GDPR – General Data Protection Regulation
The data protection laws will change on the 25thMay 2018.
This privacy notice sets out your rights under the new law.
At the Pumping Marvellous Foundation, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.
This Privacy Notice, inclusive of our Terms and Conditions, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.
For clarity, the Pumping Marvellous Foundation may be both data controller and data processor for your personal data under certain circumstances.
Who we are?
The Pumping Marvellous Foundation manages this website as well the management of the platform “Just Heart Failure” as outlined in the “Terms and Conditions”. It is the UK’s leading patient led Heart Failure Charity and our registered charity number is 1151848 in England and Wales. We are also registered as a company in England and Wales under registration number 08370761
Our registered office is
The Pumping Marvellous Foundation
Suite 111 Business First
Millennium Business Park
Our current data controller is Nick Hartshorne-Evans
How does the new law protect you?
The new GDPR Data laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent and to contact you for customer service purposes.
How do we collect personal data from you?
We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email, live-chat or otherwise in respect of any of our services or during the purchasing of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter.
If you provide us with personal data about a third party you must warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data. We will need to see evidence of this before we proceed.
Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, location geographical information and your usage of our services e.g. seeing which pages you have visited.
What type of data do we collect from you?
The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.
We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content.
How do we use your data?
- To process orders that you have submitted to us;
- To provide you with products and services;
- To comply with our contractual obligations we have with you;
- To help us identify you and any account you may have with us;
- To enable us to review, develop and improve our services to you;
- To provide customer care, responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To detect fraud and to make sure what you have told us is correct;
- To carry out marketing and statistical analysis;
- To review job applications;
- To notify you about changes to our website and services;
- To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and
- To inform you of service and price changes.
We will keep your personal data for the duration of the period you are a “user” of the Pumping Marvellous Foundation and Just Heart Failure website. We shall retain your data only for as long as necessary in accordance with applicable laws.
If you instruct us to erase your data, we may keep your data for up to 7 years after you no longer require our services. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
Who has access to your personal data?
Here is a list of all the ways that we may use your personal data and how we may share the information with third parties. We have grouped them into the specific products and services that we offer:
Trustees, Employees, Contractors and Volunteers
- Employees of the Pumping Marvellous Foundation
- Trustees and Directors of the Pumping Marvellous Foundation
- Approved and checked volunteers of the charity
Financial, Legal and Banking providers
- Appointed Accountants
- Appointed Legal Team
- Appointed Bankers
- Payment Processes
Website Registrants, Website Hosting, Email Hosting, Website Security, Website Developers, Website Traffic
- Website Registrants – The register of our domain names
- Website Hosting – The hosted and provider of hosted web based services
- Email Hosting
- Website Developers
- Website Traffic Information
Delivery, travel, accommodation, fundraising platforms and event organisers
- Delivery – The companies we use to deliver our services and product
- Travel – The companies we use to provide travel
- Accommodation – The companies we use to provide accommodation
- Fundraising Platforms – Companies we use to provide fundraising services to our fundraisers and employees
- Event Organisers – Companies or organisations or organisers who host fundraising events
Processing third party data
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.
We work closely with a number of third parties (including business parties, service providers and fraud and safe guarding protection services) and we may receive information from them about you.
These third parties may collect information about you including, but not limited to, your IP address, device-specific information, server logs, device event information, location information, and unique application numbers. We may use their features within our service framework, however, in some instances, they may be acting as data controller or even as the data processor and they will have their own privacy policies, which we advise you to read. This may include social media companies not limited to Facebook, Twitter, Instagram, LinkedIn, Pinterest.
We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.
We may share your information if we are acquired by a third party if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of the Pumping Marvellous Foundation, our beneficiaries, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling any obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
You can view, edit or delete your personal data by contacting us here firstname.lastname@example.org. You can also make choices about the Pumping Marvellous Foundation collection of your data and how we use it.
You have the right to ask us not to process your personal data for marketing purposes. If you choose not to receive marketing communications from us about our products and services please contacts us here email@example.com
We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time by contacting us here firstname.lastname@example.org
Accessing and updating your data
Just Heart Failure
User – Defined as account holder not limited to for example Heart Failure Nurse Team, Cardiac Rehab Team, Pharmacist
The user – You must maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, title, phone number, and e-mail addresses are kept up to date at all times. You must do this by updating your personal details within your assigned account through the login on Just Heart Failure.
The Pumping Marvellous Foundation and Just Heart Failure
You have the right to access the information we hold about you. Please email your request to email@example.com so that we can obtain this information for you.
Our cookies policy is available to view here – http://pumpingmarvellous.org/about-us/cookie-law/
External Site Links
The Pumping Marvellous Foundation may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Information that is supplied on these sites is not within our control and we cannot be responsible for the privacy policies and practices of these.
Storage of your personal data
We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate.
All information you provide to us is stored on our secured servers within the EEA. From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data. By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice.
As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any sensitive data (payment details for example) are encrypted and protected.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.
Please e-mail any questions or comments you have about privacy to us here firstname.lastname@example.org
Your right to make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner:
Tel 0303 123 1113
Information Commissioner’s Office
Information displayed on our site or contained in any communication we may make is provided without any guarantees, conditions or warranties as to its accuracy.
To the extent permitted by law, we and third parties connected to us expressly exclude:
- All conditions, warranties and other terms which might otherwise be implied by law.
- Liability for any direct, indirect or consequential loss or damage incurred or suffered in connection with our site or in connection with the use, inability to use, or results of the use of our site, any websites linked to it and any materials or information posted on it, or contained in any communication we may make, including, without limitation, any liability for, loss of income or revenue, loss of business or opportunities, loss of profits or contracts, loss of anticipated savings, loss of data, loss of goodwill, wasted management or office time; or for any other loss or damage of any kind, however arising and whether in tort (including negligence), contract or otherwise, even if foreseeable.
We do not seek to exclude liability for death or personal injury arising from our negligence, nor our liability for fraudulent misrepresentation or any other liability which cannot be excluded or limited at law.
English courts will have exclusive jurisdiction over any claim arising from, or related to, a visit to our site although we retain the right to bring proceedings against you for breach of these conditions in your country of residence or any other relevant country.
Changes to our policies
We reserve the right to change our policies as and when is necessary, please check back occasionally to see our revisions. We do review our policies. Our online policies were last reviewed in May 2018.
Review Date – May 2019
File and Version Date – Version 1.0