1 Autism Forward CIO Privacy Policy
“Autism Forward”, “we”, “us” and “our” means Autism Forward CIO and we are committed to protecting and respecting your privacy.
This policy (the “Privacy Policy”), together with our website terms of use, sets out the basis on which any information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your information and how we will treat it.
We are legally obliged to safeguard and use your information in line with all laws concerning the protection of information under data protection law. Please take the time to read and understand this Privacy Policy.
Autism Forward is registered with the Information Commissioner as the processor of any information and is the ‘data controller’ of such data for the purposes of the data protection laws.
1. Information we may collect from you
We may collect and process the following data about you:
(a) Information you give us.
This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise.
We collect and process the following personal data about you:
(i) Identity data: this may include date of birth, gender, nationality, previous mentor information (if applicable).
(ii) Contact data: this may include name address, contact telephone, email address.
(iii) Employment data: this may include job title, organisation, education details, employment history.
(iv) Financial data: this may include bank account details, payment details, income.
We may also collect and process special category data about you. This may include medical information such as health and disability data.
In addition to the above, this information may include:
• other information that you provide by filling in forms in hardcopy and sending a hardcopy by post or as a scan via email; and
• information that you provide to us when you join our mailing list or make a donation to us.
(b) Information we receive from other sources.
We may receive information about you from third parties. This may include:
- information shared with us by fundraising sites like Just Giving when you have made a donation to us;
- information that we receive from third party mentors relating to the beneficiary of a grant from Autism Forward CIO, such as initial suitability checks or regular progress reports; and
- information that we receive relating to you from referees or third party health professionals to verify information that you give us in relation to any application to us for a grant made by you.
2. Uses of your information
Any information you provide us is kept confidential.
We do not retain information for any longer than is necessary for the purposes for which it was collected in line with usual business requirements and any applicable legal requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable other requirements. Normally, your personal data will be kept for 6 years.
We do not make any automated decisions about you.
Your personal data may be processed by Autism Forward in the following ways and for the following purposes:
(a) Information you give us.
We will use this information to:
(i) carry out our obligations arising from any agreements entered into between you and us;
(ii) to provide you with the information that you request from us, to administer donations you make or support your fundraising, including processing gift aid;
(iii) to keep a record of your relationship with us and if you have requested to receive our newsletter or otherwise given your consent to receive fundraising information from us; and
(iv) to provide you with information on our work and fundraising activities and to ask for donations or other support by email or through our newsletter (which you can opt-out from at any time by email to Jane Pierce at info@autismforward.org.uk or by unsubscribing from the newsletter).
Sometimes we use third-party service providers to process your personal information for particular services such as donations or to organise events. Further information on these third-party service providers can be found at section 5 below. We will also use this information to assess whether you are eligible for any grant you apply for from us and to monitor the benefit and outcome of services provided to you which are paid for by a grant from us.
(b) Information we receive from other sources.
We may combine this information with information you give to us. We may use this information and the combined information for the purposes set out in (a) above (depending on the types of information we receive).
We are entitled to use your personal data in these ways because:
• we have a legal duty to ensure that our resources are used exclusively in the pursuit of our charitable objects;
• we have legal and regulatory obligations that we have to discharge; or
• we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings
3. Legal grounds for processing your personal data
We process your personal data for one of the following legal basis:
Identity data
Necessary to comply with legal obligations.
Necessary for the performance of a contract.
It is in our legitimate interests to do so and our reason for using it outweighs any prejudice to your data protection rights (our legitimate interests include, for example, to run the charity, prevent fraud, provide services, to grow our charity and carry out direct marketing).
Where you have provided your consent. Please note that if you do not provide your consent for Autism Forward to process your personal data for us to perform a specific function, this may affect our ability to perform that function in full.
Contact data
Necessary for the performance of a contract.
It is in our legitimate interests to do so and our reason for using it outweighs any prejudice to your data protection rights (our legitimate interests include, for example, to run the charity, prevent fraud, provide services, to grow our charity and carry out direct marketing).
Where you have provided your consent. Please note that if you do not provide your consent for Autism Forward to process your personal data for us to perform a specific function, this may affect our ability to perform that function in full.
Financial data
Necessary to comply with legal obligations.
Necessary for the performance of a contract.
It is in our legitimate interests to do so and our reason for using it outweighs any prejudice to your data protection rights (our legitimate interests include, for example, to run the charity, prevent fraud, provide services, to grow our charity and carry out direct marketing).
Where you have provided your consent. Please note that if you do not provide your consent for Autism Forward to process your personal data for us to perform a specific function, this may affect our ability to perform that function in full.
Employment data
Necessary for the performance of a contract.
It is in our legitimate interests to do so and our reason for using it outweighs any prejudice to your data protection rights (our legitimate interests include, for example, to run the charity, prevent fraud, provide services, to grow our charity and carry out direct marketing).
Where you have provided your consent. Please note that if you do not provide your consent for Autism Forward to process your personal data for us to perform a specific function, this may affect our ability to perform that function in full.
Special category data
Where you have provided your consent. Please note that if you do not provide your consent for Autism Forward to process your personal data for us to perform a specific function, this may affect our ability to perform that function in full.
It is necessary for the provision of health or social care.
4. Where we store your information
The personal data that we collect from you may be transferred to, and stored at, a destination outside the UK. It may also be processed by individuals operating outside of the UK who work for one of our suppliers.
Where the recipient is based in a jurisdiction that has not been deemed to provide adequate protection of your data, then we will put in place specific contractual protections approved for use by the UK Information Commissioner’s Office (ICO) in order to ensure that your data is adequately protected.
You can obtain more details about the protection given to your personal data when it is transferred outside the UK by contacting us in accordance with the “Your Rights” section below.
5. Sharing your information
We may share your personal data with:
• our third-party service providers that we use, for example our IT support;
• our professional service providers, for example lawyers, insurers and consultants; and
• if we are legally required, for example to comply with our legal obligations, a court order or the instructions of a governmental authority.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not sell, rent, share, or otherwise disclose your information with any other parties without your permission.
6. Security of your information
All data you provide to us is stored on our secure third party provided platform. Unfortunately, the transmission of information to us via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk.
In order to prevent unauthorised access or disclosure, we have implemented appropriate technical and organisational security measures to protect and secure your information. We will take all steps reasonably necessary to ensure that your information is treated securely and used only in accordance with this Privacy Policy.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Third party websites
Our website may, from time to time, contain links to and from the websites of our partner networks and service providers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.
7. Your rights
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
• the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit such data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object. You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes;
- the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request; and
- the right to lodge a complaint with the ICO (details of which are provided below) if you think that any of your rights have been infringed by us.
- You may contact Autism Forward by writing to 37 Granville Park, London, SE13 7DY or by emailing Jane Pierce at info@autismforward.org.uk to exercise your rights, or if you have any questions about our Privacy Policy.
You can find out more information about your rights by contacting the ICO, or by searching their website at https://ico.org.uk/. You can contact the ICO at the following address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
8. Changes to this Privacy Policy
This Privacy Policy may be updated from time to time so you may wish to check it each time you visit. The date of the most recent changes will appear on this page.
If you do not agree to these changes, please do not continue to use this website or our services.
Updated July 2024
