Privacy policy

PRIVACY POLICY

Fundraising and cancer support isn’t our only passion, we’re also passionate about protecting your privacy! We believe in being open and up front with how we use your personal data, and we are committed to making Your Privacy a Priority. If you would like to know more about how we process your personal data, please read our detailed Privacy Policy below.

Weston Park Cancer Charity makes Your Privacy a Priority:

We will collect, process, store and share your personal data safely and securely, by ensuring:

  • You’re always in control: Your privacy will be respected at all times, and we will put you in control of your privacy with easy-to-use tools and clear choices.
  • We work transparently: We will be transparent about the data we collect and how we use that data so that you can make fully informed choices and decisions.
  • We operate securely: We will protect the data that you entrust to us via appropriate security measures and controls. We’ll also ensure that other businesses we work with are just as careful with your data.
  • For your benefit: When we do process your data, we will use it to benefit you, to make your experience better and to improve our products and services.
  1. WHO WE ARE

“Weston Park Cancer Charity” (referred to in this policy as “we”, “us”, “our” or “WPCC”) is a trading name of:

Weston Park Hospital Development Fund

23 Northumberland Road,

Sheffield,

S10 2TX

Registered Company Number:             1480596

 

Registered Charity Number:                 509803

 

We have a Data Protection Lead, who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:

 

Email:       DPO@wpcancercharity.org.uk

 

Mail:          Data Protection Lead

                  Weston Park Cancer Charity

                  23 Northumberland Road

                  Sheffield

                  S10 2TX

 

  1. HOW WE COLLECT YOUR PERSONAL DATA

 

We will collect your personal data in the following ways:

 

  • When you request or use the services we provide;
  • When you purchase our products;
  • When you fundraise or donate money;
  • To assist with DS1500 administration forms for clients;
  • When you create tribute pages to raise money for the charity in the name of an individual who has passed away;
  • When you sign up to our competitions;
  • When you talk with us either over the phone, through email, through social media or in person;
  • When you visit our website;
  • When you make a booking to use our available support services;
  • When you apply to work or volunteer with us;
  • When you subscribe to receive our newsletters or marketing;
  • When you attend our events;
  • When you visit our services centre; and
  • From third parties or publicly available sources (for example, job boards).

 

Failing to provide necessary personal data may mean that we are unable to fulfil your requirements.

 

  1. PERSONAL DATA WE COLLECT ABOUT YOU

 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in the table below.

 

Category of personal data

Description

Identity data

First name, surname, DOB, signature, gender, title, image data, age, preferred name, FMP ID, nationality, racial or ethnic origin

Contact data

Home telephone number, mobile phone number, email address, postal Addresses

Payment data

Account number, sort code, bank branch, invoice total, payment type, billing history, discount, receipt number

Donation Data

Donation amount, method of donation (e.g. cheque, in person, online), fundraising efficiency information (i.e. what fundraising activities are the most profitable for the charity).

Message data

Any data that is contained within a message body or a subject from an individual that the recipient was not expecting to be disclosed.

Technical data

IP address, browser type, The URL which the user originated from, cookies, web beacons

Job data

Current Job title, propositioned job title, job description, contracted hours, start date, schedule

Education data

Qualifications achieved; school/college/university attended, CV data, awards and references

Employment data

Employment history, skills acquired

Fundraising data

Fundraising page title, date of fundraiser, active sports fundraiser, t-shirt size, why they are fundraising, fundraising goal, fundraising currency, page URL, cover photo

Health data

Medical history, cancer diagnosis, medication, stage of treatment.

Lifestyle data

Benefits taken (e.g. DS1500), home life, debt, family, marriage / civil partnership certificate (UK / Channel islands), mortgage statement, utility bill (UK)

Booking data

Booking type, date of the booking, time of the booking, location, ticket amount, event booked

Marketing data

Your preferences in regard to the types of marketing you want to receive.

Volunteer data

Hours available, volunteer work they're interested in, volunteer references

Account data

Account username, account password, profile photo.

 

  1. HOW WE USE YOUR PERSONAL DATA

 

We are only allowed to use your personal data if we have a legal basis to do so, and we are required to inform you of what that legal basis is. We have set out in the table below: the purposes for processing your data, the categories of personal data affected, and the legal ground on which we rely on when we process the personal data.

