Information about
submitting an abstract

Privacy Policy

Welcome to the Stroke Association's privacy notice.

The Stroke Association respects your privacy. We are committed to protecting your personal information and to being transparent about the information we hold about you. This privacy notice explains how we use and keep your personal information safe, tells you about your privacy rights and how the law protects you. 

This privacy notice has multiple sections you can click through. If you have any questions or wish to contact us, please get in touch. 

We have an accessible version of this privacy policy, which you can download by clicking the button below.


Purpose of this privacy notice


This notice explains what personal information we collect about you, how we use it and how long we will keep if for. 


It is important that you read this privacy notice so that you fully understand how and why we are using your personal information. On specific occasions, we may provide you with additional privacy notices. We will make it clear when you need to be aware of this, as this privacy notice supplements the other notices and is not intended to override them.



Why and how we collect your personal data 


You might give us your personal data when you request a service, sign up to an event, fundraise for us, or even simply by using our website. We may also receive your personal information when you are referred to us for stroke support services by the NHS or other third parties.


When we collect your personal data, there is always a reason behind it. In addition, we will only ask you for special category personal data, for example, health information, when there is a clear reason for doing so and we will tell you what that reason is. 


‘Personal data means any information about an individual from which they can be identified. The personal data we collect allows us to provide services to people affected by stroke. It also helps us to better understand our supporters and improve how we engage, communicate and fundraise, campaign and influence national policies for the benefit of all those affected by stroke.



Controller (who we are)


The Stroke Association, a company limited by guarantee, registered in England and Wales (No. 61274) and registered as a charity in England and Wales (No 211015), in Scotland (SC037789), in Northern Ireland (XT33805), Isle of Man (No 945) and Jersey (NPO 369)) is the controller and responsible for the use of your personal information for the purposes set out in this notice.


This includes our trading subsidiary Stroke Association (Trading) Limited with registered company number (00898941). Our trading subsidiary’s main activities are retailing and commercial development (for example running our online shop and entering into commercial agreements).


Stroke Association and Stroke Association (Trading) Limited are both controllers of your personal information. They each have different roles, but some activities they undertake overlap and personal data may be shared between them for certain purposes. This privacy notice applies to both controllers, and you can contact us both using the details set out in this notice. 


If you have any questions about this privacy notice, including any requests to exercise your legal rights, please get in touch with us. 


The information we collect about you


We strongly believe your personal information needs to be safeguarded and protected. As long as you share it with us, we are its guardian. We take steps to collect only what is necessary and we do this for different purposes, but all with one goal in mind: to improve the lives of stroke survivors and their families. Here is a list of the type of personal information we currently use:


  • Identity Information you give to us – this includes your full name and title, username, date of birth, gender and email address (if relevant). 
  • Contact and Financial Details including a billing address, telephone number and your bank account and payment card details.
  • Transaction History of your interactions with us. This will include any donations, Gift Aid, events you have participated in, the services you requested, your interests, preferences, feedback and survey responses and how you use our website and services.  
  • Health Information necessary for providing support services for individuals affected by stroke; or to enable you to participate in events which help you to reduce your risk of a stroke; or to participate in events that involve risks to your health.
  • Technical Information which allows us to confirm what browser you are using, the internet protocol (IP) address and computer operating systems that are being used, your login data and other technology on the devices you use to access our website. 
  • Marketing and Communications Preferences for receiving information from us about our support services, research, campaigning, volunteering and fundraising activities (including ways to donate) and how you would like us to communicate with you.
  • Usage Data this includes information about how you use our website, products and services.
  • Chatbot history - Full transcripts of conversations with our chatbot, Knowbot, are stored and reviewed to help us improve the service. 


We also collect, use and share statistical or demographic information, which is known as ‘Aggregated Data’. This information does not directly or indirectly reveal your identity and therefore by law, it is not offered the same protection as your personal information. For example, we may aggregate information about how our website is used to calculate how many people are accessing a specific website page, so we can see where improvements need to be made. However, if we use any ‘Aggregated Data’ in combination with your personal information, it can directly or indirectly identify you. 

