This Privacy Policy was last updated on, and therefore its effective date is 18 May 2023.

Privacy Policy. 

This VI Insight Hub (the Hub) website (www.vihub.org) is operated by the VI Charity Sector Partnership (the Partners).  This policy explains how and why we process (collect, manage, use and protect) your personal data when you use or interact with the Hub.  It also makes clear how you control your personal information.  If you use the Hub, it should be read in conjunction with our Terms of Use and Cookies Policy.

Our Privacy Promise.

We take our duties when processing your personal data very seriously.  We will make every reasonable effort to collect, process, store and share your data safely and securely and to tell you what data we are collecting, why and what we are doing with it.  We will also make sure that our trusted partners, with whom we share your data, do the same.  We promise that we will be open and clear with you about our use of your personal information and that you will be able to control your personal information with ease.

Your data.

In order to enable your use of the Hub, we need to collect and keep personal data about you, such as your name, contact details and preferred means of communication and, when appropriate, requested service details.  Some of this information we may obtain from, or need to share with, third parties such as our website developer and operator, other service providers or members of the Partnership.  This is to enable your use of the Hub and provide the information, products and services you have requested.

We use your data to enable your use of the Hub.

We use the information you provide to contact you and to keep you informed about Hub related activities and services as well as to manage, operate and improve the Hub.  We may also use it to identify your areas of interest and draw your attention to matters of relevance to you.

You are in control.

If you have any questions, or any concerns regarding how your personal data is being processed (for example, if you believe it is inaccurate or incomplete) or if you wish to stop receiving certain or all communications from us, you can amend your preferences at any time.  You can contact us using the details in Section 9 of this policy “How to Contact Us”.

Changes to this Policy.

We may change this policy from time to time to reflect the latest views of what we do with your information and legal and regulatory changes.  Please check back frequently.  You will be able to see changes have been made by the date it was last updated.

Our Privacy Policy in detail.

This policy is split into 9 sections and explains:

  1. Who we are.
  1. What personal data we collect and why.
  1. How we collect your personal data.
  1. The lawful basis for processing.
  1. Sharing and protecting your information.
  1. Retaining your information.
  1. Your details on the Hub.
  1. What are your rights?
  1. How to contact us.

1. Who we are.

This Privacy Policy applies to personal data processed for the purpose of operating the Hub.  Under data protection law and regulation, we are a ‘data controller’ and are registered as such with the Information Commissioner’s Office (Registration Number: ZB134019).

Our purpose is to advance health and social care through the promotion, support, conduct and distribution of national and international research and its practical application in all areas relating to vision impairment and related conditions with a particular focus on members and former members of the armed forces.

As the operators of the Hub, we are acting on behalf of the VI Charity Sector Partnership (the Partnership), a voluntary grouping of charities who are collaborating to deliver the Hub and its contents.  The Partnership consists of the following organisations:

Blind Veterans UK

Glaucoma UK

Retina UK

Royal National Institute of Blind People

The Guide Dogs For The Blind Association

The Macular Disease Society

Thomas Pocklington Trust

Visionary

2. What personal data we collect and why.

What data we need to collect.

The term ‘personal information’ (or data) means information that relates to you or another living individual that means you can be identified, either directly or in combination with other information that we may hold.  Where there is insufficient information to identify an individual, that information is not personal data.  We need personal information about you to enable your use of the Hub and to provide the information, products and services you have requested.

We will be clear with you when we wish to collect such information.  We will provide our reason for collecting such information and we will only do so when we have a lawful basis for processing the information.  You retain the right to change your preferences at any time.

The accuracy of the personal information we hold about you is really important to us.  If you identify a need to update or correct any information we hold, please contact us using the contact details in Section 9 of this policy.

Ordinary data.  As a user of the Hub, information collected may include, but is not limited to:

  • Name
  • Date of birth
  • Sex / gender
  • Email Address
  • Postal address
  • Telephone Number (mobile and/or landline)

Special Category data.  UK data protection law and regulation recognises certain information as ‘special category’ data and therefore as being particularly sensitive.  If collected, this would include data concerning: health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, certain biometric data, or a person's sex life or sexual orientation.  Sometimes we may need to collect or may indirectly obtain sensitive personal data.  For example:

  • You may reveal some of this information if you share photos or personal information on the Hub or social media channels.
  • We may gather this information for the purposes of monitoring and ensuring we provide equal opportunities and are inclusive for all supporters or to cater for your specific requirements when interacting with us.