 

In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.

 

Purposes for processing

Categories of personal data

Legal basis for processing

Legitimate Interests (if applicable)

To capture and use photos and videos of yourself for different business purposes

·        Identity

Consent

 

Legitimate interests

To use agreed photos and videos for marketing purposes.

To administer and manage client stories on our website

·        Identity

·        Health

·        Message

Consent

N/A

To administer purchases made through our website.

·        Identity

·        Contact

·        Payment

·        Technical

Performance of a Contract

N/A

To process and deliver our services to you which you have requested.

·        Identity

·        Contact

·        Payment

·        Donation

·        Health

·        Lifestyle

·        Booking

Performance of a Contract

N/A

To process your job or volunteer application with us.

·        Identity

·        Contact

·        Job

·        Employment

·        Education

·        Volunteer

Performance of a Contract

N/A

To manage our relationship with you, including notifying you about changes to our terms or privacy notices

·        Identity

·        Contact

·        Message

·        Booking

Performance of a Contract

 

Legal Obligation

 

N/A

To register you as a new or prospective supporter or client.

·        Identity

·        Contact

·        Payment

·        Donation

·        Health

Performance of a Contract

 

Legitimate Interests

To ensure that we maintain accurate records of individuals that help to support the charities endeavours.

To administer and manage competitions and events.

·        Identity

·        Contact

·        Payment

·        Booking

Performance of a Contract

 

Legitimate Interests

To provide individuals with the chance to win prizes from the charity.

To manage our different donation and fundraising platforms.

·        Identity

·        Contact

·        Payment

·        Donation

·        Fundraising

·        Account

Performance of a Contract

 

Legitimate Interests

To provide individuals with the opportunity to create a fundraising account.

To administer our marketing communications or newsletters to inform you of charity updates and events.

·        Identity

·        Contact

·        Marketing

Consent

 

Legitimate Interests

To be able to inform individuals of charity news, events or services. (Postal marketing only).

To administer cookies and protect our charity and website

·        Technical

Consent

 

Legitimate Interests

Running our charity, provision of administration and IT service, network security

To manage incoming general enquiries or complaints.

·        Identity

·        Contact

·        Message

Legitimate Interests

To ensure that enquiries and complaints are managed efficiently and in line with the Weston Park Cancer Charity complaints procedure

To talk with you through our social media pages

·        Identity

·        Message

Legitimate Interests

To be able to respond to supporters or members of the public’s comments on our social media pages

 

  1. SPECIAL CATEGORY PERSONAL DATA

 

Special category personal data is personal data that is more sensitive by nature such as health and ethnicity data. At Weston Park Cancer Charity, there will be circumstances where a client needs to inform us of personal data relating to their health, racial or ethnic origin.

 

When we process personal data concerning your health, racial or ethnic origin, our special category condition for processing this information is for Explicit Consent, Article 9 (2)(a) of the UK General Data Protection Regulation.

 

  1. WHO WE SHARE YOUR PERSONAL DATA WITH

 

In order to provide you with our services and meet our legal obligations, we only share your personal data with third parties in the following circumstances:

 

  • To fulfil the services that you have requested us to perform;
  • To process debit/credit card payments, donations or any other transactions authorised by the supporter;
  • To securely manage our client, donor and fundraiser records and information;
  • To handle complaints and improve customer service;
  • To administer and manage our website;
  • To administer and manage your appointments;
  • For clients, your personal data may be shared with medical teams within the NHS to assist you with your treatment;
  • For clients, your personal data will be shared with will writers if you choose to use the Legal Advice service;
  • To administer marketing on behalf of Weston Park Cancer Charity;
  • To assist in the administration of the benefits for clients where required (DS1500);
  • To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations.

 

We’ll never make your personal data available to anyone outside Weston Park Cancer Charity for them to use for their own marketing purposes without your prior consent.

 

  1. THIRD PARTY LINKS

 

Our website includes links to third-party websites and plug-ins. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.

 

  1. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA

 

The European Economic Area (EEA) consists of the EU Member States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside of the EEA, we must tell you and we will rely on one of the following:

 

  • Adequacy Decision: The country we send your personal data to provides an adequate level of protection which has been approved by the European Commission.

