Working with Duchenne

Privacy Policy

Effective Date: [January 1st 2026]

Decipha CIC (“we,” “us,” or “our”), is committed to protecting your privacy and personal data. This Privacy Policy, or “Privacy Notice,” explains how we collect, use, and store your personal data in compliance with the General Data Protection Regulation (GDPR).

1. About Us (Data Controller)

Decipha CIC is the Data Controller for the personal data we process, meaning we determine the purposes and means of processing your data.

  • Organisation Name: Decipha CIC
  • Website: https://www.decipha.org/
  • Registered Address: [51 Bisterne Avenue London E17 3QR]
  • Contact for Data Protection: Nick Catlin, Director and Data Protection Manager
  • Email: [nick@decipha.org]
  • Phone: [07808547479]

2. What Information We Collect

We collect and process various types of personal data, which you provide to us directly, or which we collect automatically when you use our services.

Category of DataExamples of Data CollectedHow is it Collected?
Identity DataName, date of birth, gender.Directly from you (e.g., application forms, sign-up, email).
Contact DataEmail address, postal address, telephone number.Directly from you.
Special Category DataInformation concerning health, such as Duchenne Muscular Dystrophy (DMD) family information, or other SEND needs.Directly from you and/or legally designated professionals (e.g., in assessment reports).
Usage DataInformation about how you use our website, IP address, browser type, device information.Automatically via cookies and server logs when you visit our site.
Communication DataRecords of correspondence, including email threads and support messages.When you communicate with us via email, phone, or other channels.

Special Category Data: Since Decipha CIC works with families, mostly parents of boys with DMD, we may process sensitive data related to health. We will only process this data with your explicit consent or where strictly necessary to provide our services and with appropriate safeguards in place. 

3. The Legal Bases for Processing Your Data

Under the GDPR, we must have a lawful basis to process your personal data. We rely on the following bases:

  • Consent: You have given clear, affirmative consent for us to process your personal data for a specific purpose (e.g., for us to hold basic contact data for service provision).
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law (e.g., safeguarding requirements or tax law).
  • Legitimate Interest: The processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests. Our legitimate interests include providing customer support, managing our services, and improving our internal processes.
  • Vital Interests: The processing is necessary to protect someone’s life.

4. How We Use Your Information (Purpose of Processing)

We process your data for the following purposes:

  • Service Delivery: To provide and manage the services you request, including offering a high-quality service to Decipha users.
  • Communication: To contact you by email, phone, or SMS, to respond to your inquiries, and for administrative purposes.
  • Compliance: To comply with legal obligations and to ensure we have read our Privacy, terms, and conditions, and safeguarding policies.
  • Marketing (Only with Consent): To send you information about our services, events, or news, but only if you have actively opted-in. You have the opportunity to unsubscribe from our current list at any time.

5. Who We Share Your Data With

We may share your personal data with the following third parties:

  • Service Providers: Third-party providers who perform services on our behalf (e.g., website hosting, email services, CRM systems like Solve 360).
  • Legal/Regulatory Bodies: Where we are legally required to disclose your information (e.g., for a statutory obligation).
  • Partner Organisations: Organisations with whom we work to provide support, such as Duchenne UK.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. How Long We Store Your Data (Retention)

We will not store your personal data for longer than is necessary for the purposes for which it was collected.

  • Contact Records: We will keep your contact data (first name, surname, email, phone) until you unsubscribe or request erasure.
  • Service Records: [7 years after the termination of services].
  • Special Category Data (Health): [While the individual is a service user and for a set period thereafter, or as required by law].

7. Your Data Protection Rights (The Data Subject Rights)

Under the GDPR, you have the following rights regarding your personal data:

  1. The right to be informed: The right to know about our data processing activities, as outlined in this policy.
  2. The right to access: You have the right to request a copy of the personal data we hold for you. We will provide this free of charge.
  3. The right to rectification: The right to have inaccurate or incomplete data corrected.
  4. The right to erasure (“Right to be Forgotten”): The right to request that we delete your personal data, under certain conditions.
  5. The right to restrict processing: The right to request that we limit the way we use your personal data, under certain conditions.
  6. The right to data portability: The right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
  7. The right to object: The right to object to our processing of your personal data, under certain conditions.
  8. Rights in relation to automated decision making and profiling: The right to not be subject to a decision based solely on automated processing.

If you wish to exercise any of these rights, please contact the Data Protection Manager (see Section 1).

8. How to Contact the Appropriate Authority

Should you wish to report a complaint or if you feel that Decipha CIC has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

  • ICO Website: [https://ico.org.uk/]
  • ICO Contact Details: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 0303 123 1113

9. Changes to Our Privacy Policy

We regularly review our Privacy Policy and will place any updates on this web page. This Privacy Policy was last updated on [January 2026].

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by