Beat are committed to protecting and respecting your privacy, and ensure any personal data is stored and processed fairly and lawfully.
This statement explains why and how we process and store any personal data, how long we keep it for and how we keep it secure.
We will never sell your data, it will always be safely and securely stored, and we respect your rights under the General Data Protection Regulations.
This statement might change or be updated from time to time. We communicate any changes publicly via our website, social media and, where we have permission, email channels.
If you have any questions about the way we store your data or about our privacy practices you can talk to our Data Protection Team. You can email us on dataprotection@beateatingdisorders.org.uk, write to Beat, Unit 1 Chalk Hill House, 19 Rosary Road, Norwich NR1 1SZ or call us on 0300 123 3355.
Beat is a charity registered in England and Wales (801343) and Scotland (SC039309). Beat became our working name in February 2007.
Our legally registered charity name is: Beat (Formerly Eating Disorders Association). Beat is a company limited by guarantee registered in England and Wales under number 2368495, with registered offices at Unit 1, 19 Rosary Road, Norwich NR1 1SZ. VAT Number: 700 285963.
We collect information about you in the following ways:
All information we collect is collected ‘organically’ – we do not buy lists of personal data.
We collect, store and use the following kinds of personal information:
Certain types of personal information are classified as ‘special category data’ in data protection law because they are more sensitive. Examples of sensitive personal information include information about health, race, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information. We collect these types of information about our supporters and service users where there is a clear need to do so, for example when supporting you through our helpline or online support services with your experience of eating disorders or when you are taking part in a fundraising, employment or volunteer activity in order to ensure you can take part safely.
Whenever we collect this type of information we will make it clear why either at the point of collection or at the earliest practical opportunity.
Whenever we hold or collect your personal information we must have a “legal basis” for doing so as defined in data protection law. Further information about each of the legal basis is set out in the General Data Protection Regulation (EU Regulation 2016/679).
At times, we ask for your consent to use your personal information in a certain way and will only do so if you agree. Examples of occasions when we rely on consent include when sending you electronic marketing communications such as text or e-mail or when holding sensitive personal information about you. Whenever we use your information for a purpose based on consent, you have the right to withdraw your consent for us to use your information for this purpose at any time (as described in “your personal data rights”.
In certain cases, we collect and use your personal information on the basis of our “legitimate interests” provided our use is reasonable and does not unduly impact on your rights.
We consider our legitimate interests to include all of the day-to-day activities we carry out in our effort to end the pain and suffering caused by eating disorders.
Some examples where we rely on legitimate interests are:
When we rely on legitimate interests to process your personal information, we also consider and balance any potential impact this may have on you (both positive and negative) and your rights under data protection law. If we find that our interests are overridden by the impact on you and your rights then we will not process your information in that way. For example, where collection or use of your information would be excessively intrusive unless we are required or permitted to do so by law.
When we use sensitive personal information we require an additional legal basis to do so under data protection law, so we will either do so on the basis of your explicit consent or another basis available to us (for example if you have made the information manifestly public, we need to process it for employment, your vital interests, or, in some cases, if it is in the public interest for us to do so).
We will use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with regulators such as the Charity Commission, Fundraising Regulator, HMRC or Information Commissioner, or to use information we collect about you for due diligence.
This legal basis applies when it is necessary for us to process your personal information in order to meet our contractual obligations to you to deliver a product, service or action. This includes when you apply for a job or volunteer role with us, purchase a ticket for an event, apply for or pay for a place on a fundraising event, submit a Gift Aid declaration, enquire or confirm your attendance on one of our training courses.
If we believe there is significant risk to an individual’s life, or the lives of members of the public, we will process the individual(s) personal information on the basis of “vital interests”. For example, if we believe that an individual who has contacted our helpline services is at serious risk of harm we may share their information with the emergency services as detailed in our Safeguarding Policy.
Beat offers a confidential Helpline support service which can be contacted by phone, email or one-to-one webchat, as well as peer support services through online support groups, message boards and a telephone coaching service for carers.
All contacts to our support services remain confidential unless we believe someone is at risk of significant harm, as explained in our Safeguarding Policy. Whenever you contact support services, we will record the details of your communication with us and the support we provide in return (unless you choose to remain anonymous). This helps us to provide you with a higher level of service as you do not need to repeat information each time and are able to receive more personalised, productive support.
All contact with our support services may be recorded for training and monitoring purposes and a record of the information from calls, emails, webchats, online groups and message board posts, including sensitive information, will be kept. Information from the use of our support services may also be used in an aggregated, anonymised form to provide business insight into the delivery of Beat’s services and in order to inform our fundraising, campaigning and research priorities.
