We are committed to ensuring that your privacy is protected.
We are a grassroots non-profit organisation working to connect those who can make or provide personal protective equipment, in particular scrubs and face protection (masks and visors), to front-line NHS staff and to other key workers during the COVID-19 pandemic and to deliver the products as necessary (our “Activities”).
We can be contacted here
European General Data Protection Regulation
As the work S+FP Hub does takes place in the UK, the European Union’s “General Data Protection Regulation” (GDPR) applies to our processing of your personal data, even if you do not live in Europe.
We process the following personal data about you:
- your name
- your address
- your occupation
- your contact details including phone number and email
- your skills and abilities relevant to our Activities
- any other information you provide to us over our website, social media platforms, the telephone or otherwise
We process this data in order that:
- we can perform our Activities, including our necessary internal processes
- we can ask you for feedback or conduct other forms of survey
- we can keep in touch with you about our Activities or those of other organisations with similar aims
Our legal bases for processing it are that you consent to our doing so and our legitimate interest in our developing, marketing and carrying out our Activities.
We may share this data with others in order to further our aims and to better perform our Activities, for example with:
- actual or prospective volunteers
- actual or prospective suppliers (eg scrubhub)
- other healthcare and key workers
- the government (solely in order to evidence demand for PPE)
An anonymous code will be used to replace your personal details if we share data with any government agency.
We will disclose your information where we are required to by law, a regulatory authority or otherwise.
It is unlikely that we will share your data in a way which requires it to be exported to a different country. Any such country may have different rules for data protection and may not protect your data in the same way as, or as well as, the GDPR. But if we do, then we are permitted to do this because you consent to our doing it.
We will not sell your contact information to third parties.
We will keep your contact information for 6 years after the last communication between us for liability purposes and then we delete it.
If you wish us to stop processing your personal data, you may withdraw your consent at any time by contacting us at the email address given above. When you withdraw your consent, we will delete all personal data we hold about you.
Third party processors
We use third parties to process some of your personal data on our behalf. We do not permit them to use your data for their own purposes. We have in place with each processor, a contract that requires them only to process the data on our instructions and to take proper care in using it. They are not permitted to keep the data after our relationship with them has ended.
These processors include:
- Are there any? Amazon Web Services, Google Cloud Platform, SurveyMonkey, Google Analytics, Google G-Suite
- This list may be added to in future as we develop further partnerships
Under the GDPR you have a number of important rights free of charge. This includes rights to:
- access your personal information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the United Kingdom Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email using the email address given above.
The GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/your-personal-information-concerns or by phone on +44 0303 123 1113.