Pancreatic Cancer Research Fund has always sought to respect people’s personal data. We regularly evaluate our processes and protocols to make sure we are following both the spirit and the letter of the General Data Protection Regulation (GDPR) and other legislation relating to personal data. We highly value our relationships with people affected by pancreatic cancer, health professionals, and all other beneficiaries, fundraisers and supporters. Maintaining these relationships will continue to be a top priority for us.
Pancreatic Cancer Research Fund (“we”) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect. We will comply with the six principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner that ensures appropriate security.
This Privacy Notice sets out the data processing practices carried out by Pancreatic Cancer Research Fund in relation to personal data about supporters, event attendees, volunteers and newsletter subscribers. For the purposes of this Notice, the data controller is Pancreatic Cancer Research Fund. For the purpose of this Notice we will use the group term ‘supporters’ to describe any one of these groups.
If you have any queries or requests concerning your personal data or would like to contact us about your preferences please contact us at Pancreatic Cancer Research Fund, P. O. Box 47432, London,N21 1XP or at firstname.lastname@example.org, or call us on 020 8360 1119.
Our communications include our services and events, pancreatic cancer news, and opportunities to support us. If you are not already receiving these communications, but would like to, please contact us on email@example.com or 020 8360 1119.
We store your data on our database, which is hosted in the UK. We keep this database updated with your contact preferences.
Why your personal information is important
Developing a better understanding of our beneficiaries and supporters through your personal data allows us to make better decisions about our work, fundraise more efficiently and, helps us to provide much-needed support to people with pancreatic cancer.
Support for people affected by pancreatic cancer
We run services to provide support to anyone affected by pancreatic cancer and collect personal data in order to provide those services. This includes our face-to-face events, our guides and information.
If you use our charitable support services, we may record personal information that you choose to give us and that is needed to keep you safe and is necessary to deliver our services. An example of this is information about your health status, dietary preferences, or emergency contact details for an event. We will only use this information for the purposes of providing our charitable services.
We may also collect and retain your information if you send feedback about our services or if you make a complaint.
We will use your personal information:
- to deal with your enquiries and requests
- to provide you with information and updates about products or services that you have requested
- to invite you to participate in projects or activities
- for administration purposes
- to further our charitable aims including through fundraising
- for training, quality monitoring or evaluating the services we provide
- to analyse and improve the operation of our website and to analyse your engagement with our website
Pancreatic Cancer Research Fund does not share sensitive personal information you provide to us with anyone, except in exceptional circumstances to comply where legally required. For more information please ask us about our Safeguarding Policy.
If you support us, for example if you make a donation, volunteer, register to fundraise or sign up for an event, we will usually collect:
- Your name
- Your contact details
- Your date of birth
- Your bank or credit card details.
Where it is appropriate we may also ask for:
- Information relating to your health (for example if you are taking part in a high risk event)
- Why you have decided to donate to us (for example we ask if you’ve had a diagnosis of pancreatic cancer, or are a family member or friend, or a health professional). We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.
We will use your data to:
- Provide you with the services, products or information you asked for
- Administer your donation or support your fundraising, including processing gift aid
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Understand how we can improve our services, products or information.
We will contact you in accordance with your preferences and the law to let you know about the progress we are making, to ask for donations or other support, and / or to tell you more about the services we offer. You have the right to change these at any time, for example by clicking unsubscribe on email communications. We make it easy for you to tell us how you want us to communicate, and we include information on how to opt out of different types of contact when we send you marketing communications. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us on firstname.lastname@example.org or 020 8360 1119 to update us.
Occasionally, we may include information from third party organisations working with us in our communications – for example an organisation running an event or selling a product to raise money for Pancreatic Cancer Research Fund. We do not give your data to these organisations.
We do not sell, rent or share personal details to third parties, including other charities, for their marketing purposes. But, if we run an event in partnership with another named organisation your details may need to be shared, for example on the guest list for an event at an external venue. We will be clear what will happen to your data when you register.
Our legal basis for processing your information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- you have given us consent,
- where it is necessary for our or a third party’s legitimate interests, which are to further our charitable objectives, and your interests and rights do not override those interests,
- or where we need to comply with a legal or regulatory obligation.
We will only use sensitive personal data:
- provided we have your explicit consent to use it,
- where we believe that we need to use that data to protect your vital interests where you are not able to provide us with your explicit consent,
- where it is necessary for reasons of substantial public interest,
- where you have previously made that data public knowledge, or
- if we need to use that data to establish, exercise or defence legal claims.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Keeping your information secure
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
- PCI DSS standards. We comply with the Payment Card Industry Data Security Standards in relation to debit/credit card payments made on our website.
- Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
- Firewalls and encryption. We use industry-standard and up-to-date firewall and encryption technology.
- Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards.
Brexit and transferring your data to countries in the European Economic Area (EEA)
Organisations in the UK processing the personal data of EU citizens will need to comply with both the UK data protection law (namely the Data Protection Act 2018, UK GDPR and the Privacy and Electronic Communications Regulations 2003) and the EU GDPR.
