Privacy Policy

Privacy Policy for the ADHD Foundation 

Updated: October 2024 

Introduction 

The ADHD Foundation is dedicated to safeguarding the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, share, and protect your personal data, as well as explaining your rights regarding this data. We are committed to transparency and aim to handle your data in a manner that respects your privacy. 

We have appointed a Data Protection Officer (DPO) to guide and ensure compliance with data protection laws, including the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We will notify you of any significant changes to this Privacy Policy that impact how we manage your personal data. 

About Us 

The ADHD Foundation provides therapeutic services and support to individuals, families, and carers for those with ADHD, Autism, Dyslexia, Dyspraxia, Tourette’s, and mental health needs. We also offer training to professionals nationwide who are involved in supporting these individuals and their families. 

The ADHD Foundation is registered with the Information Commissioner’s Office (ICO) under registration number A8288047. We are a registered charity under charity number 1120898 and a registered company, number 05368328. 

How We Collect Information 

We collect personal data through a variety of interactions and channels: 

Direct Interactions: 

  • Service Users: When you access our therapeutic or support services, we collect information via telephone, email, letter, or face-to-face meetings. 
  • Training Participants: We collect information through standard correspondence related to course registration, setup, and delivery. 
  • Donors: Personal data is collected when you make a donation through our website or in person. 
  • Volunteers: We collect data through a Volunteer Application form when you express an interest in volunteering. 
  • Job Applicants: We process information provided during the application and interview process. 

Third-Party Sources: 

  • Information may be collected from third parties who refer you to our services with your consent. 

Automated Technologies: 

  • We may automatically collect data such as IP addresses, browser types, and interaction data when you visit our website through cookies and other tracking technologies. 

Types of Data We Collect 

We may collect and process the following categories of personal data: 

  • Personal Identification Information: 
  • Name, date of birth, gender, and contact details (email address, phone number, postal address). 
  • Special Categories of Data: 
  • Health information related to ADHD and related conditions, ethnic origin (for diversity monitoring), and other sensitive data, collected only with your explicit consent. 
  • Professional Information: 
  • Employment details, qualifications, and skills, particularly for job applicants and training participants. 
  • Financial Information: 
  • Bank details and payment information for processing donations and service fees. 
  • Technical and Usage Data: 
  • IP addresses, browser types, operating system details, and information about how you interact with our website. 

 

How We Use Your Information 

We use personal data for various purposes, including: 

Service Provision: 

  • To deliver and manage therapeutic and support services tailored to your needs. 

Training and Event Management: 

  • To facilitate your participation in training sessions and national events and to communicate future opportunities. 

Donations and Fundraising: 

  • To process and administer donations, including gift aid claims where applicable. 

Recruitment: 

  • To evaluate job applications and manage the recruitment process effectively. 

Volunteer Coordination: 

  • To match volunteers to suitable roles and manage volunteer engagement. 

Marketing and Communications: 

  • To send newsletters and promotional materials, where you have consented to receive them. 

Research and Development: 

  • To improve our services, conduct research, and develop new programs and initiatives. 

Compliance and Legal Obligations: 

  • To comply with legal and regulatory requirements, including financial audits and reporting. 

Legal Basis for Processing 

We process your personal data based on the following legal grounds: 

  • Consent: When you have given explicit consent for a specific purpose (e.g., marketing communications). 
  • Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract. 
  • Legal Obligation: When processing is necessary for compliance with a legal obligation (e.g., financial record-keeping). 
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided they do not override your rights and interests (e.g., improving our services). 

 

Data Retention 

We retain personal data only as long as necessary for the purposes for which it was collected, including: 

  • Therapeutic Services: Data is kept for up to six years after services cease, in line with legal and professional requirements. 
  • Training and Skills Services: Retained with your consent for as long as necessary for follow-up and improvement. 
  • Donations: Financial data is retained for seven years to comply with financial regulations and audit requirements. 
  • Job Applications: Unsuccessful applications are retained for 12 months after the recruitment process. 
  • Volunteers: Information is retained for two years after your volunteering ceases unless otherwise requested. 
  • Photographic Images: Retained for three years unless a longer retention period is agreed upon. 

