Skip links

MAKE A DONATION
Contact Us

CJD Support Network

Privacy Policy

If your life has been touched by CJD and prion disease, whether personally or professionally, we are here to support you.

Privacy and Data Retention Policy for CJD Support Network

Last updated 20th May 2025

Introduction

CJD Support Network (“we”, “us”, or “our”) is committed to protecting the privacy and personal data of individuals who interact with us. This policy outlines how we collect, use, retain, and securely dispose of personal information, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

“Service” in this policy refers to any interaction with us, including contact via telephone, email, post, or online (such as using our website, joining our mailing list, or attending events).

We process personal data under one or more lawful bases, including consent, legitimate interests, contract, and legal obligation, depending on the nature of the interaction.

Information Collection and Use

We may collect personal information through various channels, including:

  • Telephone: Calls to our helpline or other contact numbers.
  • Email: Communications sent to our official email addresses.
  • Post: Letters or forms sent to our mailing address.
  • Online: Interactions via our website or online forms.

The types of personal information we may collect include:

  • Name
  • Contact details (address, email, telephone number)
  • Connection to CJD/prion disease (e.g., personal, familial, professional)
  • Details provided during support interactions, which may include sensitive health information

We use this information to:

  • Provide support and information services
  • Manage memberships and donations
  • Communicate updates and information about our activities
  • Comply with legal and regulatory obligations

Correspondence sent to our postal address, including letters, forms, and donations, may be securely forwarded to the appropriate trustee or staff member for processing, where necessary. For example, donation cheques may be forwarded to the Treasurer for recording and banking. All personal data shared in this way is handled in accordance with our data protection policy and used solely for the purpose for which it was provided.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our standard retention periods are as follows:

  • Support Interactions: Up to 6 years from the date of the last interaction
  • Membership Information: Duration of the membership and up to 6 years thereafter
  • Donation Records: Up to 6 years to comply with financial and tax regulations
  • Event Participation: Up to 6 years after the event

Exceptions to these retention periods may apply where:

  • A longer retention period is required by law
  • The information is relevant to ongoing or potential legal proceedings
  • Individuals have provided consent for longer retention

Secure Disposal of Data

Upon reaching the end of the retention period, personal data is securely disposed of to prevent unauthorised access or disclosure.

Physical Records

  • Paper documents containing personal data are shredded using cross-cut shredders.

Electronic Records

  • Electronic files are deleted in a proportionate and secure manner appropriate for a small charity. This typically involves:
    • Deleting files from inboxes, folders, or local drives when no longer required
    • Emptying the “Trash” or “Deleted Items” folders to remove them from active storage
    • Deleting files from desktops or download folders on devices where they were stored locally

We do not use advanced secure deletion tools, but take reasonable steps to ensure that deleted data is not retrievable through normal means. This is considered proportionate to the sensitivity of the data we process.

Website Data and Cookies

Log Data

We collect information that your browser sends whenever you visit our website. This may include:

  • IP address
  • Browser type and version
  • Pages visited
  • Date and time of visit
  • Time spent on each page
  • Other relevant statistics

Cookies

Cookies are small data files stored on your device. We use them to enhance your experience on our website. You can instruct your browser to refuse cookies or alert you when one is being sent. Some parts of our website may not function properly if cookies are disabled.

Use of Third-Party Services

We sometimes use trusted third-party platforms to help deliver our services, including:

  • Mailchimp: For sending newsletters and email communications
  • Zoom: For virtual support meetings, events, and training
  • Facebook and other social media platforms: For public updates and engagement

Where we use such platforms, we only share personal data necessary for the specific purpose (e.g. email address for newsletters, name for event access). These platforms process your data under their own privacy policies, which we encourage you to review.

Some third-party services (e.g. Mailchimp) may process data outside the UK or EEA. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses.

Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personally identifiable information from children. If you become aware that your child has provided us with personal data, please contact us and we will delete it promptly.

Membership Fees and Contact Information

Should there be any changes to membership fees, we will notify all members using the contact information we hold. Payments received for non-full memberships will be treated as donations.

To update your membership details or request removal from our mailing list, please contact us at [email protected].

Your Rights

Under data protection law, you have rights including:

  • Access: Request access to your personal data
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data, subject to legal obligations
  • Restriction: Request restriction of processing
  • Objection: Object to processing based on legitimate interests
  • Data Portability: Request transfer of your data to another organisation

To exercise any of these rights, contact us using the details below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted here, and the “Last updated” date will reflect the latest version. Continued use of our services indicates your acceptance of any changes.

Contact Us

If you have any questions, concerns, or requests regarding this policy, please contact our Data Officer (National Coordinator) at:

Email: [email protected]