We are totally committed to protecting your information and using it responsibly. Please read our policy carefully to understand how we collect, use and store your information.
The processing of your information is carried out by or on behalf of Breast Cancer Now, a charitable company limited by guarantee in England and Wales (Company No. 9347608) and registered as a charity in England and Wales (No. 1160558), Scotland (No. SC045584) and the Isle of Man (No 1200). Our registered office is at Fifth Floor, Ibex House, 42-47 Minories, London EC3N 1DY.
From time to time, Breast Cancer Now may also process your information using one of its subsidiaries: Breast Cancer Care, a registered charity and company limited by guarantee, or one of the commercial subsidiaries, BCN Trading Limited and BCN Research Limited, which are both private companies limited by shares (all are collectively referred to in this policy as Breast Cancer Now).
Supporter Engagement Team
Fifth Floor, Ibex House
London EC3N 1DY
1. Why we use your information
We will only use your information where we have a legal basis to do so and will always respect your rights.
Unless we specify otherwise, we use your information, because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive or cause distress, and that respects your rights. Other reasons may include using information because , you have consented to us doing so we have a legal obligation to do so or because we have to fulfil contractual obligations.
Some examples of how we use your information can be found below.
- You have given us your consent to use the information for a specified purpose, such as sending you marketing emails.
- We have a legal obligation to use your information, for example to claim Gift Aid.
- We need to use your information to fulfil a contract with you, but this is unlikely to apply to you if you support us through donations or volunteering, or you receive a service from us.
- We are using your information in pursuit of a legitimate interest, for example:
- To pursue our charitable purpose to deliver our mission and vision
- To raise vital funds for our work
- To ensure we meet our regulatory requirements as a charity.
- To manage our ongoing relationships with our supporters, service users and anyone we work with.
- To manage our financial transactions and prevent fraud
2. How we use your information to fulfil your requests and support you
2.1 To respond to or fulfil any requests, complaints or queries you make to us
If you contact us directly, we will use the information you give to us to handle your enquiry or request. This may include responding to your query or feedback, or sending you relevant information, such as health information or fundraising materials. We may also keep a record of conversations we have with you, feedback you provide and any marketing materials we send out to you. Calls to our Supporter Care team are recorded for quality and monitoring purposes. This can help us to handle queries more efficiently. If you make a purchase from our shop, we will use your information to fulfil your order.
2.2 To process any donations you make, claim any relevant Gift Aid and maintain a record of your past or potential future financial contributions
This includes keeping a record of any pledges, gift agreements or any other indications that you are planning to donate to us We keep a record of any donations we receive for audit purposes, and as we are legally required to keep information related to Gift Aid. We may need to use your information to prevent fraud. We may also use your information to administer any lotteries or auctions you participate in, for example, contacting you to let you know you have won a prize.
We may receive this information when you contact us directly, or when you give to us through a payroll giving agency or a third party giving platform or website.
2.3 To provide you with information and support for any events, fundraising and campaigning activities or volunteering opportunities you sign up to
If you have completed a form or otherwise contacted us to register or enquire about a service, an event or activity or to sign up to one of our campaigns, we will consider this as a request to send you details about the service, event, activity or campaign. When you take part in one of our patient-focused programmes, we will use your details to contact you in relation to your role or activity and to provide you with information on the progress of that project.
Where you provide contact details, we will provide information and support by post, phone, mobile messaging, email, via social media, and any other channels for which you have provided your details. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
We may also receive information through event organisers or through third party giving platforms or websites so we know you are fundraising for us.
Where appropriate, we will use the information you provide to us or to a third party (see above) to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers.
2.4 To manage our recruitment
When applying for a role with us via our online recruitment portal and/or through a recruitment agency the personal data you provide as part of the recruitment process will only be held and processed for the purpose of the selection processes and in connection with any subsequent employment unless otherwise indicated. You will be asked to provide certain information including your name, contact details, employment history and qualifications. This information is mandatory in order for us to consider your application, communicate with you about your application and, where successful, follow up with references or meet our statutory and internal monitoring and reporting responsibilities. We may also view social media profiles of applicants, such as LinkedIn, to the extent that it is relevant to your application. Unsuccessful applicant data will be held confidentially within the recruitment system for a period of two years before it is deleted in order that you can access and re-use data in future applications and we can respond to statutory reporting requests.
2.5 To administer our research funding
Where professionals interact with our research department, we maintain a database of contact details, job details and where appropriate areas of scientific interest and qualifications as well as a record of opinions and peer-reviews provided by independent reviewers. We may find these details through industry guides, institution websites and publicly available databases such as ResearchGate and PubMed Central. We use the personal details supplied for the purposes of administering those relationships, including keeping such professionals informed about our research work, funding opportunities and events, and for the purposes of analysing the demographic characteristics of these professionals. When you apply for a grant from us, you will be provided details of how your information will be used.
