Privacy Notice

The Child Brain Injury trust (CBIT) is the UK’s leading children’s ABI charity in the UK. Since 1991 we have existed to support families and professionals following ABI.  We have integrity, professionalism and are committed to achieving the very best outcomes through our work.  This includes how we treat the information and personal details that you share with us.

We will not sell your data to any third parties, but we may sometimes share your information with trusted service providers and selected partners who work closely with us and are trusted by the charity. We ensure that any third parties with access to your data are GDPR compliant and they hold strict standards for data use and security.

GDPR in the UK provides the following rights for individuals:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.

• Who we are?

CBIT (the data controller) and our subsidiaries we mean:

• The charity
• Our subsidiary trading company (Child Brain Injury Rehabilitation Service)
• Suppliers such as consultants working on our behalf

For any further information or enquires please contact our data protection officer, Stephanie Bremner on 01869 341075

CBIT aims to provide a high-quality service, we value and welcome all types of feedback.

In order to ensure our service remains at a high and improving standard, we have a procedure which enables you to let us know any reasons that you may not be satisfied with the service we have provided.

We will:

• Resolve complaints promptly and courteously
• Treat all complaints seriously
• Learn from complaints and feed back
• Treat complaints and feedback in confidence

Our full complaints policy can be viewed here.

CBIT collects information from the public in a number of different ways.  For example, we ask for contact details and other information when members of the public refer or are referred to our service, sign up to a fundraising event, a conference, learning events or request information about our services or subject matter. This may include information such as your name, date of birth and contact information. We use this information to help us provide and improve our services as a charity and to keep a record of our communications with you.

Should you become aware or expect a data breach please contact our data protection officer, Stephanie Bremner on 01869 341075, you also have the right to complain to your Local Supervisory Authority, or to the Information Commissioner’s Office  https://ico.org.uk/

If you are a financial supporter of CBIT, through direct debit, as a one-off gift, or donating to us we will ask for information that enables us to administer your donation.  This will normally include information such as your name, contact details such as address, email or telephone number and your payment details and Gift Aid status.

If you have given us your consent, we will contact you with information and updates on our work, events, services and how you can support us. This may be by post, email, telephone or text message, depending on your preferences. We will also continue to ask about your marketing preferences, to ensure that you are still happy to be contacted by us and by which means.

If you enquire about our charitable services, with your consent, we may collect some sensitive personal information such as your children’s information and health information to ascertain how we might best be able to support you.  For people wishing to work or volunteer for the charity, we will collect information about any criminal convictions (e.g. job or volunteer applications) via the appropriate official body.

The Child Brain Injury Trust only collect minimum data to ensure that the minimum data principles are met.

The Child Brain Injury Trust will not keep your data for longer than is needed and for the purpose it was collected for. Data may be kept indefinitely for research and statistical purposes to allow us to evaluate the impact of our services.

What the Law says about protection of personal information

The Law on Data Protection is derived from legislation – General Data Protection Regulation (the ‘GDPR’) which became enforceable in May 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the GDPR’s definition of processing. The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply.

The five legal grounds that are most relevant to CBIT’s use of your personal information are:

• Consent
• Legitimate Interest
• Contract
• Legal Obligation
• Vital interest

How the law applies to CBIT’s use of personal information

CBIT will only process (use) your personal information if we have:

• asked you and have a record of your express and recent consent for us to do so;
• a ‘Legitimate Interest’ to do so in order to support our charitable purposes. Our use will be fair and balanced and never unduly have an impact on your rights;
• a contract with you that we can only fulfil by using your personal information, e.g. to send you an item that you have requested;
• a legal obligation to use or disclose information about you, e.g. we are required by law to keep records of gifts that are given to us with Gift Aid for 4 years; and we are compelled to disclose information relating to safeguarding.

In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

We will not unduly prioritise our interests as a charity over your interests as an individual. We will always balance our interests with your rights. We will only use personal information in a way and for a purpose that you would reasonably expect in accordance with this Policy.

CBIT will not rent, swap or sell your personal information to other organisations for them to use in their own marketing or advertising activities.

CBIT will always ask for your consent before we communicate with you for certain purposes. For example, we will only email or phone you about our fundraising activities if we have an accurate record of your recent and freely given consent to do so.

You can withdraw your consent at any time by phoning 01869 341075 or emailing office@cbituk.org

There are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground e.g. Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.

• Legitimate Interest

What is Legitimate Interest?

This legal ground for processing means that organisations can process your personal information if they 1. have a genuine and legitimate reason for doing so and 2. That use does not harm any of your rights and interests as an individual.

CBIT’s Legitimate Interest

We do not unduly prioritise our legitimate business interests as a charity over your interests as an individual. We always respect your rights. Which is why we carry out a balancing exercise of the rights of the charity with the rights of our supporters.

We believe that the best way to look after the interests of our supporters is to consider their unique interests and expectations. As a result, we have established the following categories for CBIT supporters. This provides us with an additional method for assessing that we use your personal information in a way that matches your relationship with us; your interests; and your expectations about your rights.

