At CancerCare we are committed to protecting your privacy and protecting any personal information we obtain about you.
Please read this policy carefully to understand how we collect, use and store your personal information.
Whenever you provide such information, we are legally obliged to use your information in line with all laws concerning the protection of personal information, including the Data Protection Act 1998 as well as the General Data Protection Regulation (GDPR).
CancerCare is registered under the data Protection Act 1998 registration no ZS18017X and any data collected will be used and held in accordance with the requirements of the Data Protection Act 1998.
Who we are
CancerCare North Lancashire and South Cumbria is a registered charity (charity number 1120048). CancerCare’s registered address is CancerCare, Slynedales, Slyne Road, Lancaster, LA 2 6ST. CancerCare is a Company Limited by Guarantee and its Company No is 6241210.
How we collect information about you
We may collect information about you whenever you interact with us. For example, if you are a client, register for one of our events, sign up to our newsletter, donate to us, apply for a job or volunteering opportunity, or otherwise give us any other personal information. We may also collect information about you from other organisations if you have given permission to share or it is available publicly.
What information we collect
When you interact with us, we may collect, names, addresses, email addresses, telephone numbers, IP address, bank account details, dates of birth (for setting up regular Direct Debit Payments) and relevant medical information. Unless you are a client, we do not usually collect sensitive personal data about you e.g. health status unless there is a clear reason for doing so such as a challenge fundraising event or where we need this information to ensure that we provide appropriate facilities or support to enable you to participate in an event. Clear notices will be provided on registration/application forms for such events so it is clear what information is needed and why we need it.
We may collect some or all of this information when you visit our website, depending on how you use it. We monitor how people use our website so we can improve it. However, you can use our website anonymously without giving us information and we don’t know who you are. If you visit our site anonymously we may still record information about:
- The areas of the website you visit
- The amount of time you spend on the site
- Whether you are new to the site, or have visited before
- How you came to our site, for example via a search engine or through an email link
We do this by using Cookies, we will explain more about Cookies later.
How we use this information
CancerCare will use your personal information for a number of reasons including the following:
- In relation to any correspondence you have entered into with us whether by letter, email, social media or another means
- Dealing with your enquiries, requests and complaints
- Process a donation you have made
- For ‘service administration purposes’, which means CancerCare may contact you for reasons related to a donation you have made or the activity or online content you have signed up for
- For internal record keeping
- Complying with our legal obligation policies and procedures
- Process a job application
- To provide you with any information regarding our events or activities or online content you have agreed to receive
- Data screening and cleansing
Will CancerCare share my personal information with anyone else?
We will only share personal information within CancerCare for the purposes for which it was obtained. We will keep your information confidential except where disclosure is required or permitted by the law (for example to Government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime, subject to such bodies providing us with a relevant request in writing). We may use an external data agency using approved public data sources to check that the contact details we have are up to date. In exceptional circumstances where we think someone is at serious risk of being harmed, we may contact the police or a local authority safeguarding team.
How we protect your personal information
We take appropriate physical, electronic and managerial measures to ensure we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary.
Although we use appropriate security measures once we have received your personal information, the transmission of information over the internet is never completely secure. We do our best to protect personal information, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the owner’s risk.
If you use your credit or debit card to donate to us, buy something or pay for a registration on line or over the phone we will ensure this is done securely and in accordance with the Payment Card Industry Security Standards. You can find more information about PCI DSS here https://www.pcisecuritystandards.org/pci_security/.
How long will CancerCare keep my personal information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity e.g. we will keep a record of donations for 7 years. If you request us not to send you marketing information we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
Being able to communicate with you is important as your support will help local families impacted by cancer. And we believe in being open, honest and transparent with our supporters and want you to feel comfortable about your decision to give us your personal information and how we use it.
We will use the details you provide to us to communicate with you about how we are supporting local families affected by cancer across North Lancashire and South Cumbria and the work of our services. We would also like to tell you how your support is helping and other ways you can help in the future whether that’s through volunteering, events or fundraising.
We promise that we will only communicate with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and its quick and easy to let us know that you no longer want to hear from us by calling us on 01524 381820 or email us at firstname.lastname@example.org. We will always respond to your wishes in a sensitive, timely, courteous and professional way.
Please be assured that we will take appropriate measures to keep your personal information safe and secure and we promise not to over contact. We will never pass your personal information on to other organisations for them to use for their own marketing purposes.
In certain instances, we collect and use your personal information by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from us, we have a legitimate organisational interest to use your personal information to respond to you and there is no overriding prejudice to you by using your personal information for this purpose. However, we will always provide you with the option to opt-out of hearing from us. In most instances, however, we will rely on obtaining your consent for our use of your personal information. This is the case, for example where we seek to obtain your consent to receive email marketing from CancerCare.
We will only communicate to you in the way you have told us. For example:
If you actively provided your consent to us along with your email address we may contact you for marketing purposes by email. By subscribing to CancerCare’s emails or opting into email communication from CancerCare you grant us the right to use the email for email marketing.
