Privacy Policy – Now and Beyond

Who we are

We are Beyond; a grant giving mental health charity and organiser of the Now and Beyond mental health festival. Our registered charity number is 11479964.

What this policy is about

This privacy policy (“Policy”) explains how Beyond processes your personal data.

In this Policy, “processes” means any operation or set of operations performed on personal data, including but not limited to, collecting, storing, sharing, using, disclosing, disseminating or otherwise making available, restricting and erasing. “We” and “our” means Beyond and the Now and Beyond festival and we are a controller of your personal data.

If you have any questions about this Policy or how we use your personal data, please contact us using the contact details given below.

Your personal data: what we collect

The personal data we collect about you will depend on your relationship with us, for example, where you sign up to attend or support the Now and Beyond festival or where you use the Now and Beyond Community to access the directory of mental health and wellbeing services or where you are a practitioner providing such services. It includes (but isn’t limited to):

your name, postal address, email address, telephone number, date of birth, gender and email address;
your preferences and interests, we may utilise your preferences to ensure we send you the most relevant communication in the future, where we have your consent to do so;
other information you provide to us from time to time which is relevant and necessary for us to collect and process for the purposes outlined below;
your activity online concerning your visit/s to our website and when we send you an email;
where you are a mental health and/or wellbeing practitioner, DBS certificate and a copy of your insurance policy;
information about your school; name, address, telephone number, email address, contact person’s details;
information about providers of events during the Now and Beyond festivals; name, address, telephone number, email address, session overviews, DBS certificate (we don’t normally need consent to process your data but if we ever need it, we will ask for it).

Why we process your personal data

We process personal data for the following purposes:

Purpose	Legal Basis
To manage our Now and Beyond Community directory, providing educational settings with information on mental health and/or wellbeing practitioners who specialise in children and young people’s mental health and/or wellbeing to provide immediate support to their students/ teachers.	For our legitimate interests, including the development of new services to support mental health and/or wellbeing of children and young people in the UK (Article 6(1)(f) of the UK General Data Protection Regulation (“GDPR”)).
To process any donations received on our website.	For our legitimate interests, including processing donations (Article 6(1)(f) of the GDPR)).
To send you information about our organisation and our activities.	Where we have your consent to do so (Article 6(1)(a) of the GDPR)). Please note the withdrawal of consent will not affect processing of personal data based on consent prior to its withdrawal.
For our business purposes, including, responding to enquiries and support requests, organising events and fundraising opportunities and using aggregated data to create reports on supporters and users of our service in order to improve our services.	For our legitimate interests, including management, research, analytics and organisational reporting in order to improve the efficiency of services we provide (Article 6(1)(f) of the GDPR)).
To assist emergency services and public health authorities if required.	Where processing is necessary for the performance of a task carried out in the public interest (Article 6(1)(e) of the GDPR)).
To prevent and detect criminal activity and fraud and to comply with applicable laws, regulations, court orders, government and law enforcement agencies’ requests.	For our legitimate interests, including detecting and preventing fraud (Article 6(1)(f) of the GDPR)). To comply with a legal obligation to which we are subject (Article 6(1)(c) of the GDPR)).
In connection with the sale, assignment or other transfer of all or part of our business.	For our legitimate interests, including managing business opportunities (Article 6(1)(f) of the GDPR)).

Who we share your personal data with

We do not sell your personal data to third parties.

If we run a promotion, campaign, event or fundraising activity, it may require the service of a third party and then we might need to share your details with them. This would happen if your personal data was required to deliver the specific activity, for example, we would share your personal data with an outsourced mailing house provider, in order for us to send you a fundraising appeal.

When we share your personal data with other organisations or data processors we don’t allow them to use your personal data for their own purposes and they have to follow our strict instructions whilst complying with appropriate security measures. We regularly assess their security measures and we continue to monitor their compliance throughout the time we use their services.

We may also share your personal data with law enforcement agencies, regulators, courts, public authorities or emergency services when required to do so.

We do not transfer your personal data outside of the European Union and/or the United Kingdom. In the event, this changes any such transfers will be carried out in accordance with the GDPR.

Other websites

Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution when providing your personal data and review the privacy policy applicable to the website in question.

How long do we keep your personal data

The period for which we keep your personal data depends on the purpose for which your personal data was collected.

We will not keep your personal data for longer than necessary for those purposes unless we are subject to legal requirements requiring the retention of your personal data. We review all data retention periods regularly. If you would like more details in relation to the retention of your personal data, please contact us using the contact details below.

Your Rights to your personal data

Under the GDPR, you have certain rights in relation to your personal data, subject to certain restrictions and/or limitations:

the right to access and receive a copy of your personal data;
the right to rectify (correct) or restrict the processing of your personal data;
the right of erasure or to object to the processing of your personal data; and
the right to request a copy of your personal data to be transferred to another company.

If you do not want to receive information from us, or would only like to receive information about a certain aspect of what we do (e.g. events or emergencies) please get in touch with us and we will change your preferences.

We may keep a record of your preferences on a ‘suppression list’ so we know not to contact you or process your personal data in future until further notice.

We do not use your personal data to engage in profiling (e.g., any form of automated processing of your personal data to evaluate certain personal aspects relating to you in order to analyse or predict personal preferences, interests or behaviour).

You also have the right to raise any issues of concern regarding our processing of your personal data with your local data protection authority. The UK data protection authority is the Information Commissioner’s Office (ICO) who can be contacted using this link – https://ico.org.uk/concerns/.

How we protect your personal data

We maintain the highest standards of data privacy and security to protect your personal data and other information about you because we want you to feel completely confident about the communications you receive from us. We regularly review our processes and procedures to protect your personal data from unauthorised access and use, accidental loss and/or destruction.

How to Contact Us

Please contact our Data Protection Officer (DPO) via info@wearebeyond.org.uk if you would like to exercise your data protection rights or have any questions on this Policy.

Changes to the Policy

We may change this Policy from time to time and any such changes will be published on our website. Notwithstanding any change to this Policy, we will continue to process your personal data in accordance with your rights and our obligations in law.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.