If you freely provide, either at our request or voluntarily, any ‘special category’ sensitive personal information you explicitly consent to us processing that sensitive personal information under Article 9(2)(a) or (e) of the General Data Protection Regulation and in accordance with this Privacy Policy.

Why we need it

We need your personal information in order to perform functions such as:

  • To comply with the law.  To comply with the law as a data controller; there are legally required data processing purposes which must be completed, including but not limited to, company, charity, employment, social security, social protection law and due diligence processes.  This may be to fulfil our obligations; in connection with our legal rights and obligations; or for disclosure of your information to third parties where required by law or to enforce our legal rights.  Personal information collected specifically for this purpose cannot be further processed.
  • Manage your relationship with us. To keep a record of your relationship with us and any direction you give on how we are to comply with your data rights.  Also, to enforce our terms and conditions and otherwise manage our organisation; or for disclosure of your information to third parties, only to the extent necessary to operate the Hub and fulfil our services to you.
  • Communicate with you.  To know how you prefer to be contacted and to make adjustments as you specify.  To provide you with specific and, where appropriate, personalised services, information, products, updates, newsletters, feedback.  To allow you to participate in social sharing on the Hub (where applicable).  To assist with technical problems related to our websites or apps.
  • To personalise and improve your supporter experience. We may use your personal data in order to tailor our information and services to your specific needs and preferences to ensure a personalised experience.  To understand how we can improve our services, products or information.  To provide personalised services and communication in a way that you control and that suits you.
  • To secure and improve our services and administration.  To ensure the most efficient and appropriate use of the resources we have.  To ensure network and IT security and so that the server and website remain uncompromised.  To drive efficiency and effectiveness through statistical and market analysis.  To analyse the use of the Hub, to develop our services and to improve the Hub.

If you don’t want to hear from us, or do not want us to use your data, please contact us using the details at Section 9 “How to Contact Us”.  We will retain sufficient data only on a suppression list to ensure that we respect your preferences.  If you choose to withhold certain personal information, we may not be able to provide you with the information, support or services you would like.

3. How we collect your personal data.

We collect information about you in a variety of ways.  We may collect information you provide directly to us as well as information indirectly available from other sources, such as Partnership members.  The information we get from other organisations may depend on your privacy settings or the preferences you have selected with them, so you should regularly check them to fully understand how they will process and share your data.

Information we collect when you visit the Hub.

We collect and use information provided directly by Hub users, such as:

  • Sign up for newsletters, forums or other communications and requests.  You may directly share your personal information by signing up on the Hub for newsletters, forums or other communications and services.
  • Web server log information.  We use a third-party company to host the Hub called The Communications Group.  Their privacy policy is available here www.thecommunicationsgroup.com/privacy-policy/.  The Hub’s server automatically logs the IP address you use to access the Hub as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to the Hub (e.g. the website or URL (link) which referred you to the Hub), and your browser version and operating system.  This information does not of itself identify you and is not used by us or our third party to identify you.  The server is located in the UK.
  • Cookies and similar technologies.  Cookies are data files which are sent from a website to a browser to record information about users for various purposes. We use cookies on the Hub, including essential, functional and analytical.  You can reject some or all of the cookies we use on or via the Hub by changing your browser settings, but doing so can impair your ability to use the Hub or some or all of its features.  For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org and our Cookies Policy.

Information collected indirectly from other sources.

