Privacy Policy for GRACE

(Gynae-oncology Research and Clinical Excellence)

Registered Charity Number 1109997

This Privacy Policy explains the types of personal data we process, how we use it and your data protection rights.

“Personal Data” means any information relating to an identified or identifiable person, and it includes your name, information that enables us to contact you, your bank and payment details and medical history.

“Processing” includes collecting, recording, storing, saving or using personal data.

“Process” and “Processed” are to be interpreted in the same way as “Processing”.

If you have any questions about this Privacy Policy or wish to discuss how we process your data, please get in touch with us using the following information:

Our Contact Details

The Administrator, GRACE, Department of Gynaecological Oncology,

Royal Surrey County Hospital, Egerton Road, Guildford, GU2 7XX

Email: info@grace-charity.org.uk

Telephone: 01306 730872

1. What personal data do we process and how do we use it?

This will depend on the category into which you fall.

1.1 Receiving our newsletter and updates

If you have signed up to receive our newsletter and updates, you will have provided your name and email address. This data will be stored with our email service provider, MailChimp, so that the newsletter and updates can be sent to you.

Data protection law requires us to have a lawful basis for processing your personal data and in this case our lawful basis is that you have given your express consent.

If you wish to stop receiving communications from us, you can unsubscribe by using the link at the bottom of the email.

1.2 Requesting information and support

If you contact us asking for information about our charity and its work, requesting information about gynaecological cancers or seeking support during treatment, we will record your name and contact details so we can deal with your request.

Our lawful basis for processing your data in this way is that we have a legitimate interest in doing so. The data is required so that we can respond to your request.

1.3 Using our website

You can use our website without providing any personal data. However, you may decide to provide personal data in order to fill in a form to register for an event or use an email address link to contact us.

We will collect this data in order to communicate with you and deal with any request or enquiry you have made.

Cookies

We use cookies to collect information about how you use our website. Cookies are used by most websites. They help us make the website work in the way you would expect and improve its speed and security.

You can find more information in our Website Privacy Policy at the end of this document and in our Cookies Policy.

The Website Privacy Policy and Cookies Policy were written for us by Delivered Social (www.deliveredsocial.com) which created and manages our website.

Our lawful basis for processing website data is that we have a legitimate interest in doing so. We process data to improve the functionality of our website and develop relationships with our supporters.

1.4 Making a donation to GRACE

If you make a donation to GRACE, we will ask you to provide certain information in order to process the donation. This will include your name, contact details and payment details. We will also ask if you are a UK taxpayer so we know if we will be able to claim Gift Aid.

If you donate to GRACE using an online platform such as Just Giving,your personal data will be sent to us so we can record your donation. We will contact you to confirm that we have received your donation and to thank you for supporting us.

Our lawful basis for collecting your data in this way is that we have a legitimate interest in doing so. The data is required so we can process your donation and confirm receipt.

1.5 Sharing your story

If you have been diagnosed with a gynaecological cancer, you may decide to help our work by sharing your experience of diagnosis and treatment or you may allow a relative or friend to tell your story on your behalf. Also, your doctor, with your express consent, may provide us with information about your diagnosis and treatment.

We may use your story on our website, on social media, on TV and radio and in talks to help us raise awareness of the symptoms of gynaecological cancers or to support our fundraising campaigns. We will only do so if you have given your express consent and this is our lawful basis for using your data in this way.

1.6 Working with GRACE

You may be:

  • a volunteer helping at an event or assisting with our fundraising or awareness campaigns;
  • a Trustee or an Associate member of our Board;
  • someone whose research we fund;
  • involved with a business which provides us with goods or services or
  • working with us as a self-employed person.

The personal data we process may be just your name and your contact details which you provided so we can keep in touch with you: however, for some roles, we may ask for your CV and the names of referees. As well as obtaining personal data from you and from your referees, we may also obtain it from public sources such as social media and websites.

It is necessary to process your personal data in order to decide how you might work with us and, for those whose roles involve an on-going relationship with GRACE, to manage your continuing involvement with us. Our lawful basis for using your personal data in this way is that we have a legitimate interest in doing so.

1.7 Purchasing goods from GRACE

If you get in touch with us to purchase goods, the data we process will include your name, contact and payment details and a record of the transaction.

This data is processed for the purpose of supplying the goods to you and providing us with a record of the sale. Our lawful basis for processing your data in this way is the performance of our contract with you and our legitimate interest in having a record of our trading activities.

1.8 Keeping in touch

If you have supported us in any way or expressed an interest in our work, and you have provided us with your contact details, we may get in touch to see if you would like to receive updates about our projects and subscribe to our newsletter.