Beat uses personal data we have collected about you to make sure the marketing we send you reflects your personal preferences. We may also use your personal data to develop our website and services and measure the effectiveness of our marketing.
We send information via email about eating disorder news, our activities, campaigns, services and fundraising to individuals who have freely given explicit consent for us to do so, typically this consent is given when you sign up to receive our e-newsletter or fill in a form on our website registering for an event or expressing an interest in our activities. We may also send you information about the services or events you have recently signed up to.
On every marketing email we send to you, you have the opportunity to unsubscribe or update your marketing preferences by using links at the base of the email. If you decide to withdraw your consent to Beat’s marketing we will no longer use your personal data for this purpose.
We use profiling techniques and segmentation to send you communications which we believe are the most interesting and relevant to you. For example, we may send you targeted communications about events and campaigns relevant to your geographical area, profession or your age group, invite you to support our work through tailored communications based on your interests or previous support or tell you about opportunities to join fundraising events or activities which we think you may be interested in.
We deliver paid for and organic marketing through our social media channels Facebook, Instagram, Twitter and LinkedIn. To support the delivery of Facebook and Instagram marketing we sometimes use remarketing (or retargeting), lookalike and custom audiences. To do this we share your email address with Facebook to enable Facebook to either deliver the relevant content to you or to help define audiences with similar characteristics.
We are committed to fundraising as efficiently and sensitively as possible, always respecting the wishes of our donors, volunteers and fundraisers (see our Supporter Promise for more about our values and commitments to supporters).
To produce effective, engaging fundraising appeals we use data analysis, segmentation and profiling techniques to target and tailor communications to different supporters. This helps us to use our resources as cost-effectively as possible to enable Beat to raise funds to help more people affected by eating disorders. If you do not wish to receive solicitation mailings or appeals, you can opt-out of these at any time by emailing fundraising@beateatingdisorders.org.uk.
When you have expressed an interest in fundraising for Beat or signed up to take part in a fundraising event we will contact you by email, telephone or post to make sure you have all the support you need to fundraise safely, legally and effectively - whilst enjoying your experience as much as possible.
If you’ve signed up to a fundraising event with a third-party provider (such as the London or Edinburgh Marathon) and told the organiser that you wish to fundraise for us, we may contact you to make sure you have all the support you need to make your event a success.
We may combine information you have given us about you with publicly available information in order to build a more accurate profile of you. This helps us to tailor communications and send information about our major donor scheme, Beat Benefactors, to the most appropriate people. This sort of profiling can include combining information such as your age, previous donations, likely affinity with our cause, property prices where you live, your job, your philanthropic interests, and your estimated wealth, to assess how likely it is that you would be interested in donating to us and the level of donation that you may be able to give. Where it is more efficient to do so, we may ask a trusted third-party provider to conduct this analysis for us. If you do not wish us to use these techniques, you can exercise your right to object to this processing by contacting us on dataprotection@beateatingdisorders.org.uk.
If you are preparing to make a significant financial contribution to Beat we will follow the advice of the Fundraising Regulator and conduct due diligence checks to ensure your financial background and reputation are consistent with Beat’s values as described in our Ethical Fundraising Policy (available on request).
When you sign up to attend one of our events, conferences or training courses we use the information you have provided to send you relevant information ahead of time, deliver the event to your needs on the day (including any dietary or access requirements you may have) and to send you post-event communications. Where you have given us permission, we will also contact you about future conferences and events.
We are committed to ensuring our processes and procedures are in line with current data protection regulations. We train staff and volunteers to understand the importance of good data practice and recognise the risks of working with personal and sensitive data, and we make sure there are appropriate technical controls in place to protect your personal details.
Non-sensitive data such as your email address and contact details, in some cases, are transmitted to us over the internet, for example when you fill in the ‘contact us’ form on our website. When data is transferred in this way it can never be guaranteed to be 100% secure. As a result, while we make every effort to protect your personal information we cannot guarantee any information you transmit to us, and you do so at your own risk. Once we have received the your information, we store it in line with current data protection regulations.
We have never and will never sell or rent your information to third parties for marketing purposes. However, we may share your information with third parties for other purposes as described in this statement. Examples of the partners, suppliers and sub-contractors who may process information on our behalf are:
We will have data processing agreements in place with all third parties as described above to make sure that your information is kept secure, and that they are not able to use it for their own marketing purposes. When working with third parties, we will only share the details necessary for the service they are delivering for Beat.
