Data Privacy Statement

To enable us to undertake our charitable objectives we collect and use personal information about individuals. We recognise the trust placed in us by individuals whose information we use. This notice applies to the public, our supporters, volunteers, contractors, and clients.


Protecting your personal information

This privacy policy applies between you, the User of this Website and Cancer Card, the owner and provider of this Website. Here at Cancer Card, we are committed to protecting and respecting your privacy. Looking after the personal information that we collect is one of our top priority and we want you to be confident that your information is safe. This statement lets you know:

  • how and why, we collect personal information.
  • what we do with it.
  • when and why, we share it with other organisations, including the types of organisations involved.
  • how long we will keep it for.
  • the rights and choices you have with regards to your personal information.

Our policy means that we hold all personal information securely and limit access to those who need to see it. It applies to our use of all data collected by us or provided by you in relation to your use of the Website. Please read this privacy policy carefully.


Regulations

Data Protection Laws: any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations, and secondary legislation, for as long as the GDPR is effective in the UK; GDPR: The General Data Protection Regulation (EU) 2016/679. UK and EU Cookie Law: The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.


Scope of the policy

This privacy policy applies only to the actions of Cancer Card and Users (you) with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites. For purposes of the applicable Data Protection Laws, Cancer Card is the "data controller". This means that we determine the purposes for which, and the way, your Data is processed.


How and Why, we obtain Personal Information about you

You may give us information about you by completing information through our website, including our online services or social media platforms) or by contacting us by phone, email or otherwise. This includes information you provide when you:

  • search our website.
  • submit a service request/enquiry or contact us electronically or otherwise.
  • call us.
  • contact us by email.
  • take part in discussion boards or other forms of social media.
  • enter a competition, promotion, survey.
  • when you report a problem with the website.
This also includes data we received from other sources and data that is automatically collected such as google analytics.

Depending on the circumstances, the personal information we gather about you may include:

  • your name
  • address
  • date of birth
  • email address
  • phone number
  • web browser type and version, operation system
  • your activity on the website and the site you exit to
  • any further personal information required or which you share through the website.

How We Collect Data

You can find additional information on the more common ways we collect personal information and why below:

Service Request/Enquiry
Personal information is collected through our application and enrolment process to enable us to verify your identity. We also retain records of the contact you with in relation to provision or proposed provision of our service and any correspondence and communication with you.

Phone calls
We will ask you for some personal details to identify you when you call us and to allow us to confirm who you are. We will hold details of the call for audit and administration purposes.

Direct marketing
If you have given us your consent, we may use the information we have collected about you to send you marketing offers and news about our services using various channels such as mail, phone, email, and SMS. We will ask for your consent when you contact us online. You can remove your consent at any time by writing to or sending an email to hello@cancercard.org.uk. We will not sell your personal information to any other organisation.

Market research and surveys
We may use your personal information to contact you to carry out market research, to ask you to complete a survey or to request feedback on the products and services we provide to you (including for a short period of time after you are no longer a client of Cancer Card). Where we contact you for such purpose, you are under no obligation to participate.

Automatically Collected Data
To the extent that you access the Website, we will collect your Data automatically, for example: We automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times, and frequency with which you access the Website and the way you use and interact with its content. We will collect your Data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below, headed "Cookies".

Keeping Date Secure

We will use technical and organisational measures to safeguard your Data, for example: - access to your account is controlled by a password and a username that is unique to you. All data is stored locally. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address, hello@cancercard.org.uk. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.


Data Retention

Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes. Once information is no longer required if is disposed of securely.


Sharing your personal information


Service providers, Other Organisation’s and Third Parties

We work with carefully selected service providers that carry out certain functions on our behalf. These include companies that help us with:

  • technology services
  • customer communication

We only share the appropriate level of personal information necessary to enable our suppliers to carry out their services and we always require them to keep the information safe and protected. It is sometimes necessary to disclose your personal information or to add to it from other sources.


Additional Data Sharing Obligations

Other than the circumstances detailed above, we will not disclose your personal information to any third parties, except:

  • to the extent that we are required to do so by law, by a government body, by regulatory bodies (such as Information Commissioner's Office (ICO), by a law enforcement agency.
  • in connection with any legal proceedings (including prospective legal proceedings)
  • to establish or defend our legal rights.

Your Rights

We feel it is important that you are aware of your rights as an individual. You have several rights under the Data Protection laws, including:

  • the right to request a copy of the personal information we hold on you. This is known as making a Subject Access Request (SAR). In most cases, this will be free of charge.
  • the right to have personal information we hold about you transferred securely to another service provider in electronic form.
  • the right to have any inaccurate personal information corrected.
  • the right to have any out-of-date personal information deleted once there is no need or legal requirement for us to hold it.
  • the right to object or restrict some processing, in limited circumstances and only when we do not have legitimate grounds for processing your personal information.
  • the right to object to your personal information being used to send you marketing material. You can remove your consent to marketing at any time.

If you have any concerns or questions about your rights as an individual, please contact us.

Links to Other Websites

This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.


Changes of Business Ownership and Control

Cancer Card may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of the company. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us. We may also disclose Data to a prospective purchaser of our business or any part of it. In the above instances, we will take steps with the aim of ensuring your privacy is protected.


Cookies

Cookies is a small text file placed on your computer by a Website when you visit certain parts of the site and/or when you use certain features of a site.

The Cancer Card website may place and access certain Cookies on your computer. Cancer Card uses Cookies to improve your experience of using the Website and to improve our range of services. Cancer Card has carefully chosen these Cookies and has taken steps to ensure that your privacy is always protected and respected. All Cookies used by this Website are used in accordance with current UK Cookie Law. Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

In addition, the Website may place analytical cookies – they allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. You can find a list of Cookies that we use in the Cookies Schedule. You can choose to enable or disable Cookies in your internet browser. For more information generally on cookies, including how to disable them and or delete them, please refer to aboutcookies.org.


Changes to this Privacy Policy

Cancer Card reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations. This was last updated January 2021.

Contact us or making a Complaint.

If you have any questions about this notice or believe we have not processed your personal information in accordance with our Data Protection obligations, and that you have been affected by our non-compliance, you can make a complaint to us by contacting:
Cancer Card
Address: 22 Stafford Street, Edinburgh, EH3 7BD
Email: hello@cancercard.org.uk

If you are not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations. Details on how to do so can be found here on their website (https://ico.org.uk/concerns).