Our lawful basis for using your personal data in this way is that we have a legitimate interest in developing relationships with potential supporters and maintaining our relationship with those who have helped us in the past.

2. What are your data protection rights?

Data protection law gives you a range of rights over your personal data,

including:

  • the right to be supplied with a copy of the personal data we hold;
  • the right to request access to the personal data and to ask that we correct inaccurate information or delete it;
  • where our lawful basis for processing your data is that you have given your consent, the right to withdraw your consent at any time: however, this request will not affect the validity of the data processing which has already taken place and
  • in certain circumstances, the right to restrict or object to the processing of your personal data or to request that it be transferred to another organisation or to you.

If you would like to exercise any of your rights, please get in touch with us using the contact details provided at the beginning of this Privacy Policy. There is no charge for exercising your rights and we have one month to respond to you.

3. Do we share your personal data with others?

We will not sell your personal data and we will share it with others only in accordance with the terms of this Privacy Policy.

We will share your personal data to others where:

  • you have given express consent for us to do so: in this case, we will share it only in accordance with your consent;
  • we are using a third party to provide a service for us, for examplea third party that assists in managing our website or other systems or provides help with marketing. In this case, we will share personal data only to the extent necessary for the performance of the service. We will not give the third party any right to use your personal data except to provide the service to us, and the data must be used in accordance with our instructions;
  • you made a donation to us and completed a Gift Aid declaration. We will need to disclose the personal data you provided to HMRC so that we can claim the Gift Aid;
  • we are required to do so by law, or we are requested to do so by a regulator or law enforcement body. We may also need to share your personal data with other organisations in the case of suspected fraud or for the prevention or detection of crime.

We will never share your personal data with organisations to use for their marketing.

4. How do we keep your personal data secure?

We use various technical and organisational measures to provide a level of security which is appropriate to the risks which arise from our processing your personal data. Electronic data is stored on password protected computers and hardcopy data in secure filing cabinets. We control who has access to both electronic and hardcopy data. Once the data is no longer needed, it will either be deleted in a way which makes recovery impossible, or destroyed.

5. How long do we retain your personal data?

Our policy is to retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, while taking into account any legal, accounting or reporting requirements (for example, HMRC require Gift Aid declarations to be retained for six years). 

We process many different kinds of data and the retention period will depend on the type of data and the purpose for processing it.

If you would like to know the retention period for your personal data, please get in touch with us using the contact details provided at the beginning of this Privacy Policy.

6. Links to websites of other organisations.

Our website contains links to the websites of other organisations we think might be of interest to you. We are not responsible for the content of their websites, and we recommend that you read their privacy policies before sharing any personal or financial information. 

7. Updating your personal data.

If any of the personal data you have provided changes (for example, you change your postal or email address), please get in touch with us using the contact details provided at the beginning of this Privacy Policy.

8. Changes to this Privacy Policy.

We review this Privacy Policy annually and the current version will be published on our website.

If a change to this Privacy Policy affects how we process your personal data, we will take reasonable steps to get in touch with you and notify you of the change.

9. How to make a complaint.

If you are unhappy with the way we have processed your personal data, you may first of all get in touch with us using the contact details provided at the beginning of this Privacy Policy, and we will do our best to resolve the issue.

If you remain dissatisfied, you have the right to apply to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

www.ico.org.uk.

May 2020

 

Website Privacy Policy

The policy: This privacy policy is for this website; www.grace-charity.org.uk and served by www.deliveredsocial.com and governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations).

This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhere to. Additionally, it will explain the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website. Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer / device in order to serve it to you. Our contact information is provided if you have any questions.

 

The DPA & GDPR May 2018

We and this website complies to the DPA (Data Protection Act 1998) and already complies to the GDPR (General Data Protection Regulation) which came into affect from May 2018. We will update this policy accordingly after the completion of the UK’s exit from the European Union. Any subject data requests should be made to us in writing at the above address.

 

Use of Cookies

This website uses cookies to better the users experience while visiting the website. As required by legislation, where applicable this website uses a cookie control system, allowing the user to give explicit permission or to deny the use of /saving of cookies on their computer / device.

What are cookies? Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit. Please visit our cookies policy for more information.

Website Visitor Tracking

This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

Adverts and Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.

 

Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computers hard drive. Users should therefore note they click on sponsored external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

 

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.

We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.

 

Contact & Communication With us

Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.

 

Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named in ‘The policy’ above.

 

Email Mailing List & Marketing Messages

We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages (or unsubscribe from all Mailchimp lists). The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.

 

Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.

 

External Website Links & Third Parties

Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites.)

 

Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/zyVUBo). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.

 

We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

 

Social Media Policy & Usage

We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.

 

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.