Privacy and Cookie Policy
We're committed to protecting and respecting your privacy and aim to be clear and open about how your data is used.
Privacy Policy
Weston Park Cancer Charity (“We”) are committed to protecting and respecting your privacy and aim to be clear and open about how your data is used.
This Privacy Policy (the ‘Policy’) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We ask that you read this Policy carefully as it contains important information about how we will use your personal data.
We only collect and use your information for the lawful purposes of administering the business of the Charity or for HR purposes if you are a staff member or volunteer; this includes the operation of the Cancer Support Centre in addition to the fundraising and grant giving activities of the charity.
Data Processing
How we will use your data
For the purpose of the General Data Protection Regulations (GDPR) the data controller is Weston Park Cancer Charity of Whitham Road, Sheffield, S10 2SJ (Registered Charity No. 509803).
Where we collect information about you from:
1. Directly
You may give us personal data about you (such as your name, address, e-mail address and phone number, financial and credit card information) whenever you contact us, either by telephone, letter, our websites including www.westonpark.org.uk and www.cancersupportcentre.co.uk (the “Websites”), or in any other way. For example, we will obtain your personal data when you contact us to make a donation, communicate with us or sign up to receive email or postal updates from us. When you contact us, we may keep a record of that correspondence.
2. Indirectly
We may also receive information about you that you provide to other sources (such as online giving platforms including Just Giving or Virgin Money Giving, payment sites such as PayPal or our email marketing distributors, such as Mailchimp, which we may add to and merge with any information we already hold about you). You should check their Privacy Policy when you provide your information to fully understand how they will process your data. We may also receive information that you post or contribute to our social media pages (e.g. in comments, messages and photographs on Facebook, Twitter or other social media).
In some circumstances, we also receive information about you from third parties that provide us with data to help us understand how we can provide the best experience for our donors and how to best connect with you.
This information includes updated contact details (so we don’t waste the charity’s money sending mailings to the wrong home) using third parties such as the Fundraising Preference Service.
Personal and Special data we may collect about you to provide a service to you
In addition to the personal data we also may collect special categories of personal data (sensitive data), particularly health information, in order for us to provide you with a service.
Personal and Special data we may collect about you as an employee or volunteer
We also process special categories of personal data (sensitive data) to enable us to support employment or volunteering. For example racial and ethnic origin, offences (including alleged offences), criminal proceedings, outcomes and sentences, trade union membership, religious or similar beliefs, employment tribunal applications, complaints, accidents, and incident details.
If we are processing any personal information that is regarded as ‘special category’ or ‘sensitive’ as referred to above, we will only do this with your explicit consent.
What personal data we collect and how we use it
The type of information we collect and how we will use it will depend on why you are providing it.
If you support us, for example make a donation, volunteer, register to fundraise or sign up for an event, we will usually collect:
• Your full name
• Your contact details
• Your date of birth
Where it is appropriate we may also ask for:
• Your bank or credit card details
• Information relating to your health (so we can provide you with appropriate help and support or we can assess your suitability to take part in an event)
• If you are fundraising, we may ask why you have decided to support us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.
Examples of how we could use your data:
• Help us identify you and any previous contact we may have had with you;
• Administer any donations made and to provide you with fundraising information, products and services
• Provide you with appropriate information about help and support if you are accessing the Cancer Support Centre
• For claiming Gift Aid, if applicable
• Keep you updated on the work that we are doing and informing you of future fundraising campaigns by providing you with direct marketing communications through a number of channels
• Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
• Notify you about changes to our services
• Ensure that content from our site is presented in the most effective manner for you and for your computer or other device
• Seek feedback on how we can improve the service we offer
• Fraud prevention and detection
• Security vetting
• Improving our services
• Analyse the effectiveness of our marketing and communication
• Keep a record of your relationship
• We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of training, fraud prevention and compliance
• We may monitor your use of the Website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit our website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see refer to our cookie policy for further information
• If you receive emails from us we may also be able to monitor which of our emails you have opened and any links within the emails that you click on
Legal basis for using personal data
Weston Park Cancer Charity relies on the following legal conditions that are described:
• Consent: When you opt-in to receive information from us we use this consent to send you updates about our news, events and fundraising activities.
• Legal obligations: Sometimes it is necessary to process your data for us to comply with our legal obligations, like when we send GiftAid information to HMRC.
• Legitimate interest: We have conducted a legitimate interest assessment and will, in some circumstances, rely on sending you information by post. Unless you have specifically opted out of communications, you may receive information from us.
• Vital interest: where processing is needed to protect your vital interests (or those of someone else) e.g. in an emergency.
• As an equal opportunities employer, we may process your data to allow us to monitor our diversity and evaluate our training and development needs
• Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
Building profiles of supporters and targeting communications
We may use profiling techniques to segment our data to ensure communications are relevant and timely, and to provide an improved experience for our supporters. When building a profile we may analyse geographic and demographic information relating to you in order to understand your interests and communicate relevant information to you. Such information is compiled using the information we collect from you directly or indirectly throughout analytics on social media and our website.
Sharing your story
Some people choose to tell us about their experience with cancer to help further our work. With your permission, this may be used publicly by us at events, in materials promoting our work, social media, press and documents such as our Impact Report.
Depending on your communication preferences and interests, we may use your contact information to send you direct mail. We may use legitimate interest to contact you because we believe it is necessary for our legitimate organisational interest to create a better life for cancer patients locally. We have conducted a legitimate interest assessment to ensure that this processing isn’t overridden by your rights or interests. We employ safeguards to protect your privacy.
Digital Direct Marketing
We may send you digital communications about our news, events and fundraising activities, if you have consented to do so via one of our data capture points. If you change your mind, you can let us know if you would prefer not to receive communications at any time by emailing preferences@sth.nhs.uk, calling us on 0114 226 5370 or writing to us.
Disclosure of your personal data
We will never sell, rent, or trade your personal data however we may disclose your personal data to:
• our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR and PECR ).
• We also may disclose your information if required by law or to enforce our legal rights.
• our agents and service providers (who help run some of our administrative operations such as web hosting, payment processing, maintenance services or email distribution) some of whom may be outside the EEA (see ‘Transfers of data out of the EEA’ below);
• in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect the rights, property, or safety of WPCC, our clients, or others. This may also include exchanging information with other companies and organisations for the purposes of fraud protection;
• If WPCC is acquired by another company, personal data held about its clients and supporters will included in the assets transferred.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data. For example we store your electronic personal data on secure servers (and keep any hard copies in locked cabinets in locked rooms) and only disclose your personal data to third parties that also provide adequate protections. Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you, or to a third party, via the internet.
Transfers of data out of the EEA
Some of our service providers and affiliated organisations lie outside the EEA and therefore we may be required to transfer your data outside the EEA. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as model contract clauses, binding corporate rules, or mechanisms like the EU-U.S. Privacy Shield framework. For a copy of such safeguards, please contact us.
Your rights
You have the right to request access to data (Right of Access) which we may process about you.
If you wish to exercise this right you should:
• Put your request in writing
• Include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill)
• Specify which information you are seeking
You have the right to require us to correct any inaccuracies (Right to Rectify) in your data free of charge.
If you wish to exercise this right you should:
• put your request in writing
• provide us with enough information to identify you
• specify the information that is incorrect and what you believe should replace it.
• If upon receipt of this request we agree that the data is incorrect we shall make corrections. Whatever action we take, we will write back to you to inform you of our findings and if necessary any actions we have taken.
You also have the right to ask us to stop processing (Right to Restrict Processing) your personal data for direct marketing purposes.
If you wish to exercise this right you should:
• Put your request in writing (an email sent to preferences@sth.nhs.uk with a header that says ‘Unsubscribe’ is acceptable)
• Provide us with enough information to identify you
• If your objection is not to direct marketing in general, but to direct marketing by a particular channel (eg email or telephone) please specify the channel you are objecting to.
It is also possible to unsubscribe from email marketing only using the ‘unsubscribe’ link provided in each email we send.
You have the right (in certain circumstances) to have personal information held about you erased from our records if it is determined we no longer need it (Right to be Forgotten).
You have the right to have inaccurate personal information amended (Right to Rectification).
The right to ask us to stop using your information in certain situations (Right to Restrict Processing).
You have the right (in certain circumstances) to have a copy of your personal information provided for reuse in another service (Right to Data Portability).
You are able to object (Right to Object) to direct marketing, processing, research and processing based on legitimate interest.
You have the right not to be subject to a decision based on automated processing (Right not to be Profiled)
We will endeavour to update your details as quickly as possible, but please note this may take up to six weeks from the original request date. If you request to be forgotten, this could take up to 6 months to be fully erased.
Our CRM provider shall provide fully restorable, client data backups in accordance with the following:
Nightly: Retained on-site for one week
Weekly: Retained off-site for four weeks
Monthly: Retained off-site for six months (Monthly backups are taken on the last weekend of the month)
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
• Give consent on his/her behalf to the processing of his or her personal data
• Receive on his/her behalf any data protection notices
• Give consent to the transfer of his/her personal data outside of the European Economic Area
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to charityteam@wpcancercharity.org.uk, or you can write to us at Weston Park Cancer Charity, Northumberland Road, Sheffield, S10 2TX or call us on 0114 226 5370.
Changes to our privacy policy
We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access the Website or provide us with personal information in another way.
Disclaimer
Our site may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Use of cookies
A cookie is a small file which is placed on your computer by a site when you visit it. Basic cookies contain the site name and a unique user ID. The next time you visit that site, your browser checks to see if it has a cookie for it and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and can, for example, tailor your experience of the site.
Non-essential cookies
Cookies help us to improve your experience of our site but are not essential to its basic functioning. We use these cookies to collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, language and Country, for system administration purposes and to measure our effectiveness. They also enable us to estimate our audience size and usage patterns. This is statistical data about our users' browsing actions and patterns and does not identify any individual. This information helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
Third party cookies
Facebook and Twitter are examples of ‘third party’ cookies on our site. If you click a function on our website that is associated with these parties (eg to share or tweet a piece of information), they will place cookies on your computer. We embed videos on our site using YouTube, which sets cookies on your computer once you click on the video player. As you do not have to sign up to YouTube first in order to play these videos, you will not have accepted their terms and conditions. We do not take responsibility for these cookies, as to make use of these functions you will have already accepted the terms and conditions of use with the relevant party.
Can I refuse cookies?
Yes. You can use a setting on your browser which allows you to refuse to accept cookies. However, if you select this setting it may not work smoothly. Different browsers have different instructions for managing cookies and you may also be able to accept certain cookies and not others. For example, you may be able to refuse third party cookies.