top of page

Key Policies: Privacy Policy

PEM Friends Privacy Management Policy


Status: Approved

Date: 14th May 2024

Review date: June 2025

Table of contents

  • PEM Friends

  • Purpose of this policy

  • Why do we collect data?

  • What data

  • Lawful basis

  • Where does the data come from?

  • How is your data held?

  • Website data

  • Data security

  • Duration of data storage

  • How do we manage our data privacy obligations?

  • Your rights

  • Definitions

PEM Friends

We are a charity registered in England and Wales with charity number 1207029 of Sweet Briars Cottage, Hoggeston, Buckingham, MK18 3LQ.

We are the controller of your personal data.

You can contact us at

Purpose of this policy 

This policy describes the way that PEM Friends collects, uses and discloses information about its members. It tells you about your rights to privacy and how we protect that.

Why do we collect data? 

PEM Friends collects and retains some minimal information about its members in order:

  • to maintain your membership/subscription with us.

  • to contact you and manage any requests you have made to us.

  • to communicate news and information and send materials (see 1.1)

  • to perform simple analysis (see 1.2) o to make simple planning decisions and manage our service (such as the usage) (see 1.3)

We collect this data from our members with your permission. You have the option to provide the information asked for or not and can “unsubscribe” at any time and are regularly provided with details about how to do so.

We may also keep very basic contact information on medical professionals which is available publicly.

What data 

Data includes:

1.1 Communication information such as e-mail addresses and home addresses. We send magazines and, occasionally, other materials to people who have requested these materials (eg tee shirts and badges).

1.2 We may also hold some information about your location, disease type and other data that allows us to provide general statistics about the distribution and incidence of various autoimmune blistering diseases.

1.3 PEM Friends may use information about the distribution of the membership to decide what interventions may be appropriate. Your information for example, may be used to do data analysis, identifying trends, determining the effectiveness of our promotional campaigns. We may use your information to help us evaluate and improve our plans and your experience of what we do.

1.4 We do not hold any information about any individuals under 18.

Except as set out in this Privacy Policy, we will NEVER share individual information with ANYONE unless you have been asked for, and have given your permission first. However, this does not prevent us making disclosures where required by law.

Lawful basis 

The lawful basis we rely on for processing your personal data are consent, performance of a contract, compliance with our legal obligations, and the legitimate interests of our charitable activities.

If you do not provide us with the personal data we need for the performance of our contract with you, then we may be unable to perform that contract. For example, if you subscribe to our magazine, but do not provide your up-to-date contact details, we will be unable to deliver the magazine to you.

Where does the data come from? 

We ask you to provide basic data when you choose to become a member, subscribe to our e-mails (usually via our website) or when you request a magazine or other “products”.

We may also add public communication information provided by medical professionals.

How is your data held? 

We use Mailchimp ( to collect and store your personal data.

We may use other service providers from time to time who may process your personal data as part of the services they provide to us. This may include our hosting services suppliers and IT services suppliers.

A separate list of addresses provided by people requesting “products” such as tee shirts and magazines, is held on a private computer (excel) and is used to create labels.

PEM Friends will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of any of your personal data will take place to an organization or a country unless there are adequate controls in place including to protect the security of your personal data.

Website data

Your use of our website ( and our subscriber service (Mailchimp) may result in a cookie being placed on your device. We do not use any cookie information. You can instruct your browser to refuse all Cookies or to indicate when a cookie is being sent.

Data security 

Mailchimp access is password protected and this is held by a maximum of 3 members of the PEM Council.

The security of Your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We strive to use commercially acceptable means to protect Your Personal Data, but we cannot guarantee its absolute security.

We are never asked for anything more than broad general information about our membership/subscribers, such as the total numbers. We would never provide anyone with information about individuals unless done with your prior consent. However, this does not prevent us making disclosures where required by law.

Duration of data storage 

We will review our data every 2 years and remind members/subscribers to check if they want to maintain their data provision and accuracy.

The next review date will be April 2025.

It is important that you keep your personal data up to date. If any of your personal data changes, please contact us as soon as possible to let us know. If you do not do this then we may be prevented from providing you with information or materials.

How do we manage our data privacy obligations? 

The PEM Friends management team (the PEM Council) have appointed a Data Protection lead person who maintains a regular view of our activities and our approach to holding information on PEM Friends or any other contacts.

Your rights 

Data protection laws grant individuals rights in respect of their personal data. The rights are as follows, although there are some specific requirements and exceptions that may apply:

  • Access – the right to receive a copy of your personal data;

  • Rectification – the right to have your personal data corrected;

  • Erasure – the right to have your personal data erased;

  • Restriction – the right to restrict the processing of your personal data;

  • Objection – the right to object to the processing of your personal data;

  • Data Portability – the right to have your personal data transferred to a third party.

You also have the right to withdraw your consent to the processing of your personal data at any time. However, please note this will not affect the lawfulness of any processing based on your consent before its withdrawal.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office at any time:


Subscriber service (Mailchimp)

Mailchimp is a way of storing basic personal data and enables PEM Friends to send messages to you using that personal data. We use Mailchimp because it helps to ensure the information is kept private and secure as well as automating our mailings. When you subscribe to our mailing list, your information is automatically transferred to the Mailchimp list.

Cookies or Browser Cookies. A cookie is a small file placed on your Device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

bottom of page