Data Privacy Statement
To enable us to undertake our charitable objectives we collect and use personal information about individuals. We recognise the trust placed in us by individuals whose information we use. This notice applies to the public, our supporters, volunteers, contractors, and clients.
Protecting your personal information
- how and why, we collect personal information.
- what we do with it.
- when and why, we share it with other organisations, including the types of organisations involved.
- how long we will keep it for.
- the rights and choices you have with regards to your personal information.
Data Protection Laws: any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations, and secondary legislation, for as long as the GDPR is effective in the UK; GDPR: The General Data Protection Regulation (EU) 2016/679. UK and EU Cookie Law: The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
Scope of the policy
How and Why, we obtain Personal Information about you
You may give us information about you by completing information through our website, including our online services or social media platforms) or by contacting us by phone, email or otherwise. This includes information you provide when you:
- search our website.
- submit a service request/enquiry or contact us electronically or otherwise.
- call us.
- contact us by email.
- take part in discussion boards or other forms of social media.
- enter a competition, promotion, survey.
- when you report a problem with the website.
Depending on the circumstances, the personal information we gather about you may include:
- your name
- date of birth
- email address
- phone number
- web browser type and version, operation system
- your activity on the website and the site you exit to
- any further personal information required or which you share through the website.
How We Collect Data
You can find additional information on the more common ways we collect personal information and why below:
Personal information is collected through our application and enrolment process to enable us to verify your identity. We also retain records of the contact you with in relation to provision or proposed provision of our service and any correspondence and communication with you.
We will ask you for some personal details to identify you when you call us and to allow us to confirm who you are. We will hold details of the call for audit and administration purposes.
If you have given us your consent, we may use the information we have collected about you to send you marketing offers and news about our services using various channels such as mail, phone, email, and SMS. We will ask for your consent when you contact us online. You can remove your consent at any time by writing to or sending an email to firstname.lastname@example.org. We will not sell your personal information to any other organisation.
Market research and surveys
We may use your personal information to contact you to carry out market research, to ask you to complete a survey or to request feedback on the products and services we provide to you (including for a short period of time after you are no longer a client of Cancer Card). Where we contact you for such purpose, you are under no obligation to participate.
Automatically Collected Data
To the extent that you access the Website, we will collect your Data automatically, for example: We automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times, and frequency with which you access the Website and the way you use and interact with its content. We will collect your Data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below, headed "Cookies".
Keeping Date Secure
We will use technical and organisational measures to safeguard your Data, for example: - access to your account is controlled by a password and a username that is unique to you. All data is stored locally. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address, email@example.com. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Sharing your personal information
Service providers, Other Organisation’s and Third Parties
We work with carefully selected service providers that carry out certain functions on our behalf. These include companies that help us with:
- technology services
- customer communication
We only share the appropriate level of personal information necessary to enable our suppliers to carry out their services and we always require them to keep the information safe and protected. It is sometimes necessary to disclose your personal information or to add to it from other sources.
Additional Data Sharing Obligations
Other than the circumstances detailed above, we will not disclose your personal information to any third parties, except:
- to the extent that we are required to do so by law, by a government body, by regulatory bodies (such as Information Commissioner's Office (ICO), by a law enforcement agency.
- in connection with any legal proceedings (including prospective legal proceedings)
- to establish or defend our legal rights.
We feel it is important that you are aware of your rights as an individual. You have several rights under the Data Protection laws, including:
- the right to request a copy of the personal information we hold on you. This is known as making a Subject Access Request (SAR). In most cases, this will be free of charge.
- the right to have personal information we hold about you transferred securely to another service provider in electronic form.
- the right to have any inaccurate personal information corrected.
- the right to have any out-of-date personal information deleted once there is no need or legal requirement for us to hold it.
- the right to object or restrict some processing, in limited circumstances and only when we do not have legitimate grounds for processing your personal information.
- the right to object to your personal information being used to send you marketing material. You can remove your consent to marketing at any time.
If you have any concerns or questions about your rights as an individual, please contact us.
Links to Other Websites
Changes of Business Ownership and Control
Cookies is a small text file placed on your computer by a Website when you visit certain parts of the site and/or when you use certain features of a site.
In addition, the Website may place analytical cookies – they allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. You can find a list of Cookies that we use in the Cookies Schedule. You can choose to enable or disable Cookies in your internet browser. For more information generally on cookies, including how to disable them and or delete them, please refer to aboutcookies.org.
Contact us or making a Complaint.
If you have any questions about this notice or believe we have not processed your personal information in accordance with our Data Protection obligations, and that you have been affected by our non-compliance, you can make a complaint to us by contacting:
Address: 22 Stafford Street, Edinburgh, EH3 7BD
If you are not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations. Details on how to do so can be found here on their website (https://ico.org.uk/concerns).