Privacy Statement
Privacy Policy
This privacy policy applies to all personal data we collect or process about you. It’s written based on your relationship with us, but we’re aware that an individual might engage with us in lots of different ways. Please make sure you read all the information that relates to your engagement with us.
Please click the headings or subheadings to read the full text.
Who are we?
We are Air Ambulance Charity Kent Surrey Sussex (KSS), a Charity registered in England and Wales with the Charity Commission (No. 1021367) and a Company limited by guarantee registered with Companies House (No 2803242). KSS is registered with the ICO (registration number Z4985129).
Our trading company, Air Ambulance Promotions Ltd (AAPL), is wholly owned and controlled by KSS and is registered in England and Wales with Companies House (No 02674568). AAPL is registered with the ICO (registration number Z5117233).
KSS is the data controller for your personal data. This means that we determine the purposes and means of processing your personal data in compliance with applicable data protection laws, including (but not limited to) the UK GDPR (General Data Protection Regulation) and ePrivacy laws. For trading activities undertaken by AAPL, both KSS and AAPL are joint controllers for your personal data. Any information we collect may be used by both KSS and AAPL. Our trading company exists to raise valuable funds through trading, such as the sale of our merchandise. We also run our hugely popular raffles and lotteries through our trading company.
This policy explains how we collect, use, disclose and protect your personal data, and it supplements other privacy notices you may receive from us. Sometimes we may need to further process information that we have already collected for a different purpose. We will only do this if the new purpose for processing is compatible with the original purpose that the data was collected for, and we will inform you about any further processing before carrying it out.
Throughout this policy, whenever you see the words ‘we’, us’ or ‘our’, it refers to both KSS and AAPL.
We operate the website https://aakss.org.uk.
Contact us
If you have any questions or you want to exercise any of your data protection rights, please contact us using the details below:
| By email: | hello@aakss.org.uk |
| By Phone: | 01634 471900 |
| By Post: | Air Ambulance Charity Kent Surrey Sussex, Rochester City Airport, Maidstone Road, Chatham, Kent ME5 9SD |
| Online: | Get in touch with Air Ambulance Kent Surrey Sussex here - Air Ambulance Kent Surrey Sussex (aakss.org.uk) |
What is meant by “personal data”?
‘Personal data’ is any information, or a combination of pieces of information, that could identify you. This could be information such as your name, date of birth, address and email address, IP address, CCTV images or photographs.
Special category data
Patients and loved ones
We believe your personal data is a footprint of yourself and we promise to keep your confidential information as safe as we possibly can.
Patient treatment
When we treat a patient at home or at the roadside, we bring the emergency room to you to save lives. We work seamlessly with the ambulance service and the receiving hospital trusts. To achieve this, we need seamless sharing of information to ensure critical medical interventions are communicated to every medical team working on your case to ensure you receive the highest standard of medical care. We rely on the lawful basis of vital interests to process both your personal and special category personal data for patient treatment purposes.
Our medical staff wear body-worn video cameras throughout our missions for the purpose of medical supervision of our staff and training purposes. Please see the clinical audit and management section below for more information.
The third parties we work with to deliver patient treatment include IT service providers (e.g., cloud hosting, provision of our customer relationship management system), legal advisors, auditors, insurers, the ambulance service (including the 999-dispatch call centre) and receiving hospital trusts. Regarding our body worn cameras, we occasionally receive requests from the police for footage. In these instances, we’ll always ask for a court order before sharing the information, therefore our lawful basis would be legal obligation to share that footage.
We’re often accompanied at the scene by other emergency services, such as the police or fire and rescue. Where an incident is determined to be a potential scene of a crime or where a potential crime is committed against one of the attending professionals, we may be asked to provide written statements and video footage (where applicable) and in these circumstances, we would rely on a court order (legal obligation) to provide the requested information. If we’re instigating criminal proceedings, we may provide video footage and statements to the police using legal obligation (the welfare of our staff). In rare cases, where there’s an imminent threat to the life of our staff or others, we may rely on the lawful basis of vital interests.
Research and planning
We’re proud that our services are led by science. We work in a unique environment whereby we bring the emergency room to the patient, including operating facilities.