If you have provided us with your postal address we may send you direct mail about our work unless you have told us that you would prefer not to receive such information.
It’s Your Decision
It is always your decision as to whether you want to receive information about our work, how we raise funds and the ways you can get involved. If you do not want us to use your personal information in these ways please indicate your preferences on the form on which we collect data.
You may opt out of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails.
You can also change any of your contact preferences at any time including telling us that you don’t want us to contact you for marketing purposes by calling 01524 381820 or email us at email@example.com
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Consent from Parents/Guardians if you’re under 13
We are committed to protecting the privacy of young the people that engage with us throughout our website and at fundraising events. Our fundraising events also request specific information about the age of participants. Anyone under the age of 16 must obtain parental or guardian consent before participating in an event organised by CancerCare. Children aged under 13 must obtain the consent of a parent or guardian before providing any personal information.
Cookies are small text files on your device. They are made by your web browser when you visit a website. Every time you go back to that website, your browser will send the cookie file back to the website’s server. They improve your experience of using a website for example, by remembering your preference setting and by measuring your use of a website to ensure that it meets your need. You can find more information about Cookies at www.allaboutcookies.org
You can manually delete old cookies, and stop cookies from being saved to your hard drive in the future. Find out more on the all about cookies website.
On the website generally
We use Google Analytics to understand how people use our website so we can make it more effective. Google Analytics collects anonymous information about what people do on our website, where they came from, and whether they have completed any tasks on the site, for example signing up to volunteer or to donate. Google Analytics tracks this information using cookies and Java Script Code.
Job Applicants and current and former CancerCare employees
If you apply to work at CancerCare we will only use the information you give us to process your application. If we want to disclose information to someone outside the organisation for example, if we need to obtain a reference or we need to complete a Disclosure from the Disclosure & Barring Service, we will make sure we tell you beforehand, unless we are required to do so by the law.
If you are unsuccessful in your job application, we will hold your personal information for six months after we have finished recruiting the post you applied for. After this date we will destroy or delete the information. If you begin employment we keep the information in this file secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us we will keep this file according to our retention guidelines.
You can request details of the personal information we hold about you under the Data Protection Act 1998. We may ask you for an administration fee of £10. If you would like a copy of the information we hold on you, please write to:
Data Protection Officer, CancerCare, Slyne Road, Slynedales, Lancaster, LA2 6ST
How to find out what personal information we hold about you
You have the right obtain confirmation that your personal information is being processed. You also have the right to request a copy of your personal information we hold.
We will provide a copy of your personal information within 40 days of receiving the written request. We may charge a fee not exceeding £10 for dealing with this request.
Should you wish to exercise these rights we require you to prove your identity with two pieces of approved identification. Please address requests to the Data Protection Officer.
If you wish to make a request to see your data you can complete the Subject Access Request Form. Alternatively, please ensure you provided us with all the requested information in an alternative format to help us to locate your records.
If you would like a copy of the information we hold on you, please write to:
Data Protection Officer
CancerCare North Lancashire & South Cumbria
Or email firstname.lastname@example.org
Or call us on 01524 381820
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
When does the right to data portability apply?
The right to data portability only applies:
- to personal data that you have provided to a controller;
- where the processing is based on your consent or for the performance of a contract; and
- when processing is carried out by automated means.
CancerCare must provide the personal data in a structured, commonly used and machine readable form. Open formats include CSV files. Machine readable means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.
If the personal data concerns more than one individual, CancerCare must consider whether providing the information would prejudice the rights of any other individual.
CancerCare must respond within one month.
This can be extended by two months where the request is complex or we receive a number of requests.
You have a choice about whether or not you wish to receive information from us. If you do not wish to receive direct marketing communications from us about the vital work we do and our exciting events or products, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have given us your prior consent. We will not contact you for marketing purposes by post if you have indicated you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email at email@example.com
How to change the personal information we hold about you
If you want to update the information we hold for you, or you think any information we have about you is incorrect or incomplete, please get in touch as soon as possible.
You can contact us using the same details above.
Policy adoption date February 2018
Review date February 2019
[Your full address]
[Name and address of the organisation]
Dear Sir or Madam
Subject access request
[Your full name and address and any other details to help identify you and the information you want.]
Please supply the information about me I am entitled to under the Data Protection Act 1998 relating to: [give specific details of the information you want, for example
- your personnel file;
- emails between ‘A’ and ‘B’ (between 1/6/11 and 1/9/11);
- your medical records (between 2006 & 2009) held by Dr ‘C’ at ‘D’ hospital;
- CCTV camera situated at (‘E’ location) on 23/5/12 between 11am and 5pm;
- copies of statements (between 2006 & 2009) held in account number xxxxx).
If you need any more information from me, or a fee, please let me know as soon as possible.
It may be helpful for you to know that a request for information under the Data Protection Act 1998 should be responded to within 40 days.
If you do not normally deal with these requests, please pass this letter to your Data Protection Officer. If you need advice on dealing with this request, the Information Commissioner’s Office can assist you and can be contacted on 0303 123 1113 or at ico.org.uk