This policy covers Drug Science (charity number 1150449) who operate out of 2 Langley Lane, London SW8 1GB. Within this document ‘We’ and ‘Us’ will refer to Drug Science as denoted previously.
Drug Science processes Personally Identifiable Information (PII) on our own behalf as “Data Controller”.
Your privacy is very important to us; first and foremost Drug Science adheres to the relevant legal requirements. This policy applies to the websites (‘the sites’) under the drugscience.org.uk parent domain and explains how Drug Science uses the information provided and the procedures and processes that are in effect to help safeguard your privacy.
We operate under an ‘opt-in only’ communication policy when it comes to “marketing” to individuals that have not subscribed to our sites. This means that we will only send communications to those that have explicitly stated that they are happy for us to do so via their preferred channel(s) (email, SMS, phone or post). For the individuals that have subscribed the information provided will be processed in line with our “legitimate” purposes; and will include “marketing”.
Our “marketing” consists of communications about our organisation, services and developments; and will usually constitute a weeklye-newsletter, as well as ad-hoc updates. If you would like to receive such communications but have not opted in please email us at email@example.com.
It is worth noting that before or at the time of collecting personal data we will identify the purposes for which any information is being collected ensuring it is both fair and lawful ensuring we only ask you for the information that is required, we will then use this information in relation to:
- Fulfilling those purposes specified by us and for other compatible purposes that we have obtained your consent for or as required by law.
- Retaining the personal information as long as necessary for the fulfilment of those purposes.
- We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorised access, disclosure, copying, use or modification.
- We will make readily available to you information about our policies and practices relating to the management of personal information.
We are committed to conducting our business in accordance with these principles to ensure that the confidentiality of personal information is protected and maintained.
We do not intentionally gather personal information from visitors who are under the age of 18. If you are under the age of 18, you are not permitted to submit any personal information to us. If we learn that an individual under 18 submits personal information to Drug Science we will attempt to delete the information as soon as possible.
Changes to this policy
Drug Science reserves the right to update this policy when it sees fit or changes the purposes of processing in line with the services or products. The latest version of this policy will be linked across all sites under the parent domain; with the date of last revision present at the top of the document; this will succeed any previous version of the document and be enforced effective immediately. We will do our best to ensure this is communicated across multiple channels and reobtain consent for any new processing where required.
Your continued use of our products and/or services from point of change and notification of said change signifies your agreement with the new policy.
Disclosure of information to third parties
Except as denoted below; Drug Science will not disclose, distribute or sell personal data (sensitive or non) to any other organisation without prior consent/contractual obligation unless we have a legal obligation or right to do so.
Drug Science works closely with many third parties (business partners, sub-contractors, technical or payment delivery services) in provisions of its services that are on offer; we will ensure that contracts and data processing agreements are in place to ensure that if we are required to send your data securely to these third parties that this is done in order to fulfil your request for information, product or service interactions/purchase.
We may on occasion work with selected third parties, data could be transferred to organisations such as Facebook, Twitter or LinkedIn or other organisations that “enhance” data, the processes that may ensue may include email matching, creation of look-a-like audiences or targeted advertisements.
If Drug Science receives information from any third parties; that you have consented to share in accordance with their privacy policies, terms etc, this may be combined with information that clients or yourselves have provided in order to obtain a better set of information that could be used with one of the purposes outlined above.
We might also share information you have provided with selected third parties to provide you with information on products and/or services that may be of interest or relevant to yourselves; only if you have given us permission to do so via an opt-in mechanism.
If Drug Science is bought out or its assets are acquired by a third party personal data held about its clients and users could possibly be one of the transferred assets.
From submitting or uploading information on our sites you are agreeing to the storage, processing and possible transfer of this data. Drug Science will ensure that data processing agreements and contracts are set up with data processors. Rest assured in the first instance and our wish is to be fully compliant with the Global Data Protection Regulation (GDPR); we will try to keep data within the EEA through partnered organisations.
Our sites are currently hosted in Ireland; the provider that hosts the website build has its backups restricted to the UK. We hold a current and valid data processing agreement with the supplier who provides the hosting. We do however use content delivery networks which copy our website code around the globe for quicker downloading. This is just the front end – no actual data resides in these edge locations.
The sites services currently cover the following areas:
- Donate– This is where you would be registering with Drug Science as a donor, or a member of our “Community” to attend events and access other benefits.