To make sure this is safe, we will treat this combined information the same way we treat your personal information and will only use it in accordance with this privacy notice.


Data protection law recognises that certain categories of personal information are more sensitive, such as details about health, race, religious beliefs and political opinions. These are known as Special Categories of Personal Data


We only collect and process such information about our supporters if there is a clear reason for doing so. For example:

  • If you take part in an event, such as a marathon, we may need information about your health to provide appropriate facilities and support at the event. 
  • We may also record such information to protect vulnerable individuals from fundraising or communications which they may find upsetting or overwhelming.


We collect and process health Information to provide support to stroke survivors and their family or carers, or if you tell us about your stroke experiences (for example by calling our helpline, completing a survey, or when volunteering with us). However, we will always make it clear to you when we collect this information, what information we are collecting and why.


If you don’t want to share your personal information with us


If you don’t want us to use your personal information, you can tell us at any time by getting in touch with us.

Please be aware that if you ask us to delete your personal information, we may have to stop providing you with our support or other services, and you may not be able to engage with us or participate in our activities (such as campaigning, volunteering and fundraising activities (including donating). We will let you know if this is the case. 


Sometimes we are unable to delete your personal information if you ask us to because we are required to keep it in accordance with legal requirements or tax and accounting rules. We will let you know if this is the case.


How is your personal information collected?


We collect personal information from and about you through:


Direct interactions. 


You may give us certain information (e.g. your Identity Information, Contact and Financial Details and Health Information) by filling in forms (in person or via our website) or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:

  • Request a service (including our support services, clubs and groups).
  • Purchase our products.
  • Sign up for or attend an event.
  • Make a donation to or campaign with us.
  • Create an account on our website.
  • Subscribe to our services or publications.
  • Request marketing information to be sent to you.
  • Engage with us on social media or message boards.
  • Enter a competition, promotion or survey. 
  • Give us feedback on our work.


Third parties or publicly available sources. 


We may receive personal information about you from various third parties and public sources as set out below: 

  • Identity Information and Contact Details from individuals who might provide your information to us, for example if you are their carer, emergency contact, relative or next of kin;
  • Identity Information, and Contact and Financial Details from third party organisations with whom we fundraise in partnership (for example, when you sign up for an event (such as the London Marathon) or fundraise for us through a third party). Please contact us for a list of the organisations we work with for fundraising; 
  • Identity Information, Contact and Financial Details, and Health Information from third party organisations to whom you gave permission to share your details with us, including the NHS or charities. For example, when you are referred to us by the NHS to receive our support services, when you buy a product or service, register for an online competition or sign up with a comparison website;
  • Technical Information from analytics providers such as Google based outside the UK and European Economic Area (EEA) advertising networks such as Facebook based outside the UK and EEA; and search information providers such as Google based outside the UK and EEA;
  • Contact, Financial and Transaction History from providers of technical, payment and delivery services such as JustGiving based in the EEA; and
  • Identity Information and Contact and Financial Details from data brokers or aggregators such as Royal Mail based in the UK and from publicly available sources such as Companies House and the Electoral Register based in the UK, as well as from general sources such as newspaper articles and social media posts.


Automated technologies or interactions. 


As you interact with our website, we will automatically collect information about your equipment, browsing actions and patterns. We collect this by using cookies, server logs and other similar technologies. We may also receive information about you if you visit other websites employing our cookies.


Please see our cookie policy for further details.


Interactions with our chatbot, Knowbot, are collected and stored under Knowbot's privacy policy and terms and shared with the Stroke Association to help us improve the service. 


Why we use your personal information


We will use your personal information only for specific purposes and where we have taken steps to ensure we respect your privacy. We will never sell your personal information to other organisations.


Here are the main reasons why we use your personal information:


Profiling and Analysis of your Personal Information


We may also carry out analysis of the personal information we collect about you and add publicly available information to create a profile of your interests and preferences. This is so we can contact you in the most appropriate way and with the most relevant information, which enables us to raise funds sooner and more cost-effectively.


We do this on the basis of our legitimate interests (see section 5 below), having undertaken an assessment that our approach does not unduly impact on your rights and freedoms, and is not too intrusive.


If we consider you may be interested to donate to our work, we may analyse your personal information to create a record of your interests and preferences, to allow us to ensure that communications (e.g. by post, telephone, email, text or social media) are appropriate and relevant, and to generally provide you with an improved user experience.


When we participate in social media marketing, we may provide your email address, telephone and address to social media platforms or third party agents to exclude you from supporter generation campaigns (where you have indicated you do not wish to be contacted), to create ‘lookalike’ audiences (whereby your information is used to identify people who may share similar interest with you on social media) and/or to enable us to display adverts to you as an existing supporter when you access certain media platforms such as Facebook. 


This is to enable us to use our charitable funds in the most appropriate and cost-effective way, and ensure you are only provided with information you will find relevant.


We share data securely and ask any provider to use the data for our stated purposes only. For example, when we share your personal information with social media platforms to create ‘audiences’, we may share your email address with those platforms so they can determine whether you are a registered account holder with them – this is sent in encrypted form that is deleted by the social media platform (a) if it does not match with an account or (b) after they confirm you hold an account with them. To ensure your privacy rights are protected, we only contract with social media platform or third party agent who provide appropriate assurances regarding their data protection compliance.


Fundraising is an important element of our charitable work so we may undertake research or analysis to assess your ability to support us financially. This may include an assessment of your income and/ or wealth and our assessment of your willingness to make donations to particular projects or us more generally. We may use analysis to help us identify your likely support for particular projects. All of these activities are undertaken to ensure that we are working in a cost-effective manner and allow us to raise more funds in support of our mission.


If you would prefer us not to use your personal information for profiling please let us know by contacting us. 


We take extra care to manage the information of young people. For example, when we collect information about a young person, we will make it very clear at the time why we are collecting this personal information and how it will be used.


If you would like more information on how we use children’s data, please contact us.


Cookies


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or will not function properly. Please see our cookie policy for more information about the cookies we use. 


The legal basis which allow us to use your personal information


The legal basis that we rely on for using your personal information will depend upon the circumstances in which we collect and use it, but will in most cases be because:

  • You have provided your consent to allow us to use your personal information in a certain way.
  • It’s necessary to carry out for the performance of a contract with you.
  • It’s necessary in order for us to comply with a legal obligation.
  • It’s in our legitimate interest to do so. The law permits us to use personal information where we have a legitimate interest, our use is fair and any impact on you and your rights is balanced. Our legitimate interests includes the ability to pursue our charitable objectives and commercial interests, and to provide support and services. You can obtain further information about how we assess our legitimate interest against any potential impact on you by contacting us. 


Sharing your information with third parties we work with

However, we sometimes share your personal information with third parties we work with. When we share your personal information with organisations that act for us as service providers, we take the following steps to keep your personal information safe and protect your privacy:

  • We provide them with only the personal information they need to perform their specific services.
  • We require them to only use your personal information for the exact purposes we specify.
  • We require them to keep your personal information secure; and
  • If we stop using their services, we require them to delete or anonymise your personal information.


Examples of the kinds of service providers we work with are those who provide us with advertising, marketing, research or IT administration services. If you would like more information about the third parties we currently use, who, in providing us with their services, will process your personal

information as part of their contracts with us, please contact us.

Sharing your information with third parties for their own purposes

We may also need to share your personal information with third parties for their own purposes. We will only do this in specific circumstances. For example, we may need to share your information with: 

  • Third parties to whom we may choose to transfer, or merge parts of our organisation or our assets.
  • Alternatively, we may seek to take over other organisations or merge with them. If a change happens to our organisation, then the new entity must use your personal information in the same way as set out in this privacy notice.


Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to those employees, volunteers, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to confidentiality obligations. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

How long will you use my personal information for?

We will only use your personal information for as long as is necessary to fulfil the purposes for which they are processed or for compatible legal purposes including for satisfying legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from its unauthorised use or disclosure; the purposes for which we process it and whether we can achieve those purposes through other means; and the applicable legal requirements.

For more information about the retention periods we apply to different aspects of your personal data, see our data retention and disposal policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your personal information: see ‘request erasure’ below for further information.

In some circumstances, we anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this anonymous information indefinitely without further notice to you. 

International Data Transfers

Sometimes we will need to share your personal information with third parties such as our service providers, who are based outside of the UK or EEA. The EEA is the European Economic Area and includes all EU member states as well as Norway, Liechtenstein and Iceland.

For example, we use a third party to host our campaigns which stores the information we ask it to host on our behalf on its servers in Canada.

Some countries outside the UK and EEA do not have adequate levels of protection in place to safeguard personal information. Therefore, if we share your personal information with any third party outside of the UK and EEA in this way, we take steps to ensure that your personal information receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times and we will enter into UK or EU-authority approved standard contractual clauses where appropriate and necessary. 

If you would like more information about where your personal information might be transferred to or how we take steps to protect it, please contact us. 

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal information. You have the right to:

  • Request access to your personal information and receive a copy as well as check we are processing it lawfully.
  • Request correction of any incomplete or inaccurate information we hold about you. However, we may need to verify the accuracy of the new personal information you provide to us.
  • Request erasure of your personal information where there is no longer a good reason for us to hold it. This may also apply where you have successfully exercised your right to ‘object to processing’ (see below); where we may have processed your personal information unlawfully; or where we are required to erase your personal information to comply with local law. Please note however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). This applies where there is something about your particular situation which makes you want to object to as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes or where we process your personal information for research purposes. In some cases, we will be able to demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.
  • Request a restriction on processing of your personal information. This applies in the following scenarios: (a) if you want us to establish the accuracy of your personal information; (b) where our use of it is unlawful but you do not want us to erase it; (c) where you need us to hold the personal information, even if we no longer require it, to enable you to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to do so. 
  • Request us to port your personal information to you or to a third party. We will provide to you, or your chosen third party, your personal information in a structured, commonly used, machine-readable format. Please note this right only applies to automated information for which you initially provided consent for us to use or where we used the information to perform a contract with you. 
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of processing carried out prior to this withdrawal. If you do withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.


How to exercise your rights

If you wish to exercise any of the rights set out above, please contact us.

You can also unsubscribe or stop fundraising contact (email, telephone, post and/or SMS by registering with the Fundraising Preference Service or the Telephone Preference Service to stop unsolicited telephone calls. 

For unwanted direct marketing communications, you can register with the Mailing Preference Service.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please do contact us in the first instance.

No fee usually required

There is no fee to access your personal information (or to exercise any of your other legal rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to safeguard your personal information. We may also contact you to ask for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

Our contact details

  • Addressee: Data Protection Officer
  • Full name of legal entity: Stroke Association or Stroke Association Trading Limited 
  • Email address: mydata@stroke.org.uk
  • Postal address: 1-2 Sterling Business Park, Salthouse Road, Brackmills, Northampton, NN4 7EX
  • Telephone number: 0300 330 0740


Website Third-Party Links

When using our website, there may be links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share information about you. We do not control these third-party websites, plug-ins or applications, and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Changes to this Privacy Notice

This Privacy Notice was last updated on 21 October 2024 and will be reviewed and updated from time to time. Older versions can be obtained by contacting us. 

Where there is a significant change to our Privacy Notice, we will use reasonable endeavours to notify you.​

UK Stroke Forum is hosted by

Hosted by