2.6 To facilitate our courses and to provide information and support through our services
Where you attend one of our courses or access one of our services, including our Helpline or Ask Our Nurses service, we will use the information you give us to ensure we provide the appropriate information and support. Where this includes special category information, such as information about your health, we will ask for consent to store and use your information.
Where it is not possible to get your consent, we will only store and use your special category information if we have another legal basis to do so, including:
- where we are providing a confidential counselling service.
- when you have chosen to make information about your health or other special category information public, such as by posting on our Forum.
- where you are an ongoing member of one our services delivered by a healthcare professional
2.7 To conduct research with patients and members of the public
When we collect information as part of a survey or focus group, we will use this information to help with our research and to achieve our charitable aims. Where this includes information about your health or other special category information we will ensure that we use the information in a way that safeguards your rights and interests.
We will always explain to you at the time we collect your information how it will be used. If we will be using health or any other special category information for purposes other than research, such as sending you information that is relevant to you based on your health status, we will ask your permission to do so.
3. How we use your information to tell you about our work
3.1 To send you marketing communications by email, mobile messaging, or direct message on social media, where you have agreed to receive this
Where you have provided an email, mobile phone number, or details of your social media profile(s) and consented to being contacted in this way, we will send you information by those channels – including by direct message through social media – covering ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research, on our services and on our wider work. This may include promoting the work of a partner organisation that we believe will benefit us and our charitable cause.
3.2 To contact you by phone and post
Where it is appropriate and relevant, and you have provided us with a telephone number or a postal address, we will occasionally call or write to you to tell you about ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research, on our services and on our wider work. We do this as we consider it is a legitimate interest to promote our charitable cause and communicate with you about ways you can support us. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service, unless you have agreed to receive calls from us.
3.3 To manage your contact preferences
You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us using the details in the “Contacting us” section. We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
3.4 To make sure we speak to you in way that is relevant to you, and to understand our supporters more broadly
We try to ensure that our communications are as effective as possible so that we make the best use of the money we spend on them. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us directly, for example the record of your previous donations to us and the type of activity you have been involved with, to tailor our communications with you about future activities. We will also use information about how you use our website or interact with our emails so we can make them more effective. For example, we will collect technical information, including the IP address used to connect your device to the internet, information about your visit such as the products you viewed in our shop, and the interactions you made with our website. We will also track whether you have opened or clicked a link in the emails which we send you.
In addition, when accessing our website or one of our apps, the settings on your device may provide us with statistical data and information about that device. We use this information to look at how our websites and apps perform on different devices and to help us make improvements to the user experience.
In certain circumstances we will use information about you from publicly available sources such as online registries, websites, media or social media, or personal introductions in order to understand more about your interests and preferences so that we can better tailor our communications – telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you. We may do this by looking at your career information, peer networks, demographic information, hobbies and interests or other information.
We will analyse data from our database so that we can understand our supporters. For example, we use systems such as Mosaic to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.
If you would prefer we didn’t use your information in this way, then you have the right to tell us to stop and can do so by getting in touch with us using the details in the “Contacting us” section.
We may use your information to carry out market research, for example by sending you a survey or asking you to take part in a focus group. You have the right to ask us not to do this by getting in touch using the details in the “Contacting us” section.
3.5 To target our digital and social media marketing
On occasion, we will use the information you provide us to target our digital and social media advertising effectively. This could include securely providing contact details such as your name and email address to digital advertising networks or social media companies such as Facebook, Google and Twitter. For example, we may use your information to enable us to display adverts to you, or to potential supporters who have similar characteristics to you.
Any information we share with social media companies will be shared in an encrypted format and will not be used for their own purposes. You can stop your information being used for this by contacting us.
Where you have asked us not to use your information for targeted digital advertising, you may still see adverts related to us. This is because the social media site or advertising network may select you based on information they hold, such as your age and location, or websites you have visited, without using information that has been provided by us.
You can control the kind of advertising which you see through the relevant social media site:
3.6 Use any images, videos of, or other information you tell us about something you have done for us
If you share information about the fundraising or campaigning activities you have done for us, or your personal experiences, by post, email or over social media, we may want to use this to help us promote our events and activities or services in the future. We will obtain the necessary permission to use this information.
3.7 To communicate with public officials about our campaigning activity
We maintain a record of information related to MPs and other holders of public office, to enable us to undertake our campaigning activity to improve the patient experience and to help reach our charitable goal. This will include keeping a record of contact details such as address, telephone number and email address, our contacts with you in your capacity as a public official or MP, as well as publicly available voting records and committee and group memberships. As part of our campaigning and advocacy activity, we may provide public officials’ or MPs’ publicly available contact details to our supporters and members of the public.
