Mobile Mobile mask Desktop Desktop mask Full Full mask

SHORT FORM PRIVACY NOTICE THE CIRCUIT: NATIONAL DEFIBRILLATOR NETWORK (NDN) GUARDIANS

British Heart Foundation will collect your personal information (a) in the course of you registering as a Guardian of a defibrillator on The Circuit (the National Defibrillator Network) which is accessible by Ambulance Services and (b) during our relationship with you.

We use it for the purpose of managing our contract and relationship with you including keeping your details up to date, defibrillator maintenance reminders, status checks, product safety alerts, manufacturer recalls, tracking activity, dealing with issues, related activities and liaising with the Ambulance Services.

We will share your data with the Ambulance Services so they know where the defibrillator is located and so they can keep in touch with you by email regarding your defibrillator(s) and related issues that are important to them. Other NDN Guardians may email each other to ask if they will act as a secondary or back up guardian for their defibrillator.

If you agree to do so the location of your defibrillator and its availability will be visible on a publicly facing website. Your personal details will not be available on that website.

You will not receive any marketing from us in relation to any defibrillator products, services, maintenance or other related accessories neither will we share your data with any third party for any marketing activity of their related products.

For full details please see our complete Privacy Notice for NDN Guardians which is provided or made available with this notice and may be inspected at any time. Your rights in relation to your personal data are set out there as are how to exercise those rights.

PRIVACY NOTICE for NDN GUARDIANS

1. INTRODUCTION

1.1 The British Heart Foundation (The BHF) is committed to protecting the privacy and security of your personal information.

1.2 This privacy notice describes how we collect and use personal information about you immediately before, during and after your relationship with us as an NDN Guardian being the person responsible for a defibrillator you have registered with us on the National Defibrillator Network (also known as The Circuit).

1.3 The BHF is a “data controller". This means that we are responsible for deciding the purposes, conditions, and means for which we hold and use personal information about you.

1.4 This notice applies to current and former NDN Guardians. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

1.5 It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

2. DATA PROTECTION PRINCIPLES

2.1 We will comply with data protection law. This says that the personal information we hold about you must be:

(a) Used lawfully, fairly and in a transparent way.

(b) Collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.

(c) Adequate, relevant and limited to the purposes we have told you about.

(d) Accurate and kept up-to-date.

(e) Kept in a form that permits identification of the “data subject” (you) only for as long as necessary for the purposes we have told you about.

(f) Processed in a manner that ensures appropriate security of the personal data.

3. THE TYPE OF INFORMATION WE HOLD ABOUT YOU

3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.

3.2 We will collect, store, and use the following categories of personal information about you:

(a) Personal contact details such as name, telephone numbers, and email address.

(b) The information you have provided to us when registering your defibrillator on The Circuit.

(c) Emails, alerts, updates, maintenance records and other interactions with you.

(g) Information provided by members of the public and others in relation to the defibrillator of which you are an NDN Guardian.

(h) Other information generated during your time as an NDN Guardian.

3.3 We may also collect, store, share and use information about criminal convictions and offences and alleged offences insofar as they relate to the Circuit.

4. HOW IS YOUR PERSONAL INFORMATION COLLECTED?

4.1 We collect personal information directly from you at the point of registration or when you choose to update that information.

4.2 We also collect the emails and associated information regarding the management of the defibrillator whilst you are an NDN Guardian.

5. HOW WE WILL USE INFORMATION ABOUT YOU

5.1 We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

(a) Where we need to perform or manage the contract we have entered with you (your acceptance of the NDN Terms and Conditions).

(b) Where we need to comply with a legal obligation.

(c) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

5.2 We may also use your personal information in the following situations, which are likely to be rare:

(a) Where we need to protect your interests (or someone else’s interests).

(b) Where it is needed in the public interest.

5.3 Situations in which we will use your personal information:

We need the information above to allow us to perform our contract with you or any Ambulance Service and to enable us to comply with legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties provided your interests and fundamental rights do not override those interests. We will use it to:

(a) Administer the contract we have entered with you in relation to The Circuit and the Ambulance Services using The Circuit.

(b) Manage, plan, and determine performance requirements for The Circuit.

(c) Making decisions about The Circuit.

(d) Dealing with issues involving you, other NDN Guardians, Ambulance Services and members of the public.

(e) Complying with health and safety obligations.

5.4 Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

5.5 Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. LIAISING WITH AUTHORITIES

6.1 We may only use information relating to criminal convictions or allegations of criminal behaviour where the law allows us to do so. This will usually be where a member of staff or the public has informed us of an alleged incident or the police ask us questions about you.

6.2 We will only collect information about criminal convictions or alleged offences if it is appropriate, where we need to and where we are legally able to do so.

7. DATA SHARING

7.1 We may have to share your data with the Ambulance Services using The Circuit, complainants, advisors, regulators, staff, police and other authorities and our insurers.

Why might you share my personal information with third parties?

7.2 We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We may disclose your personal data to a third party in the event that all or part of our business or assets are or are intended to be assigned to another entity.

What about other third parties?

7.3 We may also need to share your personal information with a regulator or to otherwise comply with the law.

8. DATA SECURITY

8.1 We have put in place measures to protect the security of your information.

8.2 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know.

9. DATA RETENTION

How long will you use my information for?

9.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When you cease to be an NDN Guardian we remove your personally indentifiable data and keep the anonymised data for usually no more than six further years unless there are legal reasons to keep it longer.

10. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

Your duty to inform us of changes

10.1 It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

10.2 Under certain circumstances, by law you have the right to:

(a) Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

(b) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

(c) Request erasure of your personal information. This is also known as ‘the right to be forgotten’ and it enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

(d) Object to processing of your personal information if and where we rely on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us as set out in 11.1 below.

No fee usually required

10.3 You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

10.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

11. DATA PROTECTION OFFICER

11.1 We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact our appointed DPO at dataprotection@bhf.org.uk

12. CHANGES TO THIS PRIVACY NOTICE

12.1 We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please your local BHF Store manager.