We may obtain your personal data indirectly from other organisations or individuals when you give them permission to share it, when we have a legitimate interest or other lawful basis; or when the data is publicly available.  Below are some examples, but this list is not exhaustive:

  • Third party organisations or individuals.  We may obtain information from third parties if you have agreed that they can approach us or that we can approach them or where we share a mutual, legitimate interest (in which case we will inform you that we have received your data from them).  You may have provided permission for a company or other organisation to share or sell your data with/to third parties, including charities.  This could be when you buy a product or service, register for an online competition or survey, install an application on your mobile phone, or sign up with a comparison site.  We can only use this data where we have been named as a recipient of the data or the third party has named a charity subsection into which we fit.  Third parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights.  In this case, we will have a legitimate interest in processing that information to investigate and pursue any such potential infringement.
  • Digital, Online and Social Media.  Depending on your settings or the privacy policies for social media and messaging services like LinkedIn, Facebook, TikTok or Twitter, you might give us permission to access or reveal information from those accounts or services.
  • Publicly available sources. Public information may include information from places such as Companies House, the Charity Commission, the electoral register and information that has been published in articles / newspapers / social media, e.g. LinkedIn.  Additionally, the Post Office’s National Change of Address database allows us to keep your information up to date.

4. The lawful basis for processing.

Data protection law and regulations require us to have a lawful basis for processing your personal information.  These include:

  • Where we have a legitimate interest.  Where we have a legitimate interest, we must ensure that we are not harming any of your interests or rights and only use it in a manner that you would reasonably expect us to when using the Hub.  For example: in communicating with you; provision of requested services; analysis to better understand who our users are and to improve Hub services and information; for the purposes of ensuring network and information security; for fraud prevention; and for informing authorities about possible criminal acts or security threats.
  • Where you have given explicit consent to do so for notified purpose(s).  This may include marketing material (electronic or other) or to provide you with a product, service or information that you have requested or require.  Where we need your consent, it will be clearly identifiable as a consent for a specific purpose.  You are able to withdraw consent at any time by contacting us, if you make this choice it may affect our continuing relationship as some services may no longer be able to be supplied.
  • To comply with a legal obligation.  For example, where we are required to do so by a court, regulatory authority the police or security services or we are legally required to, such as: compliance with a legal obligation to which we are subject. We also have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals; recording access to the Hub using server log files is such a measure.
  • The performance of a contract. If we are setting up or have a contract with you we will process your data to comply with the obligations of the contract.
  • Special category.  Where we process special category personal information (such as health data) we will ensure we do so in accordance with a lawful basis under the additional conditions for processing special category data under Art. 9 and 6 of UK-GDPR 2020 and DPA 2018.  For example, where you have given consent or the information has been made public by yourself.
  • To protect the vital interests of yourself or another person.  If we believe that the vital interests of you or a third party is at risk, we have a duty to protect.

5. Protecting and sharing your information.

How we protect your personal data.

We ensure that there are reasonable and appropriate technical and organisational controls in place to protect your personal details against unauthorised or unlawful processing and against accidental loss, destruction or damage.  We have policies and procedures in place to restricted access to your data to those who must have it and with which staff and volunteers are expected to comply and for which they receive training.  We have a service and data sharing agreement with Blind Veterans UK, or Parent charity, which provides our Information Services and security measures.  The measures in place include:

  • Control of information.  We only share and provide access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible.  We have data sharing agreements with our processors.  We verify the identity of any individual who requests access to information prior to granting them access to information.
  • Online security.  We will ensure that when processing personal information over the internet that this is done securely.  We use secure servers to store your information and Secure Sockets Layer (SSL) / Transport Layer Security (TLS) software to encrypt any information you submit to us via any forms on our website and any payment transactions you make on or via our website.  To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly updated / patched and have malware protection.  Only connect your devices to networks that you trust.  We cannot guarantee the security of data disclosed or transmitted over public networks.
  • Password security.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Hub or systems, you are responsible for keeping the password confidential.  You agree not to share that password with anyone else.
  • Third party website links.  Our documents, website and apps may include links to other third-party websites, not owned or managed by us.  Whilst we try our best to only link to reputable websites, we cannot be held responsible for the privacy of data collected by sites not managed by us, nor can we accept responsibility or liability for the implications to you of those policies.  For this reason, you should consult the privacy policy on any external site you link to before you submit any personal data.

Transmission of information over the internet is not entirely secure, and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet (whether by email, via our website or any other means).  Any transmission is at your own risk.

We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities, or any other form of loss or damage suffered by you as a result of your decision to transmit information to us or to receive it from us by such means.

Managing access and sharing of your personal data

This section sets out the circumstances in which we may disclose information about you to third parties and any additional purposes for which we use your information.

