Privacy Policy
We want everyone who supports us, or who comes to us for support, to feel confident and comfortable with how any personal information you share with us will be looked after or used. This Privacy Statement sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).
Our Privacy Statement may change so please remember to check back from time to time. If you have any queries, please contact our team.
Who we are
Here at Suffolk Mind we are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.
We are a “data controller” for the purposes of the Data Protection Act 2018 which means that we are responsible for, and control the processing of, your personal information.
How we collect information about you
Everything we do, we do to ensure that we can help people experiencing a mental health problem get both support and respect. We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to make sure you receive the best attention when you use our services, book on an event, become a Friend of Suffolk Mind or make a donation.
We collect information from you in the following ways:
When you interact with us directly: This could be if you ask us about our activities, register with us for training or an event either in person or online via one of our webinars, make a donation to us, ask a question about mental health, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, contact us through our website, participate in a question and answer session or fill out an online evaluation form following attendance at one of mental health webinars, or get in touch through the post, by email or in person.
When you interact with us through third parties: This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.
Information we collect and why we use it
Personal Information
Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us. You will have given us this information whilst making a donation, registering for a service or event or any of the other ways to interact with us.
We will mainly use this information:
- To provide the services that you have requested.
- To update you with important administrative messages about your donation, an event or services you have requested.
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
- To keep a record of your relationship with us.
- Where you volunteer with us, to administer the volunteering arrangement.
- To improve the quality of the services we provide to you.
If you do not provide this information, we will not be able to process your donation, sign you up for a particular event, provide services you have requested, or understand how we can improve the quality of our services.
We may also use your personal information to contact you about our work and how you can support Suffolk Mind.
Sensitive Personal Information
If you share your personal experience or the experiences of a friend or relative, we may also collect this health information (Sensitive Personal Information). If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy.
A special note about the Sensitive Personal Information we hold
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
If you contact us at Suffolk Mind through our phone lines, through participation in one of our mental health webinars, or through other more general communications with us such as blogs or emails, you may choose to provide details of a sensitive nature.
We will only use this information:
- For the purposes of dealing with your inquiry, training, and quality monitoring or evaluating the services we provide.
- We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
- Where you have given us your express consent or otherwise clearly indicated to us that you are happy for us to share your story, then we may publish it on our blog or in other media.
Legal basis for using your information
In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you (for example, because you use one of our services or book onto one of our courses) or where we are obliged to do so for legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission).
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Suffolk Mind to process your information to help us to achieve our vision of making Suffolk the best place in the world for talking about and taking care of mental wellbeing.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests. Some examples of where we have a legitimate interest to process your personal information are where we respond to your request for information about our work or services; send out newsletters about our work; use your personal information for data analytics or contact you to ask for feedback to improve our services.
Marketing
We will only contact you about our work and how you can support Suffolk Mind by phone, email or text message if you have agreed for us to contact you in this manner.
However, if you have provided us with your postal address we may send you information about our work and how you can support Suffolk Mind by mail unless you have told us that you would prefer not to hear from us in that way.
You can update your choices or stop us sending you these communications at any time by contacting us directly or by emailing info@suffolkmind.org.uk
Sharing your Information
The personal information we collect about you will mainly be used by our staff (and volunteers) so that they can support you.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
Suffolk Mind may however share your information with our trusted partners and suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, with our partners who help us to process donations and claim Gift Aid and our partners who help us to manage our social media accounts.
We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
Some of our NHS-funded services require Suffolk Mind to submit personal data to the NHS Mental Health Services Data Set which is mandatory. However, the national data opt-out process allows service users to have some control by setting opt-out preferences for how data is used by NHS Digital. If you would like to opt out please visit:Â https://digital.nhs.uk/services/national-data-opt-out
Legal disclosure
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.
Keeping your information safe
We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
Any debit or credit card details which we receive on our website are passed securely to our payment processing partners, according to the Payment Card Industry Security Standards.
How long we hold your information for
We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid). Our data retention policy is available on request.
Your rights
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting our team at Suffolk Mind; 26 High Road West, Felixstowe, IP11 9JB by email at info@suffolkmind.org.uk and by phone on 0300 111 6000. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, https://ico.org.uk/:
- Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
- Consent: If you have given us your consent to use personal information you can withdraw your consent at any time.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
- No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfill every request.