Our sites, products and services are restricted and aimed for access to those that are over 18 only and we don’t knowingly target anyone below this age. If we find you are below that age and you are using our products or services we may remove you from the system.
Personal data we collect
Direct data provision
The sites use various forms that may collect personal data to enable you to subscribe, register and request products and services.If you have registered for any of Drug Science’s products or services and/or have created an online account (profile); then you would have provided us with personal data that may include your:
- Contact details (including postal addresses, telephone and email)
- Date of birth
- Social handles (Facebook, Twitter, LinkedIn or other)
- Payment details (credit or debit card number and expiry date); This is tokenised upon initial submission of the details.
- Other information as needed to personalise the products/services
The sites might also collect personal data in the form of:
- Log files – This would include things like IP addresses, browser type and version, time zone settings, browser plugins, operating system and platform.
- Website usage, how long users spend on the sites and what they click on, how many times and what they interact with.
- User generated data (messages, posts, comments, queries and support tickets).
Insights team will also collect information on how and what you use within our services and the frequency in which those interactions take place. This information is used to help improve our services for both yourself and other users.
You can update personal information supplied by logging into your profile if you have created one or contacting Drug Science support by emailing us at firstname.lastname@example.org.
Third party organisations/our clients
You may have provided permission for our client or another company/organisation to share your data with third parties, including ourselves. This could have been when you consented by providing your data to these other organisations and would be in line with their privacy policies.
Depending on your settings or the privacy policies for social media and messaging services like LinkedIn, Instagram, Facebook, WhatsApp or Twitter, you might have given us permission to access information from those accounts or services. This information will be used to identify traits, trends in our data or on prospects based on interests or groups in addition to opportunities for Marketing to audiences that share similar profiles or are key influencers within these interests or groups.
Publicly Available Information
This may include information found in places such as Companies House and information that has been published in articles/ newspapers and on social media. This information will be used to supplement information that Drug Science currently holds or used to identify or target prospects/currently known individuals for marketing for our goods or services.
Use of information
Drug Science may use your information to notify you about important functionality changes/alterations and updates on Policies in place and anything else that can be classed as “administration” such as updates to this policy and the terms & conditions of the services we provide. The purposes for collation and processing personal information could be one or more of the following:
- Provision of the services, information or products requested; this may include sending you emails on how you can better use our services. You can opt out (Unsubscribe) from E-Mail messages at the bottom of every by emailing us at email@example.com.
- Administration of your “profile” and any payments made considering the above; including identification of you as a user within our system; responding to any comments or questions and for our support team to provide a service.
- Recording your interactions and relationship with us
- Managing this relationship with marketing and communication preferences
- Updating you on new products and services on offer which may be supplementary (Requiring an “opt-in”) for non-service related updates, releases or system outages.
- Equal opportunities monitoring; this is primarily for staff and volunteers within Drug Science.
- Non-automated profiling (which has human intervention)–consisting of the following:
- Segmenting – this is essentially using variables we hold in the database to classify you as a particular user or into a cohort of users; this can be defined as “generic profiling”.
- Propensity modelling which essentially is using variables within held data to score you based on an outcome which will be to include you in particular mailings or offers.
- Wealth screening (analysing Individuals personal information to ascertain material wealth; this can either be done internally or using selected third parties); we may also append this information to your record on our databases.
- Social; accessing publicly available information from social network sites such as Facebook, Twitter, LinkedIn and others to ascertain engagement with specific causes/interests/groups etc.
- Appending/cleansing to the data Drug Science currently holds on you –consisting of the following:
- New address details from available sources such as National Change of Address database; where you have agreed, we may use this address.
- Consented telephone numbers from selected third parties; where you have agreed we may use this number.
- Gone away or deceased flags from selected third parties.
- Compliance or other legal requirements that have either come from an authoritative figure or legal representation. This may also include any reasonable steps to protect Drug Science against any fraudulent, unauthorised or illegal activity.
We may also use the information submitted for performance monitoring and data analysis that will help us improve our sites and offerings. We may also request and use “user feedback” which will form from comments, queries or suggestions; this will be used to improve our products and services.
Drug Science may contact you for marketing purposes which would include news, activities and developmentsoras specified from the initial request or subsequent data gathering forms or from the preferences as outlined in your profile. You can opt in or out of these by contacting Drug Science support by emailing us at firstname.lastname@example.org.
Ultimately most of this information is used to help enhance our features and services. It is worth noting that the IP address data collected cannot be used to identify you personally on its own, would need to be combined with other information generated to construct a profile of you.