If any third party works outside of the European Economic Area (EEA) they may not be subject to the same data protection laws as the UK. In these instances we will make sure appropriate safeguards are in place and that they provide an adequate level of protection to comply with the UK law.
We may disclose your details to the police, regulatory bodies or legal advisors where we are under a legal or regulatory duty to do so.
We keep your personal information only for as long as we need to for operational or legal reasons. We regularly review how long we keep information and why to ensure we do not retain information longer than necessary. The criteria we use is based on various legal requirements, the purpose of the data, whether there is a legitimate reason for continuing to store it and guidance from relevant regulatory authorities, such as the Information Commissioner’s Office (ICO).
Personal information we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it. If we do store any historical or statistical data, this will be in a manner which complies with data protection regulations.
We do not store payment card data after the transaction has been completed.
Under data protection law, you have various rights in respect of the personal information we hold about you. We’ve explained more about these rights below.
If you wish to exercise any of these rights, you can do so by contacting our Data Protection team on dataprotection@beateatingdisorders.org.uk, in writing at Beat, Unit 1 Chalk Hill House, 19 Rosary Road, Norwich NR1 1SZ or call us on 0300 123 3355.. We will respond to all requests within one calendar month.
Right of access: You have the right to request access to a copy of the personal data we hold about you, along with information on what personal information we use, why we use it, how we collected it, who we share it with, how long we keep it for and if it been used for any automated decision making. This is commonly referred to as a ‘subject access request’. You can make a request to access your data free of charge. Requests can be made verbally and in writing, we will ask you to provide evidence of your identity. We can provide the data electronically or verbally, if requested. In some circumstances we may not be able to disclose all of the information we hold about you. An example of this would be if the information we have about you contains data about other people as it may be not appropriate to disclose this to you without their explicit consent. Another example would be if you are exercising this right on behalf of a child, in this instance we would follow the Information Commissioner’s Office on requests for information about children.
Right to be informed: You have the right to be informed about the way we collect and use your data. Our Privacy Statement contains clear and transparent information explaining the purpose for processing personal data, how long we will keep your data and who it will be shared with.
Right to rectification: If you believe the personal data we hold is inaccurate or incomplete you can ask us to rectify or complete the data. You can also ask us to check the personal information if you are unsure whether it is up-to-date or not.
Right to erasure: You have the right for your personal data to be erased from our records so long as there is no overriding legitimate reason to process it (i.e. to comply with a legal obligation).
Right to restrict processing: You have the right to limit the way we use your data if you believe your data is inaccurate, or if there is disagreement about whether our use is legitimate or not.
Right to data portability: You can ask us to provide you or a third party with the information you have provided to us in a format so that it can be safely and securely transferred across IT environments.
Right to object: You can object to us processing your personal data if it is for direct marketing purposes, a task carried out in the public interest or in our legitimate interests.
Rights related to automated decision making, including profiling: Automated decision making takes place when a decision is made without any human involvement (i.e. by a computer). We currently do not carry out any automated decision making.
We may use information from external sources such as the post office national change of address database and/or the public electoral roll to identify when we think you have changed address so that we can update our records and stay in touch. We only use sources where we are certain that you have been informed of how your information may be shared and used.
This helps us make sure we do not have duplicate records and out of date preferences and means that we can continue to contact you, make you aware of changes to our terms or assist you with information about your donation.
If you subscribe to our e-newsletter, on every email you receive from us there is a link to update your preferences or unsubscribe from these marketing communications.
To update your contact information or opt out of communications from Beat email dataprotection@beateatingdisorders.org.uk.
We really appreciate you letting us know if your contact details change.
We appreciate any opportunity to learn and improve. Please use the contact us form on our website to inform us of any feedback you have about the way we process personal data.
If you are unhappy with how we are using your personal information and would like to make a complaint, please email complaints@beateatingdisorders.org.uk or write to Beat, Unit 1 Chalk Hill House, 19 Rosary Road, Norwich, NR1 1SZ. Upon receiving your email or letter, our Complaints Manager will send out a copy of the complaints policy and the complaints form to the complainant as soon as possible, and always within 5 working days.
You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office (ICO), the UK data protection regulator.
This statement may change from time to time. For example, it has been recently updated to reflect new legal requirements of the EU General Data Protection Regulation (GDPR). We will communicate any changes to this statement via email and via our social media channels, and the latest review date will be displayed at the top of this page. Please continue to check this section of the website periodically in order to keep up to date with any changes in our statement.
We welcome any questions, comments or suggestions about how we process data. Please let us know by contacting us at dataprotection@beateatingdisorders.org.uk or by phone on 0300 123 3355.
Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software: 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are transmitted normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.