PRIVACY & DATA PROTECTION STATEMENT
BIG BOYS DON’T CRY?
Introduction
We are committed to protecting your privacy. This policy explains how we collect, use and store the personal information you provide to us whether online or via phone, mobile, email, letter or other correspondence. Developing a better understanding of our users through their personal data allows us to make better decisions on improving our website. By using our website or any of our services, or providing us with any other personal information we will assume you are agreeing to your information being used and disclosed in the ways described in this policy.
Contents of the policy:
1. Who are we?
2. Data Protection
3. Collecting Personal Information
4. What personal information do we collect and how do we use it?
5. Financial Information
6. Information sharing & Disclosure
7. Accuracy & Storage of Personal Information
8. Vulnerable Supporters and Under 16s
9. Policy changes
10. Your rights
11. Our website
12. Cookie Policy
1. Who are we?
Big Boys Don’t Cry? is a forum for men’s mental health, run by Fabian Devlin and Patrick Addis to help reduce the stigma around mental health and encourage more men to open up and get the help they may need.
2. Data Protection
Our privacy policy takes into account several legal instruments, including the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the Directive 2009/136/EC of 25 November 2009 (“The European Union Cookie Directive”) and the General Data Protection Regulation (EU) 2016/679 effective 25th May 2018.
3. Collecting Personal Information
We collect personal information in the following ways:
• When you give it to us directly: you may give us your information in order to share your story or otherwise communicate with us. In doing so you specifically and knowingly provide us with your personal information. Sometimes when you support us, your information might be collected by an organisation working in partnership with us (such as a mental health charity), but we are responsible for your data at all times.
• When you give it to us indirectly: your information may be shared with us by independent bodies or partner organisations such as Gumroad or Eventbrite. Independent third parties such as these should only do so when you have indicated that you wish to support Big Boys Don’t Cry?. You should check their privacy policy when you provide your information to understand fully how they will process your data.
• When you give permission to other organisations to share it or it is publicly available. We may combine information you provide to us with information available from external sources, including social media in order to gain a better understanding of our users, to improve our products and services. Your information may also be shared with us by third parties where you have given permission for them to share it with us. We will signpost this privacy policy whenever we receive your personal information when practicably possible.
4. What personal information do we collect and how do we use it?
Personal information is that which can be used to identify you. It could include your name, date of birth, email address, postal address, telephone number(s), gender, ethnicity, bank details, UK tax payer status or a photograph. We do not usually collect sensitive personal information about you unless there is a clear reason for doing so, such as participation in an event, where we need this information to ensure that we provide appropriate facilities to you, or anonymously evaluating programme demographics.
We will mainly use your data to:
• Provide you with the services, products or information that you asked for;
• Administer your purchase of the Big Boys Don’t Cry? book;
• Keep a record of your relationship with us;
• Ensure we know how you prefer to be contacted, acting upon those preferences to: share our news and progress; request your support of our initiatives, appeals and events; seek advice and feedback; promote the aims/services of carefully selected partner organisations; and to clarify your contact details.
• Understand how we can improve our services, products or information.
Basis for using your personal data:
Our lawful basis for using your personal data is a combination of legitimate interest, consent and performance of our contractual obligations, depending on the category of personal data.
Please visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-gdpr/lawful-basis-for-processing/ for full details of all the lawful bases.
The following are a few examples however please note that this list is not exhaustive:
• Legitimate interest – for approaching prospective supporters, for processing your purchase.
• Consent – for keeping in contact with supporters, for receiving our newsletter and for using your photo or sharing your story.
• Contract – for contacting you about our book or an event that you have signed up to or about your contractual relationship with us as a supplier, customer or partner.
• The information we get from other organisations will depend on your privacy agreement with them. We recommend that you check all agreements regularly.
• All our profiling and screening techniques are conducted by human beings and there is no automated decision making. Please see Section 10 if you would like to evoke your right to object to this.
