What information do we collect?

We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.

When registering on our site, you will be asked to enter your name and e-mail address to create your account. You may, however, visit our site without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.

When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.

How We Use Your Information

We operate an online community forum to provide peer support for people affected by osteoporosis. When you register for and use our forum, we process your personal information for different purposes using different legal bases:

Core Forum Services (Legitimate Interests)

We process your information based on our legitimate interests as a health charity to provide community support services. This includes:

  • Account management: Creating and maintaining your forum account, including name, username, email address, and password

  • Forum functionality: Displaying your posts and profile information to enable community interaction

  • Content moderation: Monitoring posts to ensure community guidelines are followed and user safety

  • Safety compliance: Implementing measures required by the Online Safety Act to protect users from harmful content

  • Basic analytics: Understanding forum usage to improve our services

  • Email notifications: Sending you updates about forum activity or responses to your posts (If you want to change the frequency of emails, you can change your notification settings in your Forum account. You can also ‘unsubscribe’ from receiving notification emails sent to you by clicking on the link within notification emails).

Our legitimate interests are balanced against your rights through your voluntary participation, transparent information about our processing, your control over posted content, and your ability to delete your account at any time.

Optional Services (Consent)

We will ask for your specific consent before using your information for:

  • Service integration: Connecting your forum account with other ROS services and support

  • Research participation: Including your data in surveys or studies to improve our services

  • Connecting with the broader work of the ROS, including marketing communications: Sending you information about other ROS services and activities [If you consent, a record will be created for you in our Customer Relations Management database (CRM) to facilitate this. It will contain your name and email address. It will not hold any other data about you].

You can withdraw your consent for these optional services at any time without affecting your core forum access. To withdraw consent, email: dataprotection@theros.org.uk

Health information

While we do not intentionally collect detailed health information, we recognise that health-related discussions may occur naturally in our community forum, given our focus on osteoporosis support.

Our approach:

  • Our community guidelines promote peer support rather than medical advice

  • When health information is inadvertently shared, we process it under substantial public interest provisions for supporting individuals with medical conditions

  • We have appropriate safeguards, including content moderation and community guidelines in place to protect your privacy

Your control:

  • You choose what information to share in your posts

  • You can edit or delete your own posts at any time

  • You can contact us to request removal of any content you’re concerned about

We rely on Article 9(2)(g) processing under Schedule 1, Condition 16 of the Data Protection Act 2018 - support for individuals with a particular medical condition (osteoporosis), as our basis for processing health data in line with data protection law.

Data Sharing and Security

Our service provider: Your forum data is processed by Discourse (Civilized Discourse Construction Kit, Inc.) as our technical service provider. We have a comprehensive Data Processing Agreement with Discourse, ensuring they:

  • Only use your data to provide forum services to us

  • Cannot sell or share your data with third parties

  • Implement appropriate security measures to protect your information

  • Delete your data when our agreement ends

Data security: We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

Data location: Your forum data is stored within the EU to ensure GDPR-level protection

Third party sharing: We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. Limited sharing may occur if required by law or to protect user safety.

Your Rights

As a forum user, you have the right to:

  • Access your personal data and download your forum content

  • Correct inaccurate information in your profile

  • Delete your account and personal data

  • Restrict how we process your information

  • Object to processing based on legitimate interests

  • Withdraw consent for optional services without affecting core forum access

How to exercise your rights: You can manage many of these through your forum account settings, or contact us at dataprotection@theros.org.uk for assistance.

Do we use cookies?

A cookie is a small file of letters and numbers that is stored on your browser or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Our website uses cookies to distinguish you from other users of our website.

We use cookies to:

  • Personalise content

  • Provide social media features

  • Analyse our website traffic

We also share information about your use of our site with our social media, advertising and analytics partners, who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

You can at any time change or withdraw your consent from this site by clicking the button on bottom left hand corner of your screen.

For more information please refer to our Cookies Policy

Data Retention

  • Active accounts: We retain your forum data while your account remains active

  • Inactive or deleted accounts: Accounts are considered ‘inactive’ after 730 days of inactivity. For inactive or deleted accounts (when you consciously decide to delete your account), data is managed as follows:

  • If less than one post has been made on an inactive account it is deleted.

  • If more than one post has been made, the account will be anonimised. This means the username is replaced with a generic name (e.g. ‘anon12345’) and all identifying profile information is scrubbed. Posts stay visible on the forum, but are no longer linked to a real user’s account. Anonimised posts are retained in this way to maintain community continuity for other users.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

Contact Us

If you have questions about how we use your information in our forum, or want to exercise your rights, please contact us:

Email: dataprotection@theros.org.uk

Post: Royal Osteoporosis Society, St. James House Lower Bristol Rd, Bath BA2 3BH

You also have the right to complain to the Information Commissioner’s Office if you’re concerned about how we handle your personal data.

For more information please refer to our full Privacy Policy.