• Legacy donations
• provided financial donations
• demonstrated an interest in our cause by contacting us for more information, e.g. to find out more about one of our products, services or campaigns, or have attended an event.

What we have a Legitimate Interest to do

We believe that CBIT supporters and beneficiaries are connected to our mission and want to know how they can continue to help us to achieve our charitable aims. Unless you tell us not to, we think you are content for us to process (keep and use) your personal information for the following lengths of time. As of May 2018, we promise not to keep your personal information for longer than we specify below. This is not the length of time that we will continue to contact you – this could be a shorter period of time (see below for an explanation on our personalised approach to communications).

• Beneficiaries

Are anyone affected by childhood acquired brain injury; adults, children, young people and professionals that access our services, request information or attend an event.  We think that you would like us to stay in contact throughout a child’s development, which we consider to be when a child reaches 24.

• Financial Supporters

Donations you’ve made to us for 7 years since the date of your last donation

• legacy donations

If you indicate that you’d like to leave us a legacy gift we will retain personal data until 7 years after the legacy is received

• Purchasing services, like training or consultancy

We will retain your information for 3 years

• Subscribing to a newsletter

You can unsubscribe at any time

• Making an enquiry to the Information and Learning team

We will retain your information for 5 years after the last event you attended

• Making an enquiry to the Information and Referral service

We will retain your information for 5 years after the last contact with you

It is always your choice. If you don’t think this is quite right for you, you can tell us to change your communication preferences and our use of your information. You can do this at any time by phoning 01869 341075 or emailing office@cbituk.org

Legitimate Interest to send you direct mail

Unless you tell us not to, we will rely on our Legitimate Interest ground (explained above) for sending you direct mail. From time to time, we would like to send you exciting updates about our work, products, services and how you can support us, including fundraising activities and events. Unless you have requested that we do not send you some, or all of this, our direct mailings include marketing and fundraising asks which further the aims and objectives of CBIT.

We are always mindful of trying to only send you what you are interested in and only as often as is appropriate. If we do not appear to be sending communications that are of interest, we will review this and will endeavour to reduce and then stop these types of communications in a much shorter time than the above defined period of Legitimate Interest.

Legitimate Interest to process your information

We aim to be clear about what information we collect, to enable you to make meaningful choices about how it is used.

When it is necessary we will contact you for administrative purposes, e.g. to contact you regarding a specific service or payment. We will also hold the minimum personal information required to support our ability to respect your preferences for communication with us.

To help you to understand when and why CBIT would use Legitimate Interest to process your personal information we provide the following examples:

• To send direct mail via email or by post communications
• To enhance, modify, personalise and improve our services and communications for the benefit of our supporters and beneficiaries.
• To improve security of our websites and systems.
• To prevent fraud when transacting on our website.
• To process your donations.
• To fulfil online transactions; process and deliver your order(s). To take payment and arrange delivery, we need to collect personal information, including your payment details, your full name, delivery address and contact details.
• To provide appropriate and personalised support to you
• To analyse your personal information to ensure that our communications are relevant to you.

The above list of examples is on the basis that the processing will not be done if it harms your rights and interests as an individual, or if you tell us that you’d like us to stop. You can do this at any time by phoning 01869 341075 or emailing office@cbituk.org.

In order to communicate with you more effectively, better understand your preferences and ability to support our work, we may analyse your data.

We like to find out about your personal motivation for supporting CBIT and your experiences as a beneficiary and or as a supporter.  This helps us to give you the information about products and services most relevant to you.  In some instances, we may carry out research and/or analysis of the personal information that you have provided to us and add publicly available information (such as public records or social media) to help us tailor our communications to you, this may include wealth screening. We do this to create a fuller picture of our supporters, to improve our service and to manage our contact with you in an appropriate and cost-effective way. This information could include things like your interests, preferences and the level of any potential donations.

To help us communicate the work we are doing and provide these services we use trusted service providers such as fundraising consultants.

CBIT do not share, sell or swap your information with other organisations for their own marketing.

From time to time we may contact you to ensure that the information you have provided us with remains accurate and up to date.

Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law.  This could include requests from legal providers, law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.

If you believe your privacy rights have been violated, you may file a complaint with us or with the Information Commissioners office https://ico.org.uk/

You can contact us at any time by phoning 01869 341075 or emailing office@cbituk.org to discuss changes to your data

• CBIT in Hand App Disclaimer

By downloading, accessing and using the CBIT in Hand app or any pages within the app you signify your agreement to this disclaimer and consent to the Child Brain Injury Trusts privacy policy, data is not shared to any third parties

The contents of this app, including and without limitation, all data, information, text, graphics, links and other materials are provided as a convenience to our app users and are meant to be used for informational purposes only.

This app is not a substitute for medical advice and users should consult their medical professional before making any medical decisions. Whilst we make every effort to provide current information users should talk to their healthcare professional for the latest information.

We do not take responsibility for any decisions taken by the reader based solely on information in this app.

CBIT in Hand is designed for users 18+ years. If the user becomes aware of a child accessing and inputting data, please contact us and we will have the data removed by the app developer.