There’s limited research in this discipline. To benefit wider communities, our future patients and their loved ones, we take every opportunity to engage in evaluation of our services and research into pre-hospital care so that we can share our learnings and develop the work in this field to save even more lives.
When we use your personal data for the purposes of research activities, you’ll either be contacted for consent or a member of your direct care team will make sure your personal data is processed in such a way that you won’t be identifiable without the use of additional information (it’ll be pseudonymised). If we share pseudonymised information with other parties, they’ll not be able to re-identify you with the information we provide them with and therefore your personal data will be anonymised for their purposes.
Clinical audit and management
As part of our ambition to aspire for excellence, each of our missions is reviewed by a senior clinician with footage from body worn cameras as appropriate. This helps with our cycle of continuous improvement. We regularly audit our work to ensure compliance against our high standards, and we’re also audited by external bodies (e.g., CQC). To achieve this, it’s important our clinical records are up to date and accurate, including receiving information on the outcome of your treatment. We therefore share and receive personal data with the ambulance service and the receiving hospital regarding your ongoing treatment and outcome relating to the incident. We rely on the lawful basis of legal obligation to process your personal data in these circumstances and the health or social care condition for the processing of special category personal data. We rely on legitimate interests to capture footage via body-worn cameras and that interest is to enable us to review and supervise our staff in order to continue to maintain our high clinical standards.
The third parties we work with to deliver the purpose of clinical audit and management include IT service providers (e.g., cloud hosting, provision of our customer relationship management system), legal advisors, auditors, insurers, the ambulance service (including the 999-dispatch call centre) and receiving hospital trusts.
When treating our patients in complex scenes we’re required to work seamlessly with our partners at South East Coast Ambulance Service (SECAmb) and other emergency services such as Fire and Rescue. As part of the cycle of continuous improvement, we conduct Clinical Governance sessions where, amongst other training, our frontline staff, along with members of our partner agencies, can review and reflect on any learnings from a particular mission which may contain pseudonymised personal data. Regarding the sharing of personal data in this context, we rely on the lawful basis of legitimate interests or public task and the health or social care condition regarding special category personal data.
We are regulated by the Care Quality Commission (CQC) and are proud to hold an outstanding rating. The CQC oversee the quality and standards of care we provide and would investigate if ever we fell short of the high standards that they – and we – expect. Where the CQC asks for information, we are statutorily obliged to provide it and the consequences of not doing so could result in the removal of our CQC certification. However, we will only provide information to the CQC which we believe they are legally entitled to.
Patient and family aftercare service
In fulfilling our core values, we recognise that getting our patients to hospital is often just the start of a journey. Our patient and family aftercare service can offer ongoing support and guidance as part of an individual’s recovery or to their loved ones in times of bereavement. We process personal data to contact you and deliver vital information that we feel could be useful to you (e.g., signposting other charities that might support your recovery, such as Mind). Our lawful basis for processing is consent.
Whilst our patient and family aftercare service do not have access to your clinical file, the record about you held by our aftercare team may include information you have disclosed to us regarding your incident or details of bereavement and other support you may require (e.g., wheelchair use). The aftercare team’s record may therefore contain special categories of personal data. We may also collect special categories of personal data where we might offer you refreshments during your visit (e.g., we would request information about any allergies you may have) or if we need to make reasonable adjustments. When processing special categories of personal data we rely on either the health or social care condition or your explicit consent. Any special categories of personal data are anonymised should a third party need to be made aware of them (e.g., we would inform a caterer that food provided for you would need to be nut free but would not identify the individual with the nut allergy). We are humbled that a number of our former patients offer to share their stories to help our wider supporters understand the impact of our work. In these cases, a separate privacy notice will be shared with you at the time that consent is collected.
We also facilitate several special interest groups to enable participants who wish to do so to meet others who have shared similar experiences, as well as offering base visits to help individuals process their experience. Here, our lawful basis for processing is consent. We may share personal data to facilitate the purpose (e.g., when you ask to join a special interest group, we will share your name and contact details) but we do not routinely share special categories of personal data with third parties.
Supporters
General supporters
Without our supporters we could not save lives. We recognise and value each contribution you make and the trust you hold in us every time you give us your personal data. We vow to maintain that trust through careful handling, appropriate use and ensuring any carefully selected partners will manage your data in the same manner we will.
