, for safeguarding purposes.
- Your debit and credit card information
If you use your credit / debit card to donate to us, buy something or pay for a registration online or over the phone, this is carried out in accordance with the Payment Card Industry Data Security Standard (PCIDSS). Credit / debit card information is processed on CRY’s behalf by third party payment portals (e.g. SagePay, Stripe, PayPal). CRY does not retain any credit / debit card information from any of its supporters.
- Security precautions in place to protect your information
When you give us personal information, we take steps to ensure that it is treated securely. Any personal information submitted through online forms and portals is encrypted and protected with 128 Bit encryption on SSL. When you are on a secure web page, a lock icon will appear on the web browsers. Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best effort to ensure its security on our systems. When we use third parties to fulfil a service that requires the processing of your personal information we will take steps to make sure they provide an adequate level of protection in accordance with relevant data protection laws.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential.
CRY does not use profiling or any automated methods to provide you with tailored information.
- Website terms and conditions
Access to and use of CRY websites (listed in section 19) is provided by the charity Cardiac Risk in the Young (CRY) subject to the following terms and conditions. Your use of these sites constitutes acceptance of these terms and conditions as of the date of your first use of the sites.
These sites and the information, names, images, pictures, logos and other content regarding or relating to CRY are provided “as is” without any representation or endorsement made and without warranty of any kind whether express or implied. In no event will CRY be liable for any damages including, without limitation, indirect or consequential damages, or any damages or loss of profits whatsoever arising from the use or in connection with such use or loss of use of the sites, whether in contract or in negligence.
You agree to use these sites only for lawful purposes and in a manner which does not infringe the rights or restrict, or inhibit the use and enjoyment of the site by any third party. CRY cannot be held liable for the result of any action based on the information within these websites.
CRY does not warrant that the functions contained in the material on these sites will be uninterrupted or error free, that defects will be corrected, or that these sites or the servers that make them available are free of viruses or bugs or represents the full functionality, accuracy and reliability of the materials.
We actively seek suggestions, ideas and input from visitors to the CRY websites. If you have any comments please contact CRY’s Communications Manager at email@example.com.
- Website copyright restrictions
The material on all the CRY owned websites is protected by copyright laws. Commercial use or publication of all or any item displayed is strictly prohibited without prior written authorisation from CRY. Nothing contained herein shall be construed as conferring any license by CRY to use any item displayed.
Documents on these sites may be copied for personal, non-commercial use only, on the condition that copyright and source indications are also copied, no modifications are made and the document is copied entirely. However, some documents and photos have been published on these sites with the permission of the relevant copyright owners (who are not CRY). All rights are reserved on these documents and permission to copy them must be requested from the copyright owners (the sources are indicated within these documents / photographs).
The Cardiac Risk in the Young name and logo (the ‘CRY Heart’) are trademarks of Cardiac Risk in the Young. The names, images and logos identifying CRY or third parties and their products and services are the proprietary marks of CRY and / or third parties as appropriate. Nothing contained in these Terms and Conditions or on the CRY websites may be construed as conferring any license or right under any trademark or patent of the CRY or any third party.
Cookies are small pieces of data created and stored on your PC when you visit a website. They are required to keep the site working and provide the necessary services. The CRY websites use ‘session’ cookies to track where you are whilst you are browsing the sites. These cookies do not contain any personal information about you and will be removed from your computer when you leave the sites.
We use this information to monitor website traffic data, which helps us to develop our websites so that they provide a user-friendly browsing experience whilst also effectively conveying CRY’s key messages. We can tell how many people have visited specific pages but we cannot identify who these people are.
Additional types of cookies are also used when you interact with CRY in certain ways via links on our websites:
- Shopping cart cookies are used when you visit the CRY online shop and order items. These cookies are essential to perform the ‘purchasing’ actions that people request whenever they shop online (e.g. when you click on ‘add to basket’)
- Social media cookies are used by Facebook, Twitter and so on. Social networking websites need to know who you are in order to work properly.
If you would prefer not to use the CRY websites to purchase merchandise or register for events then you may contact the CRY office on 01737 363222 to make alternative arrangements for purchasing and / or registering.
Any communication or material that you transmit to, or post on, any public area of CRY’s websites – including any data, questions, comments, suggestions or the like – is, and will be treated as, non-confidential and non-proprietary information.
Information on how cookies are used:
- Google Analytics – these cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve our site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
- YouTube videos – these cookies help track the number of views for a particular video. The ‘pref’ cookie will track user preferences and serve up related content or adverts within an embedded YouTube video.
- Security cookie – this cookie prevents other websites from submitting forms. It is included to help stop “Cross Site Request Forgery.” When a user views a form the cookie is set. When a user submits the form, this cookie tells the website that the form should be accepted.
- Browser session cookie – this cookie is set by the website when a user logs in. This cookie does not display any identifiable or tracking information and is deleted when the user closes their browser. This is only relevant to administrative users of this site.
- Inappropriate website content
If you post or send any content that CRY believes to be inappropriate, offensive or in breach of any laws, such as defamatory content, CRY may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.
- External internet sites
This policy only applies to websites owned or operated by CRY and covers:
Links within CRY’s websites to other websites – for instance, for fundraising events – are not covered by this policy. CRY takes no responsibility for the content of external websites and you use those sites at your own risk.
The existence of a link from any organisation’s site to a CRY site does not imply that CRY endorses the activities or views of that organisation. Any references on CRY’s websites to third party goods or services do not constitute or imply endorsement by CRY unless expressly so stated.
- Medical information on CRY websites
The CRY websites should not be used for the diagnosis or treatment of a heart abnormality. If you would like more information, contact CRY or consult your own doctor. CRY’s websites are not intended to replace a consultation with an appropriately qualified medical practitioner.
The medical information contained in CRY’s websites is provided for information only. It has been prepared by CRY’s current team of cardiac physicians and research fellows, including Dr Elijah R Behr, Dr Michael Papadakis and Professor Sanjay Sharma.
- Transferring your information outside of Europe
If you use our services outside of the EU please note that your information may be transferred outside the EU.
- Website users aged 16 or under
CRY is committed to protecting the privacy of the young people who engage with us. If you are aged 16 or under‚ and you use CRY websites for information about fundraising, campaigning or supporting the work of CRY, please get your parent / guardian’s permission beforehand whenever you wish to provide us with personal information.
For certain activities – for instance, to attend a screening event, or to participate in certain fundraising or awareness events – permission from a parent / guardian is a requirement of that event.
If you have a complaint about how CRY has managed or processed your information, please contact the Data Protection Officer at CRY on 01737 363222 or email firstname.lastname@example.org. Alternatively, you can write to us at: CRY, Unit 1140B The Axis Centre, Cleeve Road, Leatherhead, Surrey, KT22 7RD.
If you are not satisfied with the way in which CRY has handled your complaint you have the right to take your complaint to the Information Commissioner’s Office at https://ico.org.uk/concerns or call 0303 123 1113.
- Review of this policy
CRY will review this policy at least annually, but CRY reserves the right to change this policy at any time by posting changes online.
This Policy was last updated in February 2022; and last reviewed in February 2022.