At National Migraine Centre, we respect your privacy and are committed to protecting your personal data. Please read this policy, which explains how we collect personal data, what we do with it and the measures we take to protect it and what controls you have over your personal data.
Unless otherwise stated, references in this Privacy Policy to we, us and our, are references to the National Migraine Centre.
This Privacy Policy covers our use of your personal data when you: (i) use our website; (ii) complete an online booking request or other form on our website; (iii) subscribe to our newsletter; (iv) communicate with us (including via our feedback form: compliments and complaints) by email or by phone or by other means (such as social media); (v) make a donation (including gift aid); (vi) volunteer or fundraise with us; or (vii) participate in online research or surveys.
National Migraine Centre is what’s known as the ‘data controller’ of the personal data you provide to us. Your relationship with us determines how much data we collect from you. We will only ever collect the data needed to provide you with advice and services.
We will be very clear with you about the reason for collecting data and how we intend to use, share and store that data at the point we collect it.
If you are under 16 please ensure you obtain your parent/guardian’s consent before sending any personal data to the National Migraine Centre.
How we collect and use your personal data
The text below sets out how we collect your personal data, the types of personal data and how this personal data is used.
1 Personal data that you provide to us when subscribing to the National Migraine Centre newsletter includes:
We use this personal data in order to:
We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter.
2 Personal data we collect if you are Fundraising for us including:
We use this personal data in order to:
3 Information you provide to us when completing the Book a Headache Masterclass Form includes:
We use this personal data in order to:
4 Information you provide to us when completing the [HIT-6 score] includes:
We use this personal data in order to:
5 Information you provide to us when completing the Botox Consent Form and/or the Greater Occipital Nerve (GON) Block Consent Form includes:
We use this personal data in order to:
6 When you make a donation.
If you contact us to make a donation we will collect your credit/debit card details (we will not store these details) and/or collect your bank account details to process the donation (including to set up direct debit payments).
Information you provide to us when completing the Gift Aid declaration includes:
We use this personal data in order to:
8 Information you provide to us when completing our Online Booking Request includes:
We use this personal data in order to:
9 Personal data you provide to us in relation to our Will Writing Service including:
We use this personal data in order to:
10 Personal data that you provide us in [response to online research or surveys] includes:
We use this personal data in order to:
11 Information when you communicate with us whether through our website by email (including via the Feedback Form: compliments and complaints), by phone, by social media or by any other means including:
We use this personal data in order to:
12 Personal data that we collect through your use of our website including:
For further information on our use of cookies see our Cookie Policy.
We use this personal data in order to:
13 Personal data that we collect through Facebook Adverts including:
Our Facebook Adverts use the Facebook Pixel Service of Facebook Inc. 1601 S.California Avenue, Palo Alto, CA94304. USA (Facebook).
For further information please read our Cookie Policy and Facebook’s privacy policy and Facebook’s cookie policy.
We use this personal data in order to:
Certain types of personal data are more sensitive than others. This special category personal data about you includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion.
We may collect and receive special category personal data about you. We have identified below the types of special category personal data we may collect or receive, how we will use it and why we will use it.
1 Information you provide to us when completing our Online Booking Request includes:
We use this personal data in order to:
2 Information you provide to us when completing the Headache Diary includes:
We use this personal data in order to:
3 Information you provide to us when completing the Medication Form includes:
We use this personal data in order to:
Enable our clinicians to prescribe medication, diagnose your headache and make informed treatment recommendations
4 Information you provide to us when completing the Botox Consent Form and/or the Greater Occipital Nerve (GON) Block Consent Form includes:
We use this personal data in order to:
We rely on the following lawful bases under data protection law for our use of your personal data:
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Where we process your special category personal data (such as health data) we rely on the following lawful bases under data protection law:
We use your personal data where this is necessary for our legitimate interests (or those of a third party). This includes where use of your personal data is necessary to:
We hold your personal data only as long as necessary for each reason that we use it.
We have set out how long we will typically keep certain types of personal data below:
Prospective patients (sending booking requests)
Deleted annually (after they have left the waiting list for an appointment)
Patients (received an appointment)
A minimum of 20 years after we have been notified of the death of a patient.
Temporary information held by Typeform or other form hosting companies will be deleted annually.
Medical research participant
A minimum of 20 years after the conclusion of the research.
Survey respondent
Five years.
Recipients of marketing and fundraising materials
When marketing/fundraising emails are sent, opt outs are provided. Data will be held until an opt out is received.
Recipients of networking, professional education, training and conferences information
When marketing/fundraising emails are sent, opt outs are provided. Data will be held until an opt out is received.
