Privacy policy

Please find our privacy policy below.

Shift.ms (“we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. This policy, together with any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

Our address is: Shift.ms, Platform, New Station Street, LS1 4JB

Our website is https://shift.ms/ and is owned and operated by Shift.ms.

This Privacy Policy applies to personal data provided to us, both by individuals themselves or by others. We only use personal data in the way described in this Privacy Policy.

The personal data that is provided to us is provided either directly from the individual concerned, from a third party acting on behalf of an individual, or from publicly available sources (such as internet searches, Companies House).

Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy statement.

We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.

Personal data

Under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and Data Protection Act 2018 (‘the Act’), personal data is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

The Data Controller

A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. Shift.ms is the data controller as defined by relevant data protection laws and regulation.

Lawful Processing

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:      

(a) Consent: you have given Shift.ms your freely, specific, informed or unambiguous consent for your personal data to be processed for a specific purpose.

(b) Contract performance: the processing is necessary for the performance of a contract you have with Shift.ms, which had asked you to take specific steps before entering into a contract.

(c) Compliance with legal obligation: the processing is necessary for Shift.ms to comply with the law for tax, social security, and employment purposes (not including contractual obligations).

(d) Protection of vital interests: the processing is vital to an individual’s survival.

(e) Public interest: the processing is necessary for Shift.ms to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for Shift.ms’ legitimate interests, or the legitimate interests of a third-party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

Data Rights

Your data subject rights are listed below:

  • the right of access;
  • the right to rectification;
  • the right to erasure or right to be forgotten;
  • the right to restriction of processing;
  • the right to be informed;
  • the right to data portability;
  • the right to object;
  • the right not to be subject to a decision based solely on automated processing.

Under the GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date. Please write to us at [email protected].

Data that we hold

Members

We provide services to individuals who use Shift.ms

Why do we process this data?

Where data is collected for professional services, it is used for a number of purposes, as follows:

  • Providing our service to members;
  • Send members information on matters relating to their membership;
  • Improving our website and the services we provide;
  • Improving the service by sending emails based on member activity;
  • Say thank you for supporting us; and
  • Produce surveys for you to participate in.

What data is processed?

The data that is processed is necessary for the functionality of our services. The following data is processed but not limited to:

  • Your username
  • Your email address
  • Your date of birth
  • The country you live in

We may gather other information where it’s appropriate, relevant, and volunteered, for example:

  • Year of diagnosis
  • Type of MS
  • Treatment choice
  • Your closest city
  • Local landmark
  • Social media handles

Our people

We collect personal data for our people as part of the administration, management and promotion of our business activities.

Our staff handbook and partnership deed explain further how personal data is held for our staff and partners.

Applicants

Where an individual is applying to work for Shift.ms, personal data is collected through the application process.

There are a number of purposes that personal data for applicants are collected.

  • Employment – we process an applicant’s personal data to assess their potential employment at Shift.ms.
  • Administration and management – we may also use this personal data to make informed management decisions and for administration purposes.

Personal data collected for applicants is held for as long as necessary to fulfil the purpose for which it was collected, or for a maximum of two years where those purposes no longer become necessary.

People who use our website and mobile apps

When people visit our website, personal data is collected both through automated tracking and interacting with various forms on the website or apps (collectively referred to as the websites).

Personal data may be collected when individuals fill in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our website, subscribe to our service, make an enquiry, comment on publications, enter a competition, promotion or survey, apply to work for Shift.ms and report a problem with our websites.

When individuals visit our websites, certain personal data may be automatically collected.

Often, individuals who visit our website additionally fall into another category as listed by this privacy statement. For instance, users of our websites may be current subscribers. Where this is the case, data held and processed for individuals who use our websites may also become data that is held and processed for another purpose.

Why do we process this data?

We process this data for the following reasons:

  • Functionality – to allow individuals to use some functionality of our website, certain personal data must be entered for features to work as intended.
  • Security – to keep our site safe and secure, we may sometimes collect personal data, for instance login information and other data that can be used to vouch for an individual’s identity.

What data do we hold?

The data that we hold depends on what data was entered and for what purpose.

Where data was entered to engage with functionality of our website, that personal data may include their name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.

Where data is collected automatically, the data that we may collect includes technical information, including the Internet protocol (IP) address used to connect an individual’s computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

Other data about an individual’s visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

Our website uses cookies to distinguish individuals from one another. This helps us to provide a better experience when individuals browse our website and allow us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Survey, poll and research data

Shift.ms uses survey, poll and research data to help us understand and improve the impact our service has on MSers. Taking part in our surveys, polls and research activities is entirely voluntary. By participating, you agree to allow Shift.ms to share your non-identifying and de-identified data with our partner organisations. Partners are carefully selected and share the common goal of improving the lives of MSers. Partners include healthcare organisations (such as NHS commissioning groups), other MS organisations, universities and other research institutions, subcontractors (such as evaluators and market researchers), funders and pharmaceutical companies. By taking part, you’re consenting to Shift.ms using the information you share and confirming you have read and understood the terms of this Privacy Policy.

Any information you share will be held securely in line with the UK Data Protection Act 2018 and the UK GDPR and used to generate anonymous reports and statistics for our trustees, our community and other programme partners.

If you would like to find out more about the way we store anonymised data, please write to us at [email protected].

Sharing Your Personal Data

We will only share personal data with others when we are legally permitted to do so.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.

We use Hubspot as our primary communication method with all of our members. We'll contact you on the email address you provide upon sign-up for a combination of service updates and information relevant to you such as new content or services. You can read Hubspot's Privacy Policy here.

Third Party Websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Protecting Your Personal Data

The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that Shist.ms has instructed.

If personal data is transferred outside the UK or EEA to a country without a designated adequacy rating, Shift.ms will request the data subject’s consent before processing the data. Consent will not be sought where the processor’s Binding Corporate Rules, Standard Contractual Clauses, or adhoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.

Security of Your Information

To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

How Long We Store Your Personal Data For

We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.

In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.

If you wish to find out more about our Data Retention practices, please contact us at [email protected].

Changes to This Privacy Policy

This privacy policy was last updated on 16 March 2022. Shift.ms reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information to Shift.ms will be deemed to signify your acceptance to the variations.

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to [email protected].

For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns

Contact details

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate)