top of page

Privacy and data protection




The Association of Mental Health Advocates (AMHA-UK) is committed to protecting your privacy and security as well as being transparent about how we intend to store, use and share your information.


This policy explains how and why we use your personal data, to ensure you can make informed choices and be in control of your information at AMHA-UK. Our practices are aligned with the General Data Protection Regulation (GDPR), which replaces the Data Protection Act 1998, and came into effect on 25 May 2018, and the existing ePrivacy regulation, called the Privacy and Electronic Communications Regulation (PECR).

AMHA-UK’s accountability


Any staff member’s behaviour which breaches this policy and regulatory requirements alike, will be taken very seriously by AMHA-UK and will be subject to investigation and disciplinary action where appropriate.


What this policy covers

  • What ‘processing’ means

  • What database we use

  • Why we need databases

  • Why do we collect your information?

  • What information do we collect?

  • How we collect your information

  • Information we collect directly from you

  • Information we collect indirectly from you

  • Why is your information is important to us?

  • Marketing Tools

    • How we combine and analyse your information

    • Research and profiling

    • Cookies and Google Analytics

    • Other marketing tools

  • Why consent is important to both you and AMHA-UK

  • Your rights

  • Managing your preferences

  • How we protect data

  • Our work with third parties

  • Monitoring vulnerability (including children and young people)

  • Changes to AMHA-UK’s privacy policy


1. Useful information

1.1 What ‘processing’ means

‘Processing’ is the action that AMHA-UK, or a trusted third party, takes when collecting, updating and uploading an individual’s personal information to produce meaningful information which helps AMHA-UK to grow and develop. This information is used to administer your account on our database and helps AMHA-UK to deliver best practice and the best experience for you.

1.2 What database we use

We use a database on the Wix website platform.

1.3 Why we need databases

Having databases makes it easy for us to confidently deliver effective and efficient support in ways that you are happy with. It also facilitates our commitment to being transparent, compliant and holds us to account.


2. Collecting information about you

2.1 Why we collect your information

At AMHA-UK, we would like to build long-lasting relationships with you based on trust, transparency and compassion. Processing your information helps to fulfil our aim of maintaining a robust internal database and adhere to best practices whereby your information and preferences are kept up to date.

Your information enables us to understand you better and be more appropriate when communicating with you. For instance, we are able to recognise and acknowledge your support and the commitment you show towards AMHA-UK over the years.

In turn, this better equips us to handle enquiries, deliver materials and process payments. However, above all, it facilitates us in providing quality support.

2.2 Information we collect directly from you

We may collect information directly from you whenever you come into contact with AMHA-UK. For example, when you contact AMHA-UK about our activities, sign up as an advocate, send or receive information, engage with our social media or donate – you provide us with your personal information at your discretion. In so doing, we may wish to record this onto our database which helps us to stay aware of you and how you’re supporting us.

  • Personal details:

    • Your name, email, address, telephone etc. when you sign up as an advocate

    • We may also collect date of birth, age and/or gender where appropriate (e.g. when registering for an event or completing a supporter survey)

    • Perhaps you have shared your own experience of mental health and have given us permission to store this information and/or share it

    • Your dietary and accessibility requirements when attending an event

  • Financial information: 

    • All financial information is encrypted

    • Your bank account details for cash donations (such as direct debits or credit card details) and invoices from suppliers for instance

  • Details of your interests: 

    • Your information from campaigns you have signed up to, events or activities you have registered for or how you have interacted with our content

  • Your contact preferences: 

    • You can tell us how you’d like to be contacted and through which channels. You can be as selective as you wish in order to help us get this right for you

In order to ensure accuracy of your data AMHA-UK can only take reasonable steps to create an accurate record for you. However, we look to you for ensuring the on-going accuracy of your personal data is correct.

We encourage you to take responsibility for reporting personal data amendments by contacting AMHA-UK. It can take up to 21 days for these changes to come into effect. 

Under data protection law, certain categories of personal information are recognised as sensitive personal data (such as information relating to health, beliefs or political affiliation). In limited cases, we may collect sensitive personal data about you, for example your experience of mental health.

We only collect this sensitive personal data if there is a clear reason for doing so.

Whatever sensitive information we do hold, we will never share unless we have your explicit consent.


2.3 Information we collect indirectly from you

2.3.1 We may also receive information when you interact with third parties working on AMHA-UK’s behalf.

2.3.2 We may use publicly available information to add to what we already know about you. We want our communications and events to be relevant and tailored to your background and interests, and sometimes may use publicly available information to achieve this.

2.3.3 We may collect information when you visit our website or interact with our content. For example, we may collect information about how you interact and engage with AMHA-UK’s content and adverts on our website as well as social media. You can find more information below on cookies. 


3. Using your information

3.1 Why is your information is important to us

Your information helps us to fulfil the following activities:

  • Update and enhance our internal database systems to deliver excellent supporter care and positive experiences with AMHA-UK

  • Effectively manage relationships that recognise and are responsive to your support, reflecting the information you have shared with us

  • Use your expressions of interest to provide you with the information you need to make informed decisions

  • Proficiently manage feedback and/or complaints which are also used in relevant ways to improve best practice

  • Minimise any unwanted communications you receive from AMHA-UK

3.2 Your information and marketing tools

3.2.1 How we combine and analyse information

We are committed to carefully managing our communications to make sure you only hear from us in a way that is right for you. To help us do this, we may:

  • Combine the information we collect about you and analyse what we know about your interests, preferences and potential level of support or donation

  • Combine information from different sources which helps us to better understand our supporters, improve our relationship and provide a better experience of interacting with AMHA-UK

  • Compile information relating to your engagement with AMHA-UK (financial and otherwise)

  • Collate and analyse information you provide us with to improve our understanding, create bespoke communications and develop effective approaches when asking for support from like-minded prospect individuals and other organisations

  • Use analysis tools which help us to understand how our website is being used and how we can improve the content and operation of it

You can opt out of your data being combined and analysed, more information is provided in the section ‘How you can change your marketing preferences.’

3.2.2 Research and profiling

At times, we may also use publicly available information to help us communicate more specifically with like-minded people who may share the same interests in our work as you do.

In addition to obtaining information from publicly available data sources, we may also work with trusted third parties.

Such sources anonymise your data so that it does not identify you as an individual. For example, it uses existing information, such as postcodes, to provide demographic information like the average age, income and charitable giving in any given area across the UK.

This knowledge helps AMHA-UK to reach out to new supporters who may wish to support us in our goals and mission. For instance, it can help to direct advertisements and other communications to people who share similar interests as you.

We may also conduct due diligence on existing and potential supporters to ensure that AMHA-UK will not suffer reputational damage. For example, we would not wish to accept a donation from someone who has been at the source of causing people harm, or who is involved in activities which conflict with AMHA-UK’s values, vision and mission.

3.2.3 Cookies and Google Analytics

Cookies are text files placed on a computer which collect visitor behaviour information. Google uses cookies and we use their web analytics service called Google Analytics to help us to monitor how people use our website. It creates statistical reports that allow us to learn more about what people are interested in or what isn’t working so well. This facilitates us to improve interactions. This also helps us to personalise the content and adverts you see.

You can opt-out of cookies but are required to do this proactively by changing the setting in your browser – unfortunately, we cannot control this on your behalf. We do have a  cookies policy if you’d like to read more about this.

3.2.4 Other marketing tools 

We may contact you for marketing purposes by post, email, text message or phone. If you have agreed to be communicated with in any of these ways this will be processed so that we can adhere to your preferences.

Where we have consent, we may do digital advertising. For this, information such as your email address or mobile phone number will be sent in an encrypted format to digital advertising networks or social media companies such as Facebook, Instagram, Twitter or YouTube.

We provide information about how to change your marketing preferences below.


4. Consent

4.1 Why consent is important to both you and AMHA-UK

AMHA-UK is committed to being clear and transparent about how we might use your data in future when it is provided. We strive to provide practical and easy ways for people to change their contact preferences and information during all interactions.

By disclosing personal information to AMHA-UK you are consenting to the collection, storage and processing of information in the manner described in this policy, unless clearly stated otherwise.

AMHA-UK will provide all individuals, existing supporters and applicants with the control to manage their contact preferences at the point that information is provided. 

There are times when even if you have ‘opted out’ of our communication we may be required to contact you. This is known as “legitimate interest” and applies when we need to convey something of importance to you. This would usually be about something that is directly related to you. We will do our best to have as minimal impact on your personal privacy as possible.

4.2 Your rights

We want to inform you of your rights when it comes to your information and we would like to help you to better understand them. These are:

  • The right to object. You always have the option to stop receiving information from us across all of our communication channels. This is at your discretion and we will respect your choice. However, for us to enact this we encourage you to notify us

    • Details of how to do this can be found on all of our communications and within this document

  • The right to access a copy of the personal data we hold. You, or an organisation with legal purpose, can request a copy of your personal data for legitimate purposes. This is known as a ‘Subject Access Request’ and you can request this by emailing

    • Please note that proof of identity and the reason for your request, will be necessary for AMHA-UK to respond appropriately. We may ask for further details if needed

  • The right to be “erased”. This where you can request AMHA-UK to delete the data we hold on you. Please note that this will not apply if there is lawful duty for us to continue to use the data we hold about you

  • The right to rectify inaccurate data. As detailed above you can make corrections to the data we hold about you

  • The right to object to your data being used for marketing. You can find more information about how to opt out of marketing communications below 

4.3 Managing your preferences

If you do not wish us to use your personal data for marketing purposes, you can always opt out.

It’s important to know that if you tell us that you do not want to receive marketing communications, we may maintain your details on a suppression list to ensure we do not continue to contact you. However, there may still be reasons we need to get in touch for administrative purposes, including (but not limited to):

  • Providing you with information you need to participate in an event 

  • Responding to a query you have made

  • Explaining or apologising where we have made a mistake

To change your marketing preferences you can:

  • Indicate that you do not wish to receive marketing communications by either clicking the ‘unsubscribe’ link included at the bottom of every email we send or ticking the ‘opt out’ box in all our postal communications

  • Ask us to stop sending marketing texts by sending an ‘opt-out’ message, following the instructions provided in the marketing texts you receive

  • Opt out of digital advertising that we control directly, however, please note that this will not stop advertisements being shown to you on a random basis or based on cookie data that we don’t control

  • Directly by email


5. How we protect data

AMHA-UK recognises that privacy is important to our supporters, funding applicants and other contacts. The information submitted or collected by AMHA-UK will be kept confidential and secure. We will take all reasonable measures to ensure we keep your information secure, accurate and up to date, and store it only for as long as is reasonable and necessary.

Information will be processed only by AMHA-UK data controllers, or on our behalf under strictly regulated conditions and in line with the provisions of data protection laws. AMHA-UK data controllers are members of staff who have access to our databases or data storage systems and have received data protection training.

We will take all appropriate security measures to ensure any platforms related to AMHA-UK have gone through a quality control process to ensure security. However, given the nature of the internet we cannot guarantee complete security.


6. Our work with third parties

6.1 Third Parties within the UK and EU

For operational reasons, or in order to meet specific requests, data may also be processed on AMHA-UK’s behalf by external organisations. In these instances, data will be handled under strictly regulated conditions and in accordance with the data protection and security regulations.  

Third parties will only handle AMHA-UK’s data once we have screened their best practice policies and reviewed their:

  • Methodology for being compliant with regulations

  • Processes for monitoring quality control

  • Methodology of conducting due diligence

They will also need to have signed both a ‘Service Level Agreement (SLA)’ and confidentiality agreement called an ‘Non-disclosure Agreement.

We will never sell your details and will only share your details with third parties (who are not working with us directly) with your explicit consent.

We will only disclose information in one or more of the following circumstances: 

  • Where consent has been obtained

  • Where there is a legal obligation

  • Where there is a public duty (e.g. legal reasons)

  • In connection with the transfer of all or any of rights and obligations to a third party (for example if we merged with another organisation)

 6.2 Third Parties in the USA and the rest of the world

When we work with third parties based outside of the EU/ EEAU we conduct due diligence to the same high standard.

We also ensure that the organisation comply with the USA’s version of data protection regulations which is called the ‘EU-US Privacy Shield’ enacted 12 July 2016. It contains stronger privacy requirements and replaces the ‘Safe Harbour’ framework.

All third parties that we work with are compliant with the standards of the Privacy Shield framework.


7. Monitoring vulnerability

7.1 Children and Young People

It’s important that children and young people can share their experience and views on mental health, and we are committed to ensuring real life experience guides our work and priorities.

If a child, or young person under the age of 18, wants to interact with AMHA-UK we require pre-consent from their parent or guardian.

We believe that it is important to protect and respect the rights of all individuals in relation to their personal data but would seek the parental or guardian consent before featuring photos or the story of a child aged under 18.

7.2 Safeguarding

AMHA-UK is committed to protecting all individuals by putting appropriate measures in place which prevents harm or damage.

Our work in mental health does mean that we come into contact with people who may be vulnerable in different ways. AMHA-UK takes this responsibility very seriously and we try to ensure that people feel comfortable to raise any concerns should they arise.

We are also committed to training staff whose role is related to working with people from outside of AMHA-UK. 


8. Changes to AMHA-UK’s privacy and data protection policy

We keep this policy under regular review and it may change from time to time. For example, we will be updating it to reflect any new legal requirements set out in the ePrivacy regulation, the Privacy and Electronic Communications Regulations (PECR), which is expected to be updated by 2019.

Please visit this webpage to keep up to date with any changes to our privacy policy.

bottom of page