ichirf.org is the website of The International Concussion and Head Injury Research Foundation Limited, registered in the United Kingdom (company number 09558533, registered address 1st Floor Iseh Building, 170 Tottenham Court Road, London, England, W1T 7HA). Any reference in this policy to “ICHIRF”, “we”, “us” or “our” is to The International Concussion and Head Injury Research Foundation Limited.
When you interact with us through our website (or otherwise) you may provide, or we may collect, certain information from which you are personally identifiable (which is referred to as personal data). For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your personal data), we are the “data controller”, meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate reasons.
We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your personal data. This Privacy/Cookies Policy explains how we fulfil this commitment, so please read this carefully.
WHAT THIS POLICY TELLS YOU
- What types of personal data you provide to us (or which we collect from you) when using our website or when you directly interact with us on other occasions;
- How and why we use this data and the reasons we are legally allowed to do so;
- Who we share your data with;
- Your rights over your data and how you can exercise those rights; and
- How to contact us if you have any issues or want to find out more.
What information do we COLLECT AND WHAT DO WE USE IT FOR?
You may provide us with the following types of personal information when you register with ICHIRF (including when you express an interest in volunteering for our research) or otherwise when you directly interact with us (when using our website or otherwise):
- Identity – first name, surname, year of birth, gender, country of residence
- Contact – email address, telephone number and postal address
- Health – approximate number of concussions
We may collect the following types of information from you when you use our website (using Cookies or other tracking technologies):
- Usage – information about how you use our website, including time spent on page, click-throughs, download errors
- Technical – IP address, browser type, hardware type, network and software identifiers, device information, operating system and system configuration
The table below sets out how we use your personal data and our lawful basis for doing so. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your personal data when the law allows us to.
|Reason why we use the data||What data||Legal ground for using the data|
|Register you as a potential volunteer for our research||Identity, Contact, Health||Performance of a contract with you
Consent (Health data)
|For internal administration and record keeping purposes||Identity, Contact,||Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (for effective administration)
|Performance of a contract with you
Necessary to comply with a legal obligation
|Answer your enquiries which may involve contacting you by post, e-mail or phone||Identity, Contact
|Performance of a contract with you
Necessary for our legitimate interests (to ensure we resolve enquiries promptly)
|Get in touch with you about relevant ICHIRF news||Identity, Contact||Consent|
|Administer the ICHIRF website, including website trouble shooting, testing and analysis and to enable you to participate in interactive features of our website||Identity, Contact, Usage, Technical||Performance of a contract with you
Necessary for our legitimate interests (to ensure that our website is fully functional and operating in the most effective way for you)
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
In addition to the above:
- if you participate in our research and provide additional personal data as part of that process, you will be separately informed about how we use that personal data, who we share it with and (where required) we will obtain your consent to the relevant uses; and
- we may also anonymise and aggregate your personal data in a way which means you cannot be identified. This may be helpful to us for testing our internal systems and carrying out research. Because this data is not personally identifiable, we can use this data for any purposes.
WHO DO WE SHARE YOUR DATA WITH?
We do not pass your personal data onto any third parties, other than to third party service providers who help us deliver our research programme (for example providers of information technology support, data storage systems and email distribution facilities).
If we share personal data with third parties, we will ensure that access is limited on a strictly need to know basis and is subject to suitable obligations relating to confidentiality and security.
In addition to the above, we may also be required to share your personal data with third parties if required by law or regulation. In such circumstances, we will make sure that the disclosure is only to the extent required by law or regulation.
DO WE SEND ANY OF YOUR DATA OUTSIDE OF THE EEA?
The European Economic Area or “EEA” is deemed to have good standards when it comes to data privacy. As such, we consciously limit the occasions when we may need to transfer or handle your data outside of the EEA. Where we do, for example where our service providers are based outside of the EEA, we make sure that your data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place all necessary safeguards for such arrangement).
HOW WE KEEP YOUR DATA SECURE?
We adopt industry standard security processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data. We also make sure that third parties who need to handle your data when helping us to deliver our services are subject to suitable confidentiality and security standards.
Despite the security measures we implement, please be aware that the transmission of data via the internet is not completely secure. As such, we cannot guarantee that information transmitted to us via the internet will be completely secure and any transmission is at your own risk.
HOW LONG DO WE KEEP YOUR DATA FOR?
We will keep your personal data on our systems only for as long as is strictly necessary for the purposes for which such data was originally collected (or for such longer period as may be required by law).
What are cookies and tracking technologies?
These essentially enable us to store information on your browser or device to enable us or them to identify you and monitor certain activities, for the purposes set out in this section. They may: (i) expire at the end of your browser session (allowing us to link your activities during that session – these are often called “session cookies”); or (ii) be stored on your browser/device in between sessions, enabling us to remember your preferences and actions for future visits. They need to be manually deleted or will expire after the particular period set by that cookie – these are often referred to as “persistent cookies”.
Importantly, we will not use any cookies/tracking technologies which are not strictly necessary for the operation of the website, without first getting your consent.
What types of cookies/tracking technologies do we use?
|Strictly necessary||These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.|
|Analytical/performance||These allow us to recognise and count the number of website visitors, to see how visitors move around and use our website (including time spent on pages, download errors, click throughs etc). This helps us to ensure that our website is operating effectively.|
|Functionality||These are used to recognise you when you return to our website. This allows us to tailor your browsing experience by personalising the content you see, greet you personally without you needing to input your details each time and to remember your preferences.|
How to block these cookies/tracking technologies
You can manage your settings and block cookies/tracking technologies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access parts of our website.
LINKS TO THIRD PARTY WEBSITES
CHANGES TO OUR PRIVACY/COOKIES POLICY
If we amend our Privacy/Cookies Policy, it will be published on our website so please check back regularly to see if there have been any updates. If we make any substantial changes, we may also email you if it’s appropriate.
In certain situations, you are entitled to:
- access a copy of your personal data;
- correct or update your personal data;
- erase your personal data;
- object to the processing of your personal data where we are relying on a legitimate interest (as set out in the above table);
- restrict the processing of your personal data;
- request the transfer of your personal data to a third party; or
- where you have provided your consent to certain of our processing activities, in certain circumstances, you may withdraw your consent at any time (but please note that we may continue to process such personal data if we have legitimate legal grounds for doing so).
If you want to exercise any of these rights, please Contact Us (details below). You don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex). We may also need you to confirm your identity before we proceed with your request if it is not clear to us who is making the request.
In addition to the above, you may get in touch with the ICO (Information Commissioner’s Office) if you are concerned about the way in which we are handling your personal data. However, where possible, we would really appreciate you speaking with us first if you have any concerns.
HOW TO OPT-OUT OF ICHIRF MARKETING
You can opt-out of any ICHIRF marketing at any time by Contacting Us (details below). Please note that we may still need to send you service notifications by email, if you are a participant in our research programme.
If you would like to discuss anything in this policy or if you want to exercise your rights, please get in touch:
Please write to us at:
Data Protection Team
The International Concussion and Head Injury Research Foundation Limited
1st Floor Iseh Building
170 Tottenham Court Road
London W1T 7HA
Telephone: 020 7383 7654
LAST UPDATED: MAY 2018