We will process the personal data of supporters for the administration of any pledge or other support you are offering (e.g., Gift Aid, fraud prevention and money laundering checks).
We send direct marketing materials to keep you updated on our vital work and other ways to support us unless you tell us not to, and our supporter engagement team help us to handle any queries or feedback you may have and get to know you better. We rely on the lawful bases of consent or legitimate interest to process your personal data for these purposes. We do not routinely collect special category personal data of our general supporters.
We also regularly check for deceased and gone away records, along with details of your choices in how you would like to be contacted, to manage our supporter relationships and ensure data remains accurate, up to date and compliant. Here, we rely on the lawful basis of legal obligation.
We may also take photographs of you as you participate in a fundraising initiative and we may use these images in our promotional materials or for inclusion in our archive; further information about this will be provided in our terms and conditions when you sign up or we will notify you at the time that photographs will be taken and discuss this with you. Here, we will apply the lawful basis of legitimate interest or consent where the photographs are used for marketing or archive purposes.
The third parties we engage to deliver these purposes include marketing and data analysis agencies, fundraising and fulfilment companies (e.g., postal mailing house), supporter acquisition companies (who provide our canvassing services for regular donors), IT service providers (e.g., cloud hosting, provision of our customer relationship management system), copyrighters, professional photographers, banks, legal advisors, auditors and insurers and data cleansing agencies.
Lottery & raffle players
Our lotteries and raffles provide a fun opportunity to support our life-saving work whilst enabling you to be in with a chance of winning a prize.
We will process the personal data of lottery and raffle players for the purpose of fulfilling our obligations to you under your lottery or raffle terms and conditions (i.e., our contract with you), administration of your account, and communicating key information to you (e.g., confirmation of a win, change in terms and conditions). Individuals wanting to participate in the lottery must provide the personal data we request otherwise we will not be able to process their lottery application or account.
We also process your personal data to discharge our regulatory requirements. Under Gambling Commission legislation, we are required to undertake customer verification checks to ensure individuals signing up to our lottery are legally permitted to gamble. As part of the regular Gambling Commission audits, we may need to disclose those individual checks to the auditor. The Gambling Commission may also require us to confirm the name and identity of the winners. Our lawful basis in this context is legal obligation and the relevant law is the Gambling Act 2005. If we do not provide this information when requested, the Gambling Commission may withdraw our license.
Should you win the jackpot, we may ask you to take your photograph for use in promotional materials or in our archive. Further information about this will be provided to you at the time we make arrangements for those photographs to be taken. Here, we would apply the lawful basis of consent.
The third parties we engage in delivering these purposes include marketing and data analysis agencies, fundraising and fulfilment companies (e.g., postal mailing house), supporter acquisition companies (who provide our canvassing services for new lottery players), IT service providers (e.g., cloud hosting, provision of our customer relationship management system), copyrighters, professional photographers, banks, legal advisors, auditors and insurers.
We will also use your personal data in line with the general supporters’ paragraph above, unless you have told us not to.
Building profiles of supporters and potential supporters
We use profiling to help us understand our supporters better. This is so we can better understand your motivations and preferences, and it enables us to deliver a more targeted and relevant donor experience. It also helps us predict how you might be able to help us in the future, as well as helping us to raise more funds, sooner, and more cost-effectively than we otherwise would. It also ensures we don’t send marketing to vulnerable individuals,
Profiling at KSS means undertaking research and using screening techniques to engage with suitable high value donors. We may do that directly or through our third-party supplier, Prospecting for Gold.
We profile individuals by reviewing publicly available information to create a profile of your interests, preferences and your ability to support us, including the amount or level of potential donations or legacies you may be able to give. That research may be undertaken for both existing and prospective high value donors. We may also carry out research using publicly available information to identify individuals who may have an affinity with our cause but with whom we are not already in touch.
We use a variety of sources, for example house price data, listed Directorships, social media posts, newspaper articles or typical earnings in a given industry. We may use geographical information for measures of affluence where available. We only use reputable sources, where someone would expect their information to be read by the public. Examples of additional sources include Companies House, Mosaic (an Experian tool), Insight Hub by woodfortrees, Zoopla and search engines. We also take your donation history into account. We avoid any data that we believe has not been lawfully or ethically obtained, and the third parties we engage do not use information sources which have not been made public.
