Privacy and Cookie Policy

Weston Park Cancer Charity (“We”) are committed to protecting and respecting your privacy and aim to be clear and open about how your data is used.

This Privacy Policy (the ‘Policy’) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We ask that you read this Policy carefully as it contains important information about how we will use your personal data.

We only collect and use your information for the lawful purposes of administering the business of the Charity or for HR purposes if you are a staff member or volunteer; this includes the operation of the Cancer Support Centre in addition to the fundraising and grant giving activities of the charity.

How we will use your data

For the purpose of the General Data Protection Regulations (GDPR) the data controller is Weston Park Cancer Charity of Whitham Road, Sheffield, S10 2SJ (Registered Charity No. 509803).

Where we collect information about you from:

1. Directly

You may give us personal data about you (such as your name, address, e-mail address and phone number, financial and credit card information) whenever you contact us, either by telephone, letter, our websites including www.westonpark.org.uk and www.cancersupportcentre.co.uk (the “Websites”), or in any other way. For example, we will obtain your personal data when you contact us to make a donation, communicate with us or sign up to receive email or postal updates from us. When you contact us, we may keep a record of that correspondence.

2. Indirectly

We may also receive information about you that you provide to other sources (such as online giving platforms including Just Giving or Virgin Money Giving, payment sites such as PayPal or our email marketing distributors, such as Mailchimp, which we may add to and merge with any information we already hold about you). You should check their Privacy Policy when you provide your information to fully understand how they will process your data. We may also receive information that you post or contribute to our social media pages (e.g. in comments, messages and photographs on Facebook, Twitter or other social media).

In some circumstances, we also receive information about you from third parties that provide us with data to help us understand how we can provide the best experience for our donors and how to best connect with you.

This information includes updated contact details (so we don’t waste the charity’s money sending mailings to the wrong home) using third parties such as the Fundraising Preference Service.

Personal and Special data we may collect about you to provide a service to you

In addition to the personal data we also may collect special categories of personal data (sensitive data), particularly health information, in order for us to provide you with a service.

Personal and Special data we may collect about you as an employee or volunteer

We also process special categories of personal data (sensitive data) to enable us to support employment or volunteering. For example racial and ethnic origin, offences (including alleged offences), criminal proceedings, outcomes and sentences, trade union membership, religious or similar beliefs, employment tribunal applications, complaints, accidents, and incident details.

If we are processing any personal information that is regarded as ‘special category’ or ‘sensitive’ as referred to above, we will only do this with your explicit consent.

What personal data we collect and how we use it

The type of information we collect and how we will use it will depend on why you are providing it.

If you support us, for example make a donation, volunteer, register to fundraise or sign up for an event, we will usually collect:

• Your full name
• Your contact details
• Your date of birth

Where it is appropriate we may also ask for:

• Your bank or credit card details
• Information relating to your health (so we can provide you with appropriate help and support or we can assess your suitability to take part in an event)
• If you are fundraising, we may ask why you have decided to support us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.

Examples of how we could use your data:

• Help us identify you and any previous contact we may have had with you;
• Administer any donations made and to provide you with fundraising information, products and services
• Provide you with appropriate information about help and support if you are accessing the Cancer Support Centre
• For claiming Gift Aid, if applicable
• Keep you updated on the work that we are doing and informing you of future fundraising campaigns by providing you with direct marketing communications through a number of channels
• Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
• Notify you about changes to our services
• Ensure that content from our site is presented in the most effective manner for you and for your computer or other device
• Seek feedback on how we can improve the service we offer
• Fraud prevention and detection
• Security vetting
• Improving our services
• Analyse the effectiveness of our marketing and communication
• Keep a record of your relationship
• We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of training, fraud prevention and compliance
• We may monitor your use of the Website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit our website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see refer to our cookie policy for further information
• If you receive emails from us we may also be able to monitor which of our emails you have opened and any links within the emails that you click on

Legal basis for using personal data

Weston Park Cancer Charity relies on the following legal conditions that are described:

• Consent: When you opt-in to receive information from us we use this consent to send you updates about our news, events and fundraising activities.
• Legal obligations: Sometimes it is necessary to process your data for us to comply with our legal obligations, like when we send GiftAid information to HMRC.
• Legitimate interest: We have conducted a legitimate interest assessment and will, in some circumstances, rely on sending you information by post. Unless you have specifically opted out of communications, you may receive information from us.
• Vital interest: where processing is needed to protect your vital interests (or those of someone else) e.g. in an emergency.
• As an equal opportunities employer, we may process your data to allow us to monitor our diversity and evaluate our training and development needs
• Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

We will never sell, rent, or trade your personal data however we may disclose your personal data to:

• our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR and PECR ).
• We also may disclose your information if required by law or to enforce our legal rights.
• our agents and service providers (who help run some of our administrative operations such as web hosting, payment processing, maintenance services or email distribution) some of whom may be outside the EEA (see ‘Transfers of data out of the EEA’ below);
• in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect the rights, property, or safety of WPCC, our clients, or others. This may also include exchanging information with other companies and organisations for the purposes of fraud protection;
• If WPCC is acquired by another company, personal data held about its clients and supporters will included in the assets transferred.

You have the right to request access to data (Right of Access) which we may process about you.

If you wish to exercise this right you should:

• Put your request in writing
• Include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill)
• Specify which information you are seeking

You have the right to require us to correct any inaccuracies (Right to Rectify) in your data free of charge.

If you wish to exercise this right you should:

• put your request in writing
• provide us with enough information to identify you
• specify the information that is incorrect and what you believe should replace it.
• If upon receipt of this request we agree that the data is incorrect we shall make corrections. Whatever action we take, we will write back to you to inform you of our findings and if necessary any actions we have taken.

You also have the right to ask us to stop processing (Right to Restrict Processing) your personal data for direct marketing purposes.

If you wish to exercise this right you should:

• Put your request in writing (an email sent to preferences@sth.nhs.uk with a header that says ‘Unsubscribe’ is acceptable)
• Provide us with enough information to identify you
• If your objection is not to direct marketing in general, but to direct marketing by a particular channel (eg email or telephone) please specify the channel you are objecting to.

It is also possible to unsubscribe from email marketing only using the ‘unsubscribe’ link provided in each email we send.

You have the right (in certain circumstances) to have personal information held about you erased from our records if it is determined we no longer need it (Right to be Forgotten).

You have the right to have inaccurate personal information amended (Right to Rectification).

The right to ask us to stop using your information in certain situations (Right to Restrict Processing).

You have the right (in certain circumstances) to have a copy of your personal information provided for reuse in another service (Right to Data Portability).

You are able to object (Right to Object) to direct marketing, processing, research and processing based on legitimate interest.

You have the right not to be subject to a decision based on automated processing (Right not to be Profiled)

We will endeavour to update your details as quickly as possible, but please note this may take up to six weeks from the original request date. If you request to be forgotten, this could take up to 6 months to be fully erased.

Our CRM provider shall provide fully restorable, client data backups in accordance with the following:

Nightly: Retained on-site for one week
Weekly: Retained off-site for four weeks
Monthly: Retained off-site for six months (Monthly backups are taken on the last weekend of the month)

A cookie is a small file which is placed on your computer by a site when you visit it. Basic cookies contain the site name and a unique user ID. The next time you visit that site, your browser checks to see if it has a cookie for it and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and can, for example, tailor your experience of the site.

Non-essential cookies

Cookies help us to improve your experience of our site but are not essential to its basic functioning. We use these cookies to collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, language and Country, for system administration purposes and to measure our effectiveness. They also enable us to estimate our audience size and usage patterns. This is statistical data about our users' browsing actions and patterns and does not identify any individual. This information helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Third party cookies

Facebook and Twitter are examples of ‘third party’ cookies on our site. If you click a function on our website that is associated with these parties (eg to share or tweet a piece of information), they will place cookies on your computer. We embed videos on our site using YouTube, which sets cookies on your computer once you click on the video player. As you do not have to sign up to YouTube first in order to play these videos, you will not have accepted their terms and conditions. We do not take responsibility for these cookies, as to make use of these functions you will have already accepted the terms and conditions of use with the relevant party.

Can I refuse cookies?

Yes. You can use a setting on your browser which allows you to refuse to accept cookies. However, if you select this setting it may not work smoothly. Different browsers have different instructions for managing cookies and you may also be able to accept certain cookies and not others. For example, you may be able to refuse third party cookies.