SkyAngels Air Ambulance [SAAA] will never give your details to a third party without your express consent and we will never sell your information to a third party. We value your information and only hold this information on secure computers and servers. Due to our service type, we will, in some medical events require next-of-kin consent to inform medical teams for your benefit as one of our patients...
- We have checked that consent is the most appropriate lawful basis for processing.
- We have made the request for consent prominent and separate from our terms and conditions.
- We ask people to positively opt-in.
- We don’t use pre-ticked boxes or any other type of default consent.
- We use clear, plain language that is easy to understand.
- We specify why we want the data and what we’re going to do with it.
- We give separate distinct (‘granular’) options to consent separately to different purposes and types of processing.
- We name our organisation and any third party controllers who will be relying on the consent.
- We tell individuals they can withdraw their consent.
- We ensure that individuals can refuse to consent without detriment.
- We avoid making consent a precondition of a service.
- If we offer online services directly to children, we only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place.
- We keep a record of when and how we got consent from the individual.
- We keep a record of exactly what they were told at the time.
- We regularly review consents to check that the relationship, the processing and the purposes have not changed.
- We have processes in place to refresh consent at appropriate intervals, including any parental consents.
- We consider using privacy dashboards or other preference-management tools as a matter of good practice.
- We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
- We act on withdrawals of consent as soon as we can.
- We don’t penalise individuals who wish to withdraw consent.
- In some fundraising circumstances, we will need to collect payroll information, bank or debit/credit card information. Financial information will only be collected if necessary. Such examples include participation in our in-house lotteries or contributing to our cause by regular or one-off donation.
- We like to keep all our supporters up to date with information about our service. From time to time, we also like to send you marketing literature and suggestions of ways in which you may like to support us.
- You will have the opportunity to choose how we keep in touch (post, email, telephone and/or text) and you can change your preferences at any time by emailing email@example.com and providing us with the required forms of I.D.
- As a charity that cares for its patients, we also care for those who support us and will always respect your wishes should you tell us that you no longer wish to hear from us.
- Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
- How SAAA use your information
- This privacy notice tells you how we, SAAA, will collect and use your personal data for correspondence purposes and in relation to our Membership Clubs, Events, Publications and Journalistic Purposes.Why does SAAA need to collect and store personal data?
In order for us to provide you with our services we need to collect personal data for correspondence purposes and/or detailed service provision. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
In terms of being contacted for marketing, training purposes, SAAA would contact you for additional consent. SAAA, confirm that the lawful basis for processing data is to process data to fulfill a contractual obligation, or prior to entering into a contractual obligation. SAAA, also confirm that there is a legitimate interest in processing data from previous attendees to their events.
Will SAAA share my personal data with anyone else?
We may pass your personal data on to third-party service providers contracted only to operate our service in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely and operate in accordance with the EU’s General Data Protection Regulations. This includes third-party software providers including cloud-based solutions.
Where your data may be processed:
We may transfer personal data to third party data processors in countries that are outside of the EEA and have selected these data processors on their commitment to the appropriate international data protection agreements.
How will SAAA use the personal data it collects about me?
SAAA will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. SAAA is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will SAAA contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Can I find out the personal data that the organisation holds about me?
SAAA at your request, can confirm what information is held about you and how it is processed. You can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Embassy or a third party, information about those interests.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
SAAA accepts the following forms of ID when information on your personal data is requested:
Passport, driving licence, birth certificate, utility bill (from last 3 months), etc.
SAAA-Special Categories of Personal Data
- Due to the nature of some of our Air Ambulance work, SAAA may collect data defined by the General Data Protection Regulation as Special Categories of Personal Data. These categories of data include your mental and physical health, race and ethnic origins and genetics. We will only collect this information if it is necessary, or with your explicit consent.