Principles of the GDPR Act 2016

In order to operate effectively and fulfil its legal obligations, the DSA needs to collect, maintain and use certain personal data about current, past and prospective members, suppliers and other individuals that contact the DSA, or with whom it has dealings (each, a “data subject” and together, “data subjects”). The DSA is dedicated to obtaining, handling, processing, transporting and storing all such personal data, whether held on computer, or paper, lawfully and correctly, in accordance with the safeguards contained in the UK GDPR Act 2016 (the “GDPR”).

The DSA has a responsibility to protect such personal data, especially sensitive personal data that it collects from data subjects.

The DSA is committed to the 8 principles of data protection as detailed in the UK GDPR Act 2016. These principles require that personal data must:

  • be fairly and lawfully processed and not processed unless specific conditions are met?
  • be obtained for one or more specified, lawful purposes and not processed in any manner incompatible with those purposes?
  • be adequate, relevant and not excessive for those purposes?
  • be accurate and, where necessary, kept up to date?
  • not be kept for longer than is necessary?
  • be processed in accordance with the data subject’s rights under the DPA;
  • be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage?
  • not be transferred to countries outside the European Economic Area (EEA) unless the country or territory ensures adequate protection for the rights and freedoms of the data subjects.

What the DSA collects:

The DSA collects personal data that data subjects (you) provide to the DSA, which is information that can be used (or reasonably be used) to identify someone as an individual. The DSA will only do this when you (as the data subject) have agreed to the DSA’s request for that personal data. This personal data may include your:

  • Name?
  • Address?
  • Telephone number?
  • Email

How the DSA will use a data subject’s personal data.

By providing personal data, you (as a data subject) agree that, where it is permitted by applicable law or where you have agreed to receive these communications from the DSA, the DSA may use your personal data to:

  • Respond to your requests?
  • Improve services for people with Down’s syndrome ?
  • Improve the content of our communications?
  • Provide you with tips, helpful information, news and updates?
  • Notify you of new services?
  • Seek your views on new products and services?
  • Consider your application for employment?
  • Assist with the DSA’s own administrative and quality assurance purposes? or
  • For other purposes that may be detailed on the DSA website or a mobile application.

The DSA will act as a data controller of such personal data.

The DSA will only collect personal data to serve a specific business, commercial, or legal purpose and only gather the minimum amount needed. The DSA will use only fair and lawful means to obtain the personal data.

The DSA will be transparent in dealings with data subjects whose personal data the DSA holds.

The DSA will obtain a data subject’s informed consent to process his or her personal data in cases where it is necessary and appropriate to do so in compliance with applicable laws.

The DSA will not use personal data collected for one purpose for a different purpose without getting the data subject’s consent, unless applicable laws allow or require it.

The DSA will correct any personal data where it is notified that such personal data is incorrect.

Only authorised paid employees, trustees and volunteers of the DSA and third party suppliers can carry out processing of personal data, which must be consistent with their individual roles and responsibilities.

Personal data will be held in accordance with the safeguards in the DSA Security Guidelines.

How the DSA protects your personal data

The DSA will take appropriate legal, organisational, and technical measures to protect personal data consistent with applicable privacy and data security laws.

When DSA uses a thirdparty service provider, that provider will be carefully selected and required to use appropriate measures to protect the confidentiality and security of personal data.

When we collect your personal information we use strict procedures and security features to prevent unauthorised access. Unfortunately, no data transmission over the Internet is 100 per cent secure. As a result, while we try to protect your personal information, The DSA cannot guarantee the security of any information you transmit to us and you do so at your own risk.

Sharing personal data with third parties

The DSA may share the personal data of a data subject in compliance with applicable law.

In certain special cases where permitted by applicable law, the DSA may disclose your personal data:

  • when the DSA has reason to believe that disclosure of this information is necessary to identify, contact or bring legal action against someone who may be causing injury to you or otherwise injuring or interfering with the DSA’s rights, property or operations, other users of this website or any mobile application or anyone else who could be harmed by such activities?
  • when the DSA believes that applicable law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation?

Personal data collected may be transferred to, stored and processed in your country of residence or any other country in which the DSA, subcontractors or agents maintain facilities, including the United States and countries outside the European Economic Area (EEA).

The DSA will ensure that if your personal data is transferred outside your country of residence, it will still be treated in accordance with this DSA Policy.

Unless otherwise specified in the website the DSA will not sell or license your personal data to other third parties.

Sometimes the DSA uses selected third parties to provide support services in the normal course of business. These parties may, from time to time, have access to your personal data to enable them to provide those services to the DSA. The DSA requires all third parties providing such support services to meet the same standards of data protection as the DSA’s own. Any third party will be prohibited from using your personal data for that third party’s own purposes. In particular, the DSA will not allow service providers to use your personal data for the marketing activities of that service provider.

Information from Outside Sources

Where permitted by applicable law, the DSA may also collect legally obtained information from third parties to add to its existing user databases. Some of this information may be personal data of data subjects. The DSA may do this to better target information offerings and promotional campaigns in which the DSA believes you would be interested. Such personal data will only be collected and used by the DSA in accordance with the basis on which it was originally provided by the data subject, or as otherwise permitted by applicable law.

Website and mobile application usage information

The DSA also automatically collects information about your computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, GPS location data, mobile phone service provider, and mobile phone operating system. The DSA aggregates this information to understand how visitors to the DSA websites use the websites so that the DSA can improve these and the services that the DSA offers.

GPS location data does not typically identify individual users. This information includes:

  • the total number of visits to the DSA websites and mobile applications?
  • the number of visitors to each page of the DSA websites and mobile applications? and
  • the domain names of website visitors’ internet service providers.

The DSA uses Google Analytics as the main form of website statistics tracking. Any visitors to the DSA websites who don’t want their data used by Google Analytics can install the Google Analytics optout browser addon.

This addon instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) running on websites to prohibit their information from being used by Google Analytics. To optout of Google Analytics for the web, go to

https://support.google.com/analytics/answer/181881?hl=en

The DSA website and mobile applications may use technology called “cookies.”

A cookie is a small text file that is placed on your hard disk by a server. Cookies allow the DSA website and mobile applications to respond to you, the data subject, as an individual.

The website or mobile application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

For instance, the DSA server may set a cookie that keeps you from having to enter a password more than once during a visit to a website.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or receive a warning before a cookie is stored if you prefer. Please refer to your Internet browser’s instructions or help screen to learn more about these functions and to specify your cookie preferences.

If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or any other websites that you visit.

You can manage these small files yourself and find out more about them at www.aboutcookies.org.

Our use of cookies

Below is a list of all the cookies that are set by the Downs Syndrome Association website. If you have any questions or would like more information about these cookies, please contact us.

Cookies for improving service

We use Google Analytics to monitor the number of visitors to the Downs Syndrome Association website and the content visitors value. This allows us to ensure that the website is available when you want it, and to understand what content is useful to you.

Name Content Expires
_utma Randomly generated number 2 years
_utmb Randomly generated number 30 minutes
_utmc Randomly generated number When you close your browser
_utmz Randomly generated number and information on how you navigated to the site 6 months

For further information about the cookies set by Google Analytics, please refer to the Google Code website.

Cookies for improving your user experience

 

We also use cookies to help improve your use of the site:

Name Content Expires
Randomly generated string Session cookie used by our website framework. When you close your browser
dsa_cookie_message Text to test if you’ve been shown the cookie warning message. 1 week
style Stores your font size preference. When you close your browser

If you have any questions about these cookies and how they are used, please contact us.