Printer-friendly version

The General Data Protection Regulation or GDPR, (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). From 25 May 2018, this new data protection regime is in force.

Your individual rights 

The GDPR includes the following rights for individuals:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling.

How we manage your privacy

PAPAA is an ethical charity and takes your privacy seriously. Any data you  provide, such as your name, address and other personal information is kept only for record keeping, internal audit (6 years) and is stored securely. After that time records are deleted or destroyed securely. We do not share or transfer your data to any third party organisation, except where legally required to do so, such as if you have made a Gift Aid donation, we have to provide your name and postcode to Her Majesty's Revenue and Customs (HMRC), in order to provide proof that the donor is a UK tax payer.

How we get data

All the data we process is derived following willing and direct contact to the organisation. This can be via:

  • electronic (website form, emails, attachments etc.)
  • written hardcopy (letters, cards, forms surveys etc.)
  • telephonic communication (conversations or recorded messages)
  • face-to-face (visits, events, meetings)

What we hold - data you provide willingly

If you request any information from us such as leaflets, access to our training courses or you purchase a product, we will only use that data in accordance with the request you made. For example if you request a free information pack, we keep your details in a secure database as indicated above, and will not make any further contact with you, unless you have specifically opted in to receive further information. For example by joining the organisation's register, subscribing to the journal or electronic newsletter, information review group, take part register or specifically asking us to contact you. If we do contact you under any of those circumstance you have the right to see the data we hold, correct that data, or have that data removed permanently (right to be forgotten).

Automatic data gathering

When someone accesses this website, data is collected automatically about pages visited, time on those pages, geographic location, time and date when accessed and the devices used. This information is gathered from the Internet Protocol address (IP address). An IP address is a numerical label assigned to each device connected to a computer network that uses the internet protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. No personal data can be accessed if someone knows your IP address. The data we gather therefore is anonymous, but helps us to understand how the site is being used. This in turn helps us in our work and contributes to the future work we may undertake to help provide support and help to people affected by psoriasis and psoriatic arthritis.

Transmission of information

Sending information over the internet is generally not completely secure, and we cannot guarantee the security of your data while it is in transit. This also applies to postal communications, unless sent by a secure 'signed for' option.

Following a link to another website

If you go to another website from this website, read the privacy policy on that website to find out what it does with your information. We can only securely control data we process. 

Survey submissions 

To help inform our work we gather data via surveys. In all cases you have the right to provide your views anonymously, if you do provide your details these will only be used based on the specific reason given on each survey, generally for follow-up purposes or to supply a copy of the survey results.

Feedback and comments

Feedback and comments can be provided to the organisation anonymously and any data gathered is used as stated above. If personal identifiers are provided that data is processed as stated above. 

Subject access request

If you wish to know what data we hold on you, please contact us in writing, and we will provide you with a copy of data we hold. All reasonable requests will be supplied FREE of charge, and within a month of receipt of the request.

Transparency check list

  • What information is being collected? 
    Title, name, address, country of residence, date of birth, telephone number, email address, psoriasis status, psoriatic arthritis status, comorbidities, treatments, payment details (in most cases the most minimal data is collected in order to process requests, optional/opt out are in place to provide choice.
  • Who is collecting it?
    The Psoriasis and Psoriatic Arthritis Alliance (PAPAA)
  • How is it collected?
    Electronic, hardcopy, verbal
  • Why is it being collected? 
    To process requests for information and services. To provide information to support and justify activities and direction
  • How will it be used?
    To complete requests for information, services and support
  • Who will it be shared with?
    No one, unless legally required to do so.
  • What will be the effect of this on the individuals concerned?
    Our data collection is only used to respond to willing requests. Our data holding will have no effect on the individuals, beyond that initial use, unless the individual has willingly opted in or requested further interaction with the organisation
  • Is the intended use likely to cause individuals to object or complain?

Date of this policy: 
March 2018

This policy will be reviewed periodically and is agreed by the board of trustees.