We might also ask our existing supporters, volunteers or trustees whether they would be prepared to open their networks up to us, and if we discover that someone in our network knows a potential donor that we have identified, we might ask them to facilitate an introduction. Here, we would advise the individual to facilitate the introduction about our data responsibilities and ask them to ensure that the potential supporter in question is happy for an introduction to take place. Following the introduction, we would direct the potential supporter to this privacy policy and confirm their marketing and communication preferences.
Volunteers
We rely on and value our extensive volunteer base to support our work and represent us in our communities.
We process the personal data of our volunteers and potential volunteers for the purposes of fulfilling the volunteer agreement with you to maximise your time with us, manage your relationship with us, communicate with your ‘in case of emergency’ contacts where the circumstances require us to and meet our health and safety obligations.
To fulfil your volunteer agreement, we will process your personal data under the lawful basis of contract or legal obligation, and we will process your special category data under the employment, social security and social protection law condition. We are obliged to collect this information from you for health and safety and safeguarding reasons, and you will not be able to continue volunteering unless this information is received.
We may also take photographs of you and fellow volunteers as you carry out your duties to use for promotional materials or for inclusion in our archive, but we will notify you at the time that photographs will be taken and discuss this with you. Certain volunteering roles are subject to a basic Disclosure and Barring Service (DBS) check. For internal communications and keeping you sufficiently informed so that you can discharge your role as a volunteer, we will send you communications that may include direct marketing content. We will apply the lawful basis of legitimate interest or consent for the purposes of taking photographs for use in promotional materials or archiving.
The third parties we engage in delivering these purposes include IT service providers (e.g., cloud hosting, provision of our customer relationship management system), banks, legal advisors, auditors and insurers.
Where Trustees are concerned, we will provide separate privacy information to you at the time you apply for a vacant position and throughout your relationship with us.
Staff and applicants
Whether you are a current or former member of staff, contractor, secondee or worker, or you are applying for a role with us, we will provide privacy information to you as part of the recruitment or employee onboarding process and throughout your time working with us.
Next of kin
There are times when we will request next of kin details for individuals connected with KSS, for example for our staff, volunteers and medical observers.
This may be shared with a third party in the case of an emergency e.g., a hospital trust or police. We rely on legitimate interest for both storing and sharing this information and our legitimate interest is being able to make contact in a medical emergency.
Suppliers and key partners
Suppliers
Whenever we engage with suppliers, we collect their organisational contact information to communicate with them in furtherance of the contract we have with them. Suppliers provide us with goods or services, for example printing services or medical supplies.
We may need to share the information we collect about you with other third parties, but this will depend upon the goods or services we are acquiring or receiving from your organisation and the purposes for processing at the time. For example, we undertake anti-fraud due diligence on all suppliers we engage, and we may share your organisational information, in addition to the checks we have undertaken, with a third party such as our bank or auditors. Where we require personal data for these checks, we cannot continue a relationship with you without it as to do so would be contrary to various finance and tax laws. Consequently, we will not be able to engage you without this information.
We will process personal data in this context under the lawful basis of legal obligation. We do not collect special categories of personal data for this purpose.
Key partners
Key partners are those organisations that are fundamental in assisting us to deliver patient treatment and fulfil our charitable purposes, such as the South East Coast Ambulance Service, NHS hospital trusts or GAMA Aviation.
We are often accompanied at the scene by other emergency services, such as the police or fire and rescue. Where a scene is determined to be a potential scene of a crime or where a potential crime is committed against one of the attending professionals, we may be asked to provide written statements and video footage (where applicable) and in these circumstances, we would rely on a court order (legal obligation) to provide the requested information. If we are instigating criminal proceedings, we may provide video footage and statements to the police using legal obligation (the welfare of our staff). In rare cases, where there is an imminent threat to the life of our staff or others, we may rely on the lawful basis of vital interests.
Our medical staff wear body-worn video cameras throughout our missions for the purpose of medical supervision of our staff and training purposes. Please see the clinical audit and management section above for more information.
The third parties we work with to deliver these purposes include IT service providers (e.g., cloud hosting, provision of our customer relationship management system), legal advisors, auditors, insurers, the ambulance service (including the 999-dispatch call centre) and receiving hospital trusts.