 

  • Standard Contractual Clauses: The recipient of your personal data has provided us with signed Standard Contractual Clauses which has been approved by the European Commission. This holds the recipient accountable to safeguard the personal data.

 

  • International Data Transfer Agreement / Addendum (IDTA): The recipient of your personal data has provided us with a signed IDTA which has been approved by the Information Commissioners Office (ICO). This holds the recipient accountable to safeguard the personal data.

 

Circumstances where your personal data may be transferred outside of the EEA are as follows:

 

Purpose of processing

Categories of personal data

Third party

Location

Safeguard

For the administration of marketing.

·        Identity

·        Contact

·        Marketing

MailChimp

United States

SCC’s

Provision of the CRM.

·        Identity

·        Contact

·        Payment

·        Donation

·        Fundraising

·        Marketing

Blackbaud

United States

SCC’s

Administration of the WPCC website.

·        Identity

·        Contact

·        Technical

·        Marketing

Hive IT

United States

SCC’s

Administration of payment services

·        Identity

·        Contact

·        Payment

·        Technical

Stripe

United States

IDTA

Administration of purchases made through our website

·        Identity

·        Contact

·        Payment

·        Technical

Shopify

Australia

 

India

 

United States

SCC’s

 

 

Before we share your personal data with a third party, we will ensure that there is an appropriate Data Processing or Sharing Agreement in place to protect that sharing of data.

 

  1. HOW LONG WE RETAIN YOUR PERSONAL DATA

 

We will keep your personal data for as long as necessary to allow us to carry out our business functions. This includes satisfying any legal, accounting, or reporting requirements. When we assess how long to retain your personal data, we will consider the following:

 

  • Any statutory or legal obligations;
  • The purposes for which we originally collected the personal data;
  • The lawful grounds on which we based our processing;
  • The types of personal data we have collected;
  • The amount and categories of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

 

At Weston Park Cancer Charity, we regularly review the retention of your personal data held within our care to ensure that we are not keeping your personal data for longer than is necessary.

 

  1. HOW WE LOOK AFTER YOUR PERSONAL DATA

 

We will protect your personal data that you have provided to us via appropriate security measures and controls. This includes implementing technical and organisational measures to prevent the loss, misuse or alteration of your personal data. Weston Park Cancer Charity limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.

 

  1. YOUR RIGHTS

 

Everyone in the scope of the UK GDPR has rights relating to the collection and use of their personal data. The rights that apply to your personal data that is held within Weston Park Cancer Charity are listed below:

 

Right to be Informed: We will always be transparent in the way we use your personal data. You will be informed about the processing through relevant privacy policies.

 

Right of Access: You have a right to request access to the personal data that we hold about you and this should be provided to you.

 

Right to Rectification: We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.

 

Right to Erasure: You have the right to have your data ‘erased’ in the following situations:

 

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed;
  • When you withdraw consent;
  • When you object to the processing and there is no overriding legitimate interest for continuing the processing;
  • When the personal data was unlawfully processed; or
  • When the personal data has to be erased in order to comply with a legal obligation.

 

Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data or where exceptions exist within our retention policy, then it may not be erased.

 

Right to Restrict Processing: You have the right to restrict processing in the following situations:

 

  • Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;
  • When processing is unlawful, and you oppose erasure and request restriction instead; or
  • Where we no longer need the personal data, but you require the information to establish, exercise or defend a legal claim.

 

Right to Data Portability: In certain situations, you have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file.

 

Right to Object: You have the right to object to the processing of your personal data in the following circumstances:

 

  • You no longer want to receive direct marketing.
  • Where processing is based on our legitimate interests

 

If you want to exercise any of your rights listed above, please contact us by using the details below.

 

  1. NOT HAPPY?

 

If you feel that Weston Park Cancer Charity have not upheld your rights, we ask that you contact us by emailing DPO@wpcancercharity.org.uk

 

If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the ICO by using the details below. We would be grateful for the opportunity to manage your concerns directly before you approach the ICO so please contact us in the first instance.

 

Address:              Information Commissioner's Office
                              Wycliffe House
                              Water Lane
                              Wilmslow
                              Cheshire
                              SK9 5AF

Telephone:          0303 123 1113

 

Website:               https://ico.org.uk/make-a-complaint/