Donors (to receive donations / payments)
The National Migraine Centre holds no financial information. Where patients consent to make a donation/payment, agents such as Opayo and JustGiving process data. The information will be held and used for as long as permitted for legal, regulatory, fraud prevention and legitimate business purposes.
Donors (to claim Gift Aid, at the request of the donor)
When payment is made through JustGiving, it is JustGiving that collects and processes Gift Aid and all data is stored there. Where a gift has been made via Opayo, the charity records Gift Aid status and passes this to HMRC, via our accountant, in line with statutory regulation. The information will be held and used for as long as permitted for legal, regulatory, fraud prevention and legitimate business purposes and at least six years.
Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
Your personal data will be processed by employees and volunteers of the National Migraine Centre.
There are also certain circumstances where we will transfer your personal data to third parties. These include:
Our suppliers, third party vendors and service providers will be required to meet appropriate standards on processing information and security when processing your personal data. The information we provide them, including your information, will only be processed in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this Privacy Policy.
Your personal data may be transferred to other third party organisations in certain scenarios, such as:
Some of the third parties with which we share your personal data will act as separate data controllers. This means that they will process your personal data for their own purposes – please see the privacy notices of the relevant third party for further details.
Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
We will never sell or rent your personal data to other organisations.
Personal data we process is processed and stored within the UK or European Economic Area (EEA).
We may transfer your personal data to locations outside of the UK and EEA. However, to ensure your personal data is protected in accordance with EU and UK data protection law we will only transfer data outside the UK and EEA where appropriate safeguards as required by applicable data protection law are in place. This includes where a jurisdiction has been deemed adequate by the EU or UK or, where there is no adequacy decision, by putting in place Standard Contractual Clauses.
Please contact us at admin@nationalmigrainecentre.org.uk if you would like further information on the specific safeguards used by us when transferring your personal data.
The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk.
We have however put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We ensure that only those employees and volunteers, who need access to your personal data as part of their role, are given access. They will only process your personal data on our instructions and our contracts ensure that the data is kept confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we need to.
You have a number of rights about how we handle your personal data. These rights are not applicable in all circumstances and exemptions may apply. Your rights may include the following:
If you would like to know more about your rights under data protection law, you can find out more at the Information Commissioners Office website.
You also have a right to lodge a complaint with a supervisory authority. In the UK you can make a complaint to the Information Commissioner’s Office (Tel: 0303 123 1113 or at www.ico.org.uk).
We may send you direct marketing by:
If you do not want us to use your personal data for the purposes of direct marketing you can withdraw your consent at any time by:
Please note that if you choose not to consent to direct marketing or withdraw your consent to direct marketing we will still communicate with you in relation to your appointments and other service related messages. For example, confirmation or cancellation of appointments.
If you fail to provide the personal data requested where we need the personal data for either legal or accounting purposes or to fulfil our contract with you, we may need to cancel your services. Before cancelling your services, we will notify you that you are required to provide the missing personal data and give you a further reminder before cancellation.
When you are browsing our website, we have cookies in place, which provide information on how you navigate the site and the pages you visit. You will be given the option to agree to these cookies when you visit the website. We also have some essential cookies in operation, which help the website work well, you can block these but it may affect the website’s ability to respond correctly and load pages etc.
Please see our Cookie Policy for more information relating to our use of cookies and similar technologies on this website.
In order to be able to provide you additional services such as information on migraine research and treatment, will writing services, fundraising platforms and other migraine charities we may link to other websites. Where we have a contract in place for the services, we take steps to ensure that your personal data is secure and only used in the way we prescribe. For other third-party websites, we will make clear that you are being redirected. These websites should have their own privacy policies which you should check.
We suggest that you review the privacy policies for any third-party websites you visit as we cannot accept any liability for the way they manage your personal data as we have no control over them.
We may change this Privacy Policy from time to time and it is available on our website. Please check back frequently; you will be able to see when this Privacy Policy was last updated by looking at the date at the end of this Privacy Policy. If we make changes to this Privacy Policy, we will post the updated version on our website.
If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our website or, if we have your email address, by email.
If you wish to talk through anything in our privacy policy or find out more or exercise any of these rights, please contact us by emailing info@nationalmigrainecentre.org.uk and we will be happy to help.
National Migraine Centre is registered with the Data Commissioner’s Office as a Data Controller. Our registration number is 1115935.
National Migraine Centre is a company registered in England and Wales. Registered company number: 1115935 whose registered office is 999 Medical Centre, 999 Finchley Road, London, NW11 7HB.
Last updated: August 2022