Teachers, pupils and students
Through our marketing promotion we offer activities for pupils and students to participate in either through their school, home tutor or youth organisation (e.g., Brownies). Examples of activities are Wear Red for February or the Restart a Heart campaign. We will require contact details of a named individual to communicate key information regarding the initiative as well as future potential opportunities to engage with us. This information is usually requested from a teacher, parent or youth leader. We maintain all information collected securely and separate from our fundraising database and this information will only be used for the purpose of ensuring the attendance and/or participation of pupils or students in current and future initiatives.
Where schools and youth organisations are concerned, we process this information under the lawful basis of legitimate interests (facilitate events and activities to promote KSS and its charitable objectives). If you do not provide this information, we will not be able to allow your school to participate in the initiative. We do not collect special categories of personal data for this purpose.
We may also take photographs of teachers, pupils and students as they participate in our initiative for use in our promotional materials or for inclusion in our archive; further information about this will be paid out in our terms and conditions when you sign up or we will notify you at the time that photographs will be taken and discuss this with you. Here, we will apply the lawful basis of legitimate interest (facilitate events and activities to promote KSS and its charitable objectives) or consent where the photographs are used for marketing or archive purposes.
We do not routinely share any of the information we collect for these purposes with third parties without consent (which may also include the teacher obtaining the consent of pupils and students).
Medical observers
The personal data we collect for this category of individuals is name and contact details and information relating to their profession and employment. We require this information to contact them about the event they are attending and to facilitate the signing of key paperwork, such as a confidentiality agreement or insurance waiver.
We process this personal data under the lawful basis of legal obligation. The legal obligations here are in respect of health and safety and confidentiality laws. Should you decide not to provide the personal data we request, you will not be able to participate in the observer duty. Where your medical observations relate to clinical governance, please see the section on clinical audit and management above.
We may collect special categories of personal data for this purpose where we are providing refreshments (e.g., we would request information about any allergies you may have) or if we need to make reasonable adjustments. We rely on your explicit consent to collect this information.
We do not routinely share personal or special categories of personal data with third parties. Any special categories of personal data are anonymised should a third party need to be made aware of them (e.g., we would inform a caterer that food provided for you would need to be nut free but would not identify the individual with the nut allergy).
Our medical staff wear body-worn video cameras throughout our missions for the purpose of medical supervision of our staff and training purposes. Please see the clinical audit and management section above for more information.
Conference attendees
We organise a variety of conferences to share our knowledge and insight with the wider medical community. During the sign-up process for conferences, we use a third-party ticketing system to collect personal data and ask individuals for their preferences for future events and marketing. We will often follow up after the event offering the chance to provide feedback.
We process personal data for the purpose of the conference sign-up and attendance under the lawful basis of contract, legal obligation (health and safety), legitimate interest (to facilitate delivery of the conference and promotion of KSS activities) and/or consent. Where the lawful basis of contract or legal obligation apply, if you do not provide the requested personal data, you will not be allowed to attend the conference.
We may take photographs at conferences for use in promotional materials or for inclusion in our archive. Where photographs are concerned, we apply the lawful basis of legitimate interest (to facilitate delivery of the conference and promotion of KSS activities) or consent.
We may collect special categories of personal data for this purpose where we are providing refreshments (e.g., we would request information about any allergies you may have) or if we need to make reasonable adjustments. We rely on your explicit consent to collect this information.
We do not routinely share special categories of personal data with third parties. Any special categories of personal data is anonymised should a third party need to be made aware of them (e.g., we would inform a caterer that food provided for you would need to be nut free but would not identify the individual with the nut allergy).
Ambassadors and Young Ambassadors
We are proud of our Ambassador and Young Ambassador programme and grateful to each individual that takes time to champion our cause.
We process the personal data of our ambassadors for the purposes of fulfilling the ambassador agreement with you and to maximise your time with us, manage our relationship with you, communicate with your ‘in case of emergency’ contacts where the circumstances require us to and meet our health and safety obligations. For the purpose of internal communications and keeping you sufficiently informed so that you can discharge your role as an ambassador, we will send you communications that may include direct marketing content.