Pancreatic Cancer Research Fund has considered the territorial scope of the EU GDPR and considers that this legislation does not apply to it. This is because the charity is not offering goods or services, or monitoring the behaviour of EU data subjects.
Pancreatic Cancer Research Fund relies on a number of Third Parties to process income on our behalf such as JustGiving and Facebook. These Third Parties may make restricted transfers of data to Pancreatic Cancer Research Fund if any of their operations are based outside of the UK and in such instances, it is the third party’s responsibility to ensure that the personal data is protected. Upon receipt of the data, Pancreatic Cancer Research Fund will ensure that any EU data subjects’ personal data is protected and treat personal data with care and due diligence.
Occasionally, Pancreatic Cancer Research Fund will need to upload data of UK data subjects to a Third Party’s site, and any transfer of data will be done securely and in accordance with the UK GDPR. In particular, this means that whenever Pancreatic Cancer Research Fund transfers data outside of the UK, or the protection of the UK GDPR, it will ensure the rights of individuals are protected in the recipient country for example, through the use of standard contractual clauses.
How we gather information
The type and quantity of information we gather and how we use it depends on why you are providing it. We gather information in the following ways:
When you give it to us directly
You may give us your information in order to sign up for one of our support events, contact the Support Line, to fundraise for us, tell us your story, make a donation, sign up to receive our newsletters or communicate with us directly.
When you give it to us indirectly
When you have given other organisations permission to share it
You may have provided your details to other organisations that work with us, for example when buying a product or services.
When we collect it as you use our website
The type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
In addition, we use Google Analytics (GA) to help analyse how users interact with our website. The GA code uses ‘cookies’, which are text files placed on your computer (or phone or other device), which make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. The code collects standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for Pancreatic Cancer Research Fund.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other personal data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.
You may choose to accept or decline cookies. If you reject cookies then be aware that this may disable some of the functionality on our website. You can also prevent Google Analytics by using a tracking-blocker, such as Privacy Badger, clearing your cookies after every browsing session, or installing the Google Analytics opt-out extension
Employees, volunteers and job applicants
If you apply to work or volunteer at Pancreatic Cancer Research Fund, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the charity – for example, if we need a reference, or need to get a disclosure from the Criminal Records Bureau – we will make sure we tell you beforehand, unless we are required to disclose this information by law.
If you are unsuccessful in your job application, we will hold your personal information for six months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes, but this does not contain any information that could be used to identify individual job applicants.
When you start working for us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us, we will keep this file according to our document retention policy. You can contact us to find out more about this.
How we keep your data safe and who has access
We ensure that there are appropriate technical controls in place to protect your personal details. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We ensure all data transferred is protected by using a secure data transfer site.
Some of our suppliers run their operations outside the European Economic Area (EEA), for example suppliers who have headquarters in other countries. Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK legislation. By submitting your personal information to us you agree to this transfer, storing or usage at a location outside the EEA.
We may need to disclose your details if required to the police, regulatory bodies or legal advisers or in exceptional circumstances as outlined in our Safeguarding policy. Regulatory bodies include HMRC, the Charity Commission or Office of the Scottish Charity Regulator, the Information Commissioner’s Office and the Fundraising Regulator.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Keeping your information up to date
We would really appreciate it if you let us know if your contact details change so that we can continue to stay in touch with you.
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where:
- (i) the information we hold about you is inaccurate;
- (ii) we are unlawfully using your information;
- (iii) we no longer need to use the information; or
- (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
- You have the right to object to us using/storing your information for direct marketing purposes.
If you want to access your information, please send a description of the information you want to see and proof of your identity by post for the attention of the Data Manager, Pancreatic Cancer Research Fund, 30 Angel Gate, London, EC1V 2PT. We do not accept these requests by email in order to ensure that we only provide personal data to the right person.
If you have any questions please send these to us at the address above or email@example.com and for further information see the Information Commissioner’s guidance.
If we have not been able to deal satisfactorily with any concerns you may have over how we have processed your personal information, you have a right to make a complaint to the Information Commissioner’s office on 0303 123 1113 or ico.org.uk/global/contact-us.
How long we keep your information for
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
|Legal basis||Length of time|
|Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject||We will use/store your data for as long as it is necessary for us to comply with our legal obligations|
|Where we use/store your data because it is necessary for our legitimate business interests||We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data until we no longer have a legitimate interest in using/storing your data|
|Where we use/store your data because you have given us your consent||We will use/store your data until you ask us to stop|
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Please ask us if you would like more information about how long we retain your information for.
Changes to this Notice
We may change this Privacy Notice from time to time. If we make any significant changes to this notice and the way we hold personal data, we will make this clear on the Pancreatic Cancer Research Fund website or by contacting you directly.
If you have any questions, comments or suggestions, please let us know by contacting us at Pancreatic Cancer Research Fund, 30 Angel Gate, London, EC1V 2PT or email us on firstname.lastname@example.org.
This Privacy Notice was updated in July 2022 in compliance with the General Data Protection Regulation (GDPR).