Sharing your story
• Some people choose to tell us about their experiences of mental health to help further our work. This may include them sharing sensitive information related to their family life in addition to their biographical and contact information. If we have the explicit and informed consent of the individuals, or their parent or guardian if they are under 18, the information provided, including gender and ethnicity may be made public by us at events, in materials promoting our campaigning work.
5. Financial Information
If you use a credit or debit card to make a donation, buy something online or pay over the phone, we will ensure that this is done safely and securely and in compliance with the Payment Card Industry Data Security Standard. Find out more information about PCI DSS standards by visiting their website at www.pcisecuritystandards.org. We do not store credit or debit card data following the completion of your transaction. All card details and verification codes are securely destroyed once the payment has been processed. Only those staff authorised to process payments will ever be able to see your card details.
6. Information sharing & Disclosure
We will not sell or swap your personal information with any third party. We may share your personal information with relevant data processors, with which we have a necessary relationship in order to further the aims of the campaign. These are trusted partner organisations that work with us in connection with our campaign’s purposes; e.g. those who manage our product fulfilment and/or distribution and mailings. All our trusted partners are equally required to comply with data protection laws and our high standards, and are only allowed to process your information in strict compliance with our instructions. We may disclose your personal information to third parties if we are required to do so through a legal obligation. We will never give your information to other organisations for their marketing purposes.
7. Accuracy & Storage of Personal Information
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware (for instance through word of mouth or publicly available sources), we will ensure it is amended and updated as soon as possible. We really appreciate it if you let us know if your contact details change. We will keep your information for as long as required and will not keep your information for longer than is reasonable and necessary. We will take into account our legal obligations and tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information, we will ensure it is securely disposed of, at the appropriate time. Where you exercise your right to erasure, we will continue to maintain a core set of personal data in a suppression file to ensure we do not contact you inadvertently in future, and to maintain your record for archive purposes. Most of the information that we store and process stays within the UK, although some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, a trusted partner such as a cloud storage service is located in a country outside the EU or you consent for personal information to be published on our website which will then become available around the world. We cannot guarantee the data protection laws that apply to those countries but we will always take the steps necessary to make sure our trusted partners provide an adequate level of protection in accordance with UK data protection law and protect your privacy as outlined in this policy.
8. Vulnerable Supporters and Under 16s
We recognise the importance of protecting our vulnerable supporters. If you are aged 16 or under, and wish to participate in an event, make a purchase or otherwise get involved with Big Boys Don’t Cry?, please make sure that you have your parent/guardian’s permission before giving us your personal information. Where possible, we will always seek direct consent from a parent or guardian before collecting any information about children. When we collect information about a child or young person, we will make it clear as to the reasons for collecting this information and how it will be used, and aim to manage it in a way which is appropriate for the age of the child.
9. Policy changes
This policy replaces all previous versions and is correct as of May 2020. We will regularly review and update this Privacy Policy and Data Protection Statement and will update, modify, add or remove sections at our discretion. Any changes will be notified through an announcement on our website and your continued provision of personal information, use of our website and any of our services after we have posted the changes to these terms will be taken to mean you are in agreement with those changes.
10. Your rights
You can change or update your communication preferences at any time or amend given consent.
Also under the General Data Protection Regulations 2016/679 you have the following rights:
To be informed – This Privacy Notice provides the information you are entitled to receive.
Access – Please contact us if you would like confirmation that your data is being processed and access to your personal data. There is no charge for us providing you with this data and it will usually be provided within a month of the request (unless the request is unfounded or excessive).
Rectification – Please inform us of any data which you would like rectified and we will usually respond within a month of the request. We will pass on the changes to any third parties who need to change their records and let you know this has been done.
Erasure – You may exercise your right to have your personal data erased in a number of circumstances (e.g. if the data is no longer necessary in relation to the purpose for which it was created or you withdraw your consent). Where possible we will comply with all such requests. Please see Section 7.
Restrict processing – You can tell us that we can keep your data but must stop processing it for any of the purposes detailed in Section 4, (e.g. preventing future mailings and communications). If possible we will inform any third parties to whom your data has been disclosed of your requirement.
Data portability – Your data may be held across various manual and electronic records and databases. We will do our best to provide information in a portable format but we may not be able to do so in every instance.
To object – If we can, we will stop processing your data if you object to processing based on legitimate interests, the performance of a task in the public interest or through our contractual obligation. Please note that some processing is necessary to fulfil our contractual obligations and not being able to do so could result in the contract terminating. We will stop processing your data for direct marketing if you tell us to. Not to be subject to automated decision-making including profiling – We do not use any automated decision-making. Please visit https://ico.org.uk/for-organisations/data-protection-reform/overview-of-thegdpr/individuals-rights/ for full explanation of these rights. If you have any questions regarding your rights, wish to evoke a right or to update your personal information, please contact us at [email protected]
11. Our website
When you interact with us through our website, depending on how you use it, we may collect some personal information. However, you can use our website anonymously (‘read only’) and not give us any information at all. We monitor how people use our website so we can improve it. We do this by using cookies, which you can read more about in this document.
If you visit our website, we may record information about
• The web pages that you visit
• How much time you spend on the site
• Whether you are new to the site, or a return user
• How you came to our website – for example, through an email link or a search engine
• The type of device and browser you use.
Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply: Your data will be made available to our website provider The data that may be available to them include any of the data we collect as described in this privacy policy. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA. They will store your data for a maximum of 7 years. This processing does not affect your rights as detailed in this privacy policy Website Analytics: We use Google Analytics, as well as other services, to understand how people use our website so we can make it more effective. Google Analytics collects anonymous information about what people do on our website, where they’ve come from, and whether they’ve completed any tasks on the site, for example, signing up to volunteer or donating. Google Analytics tracks this information using cookies and JavaScript code. Email Analytics: We measure without cookies the success of some of the emails we send – so we know what content our supporters are most interested in. Security: Although we use appropriate security measures once we have received your personal information, the transmission of information over the internet is never completely secure. We do our best to protect personal information, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the user’s own risk. We cannot be held responsible for the privacy of data collected by websites not owned or managed by Big Boys Don’t Cry?, including those linked through our website.
12. Cookie Policy
What are cookies?: Cookies are small files, typically of letters and numbers, downloaded on to a device when you access certain websites or emails, including Big Boys Don’t Cry? website. Cookies allow a website to recognise your device. For more information see: http://www.allaboutcookies.org/
Our use of cookies
We use strictly necessary, performance, functionality and targeting cookies on our website. Third party cookies: You may notice some cookies that are not related to the Big Boys Don’t Cry? website whilst visiting www.bigboysdontcry.co.uk Some of our pages contain embedded content such as Youtube video, Twitter feed, Facebook likes or Google plus share, and you may receive cookies delivered from these websites. Big Boys Don’t Cry? does not govern the publication of 3rd party cookies. To understand more about their cookies and privacy statements, please visit the relevant sites. If you do not want cookies to be stored on your PC it is possible to disable this function without affecting your navigation around the site.
Disable Cookies
If you are using Microsoft Internet Explorer and you wish to block Big Boys Don’t Cry? website cookies, you can perform the following: 1. On your browser tools menu, select ‘Internet Options’ 2. Click on the ‘Privacy’ tab and then on the ‘Sites’ button 3. Type into the ‘Address of website’ field: www.bigboysdontcry.co.uk 4. Click on the ‘Block’ button 5. Click OK Other browsers including Firefox, Chrome and Safari have similar cookie management abilities in their preferences settings, please refer to your browser’s ‘Help’ facility. Find more detailed information on disabling cookies from aboutcookies.org. Cookie Consent By using our website, subscribing to our services and/or shopping online you agree that we can place the types of cookies set out above on your device. In order to remember that you have accepted our use of cookies we will place a temporary cookie to remember this setting for 3 months.
How to Contact Us
If you have any questions or queries about this Privacy Policy and Data Protection Statement or our privacy practices, please contact us at [email protected] Date published: 11 May 2020