We undertake regular reviews of who has access to information that we hold to ensure that your information is accessible only by the necessary and appropriately trained staff, volunteers and trusted third parties.  When we share your data with a third-party, we require that they have appropriate technical and organisational measures in place to protect your information.

We will put in place appropriate agreements with other Data Controllers or Processors where we have a requirement to share data and / or they process your data on our behalf.  These agreements are designed to help safeguard your rights and give you remedies in the unlikely event of a misuse of your personal data.

However, we may be compelled by law to disclose your personal data to a third-party, such as law enforcement agencies, courts or government bodies and have limited control over how it is protected by that party.  Examples include, where we believe a crime has been committed or to assist with the apprehension of an offender, and in certain circumstances to respond to an individual Right of Access Request (known as DSAR).

We may in certain circumstances share your personal data without your consent for the purpose of fulfilling our safeguarding responsibilities.  This doesn’t happen often, but we may share your personal data:

  • If we believe there is a serious risk to the public, to staff or volunteers or other individuals.
  • To protect a vulnerable person (child or adult) who we believe may be at risk.

Occasions, other than by law, when we may share your data include:

  • If you have agreed that we may do so.
  • With The VI Insight Hub Partners.
  • When we use third parties to collect or process personal data on our behalf, (a list of processors is included at the end of this policy) or when a third party processor uses a sub-processor that we have agreed to the use of.
  • If we receive a complaint about any inappropriate content you have posted or transmitted to or from one of our sites, forums, social media pages or apps we may share your personal data with your internet provider or law enforcement agencies.
  • To enforce or apply the Terms of Use for the Hub or of a contract or other agreements or if we believe that we need to protect the rights, property or personal safety of staff, volunteers, research participants, supporters and visitors / contractors or websites and for other lawful purposes.
  • We may disclose aggregate statistics about our users and activities to prospective supporters, partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics won’t include any personally identifying information without your explicit consent.
  • If we form a new entity, merge with another, or divest ourselves of a part of the charity to form a separate or new organisation with its own legal identity, or if the operation of the Hub is transferred to a new operator, information including your personal data may be transferred to the new entity.

We will never rent or sell your personal information.  We will not share or swap it with other organisations for their own unrelated purposes or to make money out of your data without your consent.

Where we store your information

The information that you provide to us will be managed and controlled by us.  Where we store your information may differ depending on the purpose for which we are processing it.  Your personal data may be held within our systems and IT network, which are owned and managed by Blind Veterans UK (or their authorised sub-processors such as Microsoft) or instead the information may be held within the systems used by trusted third parties who process your personal data on our behalf, such as The Communications Group.

Transfers of your information outside the UK

We may need to use the services or provide access and processing to third party providers and other organisations located outside of the UK.  If this is required we will conduct an appropriate risk assessment and put in to place appropriate additional measures to safeguard your personal data and your rights, such as the use of Standard Contractual Clauses (SCC).  If the sharing is a ‘one off’ requirement or is infrequent we may ask for your explicit consent.

The UK has recognised some countries and all of the EEA states as possessing data protection “adequacy” for the purposes of data sharing to these countries.  The UK Government has decided no additional safeguards are needed to conduct data transfers to the EEA as these states have equivalent standards of data protection as the UK-GDPR 2020.

The EU has recognised the UK as possessing data protection “adequacy” for the purposes of personal data transfers of EU subject’s personal data into the UK.  No additional safeguards are needed as the UK has an equivalent level of protection to that guaranteed under EU law (EU-GDPR 2016).

In cases when we use external websites or applications provided by other organisations such as Twitter or Facebook, then we would ask you to consult their organisational privacy policies.  Of note:

  • E-Newsletter.  Information you submit to us when you sign up for our e-newsletter is stored on our third-party mailing list provider’s servers.  Our third-party mailing list provider is Mailchimp.  You can access their privacy policy here www.intuit.com/privacy/statement/.  They employ a number of safeguards including: incorporation of the EU's Standard Contractual Clauses in their Data Processing Addendum which automatically forms part of their Standard Terms of Use and applies to customer data protected by UK / EU laws; they also certify annually with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks and continue to protect EEA, UK, and Swiss data in compliance with the Privacy Shield Principles.  You can view their Privacy Shield certification here.
  • Google Analytics.  Information is collected by Google Analytics, such as your IP address and actions you take in relation to the Hub.  The Google privacy policy and principles describes how they treat personal information when we use Google's products and services, including Google Analytics.  They employ Standard Contractual Clauses which meet UK and EU GDPR requirements.

