The Autism Directory


We are The Autism Directory, an England and Wales charitable company limited by guarantee (with company number 7373840), charity number 1143855.


We take our duty to process your personal data very seriously. This policy explains how we collect, manage, use and protect your personal data.  Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.  The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).


If you would like more information or would like to change the way we communicate with you, please contact us here:


What information does The Autism Directory collect about me?

Personal information is collected directly from you when you interact with The Autism Directory, for example signing up to a campaign action, enquiring about an event, participating in an event, registering as a volunteer or ambassador, signing up to our newsletter, calling our helpline, purchasing a product, making a donation or otherwise communicate with us. Information may be collected in person, over the phone, online, on paper or by SMS. 

The information we collect will typically include:


Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive.  Examples of this type of sensitive data would be information about health (including diagnosis of autism), race, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information.  

We only collect this type of information to the extent that there is a clear reason for us to do so, for example asking for health information if you are taking part in a sporting event, or where we ask for information for the purpose of providing appropriate facilities or support.   We will also collect this type of information if you make it public or volunteer it to us.

Wherever it is practical for us to do so, we will make why we are collecting this type of information clear and what it will be used for.

When you use our websites, we use Google Analytics and we collect your personal information using ‘cookies’ – more details in our Cookie policy here

We may also receive information about you from other sources, as explained below.


How is my information used?

The Autism Directory complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.


We collect this information in order to process your requests and to also keep in touch with you about The Autism Directory’s work. Examples include:


How do you work with third parties in processing my personal data?

Certain third party organisations collect data on our behalf as well as for their own use. We may receive your personal details from third party organisations for our marketing purposes where you have consented for this information to be shared.

Third party organisations we currently receive data from are JustGiving, Virgin Money Giving, BT MyDonate, certain Event companiesand Eventbrite. These organisations will have their own data protection and privacy policies which you should be aware of before signing up.

We may also disclose or use personal information if required to do so by law and may use external data for the purposes of fraud prevention, for example to comply with money laundering regulations, or otherwise to protect the rights, property or safety of individuals.

Your information may be used to ensure that The Autism Directory complies with the Fundraising Regulator’s Code of Fundraising Practice, which stipulates that we must take steps to assess and manage risks to our work and reputation with regard to certain levels of donation. More details can be found at


What is the legal basis for processing my personal data ?

Data protection laws mean that each use we make of personal information must have a “legal basis”.  The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.






We consider our legitimate interests to include all of the day-to-day activities The Autism Directory carries out with personal information.  Some examples not mentioned under the other bases above where we are relying on legitimate interests are:

We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.

When we use sensitive personal information we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).


How secure is the information I give you?

The Autism Directory takes the care of your data seriously and undertakes to protect your personal information in a range of ways including secure servers, firewalls and SSLencryption.

We follow payment card industry (PCI) security compliance guidelines when processing credit card payments and any personal information transferred between locations will be both encrypted and password protected. Unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.


How long will you keep my information?

We will retain your information for as long as you have an active relationship with The Autism Directory. If you cease to have an active relationship with us or request to receive no further contact, we will retain some basic information in order to avoid sending you unwanted materials in the future.

In some cases we are required to keep some personal information for tax or health and safety purposes as well as records of your interactions with us. We have specific criteria for these cases and for how long we must retain your information.

Will my information ever go outside Europe?

The Autism Directory is aware that countries outside the European Economic Area have differing approaches to data privacy laws, and that enforcement may not be as robust as it is within Europe’s borders. 

Organisations we work with who process data in the USA have verified their data processing standards meet the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing data from EU citizens. 


What are my rights with regards to my personal data ?

Unless subject to an exemption you have the following rights with respect to your personal data:



How do I request an information access report?

To request an information access report which details the information we hold about you, please send your request in writing to the The Autism Directory Data Protection Officer at the following address:

Data Protection Officer
Unit 21 Business Development Centre

Treforest Industrial Estate

Rhondda CynonTaf

CF37 5UR


We aim to issue an initial response to all enquiries within five working days, and will offer a full response to all information access requests within thirty working days of receipt. The Autism Directory will provide a copy of this information free of charge.


Further processing

If we wish to use your personal data for a new purpose, not covered by this GDPR notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.


Policy updates

This policy was last updated in May 2018.  

The Autism Directory reserve the right to make alterations from time to time.  Please check our website from time to time for the latest version.