Drug Science does not have any access to individual’s card details; the payment provider that we use to collect payment is Payment Card Industry Data Security Standard (PCI-DSS) compliant who process payments on behalf of thousands of UK businesses. They provide a secure payment gateway for us to process your payment for the product/services you are procuring. They also cover areas of fraud screening, IP address blocking and employ the internationally recognised 256-bit encryption. They have gateways in the US and EU and we are using the latter to process any payments.
Our payment provider is regularly audited by the banks and banking authorities to ensure security within their systems. They also possess membership to the PCI Security Standard Council (PCI SSC) that define card industry global regulation. You can see that your data is secure through our payment provider when you see either a https:// in the URL and/or when the padlock is visible alongside the URL.
Your rights and raising complaints
Minor requests for information might be dealt “Informally” not requiring the completion of a subject access request; this will be down to the Data Protection Officer’s (DPO) judgement. To surmise that you as the “natural person” have the following rights:
You have certain rights in relation to your personal data.
- The right to be informed – How data will be used through a fair processing notice/policies.
This basically means, we will be clear and transparent on what and how we will process data that you provide by ensuring we include this at every point of data collection.
- The right to rectification
You have the right to correct personal information If we possess inaccurate/out-dated data; this might encompass things such as a new postal or email address etc. Where possible we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above.
- The right to erasure
You can request you are removed from all our systems and databases, which we will do our best to comply with and instruct you for reasons we have been unable to comply.
- The right to object/restrict data processing
You can request that we cease or do not begin to process your data.
- The right to object/restrict data processing for marketing purposes
You can request that we cease or do not begin to process your data for marketing purposes which would cover any ideal, aim or objective of Drug Science in addition to us promoting our goods and services. We will only contact you for marketing purposes if you have opted in.
- The right to data portability
If you wish to access your data in an intelligible format we will provide it.
- The right to refuse automated profiling and decision making
If we are profiling your data that has all system driven logic and outcomes you can request that we cease or do not begin to do this.
- The right to access your information – (formally Subject Access Request).
If you would like to know how your data has been processed, then you can request a Subject Access Request. Drug Science has one month to comply with the request for data, though depending on the request this might take longer in accordance with the GDPR. All information provided by us will be supplied in an intelligible format, if you have a preferred format, please let us know and we will try to conform to that.
Through the forms and policies on our sites we hope that you understand when we request information, how we use the data and what actions you can take. Remember by enacting some of these rights you may inadvertently cause cancellation or restrictions on the services, products that you are subscribed to. If you feel you need further details on the above, then please contact us at: email@example.com.
The ICO governs all aspects of data protection within the UK and should you have any concerns or wish to raise a complaint that Drug Science is unable to resolve in the first instance; then please visit the following URL for more information. https://ico.org.uk/
Links to third party sites
On occasion, we may link to other sites that we have either partnered with or feel act as a useful reference point for additional information.
It is important in any circumstance before providing any information to these websites that you check their own privacy policies. Drug Science does not accept any responsibility for the protection of your personal data supplied to these other sites or any “threats” that may arise from accessing them.
Drug Science retains data for only as long as necessary and in line with the relevant data protection legislations or any legal requirement. We aim to keep data for no longer than 2 years and in line with our Data Retention policy.
Drug Science strives to protect any information submitted to any of our sites; however, it would be impossible for us to guarantee that any information is completely safe due to the nature of the internet. Therefore, you acknowledge and accept this risk upon providing any personal data to Drug Science.
Once the data provided has been transmitted to us successfully we will take reasonable steps to ensure that the data is secure and prevent any unauthorised access and loss of data as long as it is within our control. We can take no responsibility or be held liable for any damages arising that is beyond our control. We have an “always-on SSL policy” meaning that all data is encrypted in transit using SSL (HTTPS); We do not currently encrypt any data at rest (storage).
Data that we collect on you will be passed to an enforcement agency should we feel you are misusing our sites or services and we will provide this information to third parties if we have a legal obligation to do so.
Drug Science and its sites shall be governed by the law of the member state in which we are established, namely the United Kingdom, specifically England & Wales.
Our Data Protection Officer (DPO) is: David Badcock.
If you have any queries on this policy or if you would like to know further details on how Drug Science uses data or wish to opt-out of something specific; then please use the contact us at: firstname.lastname@example.org.
Any general correspondence should go to: