Shift.ms (“we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. This notice, together with any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Our address is:
Shift.ms, Platform, New Station Street, LS1 4JB
Our website is https://shift.ms/ and is owned and operated by Shift.ms.
This privacy notice applies to personal data provided to us, both by individuals themselves or by others. We only use personal data in the way described in this Privacy Notice.
The personal data that is provided to us is provided either directly from the individual concerned, from a third party acting on behalf of an individual, or from publicly available sources (such as internet searches, Companies House).
Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy statement.
We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.
This Privacy Notice also describes how we may share anonymised data from our users with our subsidiary Realworld ms Limited (‘Realworld’). Realworld has been established by us to undertake survey research for stakeholders involved in MS research and treatments, including pharmaceutical companies, healthcare providers and research bodies. All profits from these activities not required to fund Realworld are for the purpose of Shift.ms funding its charitable activities. As described below, we may use your personal data to send you surveys that have been prepared by Realworld *.
The UK General Data Protection Regulation (‘UK GDPR') defines personal data as 'any information relating to an identified or identifiable natural person ('data subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
A controller is the individual or legal person who controls and is responsible to keep and use personal data held in electronic files and certain paper files. Shift.ms is the controller as defined by the UK GDPR for personal data gathered through its website or mobile apps (collectively referred to as the ‘websites’) and its social media accounts.
The lawful bases for processing personal data are set out in Article 6 of the UK GDPR. At least one of these must apply whenever personal data is to be processed. Additional requirements may apply in respect of special category personal data, such as health data, and Shift.ms takes these requirements into account in respect of any health data you provide. :
(a) Consent: you have given Shift.ms your freely, specific, informed or unambiguous consent for your personal data to be processed for a specific purpose.
(b) Contract performance: the processing is necessary for the performance of a contract you have with Shift.ms.
(c) Compliance with legal obligation: the processing is necessary for Shift.ms to comply with the law for tax, social security, and employment purposes (not including contractual obligations).
(d) Protection of vital interests: the processing is vital to an individual's survival.
(e) Legitimate interests: the processing is necessary for Shift.ms' legitimate interests, or the legitimate interests of a third-party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
Your data subject rights are listed below:
If you wish to exercise any of these rights please write to us at dataprotection@shift.ms.
We collect data from individuals who use Shift.ms ‘websites’, who we also refer to as members.
Where personal data is collected from members, it is used for a number of purposes, as follows:
The following data is processed from registered members:
We may gather other information where it’s appropriate, relevant, and volunteered, for example:
We collect personal data from our staff as part of the administration, management and promotion of our operations.
Our staff handbook and partnership deed explain further how personal data is held for our staff and group partners. **
Where an individual is applying to work for Shift.ms, personal data is collected through the application process.
There are a number of purposes that personal data for applicants are collected.
Personal data collected for applicants is held for as long as necessary to fulfil the purpose for which it was collected. Generally, we hold this data for a maximum period of two years following the end of the application process unless the applicant becomes formally engaged by us.
We work with volunteers for different purposes including helping us out on social media, buddying with new MSers and fundraising. Where an individual volunteers with us, we will process personal data so that we can manage that relationship.
Generally, volunteers’ personal data will only be kept as long as is necessary for the purpose for which it was collected and for a maximum of 12 months after the individual stops volunteering for us, unless it was provided to us for another purpose (such as receiving services from us or for a research purpose).
When people visit our website or mobile app, personal data is collected both through automated tracking and interacting with various forms on the ‘websites’.
Personal data may be collected when individuals fill in forms on our ‘websites’ or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our ‘websites’, subscribes to our service, makes an enquiry, comments on publications, enters a competition, promotion or survey, applies to work for Shift.ms and reports a problem with our ‘websites’.
When individuals visit our ‘websites’, certain personal data may be automatically collected including:
Further details on the nature of these cookies can be found within our cookie policy.
We process this data for the following reasons:
The data that we hold depends on what data was entered and for what purpose.
Where data was entered to engage with functionality of our ‘websites’, that personal data may include their name, address, e-mail address and phone number,personal description and image.
Where data is collected automatically, the data that we may collect includes technical information, including the Internet protocol (IP) address used to connect an individual’s computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Other data about an individual’s visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Our ‘websites’ use cookies to distinguish individuals from one another. This helps us to provide a better experience when individuals browse our ‘websites’ and allow us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.
Shift.ms uses survey, poll and research data to help us understand and improve the impact our service has on MSers. Taking part in our surveys, polls and research activities is entirely voluntary. This information is cross-referenced with site usage and is anonymised. By registering as a member you’re consenting to Shift.ms using this data and confirming you have read and understood the terms of this Privacy Notice. This information will be held securely in line with the UK GDPR and used to generate anonymous reports and statistics for our trustees, our community and other programme partners, including Realworld and those who engage us and/or Realworld to carry out surveys, to undertake research regarding MS and to engage with MS stakeholders. If you would like to find out more about the way we store, use, and share anonymised data, including with Realworld, please write to us at dataprotection@shift.ms.
We will only share personal data with others when we are legally permitted to do so.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply. We may also disclose your personal data to organisations with whom you and we have reciprocal agreements for providing services for education, research and/or professional development. These other organisations may become the controller of your personal data and we or they will provide appropriate privacy notices to you so you are aware how your data is processed.
As mentioned, we may use your personal data to send out materials that have been prepared by Realworld. Subject to your having consented for us to share your personal data with Realworld (see immediately below), Realworld does not have access to our personal data and the information Realworld receives from us is fully anonymised. Your participation in any Realworld activity is entirely voluntary.
We may request your permission to share your non-anonymised personal data directly with Realworld, and if so, we will set out details of the project underlying such request and the terms on which such sharing is governed, including what happens should you withdraw your request. You may accept or reject this request at your sole discretion.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The data that we collect from you will be processed on our servers in the UK. If we do need to transfer your personal data out of the UK we will ensure that the required safeguards are in place so that there is an equivalent level of protection to it being processed in the UK.
To help protect the privacy of your personal data we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.
In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.
If you wish to find out more about our data retention practices, please contact us at dataprotection@shift.ms.
This privacy notice was last updated on 24 May 2024 and these updates reflected in particular how we might use anonymised data with Realworld. Shift.ms reserves the right to vary this Privacy Notice from time to time. Such variations become effective on posting on this website.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to dataprotection@shift.ms.
For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns
Contact details
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate)
* Shift.ms will occasionally share surveys prepared by Realworld with its members. Realword only receives anonymised or pseudonymised data from Shift.ms
** “Group partners” refers to anyone who is employed within the Shift.ms group, including Shift.ms the charity and Realworld ms.