We will process your personal data under the lawful basis of contract or legal obligation. The legal obligations we are bound by are those pertaining to health and safety and safeguarding. Should you decide not to provide the information we request to discharge that legal obligation or to fulfil the ambassador’s agreement, you will not be able to become an ambassador.
We will process your special category data under the employment, social security and social protection law condition.
The third parties we engage in delivering these purposes include IT service providers (e.g., cloud hosting, provision of our customer relationship management system), banks, legal advisors, auditors and insurers.
Visitors to base
We are excited to welcome you to our bases and want to make your day as fulfilling as possible.
We process your personal data to facilitate your visit (e.g., ensuring someone is available to greet you, ensuring you sign in, providing information on emergency exits and facilities and making reasonable adjustments were required). Our lawful bases for processing are legitimate interests (to facilitate the base visit) and/or legal obligation (health and safety law). Where we need personal data to discharge our health and safety obligations, we will not be able to permit you onto base without it.
Where appropriate, we may also take photographs of your visit for use in promotional materials or in our archive, but we will notify you at the time that photographs will be taken and discuss this with you. Here, our lawful basis for processing will be legitimate interest (direct marketing) or consent.
We may collect special categories of personal data for this purpose where we are providing refreshments (e.g., we would request information about any allergies you may have) or if we need to make reasonable adjustments. We rely on your explicit consent to collect this information. We do not routinely share special categories of personal data with third parties, but we do often use third party ticketing systems to collect personal data during the event sign up process. Any special categories of personal data are anonymised should a third party need to be made aware of them (e.g., we would inform a caterer that food you are provided would need to be nut free but would not identify the individual with the nut allergy).
Criminal offence data
This is personal information relating to criminal convictions and offences (including allegations of the same) which is also subject to extra safeguards. We don’t routinely collect criminal offence data.
General statement on purpose of legal claims
Notwithstanding the above, we may also need to process your personal data and/or special categories of personal data set out for any of the purposes above to establish, exercise or defend legal claims. For example, obtaining legal advice or preparing for actual or prospective legal proceedings. However, this is not a routine occurrence for us and applies in limited circumstances. Where we process personal data in this way it is likely we would rely upon an exemption (e.g., legal professional privilege), applied on a case-by-case basis, which would limit the rights available to you.
Transferring information outside of the UK
Your personal data may be transferred outside the UK when we engage third party suppliers. For example, we engage third-party software providers (e.g., Microsoft, ticketing platforms or payment providers that help to process a purchase from our shop or handle our donations) that may, in deliverance of the services they provide, transfer your personal data outside the UK. In these situations, we typically transfer personal data to the EU and in rare cases, the US. In such circumstances, we undertake thorough due diligence and risk assessments before any data transfer, ensuring your information has an appropriate level of protection and it is handled appropriately in the receiving country. The safeguards we typically apply are adequacy regulations or standard contractual clauses.
If we store or transfer personal data to other jurisdictions not mentioned above, we will tell you about the transfer and the safeguards in place to protect your personal data, before the transfer.
You can find more details of the protection given to your information when it is transferred overseas by contacting us.
How long we keep your personal data
We only retain personal data for as long as it is needed for the purpose for which it was collected. For example, if we are collecting personal data for a research project, lasting for a specific period of time, it is likely that we will not retain personal data much beyond the publication of the research paper.
Data retention periods will vary depending on your relationship with this. The length of time we retain the personal data may be set out in law (e.g., tax law often requires data to be retained for 6 plus current tax years) or industry best practice (e.g., we follow the NHS Records Retention Code of Practice). When deciding how long to retain personal data we will consider:
- The purpose(s) for which it was collected
- Any legal or best practice requirements for data retention that might apply
- Whether the use is limited to a specific project timeframe
- The amount, nature and sensitivity of the data
- The risk of harm from unauthorised use or disclosure of your personal data, and our understanding of the expectations of data subjects.
If you require further information on our retention periods, please contact us.
Your rights
When you give us your details, we will tell you what we are going to do with them. You can decide how you want us to contact you, whether by post, email, phone or text message and you can update your communication preferences at any time by using the contact details below.
Under UK data protection law, you have rights over personal data that we hold about you. We have summarised those rights below. In most circumstances, we have one month to respond to you but if we require more time, we will let you know why. In very limited circumstances, we may charge a fee.
