Privacy Policy

Last updated: 19 April 2025

The North Gwent Cardiac Rehabilitation and Aftercare Charity provides community-based cardiac rehabilitation exercise classes. Our mission is to significantly improve the quality of life of people in our community who are living with, or are at risk of developing heart disease.

We value our members and supporters and are committed to protecting your privacy, so we make sure we protect any personal information you give us. This policy tells you exactly how we use and protect your personal information. And if you have any questions about it please contact our Secretary, Tony Lowery at office@cardiac-rehab.org.uk or on 07856 692 148. Our postal address is North Gwent Cardiac Rehabilitation and Aftercare Charity, 56 Holywell Crescent, Abergavenny NP7 5LG.

By giving us your personal information, you agree to the use of it as set out in this policy.

What personal information do we collect?

Personal information is information that can be used to identify you.

This personal information may include your name, email, postal address, phone numbers, date of birth, emergency contact details, next of kin, financial details, medical/health information, UK tax payer information (for Gift Aid), credit or debit card information, records of responses to fundraising appeals or campaigns as well as how you found out about us, our services or our events.

When and where do we collect your personal information?

When we collect this personal information, we only ask you for it when there is a clear reason for doing so, such as joining our classes, making a purchase or donation, or when you sign up as a Member. To make sure we always have your most up-to-date information we may from time to time contact you to update our records to reflect any changes to your personal information.

Information will usually come directly from you or a medical third party we consider legitimate and trustworthy, in circumstances where it is appropriate, and where you will have a clear expectation that your details would be passed on by them for these purposes.

Why do we collect it?

  • To process personal information as part of our safe provision of cardiac rehab exercise if you join our classes.
  • To provide you with information such as our services, health information events, fundraising or volunteering opportunities that are of legitimate interest.
  • To send you our quarterly newsletter or other communications, or to get in touch with you if you have won any prizes in our fundraising prize draws/raffles etc.
  • To personalise your experience using our website when you choose to do so; such as auto completing forms on our website.
  • To analyse and improve our services offered to you.
  • To make our marketing and promotion campaigns more targeted and relevant.
  • For internal record keeping, such as the management of membership, class attendance, your personal progress at classes (measured through optional Fitness Assessments), or any feedback or complaints.
  • Where it is required or authorised by law.

How do we use your personal information and for how long do we hold it?

We may use your information to send you communications by post, email, telephone or social media. In some cases, this may require getting your additional permission. Our communications include news and updates about our work and how you can help us and get involved, for example, volunteering, attending events and other fundraising activities.

We hold personal information relating to:

  • Donations you have made to us for 7 years since the date of your last donation.
  • Legacy donations – if you pledge a legacy gift we will retain personal information data until 7 years after the legacy is received.
  • Entering prize draws, raffles, our 200+Club lottery or other competitions for 5 years.
  • Purchasing services such as training or venue hire, which will be kept for 3 years.
  • Payment of class fees and annual membership.
  • Exercise class information may be retained for 5 years since the last class you attended.
  • We are legally required to hold some personal information to fulfil statutory obligations, for example the collection of Gift Aid or to support certain financial transactions.

Your personal information will not be retained for longer than necessary in relation to the purpose for which it was originally collected, or for which it was further processed, subject to certain legal obligations mentioned above.  It will only be stored in relation to the purposes for which you have supplied it as an exerciser, Charity member, volunteer, donor, or a person raising a query or complaint.

With whom do we share your information?

We will never sell your details to any third parties, but we may sometimes share your information with trusted third parties:

  • service providers such as Barclays or PayPal for processing payments in a secure environment. The Charity is Payment Card Industry (PCI) compliant and uses external PCI compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.
  • Medical professionals with whom you have a relationship, where you have an expectation that the information will be shared relating to exercise and health matters (such as your hospital-based medical team, GP or other health provider)

We may disclose your personal information to third parties if required to through a legal obligation (for example to the police or a government body).

All our partners are trusted and work under Data Protection Law. We work with them to ensure a high standard of controls and contracts are followed so your information is handled appropriately.

Our website may include links to other websites not owned or managed by us. We are not responsible for the privacy data collected by those sites and you should consult the Privacy Policy for any external website you link to, or social media providers such as Facebook, before you submit any data. In cases when we use external websites provided by other organisation such as Facebook, JustGiving, EasyFundraising or the Benefact Group, then we ask you to consult their privacy policies.

How secure is my information?

When you give us personal information, it may be stored and processed outside of the UK. We take steps to ensure that your information is treated securely. Unfortunately, no information shared over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you share your information at your own risk. We always do our best to make sure your information is secure on our systems.

How can you update your personal information and your contact preferences?

We want you to have total control over how you hear from us and get involved with our vital work.

You can update your personal information and your contact preferences by emailing office@cardiac-rehab.org.uk or contacting 07856 692 148. 

Withdrawing Consent and other rights under the Data Protection Law

The law allows you to withdraw your consent to any specific usage at any time without needing to specify a reason. You can do so by emailing office@cardiac-rehab.org.uk or contacting 07856 692 148.

You are also entitled to get in touch to exercise any of your rights as listed below:

  1. To request access to your personal information;
  2. Objection to processing of your personal information;
  3. Objection to automated decision-making and profiling;
  4. Restriction of processing of your personal information;
  5. Rectification of your personal information; and
  6. Deletion of your personal data.

Having verified your identity, you are entitled to be told about your data that we hold:

  1. The purposes of the collection, processing, use and storage of your personal data and the source if it was not obtained from you.
  2. The categories of the personal data stored about you.
  3. The envisaged period of storage for your personal data or the rationale for determining the storage period

No administration fee will be charged to make changes to your personal data.

You can make the above request by emailing office@cardiac-rehab.org.uk or writing to:

The Secretary
North Gwent Cardiac Rehabilitation and Aftercare Charity
56 Holywell Crescent
Abergavenny NP7 5LG 

Complaints

If you wish to file a complaint with respect to the way our policy has been implemented, please contact the our Secretary Tony Lowery at office@cardiac-rehab.org.uk or 07856 692 148.

You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR. You can do so by calling the ICO helpline on 0303 123 1113 or via their website.

The North Gwent Cardiac Rehabilitation and Aftercare Charity is registered under the Data Protection Act 2018 as a Data Controller.