DEBRA International adheres to the Principles and Legal Requirements of the Data Protection Act (DSG) 2018 (Austria), the Telecommunication Act (TKG) 2003 (Austria), and relevant European Union Data Protection Directives, including the General Data Protection Regulation (GDPR) (EU Regulation 2016/679).
ABOUT DEBRA INTERNATIONAL
DEBRA International is the umbrella organisation for a worldwide network of over 50 patient-support and research-funding DEBRA groups working on behalf of those affected by epidermolysis bullosa (EB).
Our aim is to enable people with EB worldwide and the organisations that support them to work together to maximise quality of life and to promote the development of effective treatments for the condition.
DEBRA International is registered as a Charity in Austria (ZVR 932762489). The official address of DEBRA International is Am Heumarkt 27/1, 1030 Vienna, Austria.
HOW WE COLLECT INFORMATION ABOUT YOU
We collect information in the following ways:
Information you provide to us directly
You may give us your personal information in order to apply for research funding or a grant, apply to be a volunteer, receive newsletters, donate to DEBRA International, join our research involvement network, register a new DEBRA group as a member, or otherwise communicate with us.
Information you provide to us indirectly
Your personal information may be shared with us by third parties, for example:
correspondence passed on by another DEBRA group;
if you are a researcher and your personal information is shared with us by the principal investigator or institution.
DEBRA International is active on Facebook, LinkedIn, Twitter, and YouTube. With the exception of the DEBRA International Research Involvement Network Facebook group, we do not collect personal information from these social media sources, although we will endeavour to answer messages directed to us through these sources. Any information we collect is for internal statistical analysis of our reach and is anonymised.
WHAT PERSONAL INFORMATION WE COLLECT
We collect, store, and use the following kinds of personal information:
your contact details (including full postal address, country of residence, telephone/mobile number, email address; next of kin);
your date of birth;
your country of origin;
your bank details where you provide these to make a payment to us or receive a payment from us;
the DEBRA group you are a member of;
information necessary for us to process applications and assess your suitability if you apply to volunteer or apply for a job with us;
information necessary to process your application if you apply for research funding or a grant;
information about your activities on our website and about the device you use to access these (including your IP address and geographical location);
information relating to your health (where you share your experiences of EB with us) and;
any other personal information you provide to us.
Sensitive personal information
Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive. Examples of this type of sensitive information are information about health, race, religious beliefs, political views, trade union membership, sex life or sexuality, and genetic/biometric information.
We only collect this type of information to the extent that there is a clear reason for us to do so. We will also collect this type of information if you volunteer it to us, for instance if you tell us you have EB when contacting our EB Without Borders team.
Wherever it is practical for us to do so, we will provide you with privacy information at the time of collecting your information. This includes providing information on why we are collecting your personal information, what it will be used for, our retention periods for that personal information, and who it may be shared with.
HOW WE USE YOUR INFORMATION
We will use your personal information to:
respond to or fulfil any requests, complaints, or queries you make to us;
provide you with the services or information you have asked for;
keep a record of your relationship with us;
helping us respect your choices and preferences;
further our charitable objectives;
send you correspondence and communicate with you;
process applications for funding, and for administration of our role in the projects we fund;
administer our website and to troubleshoot, perform data analysis, research, generate statistics, and surveys related to our technical systems;
testing our technical systems to make sure they are working as expected;
generate reports on our work and services;
safeguard our staff and volunteers;
conduct due diligence;
monitor website use to identify visitor location, guard against disruptive use, monitor website traffic and/or personalise information which is presented to you;
process your application for a job or volunteering position;
process your application to register a (new) DEBRA group as a member of DEBRA International;
conduct training and quality control;
audit and administer our accounts;
meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies and;
establish, defend, or enforce legal claims.
EB Without Borders
Through our EB Without Borders programme, DEBRA International provides support to individuals affected by EB (including patients, families, and clinicians) in countries where there is little to no support available, and assists new DEBRA groups to form and develop. We collect personal information in order to provide this programme.
The EB Without Borders team may receive personal information about your health when you communicate with them. They will use this information to answer your questions and provide support. Correspondence will be recorded for training, quality monitoring, and evaluating the service we provide and will be stored securely. Information you provide will not be used for marketing purposes and will not be passed to anyone else without your explicit consent.
DEBRA International sends regular newsletters to provide you with a variety of DEBRA and EB-related information and updates. This may include updates on DEBRA International and DEBRA groups’ work, progress on EB research, grant opportunities, events, and opportunities to participate in our work, such as opportunities to review research applications, and complete surveys.
We operate an ‘opt-in only’ communication policy. This means that only individuals who specifically opt in to receive newsletters through our sign-up form will receive these and have their details stored. You may choose to stop receiving our newsletters at any time by clicking on the Unsubscribe link provided at the bottom of all mailings or by contacting us at email@example.com.
HOW LONG WE KEEP YOUR INFORMATION FOR
We will only retain your personal information for as long as it is required for the purposes for which we collected it. This will be determined by legal and operational considerations, the nature and type of information, and the reason for which we collected it. We annually review the information we hold and will permanently delete personal information that is no longer required.
HOW WE KEEP YOUR INFORMATION SAFE
We have technical and organisational measures (including electronic and managerial measures) in place to protect your personal information from unauthorised access and improper use. We maintain a set of data protection procedures which our staff and volunteers are required to follow when handling personal information.
DISCLOSING AND SHARING YOUR INFORMATION
We do not sell your personal information.
We may share your personal information with third parties who provide services on our behalf. These third parties only collect and hold the information they need in order to deliver the service. Some of these third parties may run their operations outside of the European Economic Area (EEA). In these circumstances, we will take steps to verify that they provide an adequate level of data protection, and appropriate safeguards are in place.
If you provide personal information through involvement with a specific DEBRA International project, that information may be shared with any third parties that are listed as a collaborator. In the majority of cases, a collaborator will be another DEBRA group.
DEBRA International collaborates with a number of third party organisations in academia, healthcare, and pharmaceuticals. For the purposes of research, and clinical care development, DEBRA International may distribute surveys on behalf of these third parties acting as the intermediary. DEBRA International will only return survey results to these third parties as an anonymised dataset.
Where we are under a legal or regulatory duty to do so, we may disclose your details to the police, regulatory bodies or legal advisors, and/or, where we consider this necessary, to protect the rights, property, or safety of DEBRA International, its personnel, visitors, users, or others.
Except as indicated above, we will not transfer your personal information to any third parties, within or outside the EEA, without your consent.
DEBRA International uses images, recordings (video & audio), and written stories (“Media”) in promotional materials designed to raise awareness of EB and the work of DEBRA International and DEBRA groups. This may include leaflets, brochures, flyers, roller banners, newsletters, newspapers, magazine articles, social media, website, and other items. DEBRA groups and third party organisations may sometimes request access to the Media. DEBRA International will not share any identifiable Media without your explicit consent for its intended use.
LINKS TO OTHER WEBSITES
LEGAL BASIS FOR PROCESSING
Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (GDPR) (EU Regulation 2016/679), and in current Austrian data protection legislation: the Data Protection Act (DSG) 2018 (Austria), and the Telecommunication Act (TKG) 2003.
Consent is where we ask you if we can use your personal information in a certain way, and you agree to this. Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations.
Performance of a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are applying to work/volunteer with us, or are being funded to undertake research.
We have a basis to use your personal information where it is necessary for us to protect life or health.
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests”. This is provided that what the information is used for is fair and does not unduly impact your rights.
We consider our legitimate interests to include all of the day-to-day activities DEBRA International carries out with personal information. Some examples not mentioned under the other bases above where we are relying on legitimate interests are:
use of personal information for research purposes;
use of personal information to administer, review, and keep an internal record of the people we work with, including collaborators, supporters, volunteers, and researchers;
sharing of personal information between relevant teams and committees within DEBRA International;
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective, and your rights under data protection laws do not override our (or others’) interests in us using your personal information in this way.
When we use sensitive personal information (please see the “What personal information we collect” section above), we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information, such as if we need to process it for employment.
We want to ensure you remain in control of your personal information and that you understand your legal rights, which are:
Right to be informed
You have the right to be provided with privacy information at the time we collect your personal information. Privacy information may include our purposes for processing your personal information, our retention periods for that personal information, and who it will be shared with.
Right of access
You have the right to know whether we hold personal information about you. If we do, you have the right to request a copy of that information and how it is used. This will be provided to you unless legal exceptions apply.
Right to rectification
If you believe the personal information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies.
Right to erasure
You may ask us to delete some or all of your personal information. In certain cases, and subject to certain exceptions, you have the right for this to be done.
Right to restrict processing
You have the right to ask us to restrict the processing of some or all of your personal information in the following situations: information we hold on you is not accurate; we are not lawfully allowed to use it; you need us to retain your information in order for you to establish, exercise, or defend a legal claim; you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
Right to object
If we are processing your personal information based on our legitimate interests or for scientific/historical research or statistics, you have a right to object to our use of your information.
If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.
Right to data portability
If we are processing your personal information based on (a) your consent or (b) in order to enter into or carry out a contract with you; and we are carrying out the processing by automated means, you may ask us to provide the information to you or another service provider in a machine-readable format.
DEBRA International does not carry out any automated decision-making or profiling.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. Please contact us by email at firstname.lastname@example.org if you have any queries.
If you want to exercise any of the above rights, please contact us by email at email@example.com. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request; however, if we are unable to do so, we will contact you with reasons for the delay.
CHANGES TO THIS POLICY
If you are unhappy with any aspect of how we are using your personal information, we would like to hear about it. We appreciate the opportunity this feedback gives us to learn and improve. You can contact us at firstname.lastname@example.org.