 

Special Campaigns & Photographic Images 

We may use personal stories and experiences shared by service users and their families to support our campaigns, with explicit consent. Photographic images from training, skills-building, and events are securely stored and used only with express permission. Images are retained for three years unless otherwise requested or consented to a longer period. 

 

Children’s Data 

We collect and retain children’s data only where we have a legal basis to do so, as per service pathways, contracts, and referrals. This information is shared only with individuals directly involved in providing services and is handled with the highest standards of confidentiality and care. 

 

Sharing Personal Data with Third Parties 

We share personal information only under specific circumstances: 

  • Therapeutic Services: Shared with third parties as part of referral pathways and within strict Information Governance guidelines. 
  • Service Providers: We may share data with third-party vendors who provide services on our behalf, such as IT support, event management, and payment processing. 
  • Legal Obligations: We may disclose data to comply with legal obligations, such as court orders or law enforcement requests. 
  • Collaborative Partnerships: We may share information with partner organizations involved in joint initiatives, with your consent. 

We do not sell or rent your personal data to third parties for marketing purposes. 

 

Your Privacy Rights 

You have several rights regarding your personal data under data protection laws, including: 

  • Access: Request access to your personal data and receive a copy. 
  • Rectification: Request correction of inaccurate or incomplete data. 
  • Erasure: Request deletion of your data when it is no longer necessary or where there is no legal basis for retaining it. 
  • Restriction: Request restriction of data processing in certain circumstances. 
  • Objection: Object to the processing of your data based on legitimate interests. 
  • Data Portability: Request the transfer of your data to you or a third party in a structured, commonly used, and machine-readable format. 
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent. 

To exercise your privacy rights, please contact our Data Protection Officer at [email protected] or: 

Tom Howcroft, Data Protection Officer 

ADHD Foundation 

3rd Floor, 54 St James Street 

Liverpool L1 0AB 

For your protection, we will verify your identity when you exercise your privacy rights. Requests, known as Subject Access Requests, are free of charge and will be initially acknowledged within three working days, with a full response within four weeks. 

 

Educational Mobile Application 

Our Umbrell[AR] Mobile Application, available on the Apple App Store and Google Play, does not collect user data. Permission is requested before accessing the camera, which is used solely for personal and private in-app functions. The application does not have any trackers and does not transmit data to external servers. 

 

Complaints 

If you have any complaints or queries about the information we hold, please contact [email protected] . You also have the right to file a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data in accordance with data protection laws. 

 

Website and Cookies 

When you visit our website, we collect standard internet log information and details of visitor behavior patterns. This is done to monitor visitor numbers and the areas of our website that are most visited. We use cookies to improve your browsing experience and analyze website traffic. 

Cookies 

Cookies are small text files placed on your device to collect information about your activities on our website. We use the following types of cookies: 

  • Essential Cookies: Necessary for the operation of our website. These include cookies that enable you to log into secure areas. 
  • Analytical/Performance Cookies: Help us understand how visitors interact with our website, allowing us to improve it over time. 
  • Functionality Cookies: Enable us to personalize content for you and remember your preferences. 

We ask for your consent to use cookies when you first visit our site, and you can manage your cookie preferences through your browser settings.  

 

Security Measures 

The ADHD Foundation takes the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse. These measures include: 

  • Access Controls: Limiting access to your data to authorized personnel only. 
  • Encryption: Using encryption technologies to protect data during transmission and storage. 
  • Regular Audits: Conducting regular audits and reviews of our data processing practices. 
  • Training: Providing ongoing training to staff and volunteers on data protection and security best practices. 

 

Contact Information 

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: 

Tom Howcroft, Data Protection Officer 

ADHD Foundation 

3rd Floor, 54 St James Street 

Liverpool L1 0AB 

Email: [email protected] 

 

 

 

Donate today