Cookies on our websites
‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website.
They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.
How do we use cookies?
We may use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you come to our website and also allows us to improve the user experience.
The cookies we use
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.
We may use all four categories of cookies:
- Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account.
- Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
- Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
- Targeting or advertising cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. As such if you visit the Suffolk Mind website you may then be more likely to see adverts about Suffolk Mind’s work on other websites as your browsing suggests that this is an area of interest.
Cookies set by WordPress
Cookie Name | Description | Duration |
wordpress_<hash> ** | On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/ | 2 years |
wordpress_logged_in_<hash> ** | After login, wordpress sets the wordpress_logged_in_<hash> cookie, which indicates when you’re logged in, and who you are, for most interface use. | Session |
wp-settings-<time>-<UID> ** | WordPress also sets a few wp-settings-<time>-<UID> cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. | Session |
WordPress_google_apps_login ** | This cookie is set by the plugin ‘Google Apps Login for WordPress’ and may be present for users who login to WordPress via their Google or GSuite account. | Session |
wordpress_test_cookie | Used to check whether your web browser is set to allow, or reject cookies. | Session |
wpe-auth |
Cookies set by Google Analytics
Cookie Name | Description | Duration |
_ga | Used to distinguish users. | 2 years |
_gid | Used to distinguish users. | 24 hours |
_gat | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. | 1 minute |
AMP_TOKEN | Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. | 30 seconds to 1 year |
_gac_<property-id> | Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more. | 90 days |
_gaexp | Optimize 360 – Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in. | 90 days |
Cookies set by CloudFlare
Cookie Name | Description | Duration |
__cfduid ** | The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. | 1 years |
Cookies set by Hotjar
Cookie Name | Description | Duration |
_hjClosedSurveyInvites | Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not reappear if it has already been shown. | 365 days |
_hjDonePolls | Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not reappear if it has already been filled in. | 365 days |
_hjMinimizedPolls | Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. | 365 days |
_hjDoneTestersWidgets | Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in. | 365 days |
_hjMinimizedTestersWidgets | Hotjar cookie. This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. | 365 days |
_hjIncludedInSample | Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. | 365 days |
_hjShownFeedbackMessage | This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show. | 365 days |
_hjid | Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 365 days |
Cookies set by Hubspot
Cookie Name | Description | Duration |
_hs_opt_out | This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies. | 2 years |
__hs_do_not_track | This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, which still allows anonymized information to be sent to HubSpot. | 2 years |
__hs_testcookie | This cookie is used to test whether the visitor has support for cookies enabled. | Session cookie |
hs_ab_test | This cookie is used to consistently serve visitors the same version of an A/B test page that they’ve seen before. | Session cookie |
hs_lang_switcher_choice | This cookie is used to consistently redirect visitors to the language version of a page in the language they’ve selected on this top-level private domain in the past (if such a language version exists). | |
<id>_key | When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login. The cookie name is unique for each password-protected page. | |
Hs-messages-is-openhs-messages-hide-welcome-message | This cookie is used on the visitor UI side so HubSpot can determine/save whether the chat widget is open for future visits. It resets after 30 minutes to re-close the widget after 30 minutes of inactivity | (TTL 30 minutes) |
__hstc | The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). | 2 years |
hubspotutk | This cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts. | 10 years |
__hssc | This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. | 30 min |
__hssrc | Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session. | None. Session cookie |
messagesUtk | This cookie is used to recognize visitors who chat with you via the messages tool. If the visitor leaves your site before they’re added as a contact, they will have this cookie associated with their browser. If you have a history of chatting with a visitor and they return to your site later in the same cookied browser, the messages tool will load your conversation history with that visitor. |
Miscellaneous Cookies
Cookie Name | Description | Duration |
complianceCookie | Used to distinguish your acknowledgement of our website’s Cookie Banner and subsequent policy (this document). | 14 days |
No cookies, please
You can opt out of all our cookies (except the strictly necessary ones). But, if you choose to refuse all cookies, our website may not function for you as we would like it to.
If you have any questions about how we use cookies, please contact us.
Monitoring
Your communications with our teams (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
To find out more about this policy and how we look after your personal information, contact our team.