4. Keeping your details up to date
We will use publicly available sources to ensure that the information we hold is accurate and up to date. For example, where you have signed up for a redirection service, we will use the Post Office’s National Change of Address database to keep in touch. We may use other services to cross-check the accuracy of the contact details we hold for you.
You can let us know if you move house or your details change by contacting us.
5. What we do if you choose to tell us about your experience of breast cancer or share other health information
Where you have provided information about your experience of having breast cancer or other health informatin, including through a survey, focus group, questionnaire, or when we are talking to you by phone or email, we will explain what the information will be used for and whether it will be held anonymously or not. If the information will be held in a way that could be connected to you personally, we will usually ask your permission to store and use what you tell us.
We will use this information for the purposes explained to you at the time of collection. For example, to better understand the issues that are important to our supporters which helps shape our communications and activities. We may compare statistics related to our supporters to information about the general population, to help our understanding.
Where you provide more detailed information we may want to use this in our communications including PR and media activity, digital and social media, campaigning, fundraising materials and internal communications, to help us raise awareness of breast cancer, breast cancer research and the issues affecting patients. We would never use your story without obtaining your consent first. If a suitable opportunity arises for us to use the information you have given us we will contact you to discuss the use of your story in further detail. We will fully explain how we would like to use your information, and get in touch with you each time we would like to use it outside of the organisation, so that we may obtain your fully informed consent.
Where you have given appropriate consent, we will use information about your health to send you communications which are relevant to your current health status; to better support you in an activity you are doing for us; or to ensure that we do not send you any communications or ask you to take part in any activity that would not be appropriate.
We may rely on a legal basis other than consent to store and use information about your health (including your experience of breast cancer). We will only do this in very limited circumstances, as permitted by data protection legislation. You can read more about how we use information you provide as part of our services in section 2.6 - ‘to facilitate our courses and to provide information and support through our services’.
6. Sharing your information with other organisations
We will never share your information with third parties for their own purposes, unless this is explained to you at the time we collect your information, you give us your permission to, or we are legally required to do so, or we have another lawful basis for sharing such information.
For example, we are legally required to provide your data to the following types of organisation:
- HMRC if you have agreed to us claiming Gift Aid on your behalf;
- law enforcement and regulatory bodies and authorities such as the police, the ICO, the Charity Commission or the Fundraising Regulator;
- health and safety authorities and/or professionals where we believe such disclosure is necessary and appropriate to prevent harm.
If we merge with another charity or restructure, we may also share your personal details with any successor charity, or any organisation which takes on the charity’s assets and liabilities, or another organisation within a successor charity’s group.
We also use suppliers known as 'data processors' to process data on our behalf, for example, to send out mailings or to receive professional advice or consultancy services. When we share information with data processors, we ensure that they are under a contractual obligation to only use your information in accordance with our instructions and for no other purposes.
7. Transferring your information outside the EEA
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA. A transfer out of the EEA may be to countries that are not subject to privacy regimes that are equivalent to the privacy regime in the EEA. In those circumstances, we will make sure that we have a valid reason for doing so under current data protection legislation.This could include ensuring the country where the data is held has been approved as having adequate data protection standards by the European Commission, or by including approved contract clauses to ensure your data is safeguarded. You can find out more about this by contacting us. We will always take such measures as are appropriate to ensure the confidentiality, integrity and availability of your information
8. How long we keep your information
As a general rule, we will hold your information for a period of up to seven years from the end of your relationship with the charity in accordance with our data retention policy. In some circumstances, this will be shorter. For example, information related to unsuccessful job applications is destroyed after two years. In some circumstances, this will be longer, for example, pension information of former employees and information relating to the research grants we’ve made. If you would like to know how long we will hold any specific information, then please contact us and we can provide further details.
9. Your rights
Under the Data Protection Act 2018 you have the following rights:
- Information Right – You have the right to receive the information contained in this policy and our data collection forms about the way we process your personal data.
- • Personal Data Access Right – You have the right to know that we are processing your personal data and, in most circumstances, to have a copy of your personal data held by us. You can also ask for certain other details such as what purpose we process your data for and how long we hold it.
- Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
- Personal Data Erasure Right – Known as the Right to be forgotten. In certain circumstances you may request that we erase your personal data held by us.
- Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example if: you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
- Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests.
- Data Portability Right – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances
9.1 Right to Withdraw Consent at any time
Where we use your personal information based on your prior consent, such information about your health, or where you have given us permission to send you marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting us.
If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. You can read more about how to make a complaint here. You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office, the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
11. How we keep your information your secure
We take such measure as are appropriate to ensure the confidentiality, integrity and availability of systems, which are regularly independently tested and reviewed.
We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide Breast Cancer Now with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information.
This policy was last updated on 01/04/2019.