6. Retaining your information.

We hold your information for only as long as is necessary to fulfil the purposes for which the data was collected, to fulfil our legitimate interests or to comply with legal or regulatory rules and requirements.

Where we have contracted with a third party provider to process your personal data on our behalf these organisations will also retain some basic information in order to meet their own legal requirements.  It will only be retained for as long as is necessary but you may want to consult their privacy policies too.

If you decide to end or change your relationship with us as a supporter or request that we have no further contact with you, we will need to retain some basic personal information to comply with our legal and regulatory obligations and to maintain a suppression list to ensure we can comply with your request to receive no further contact from us.

7. Your details on the Hub.

Like most organisations, the Hub uses “cookies” and other tracking software to help us make our site and the way you use it better and more relevant to you.  We will not be able to personally identify you from the information gathered but it may help us improve our online services.

  • Cookies mean that a website will remember you.  They’re small text files that are transferred to your computer (or phone or tablet).  They make interacting with a website faster and easier, for example by automatically filling your name and address in text fields.  Please read our Cookies Policy for more information.  You can change your cookie preferences whenever you wish.
  • When visiting the Hub we may collect information about the type of device and the settings on that device.  This might also include the IP address and your operating system and certain device settings as well as diagnostic information.

8. What are your rights?

The UK’s data protection legislation includes the UK-General Data Protection Regulations 2020 (UK-GDPR) and the Data Protection Act 2018.  These two authorities are to be jointly considered as the authority of UK data protection law.  This UK legislation gives everyone a number of very important rights.  In abbreviated form these are:

  • The right to be informed.  Transparency over how we use your personal information.  This Privacy Policy falls under this right.
  • The right of access.  Request information that we hold about you and certain other supplementary information that this Privacy Policy is designed to address.
  • The right of rectification.  Update or amend the information we hold about you if it is incomplete or inaccurate.
  • The right to erase or ‘right to be forgotten'.  Ask us to remove your personal information from our records in certain circumstances where there is no compelling reason for its continued processing.
  • The right to restrict processing.  Ask us to supress the processing of your information in certain circumstances.
  • The right to data portability.  To receive information which you have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that information transferred to another data controller (including a third-party data controller).
  • The right to object.  Object to the processing of your information for certain purposes (such as marketing, research, statistics or our legitimate interests).  You may withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information.  Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.
  • Rights in relation to automated decision making and profiling.  The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or has similarly significant effects.

If you would like to know more about your rights and the limitations or circumstances in which they apply under the data protection law see the UK Information Commissioner’s Office (ICO) website, which also explains how to contact them.

Remember, you can exercise your rights in relation to your personal information at any time by contacting us using the contact details set out in the ‘How to contact us’ section of this policy.  Please let us have enough information to identify you, we may require proof of your identity; and please be as clear as you can as to what information or right that your request relates to.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law and your rights, you also have the right to lodge a complaint with a supervisory authority.  For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO).

9. How to contact us.

If you have any questions, comments or requests regarding this Privacy Policy or your personal information please contact us using the Contact Us feature on the Hub or using the details below.

Appointment: Data Protection Officer
Address: Blind Veterans UK, Ground Floor, 3 Queen Square, London, WC1N 3AR
Phone: 020 4534 1127
Email: dpo@blindveterans.org.uk

Appendix 1:  List of data Processors

Data Processor / Controller Name Purpose / service provided Link to Privacy Policy
Blind Veterans UK Provision of information services and security https://www.blindveterans.org.uk/policies/privacy-policy/
The Communications Group Provision of the Hub infrastructure, data processor https://www.thecommunicationsgroup.com/privacy-policy/
Intuit mailchimp Provision of e-Newsletter support and processing https://www.intuit.com/privacy/statement/
Google Google Analytics for Hub site analysis,  improvement and services https://www.google.com/policies/privacy/