Who we are
Our website address is: https://covid19-recovery.org.
We are small collaborative collective who are providing this service as a benefit to others that have had, or are suspected of having had, Covid-19 and have recovered or are recovering.
We take your privacy and data security seriously. We appreciate the time you’re taking to share your experiences with us, so we want to ensure this doesn’t come at any cost. We’re also fully aware of the requirements of GDPR, so should you wish for your personal data to be deleted at any time, please just request this
This service exists to help share experiences of Covid-19 and the recovery process that people go through afterwards. Our hope is that by sharing these various experiences and other resources we can both aid people in their recovery, but also reassure people that what they are experiencing, others have experienced similar. We hope this has a positive impact for others.
To this end we may analyse some or all of the responses that we receive over time, to see if we can draw any conclusions, that might lead us to offer more support to others. We may work with academic or other professional bodies in order to conduct this work, any such partnerships we will publish and make all users of this aware of our association with any institutions or research programmes.
When we’re doing this, we will process personal data that has been submitted to help us. This could have been provided via the submission form, forum registration or via email contact.
As already stated, we take your privacy very seriously. This document outlines what we do to ensure your data remains secure. We’ve tried to cover everything we can think of, but if there’s anything you’re unsure, please just contact us.
Any references to Covid-19 Recovery Collective refer the small collective of people that are working on the Covid19 Recovery web resource, you can contact us at firstname.lastname@example.org.
This document was last updated at 15:00 on Sept 16th 2020.
Why we collect your data
We collect personal data for a number of reasons, from contacting you about potential updates, through to using some of it to help us in our analysis. These could include:
- To provide you with updates on the website content, that might interest you, this will be an opt in service
- To request permission from you if we’d like to share your experience with others
- To conduct further research or analysis
- To comply with any laws or legislative requirements
The information that we collect:
- Your full name
- Your gender
- Your location in the detail you provide
- Your contact details (email)
- Your age
- Whether you’ve been tested for Covid-19
- Your experience of Covid-19 and your recovery
Using your information
We use your personal data for a number of reasons, these are detailed below:
To request your permission to publish any of your submitted narrative of your own experience of Covid-19 and your recovery as a post for the website to share with others, however we will anonymise any publication.
To request your permission to publish any of your submitted narrative of your own experience of Covid-19 and your recovery as part of any further research reporting that might happen at a later stage.
To analyse data for patterns or themes in recovery relating to symptoms, chronological patterns, age, gender or location.
To respond to any requests for information from you.
We may share your information with other people involved in the operation of providing this service. We will at all times balance the benefit we get from using your personal data, against the insight it might grant us for the benefit of other members of the public that might use this service.
Our legal basis for processing personal data
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
- a person’s consent (for example, to send you an update email)
- a person’s vital interests (for example, to alert emergency services if an immediate and life-threatening health problem is raised with us)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.
Our legitimate interests include:
- Administration and operational management: including responding to solicited enquiries, providing information, services and research
- If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below.
Disclosure of your personal data
We will not share any of your personal data to any third party – except where:
- the transfer is to a secure data processor, which carries out data processing operations on our behalf
- we are required to do so by law, for example to law enforcement or regulatory bodies where this is required or allowed under the relevant legislation
- it is necessary to protect the vital interests of an individual
- we have obtained your consent
- we will never share or sell your personal data to a third-party organisation for marketing, fundraising, or campaigning purposes.
Security of your personal data
We use appropriate technical and organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. We have implemented standard security protocols such as SSL to ensure we protect its transmission. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We encourage you to review this privacy statement that you’ve chosen to visit, so that you can understand how we collect, use and share your information. We are not responsible for the privacy statements, security, or other content on sites outside of the website.
Use of data processors
We may use a third-party supplier to manage and conduct research analysis. You can find out more details on this on our About Us page.
Transfers of data outside of the European Economic Area
We use Ninja Forms for the personal statement submission and Clook Internet services for hosting. This means that internal documents and information generated by us are stored in cloud services hosted within the European Economic Area (EEA).
Whatever your relationship with us, we will only store your information for a specified amount of time.
The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under, such as financial regulations, Limitations Act, Health and Safety regulation etc.
Subject to the above, we will typically store data relating a Covid-19 experience for approximately 2 years.
Once the retention period has expired, the personal information will be confidentially disposed or permanently deleted.
If you request to receive no further contact from us, we can remove all record of your data.
You have many rights under data protection legislation. These include:
Right of Access
You have the right know what information we hold about you and to ask, in writing, to see your records.
We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.
This is called a data subject access, and can be done by emailing us at email@example.com.
Right to be informed
You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
Right to withdraw consent
Where we process your data based on your consent, you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you an email). To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future.
Right of rectification
If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records, please get in touch with us using the details in the ‘Contact us’ section below.
Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
If you have any complaints about the way in which we have used your data, please get in touch with us using the details in the ‘Contact us’ section above. We would be happy to help and discuss your concerns.
In addition, you are also entitled to make a complaint to the Information Commissioner’s Office.
You can reach us at all times using the Contact Us form on this website, or simply by emailing us at firstname.lastname@example.org