The Harefield Transplant Club Privacy Policy

The Harefield Transplant Club is devoted to helping to inform and support people on the waiting list, and their family, for heart or lung transplants as well as providing encouragement for those who have gone through transplantation.  The club is also active in promoting awareness of the need for organ donation and the potential change in quality of life post-transplant.  The Harefield Transplant Club is a registered charity (number 1060656).

Policy summary
The club will respect any personal data you share with us and keep it safe.  We aim to be transparent when we collect data and not do anything you wouldn’t reasonably expect.

Collecting data
The norm is that you explicitly provide the information when completing the application form.  Alternatively you may choose to contact our membership secretary directly.

A friend or relative of yours may pass on your details to us for a specific purpose. For example, if they are signing up multiple people for the reunion weekend, they may provide names and details of all participants. We will only hold and process your details for the purpose of completing the task for which your details were provided to us.

Should you need to contact us please write to:
The Membership Secretary – who is the Data Protection Officer; contact details are in the quarterly Newsletter; and on our website :

The information we collect when you become a member

When you become a club member we ask you to provide personal information such as :

  • Name
  • Address
  • Date of birth
  • Date and type of transplant
  • Ancillary information; for example thoracic hospital if not Harefield
  • Contact numbers
  • Email address
  • Partner’s name
  • We do not hold any bank details

How the information is used

The data is held to:

  • Allow for Emailing or posting the quarterly Newsletter
  • The Annual reunion and other correspondence, for example notifying you of special events
  • Sending the significant anniversary year pins.
  • Reclaiming Gift Aid

By requesting that the information is Emailed you agree to your Name and Email address being transferred to the automated Emailing facility mailchimp.

Access to the information
We ensure that there are appropriate controls in place to protect your personal details.  Current committee members have access to the information. Additionally seconded members or those assisting in the clubs work, for example in producing and mailing the Annual lottery letters, are allowed access. The data is stored on Dropbox (a server) which encrypts the data.  Access to the information on the Dropbox server is restricted. Data on individual laptops is protected with proprietary anti-virus software.

Keeping your information up to date
If your contact details change, it is helpful to let us know; please contact our membership secretary.  Data protection means that the hospital is not able to provide the club with any information, including changes. If you wish to have your information deleted then please contact the membership secretary.

A member’s data will not be retained once the membership secretary is informed that a member has passed away.

The Committee meeting Minutes are kept for 7 Year, as is the accounts.  The Inland Revenue require that Gift Aid lists are also retained for 7 years.

Sharing your story
If you wish to publicise you story it will likely be included on the website and in the booklet for Transplants and their families; however you will need to consent  to its publication.

Other Organisations 
We use the company Hatchit (London) LTD ( to manage our MailChimp campaigns which gives them access to view your personal data only. Hatchit (London) LTD only access personal data captured via MailChimp for the purpose of adding the personal data to a mailing database only associated with the Harefield Transplant Club. The information captured is Surname, Forename Name and Email address.

The charity uses social media such as Facebook, which are inherently insecure.  Similarly Emails are not a secure medium.

External Auditor
All financial transactions with the club will be available to the Club’s auditor(s). This may include personal information which is provided in order to meet any statutory requirements.

Use of Cookies
Some of the web pages use cookies. Essentially a cookie is information that a website transfers to your computer so the website can remember who you are.

Data Security
Backup copies of the Dropbox information are taken regularly by the Membership Secretary.

A further copy is taken by a committee member to provide a security backup at another location.

The General Data Protection Regulation
The charity has made changes in order to comply with the new General Data Protection Regulation (GDPR), introduced in May 2018, which is intended to strengthen data protection for individuals.  Personal data means data which relates to an individual who can be identified from that data, or from that data and other information which is in the possession of the club.

The new Data Protection regulations state that the charity is allowed to use and share your personal data only where there is a proper reason to do so. We must have consent to using your information.

Asking for information held
If you require a copy of the information held about you please contact our membership secretary; the contact details are in our Newsletter and on the web site.  For security reasons we will need proof of identity.

What are your rights
If you have any general questions about your rights or want to exercise your rights please contact our membership secretary who is our Data Protection Officer.

If you have any concerns on the way your data is being used then please contact the Data Protection Officer who will seek to resolve any issues or concerns you may have.

You have the right to lodge a complaint with the data protection regulator which in the UK is the Information Commissioner’s Office (ICO) where your personal information is being used in a way that you believe does not comply with the regulation.

Data Protection Officer
The Main Data Controller is the Membership Secretary.  The Data Controller determines the way in which any personal data is processed.