Users are not able to opt out of data processing activities, users are able to access the app without having to create a login, therefore no data is stored or processed.

Data is stored in a MySQL database and images are uploaded to an S3 bucket.

The data stored in the MySQL can only accessed via the server. In order to connect to the server, users must have SSH access and their IP must be whitelisted. Only 3 Sided Cube employees, our app developer and our provisioning software Laravel Forge can access the server. Laravel Forge do not access user content. The 2 active servers used are cbit-api-production-1 and cbit-api-staging-2

Production data is encrypted. Data stored in the production MySQL database is backed up daily and stored for 7 days.

The Child Brain Injury Trust has no control over the content of the third-party websites and mobile applications. If you do decide to access one of these third parties, you do so entirely at your own risk. Please also be aware that third parties may have different terms & conditions and privacy policies to The Child Brain Injury Trust and our privacy policy will no longer apply.

We at CBIT guarantee our commitment to respecting and protecting your online privacy.

This includes your need and your right to know what we do with the personal information you share with us. It also guides our company’s policies regarding the management of this data, including how the information is collected, processed, and for what purposes.

By accessing CBIT’s website and app you are consenting to the way information is collected and used, as described within this Privacy Policy. In return, CBIT gives the commitment that we will use the personal data you provide only in ways that are compatible with the following Privacy Policy.

The collection of information

Every time you log on to our website your IP (Internet Protocol) address registers on our servers. Your IP address reveals no information other than the number assigned to you. We do not use this technology to get any personal data against your knowledge or free will (i.e., automatically recording e-mail addresses of visitors). Nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.

Cookies

We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.

The list below describes the cookies we use on this site and what we use them for. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)

First Party Cookies

These are cookies that are set by this website directly.

Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

Find out more about Google’s position on privacy as regards its analytics service.

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Google+ and Pinterest. In order to implement these buttons and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

Cookies and similar technologies, such as the Facebook Pixel and the Conversions API, enable us to display relevant advertising to you on other websites. By using the Facebook Pixel, we can track the effectiveness of our Facebook ads and gather statistical and market research data. When you agree to the use of cookies requiring your consent, your browser establishes a direct connection with the Facebook server. This allows Facebook to receive information about your visits to our website or interactions with our ads if you are registered with a Facebook service. Facebook’s processing of this data is governed by their data policy, and you can find more information in the Facebook help area. Additionally, we may share prior donation or supporter information with third-party platforms to create value-based Lookalike audiences, but only if supporters have opted in to receiving our marketing. The third-party platforms are contractually bound as processors and are prohibited from using the provided details for any other purposes. Data is deleted when it is no longer in use. We may also utilize Facebook’s “Custom Audience” program to better tailor our advertising by understanding our supporters on Facebook. This involves locally hashing and encrypting audience data, which is then matched between our internal database system and Facebook Business Manager. Facebook deletes all data after the matching process. For more details, please refer to Facebook’s Data Policy and Custom Audience page. If you prefer that we do not share your information with third-party platforms, you can contact us or adjust your settings on social media, apps, and advanced TV platforms.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

Emails

If you choose to join our mailing list, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor.

Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal, please send your email to us using the email account that is subscribed to the mailing list.

While your email address remains within the MailChimp/Salesforce (our customer relationship management database), you will receive specific emails relating to the content that you have requested to receive, this may include but is not limited to emails regarding fundraising, campaigns, events and information & learning events or eLearning activities. Emails will be sent approximately twice monthly.

Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send we can track, at an individual level, whether the user has opened and clicked on the email. We do not use this information at a personal level, rather we use it to understand open and click rates on our emails to try and improve them. If you want to be sure that none of your email activity is tracked, then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every email we send.

Web Security

Financial transactions made online to CBIT using this site are secure (PayPal).  No one can access your credit card details via the internet.

Information

All information given on our website and app is accurate to the best of our ability and we regularly review to ensure it remains accurate.

Whilst CBIT is happy to supply any information and guidance regarding childhood acquired brain injury to members of the public, it must be appreciated that CBIT will NOT be liable for injury, loss or damage arising from such guidance supplied.

You may print any factsheet on this site for your own information, but you may NOT sell it, reproduce it on the Internet, distribute it, alter it, or reprint it in any publication without permission from CBIT.

Please note that all material on this website is the copyright of CBIT. You may print any CBIT factsheet on this site for your personal use, private study or for teaching purposes in schools’ colleges or universities provided all material is marked “By kind permission of  the Child Brain Injury Trust” and the material cannot be adapted for use in any other publication, used for profit or used in any way that will bring the charity into disrepute.

The name and logo of CBIT are registered Trade Marks. Any use of these Trade Marks other than for private study or teaching purposes as stated above must be made with the prior express permission of CBIT. If you are unsure what material you can or cannot use please contact the Marketing department on 01869 341075

This information was last updated in August 2022. From time to time, we will make changes to the information on this page. The amended information will apply from the date it is posted on the site and will govern the way in which we collect and use personal information from then on.