If you ask another person to help you exercise your data protection rights, we must be satisfied that the third party making the request is entitled to act on your behalf, and we will ask for evidence of this. For example, by requesting a written authority, signed by you, stating that you give the third-party permission to make a request on your behalf.
Please note that we do not use any automated decision-making or profiling (as defined in data protection law).
| Your right | Detail |
|---|---|
| Right to be informed | We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal data and our use of it. We have written this privacy policy to do just that, but if you have any questions or require more specific information. |
| Right of access | You have the right to ask us for copies of your personal data and we will provide you with these unless the law allows us not to. This right always applies and whilst we strive to empower individuals to understand the impact of their incident, including filling in any missing information during what was often a traumatic event, we balance the potential impact of disclosing detailed medical information to you against your ongoing recovery. We’ll therefore balance our medical and data protection obligations to ensure your right of access to medical information is delivered in a sympathetic way. When you make a request for copies of your personal data it is known as a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee. |
| Right to rectification | You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. |
| Right to erasure |
You have the right to ask us to erase your personal data in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the relevant personal data for one of the following reasons:
|
| Right to restriction of processing |
You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, the right to restrict processing applies:
|
| Right to object to processing | You have the right to object to processing in certain circumstances. You can object if the processing is for a task carried out in the public interest, the exercise of official authority vested in us, or the processing of your personal data based on our legitimate interests (or those of a third party). You have an absolute right to stop your personal data being used for direct marketing purposes. Where we send you electronic marketing you can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us. For postal marketing, please contact us. We will stop processing your personal data for direct marketing purposes as soon as reasonably possible but please note that it may take up to 28 days for your request to be fully processed in our systems. We kindly ask that you disregard any marketing you receive from us during that time. |
| Right to data portability | This right only applies if we are processing personal data (1) based on your consent or for the performance of a contract and (2) the processing is automated. Please note, KSS does not make automated decisions about people. |
Exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO). If you wish to exercise any of your rights, you can find our contact details below.
Where we rely on consent to process your information, you are entitled to withdraw that consent at any time. Please note this will not affect the lawfulness of the processing before the point at which you withdraw your consent nor, when applicable law allows, will it affect the processing of your personal data on the basis of any other lawful ground other than consent. You can withdraw your consent by contacting us.
Requests for information
NHS data opt out
You have a choice on whether your confidential patient information can be used for purposes beyond your individual care and treatment (e.g., for research purposes). If you would like this to stop, you can opt out of this yourself or on behalf of someone else. As part of our research activities, we ensure any dataset has been cleansed against the NHS data opt register, so your details would not be used.
For more information on the NHS Data Opt-out, please visit https://www.nhs.uk/your-nhs-data-matters
Questions or concerns
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.
For full details of our complaints procedure and how to make a complaint, please visit: https://www.aakss.org.uk/complaints-procedure
If you have a complaint, then please contact us in the first instance and we hope to be able to resolve it to your satisfaction. If, however, you believe that we have not been able to assist with your complaint or concern then you have the right to make a complaint to the data protection authority in the UK, which is the Information Commissioner’s Office (ICO).
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO’s contact details are:
| Online: | Make a complaint | ICO |
| By telephone: | 0303 123 1113 |
| By Post: | Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF |
As a member of the Fundraising Regulator, we abide by the Code of Fundraising Practice. This is a code of best practice which governs how our fundraising must take place. We take the requirements very seriously. The Code has sections on personal data which sit alongside the laws as named above and we strive to comply with best practice as well as the law. If you have any concerns about how your data is used in fundraising, then please do contact us in the first instance or if your query is not resolved, you may contact the Fundraising Regulator.
Cookies and similar technologies
Each time you interact with our website we may, depending on the consent provided, automatically collect personal data, including technical data about your device, your browsing actions and patterns, as well as content and usage data. We collect this data using cookies, server logs and other similar technologies like pixels, tags and other identifiers. You can read more about how we use cookies and similar tracking technologies in our Cookie Policy
Changes to this policy
This policy may change from time to time. We will post any changes we make to this policy on this page and indicate on the website homepage that we have updated it. Please check back frequently to see any updates or changes. You’ll be notified of any significant changes. This policy was last updated in July 2025.
