We are totally committed to protecting your information and using it responsibly. Please read our policy carefully to understand how we collect, use and store your information.
The processing of your information is carried out by or on behalf of Breast Cancer Now, a charitable company limited by guarantee in England and Wales (Company No. 9347608) and registered as a charity in England and Wales (No. 1160558), Scotland (No. SC045584) and the Isle of Man (No. 1200). Our registered office is at Fifth Floor, Ibex House, 42-47 Minories, London EC3N 1DY.
From time to time, Breast Cancer Now may also process your information using one of its subsidiaries: Breast Cancer Care, a registered charity and company limited by guarantee, Second Hope, a registered charity, or one of the commercial subsidiaries, BCN Trading Limited and BCN Research Limited, which are both private companies limited by shares (all are collectively referred to in this policy as Breast Cancer Now).
Supporter Care Team Fifth Floor, Ibex House 42-47 Minories London EC3N 1DY
or by emailing us at firstname.lastname@example.org or by calling 0333 20 70 300
1. Why we use your information
We will only use your information where we have a legal basis to do so and will always respect your rights. Unless we specify otherwise, our legal basis is legitimate interest. This means that it is necessary for us to use your information to carry out an activity which will help us achieve our aims as a charity. Where we rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive or cause distress, and that respects your rights. Other bases which we rely on include using information because you have consented to us doing so, we have a legal obligation to do so, or because we have to fulfil contractual obligations.
Some examples of how we use your information can be found below.
- We are using your information in pursuit of a legitimate interest, for example:
- To pursue our charitable purpose to deliver our mission and vision
- To raise vital funds for our work
- To ensure we meet our regulatory requirements as a charity
- To manage our ongoing relationships with our supporters, service users and anyone we work with
- To manage our financial transactions and prevent fraud
- You have given us your consent to use the information for a specified purpose, such as sending you marketing emails
- We have a legal obligation to use your information, for example to claim Gift Aid
- We need to use your information to fulfil a contract with you
2. How we use your information to fulfil your requests and support you
2.1 To facilitate our courses and to provide information and support through our services
Where you register for or enquire about attending one of our courses, take part in one of our patient programmes or access one of our services, including our Helpline or Ask Our Nurses service, we will use the information you give us to ensure we provide the appropriate information and support, and to meet internal reporting requirements. Where this includes special category information, such as information about your health, we will ask for consent to store and use your information.
Where it is not possible to get your consent, we will only store and use your special category information if we have another legal basis to do so, including:
- Where we are providing a confidential counselling service
- When you have chosen to make information about your health or other special category information public, such as by posting on our Forum
- Where we must use the information to protect a child or an adult at risk from harm
If a healthcare professional refers you to us, they will tell you how we will use your information and get in touch at the time.
2.2 To respond to or fulfil any requests, complaints or queries you make to us
If you contact us directly, we will use the information you give to us to handle your enquiry or request. This may include responding to your query or feedback, or sending you relevant information, such as health information or fundraising materials. We may also keep a record of conversations we have with you, feedback you provide and any materials we send out to you. Calls to our Supporter Care, Nursing and Services teams are recorded for training and monitoring purposes. This can help us to handle queries more efficiently.
2.3 To process any donations you make, claim any relevant Gift Aid and maintain a record of your past or potential future financial contributions
This includes keeping a record of any pledges, gift agreements or any other indications that you are planning to donate to us. We keep a record of any donations we receive for audit purposes, and as we are legally required to keep information related to Gift Aid. We may need to use your information to prevent fraud and maintain effective cyber security. We will also use your information to administer any lotteries or auctions you participate in, for example, contacting you to let you know you have won a prize.
We may receive this information when you contact us directly, or when you give to us through a payroll giving agency or a third party giving platform or website.
2.4 To provide you with information and support for any fundraising and campaigning events, activities or volunteering opportunities you sign up to
If you have completed a form or otherwise contacted us to register or enquire about an event or activity, or to sign up to one of our campaigns, we will consider this as a request to send you details about the event, activity or campaign.
Where you provide contact details, we will provide information and support by post, phone, mobile messaging, email, via social media, and any other channels for which you have provided your details. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
We may also receive information through event organisers or through third party giving platforms or websites so we know you are fundraising for us.
Where appropriate, we will use the information you provide to us or to a third party (see above) to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers.
2.5 To manage our recruitment
When applying for a role with us via our online recruitment portal and/or through a recruitment agency the personal data you provide as part of the recruitment process will only be held and processed for the purpose of the selection processes and in connection with any subsequent employment unless otherwise indicated. You will be asked to provide certain information including your name, contact details, employment history and qualifications, ethnicity, gender identity, religion and sexual orientation.
We will use this information to consider your application, communicate with you about your application and, where successful, follow up with references or meet our statutory and internal monitoring and reporting responsibilities, including monitoring equality of opportunity, diversity and inclusion. We may also view social media profiles of applicants, such as LinkedIn, to the extent that it is relevant to your application. Unsuccessful applicant data will be held confidentially within the recruitment system for a period of two years before it is deleted in order that you can access and re-use data in future applications and we can respond to statutory reporting requests.
2.6 To administer our research funding
Where professionals interact with our research department, we maintain a database of contact details, job details and where appropriate areas of scientific interest and qualifications as well as a record of opinions and peer-reviews provided by independent reviewers. We may find these details through industry guides, institution websites and publicly available databases such as ResearchGate and PubMed Central. We use the personal details supplied for the purposes of administering those relationships, including keeping such professionals informed about our research work, funding opportunities and events, and for the purposes of analysing the demographic characteristics of these professionals. When you apply for a grant from us, you will be provided with details of how your information will be used.
2.7 To conduct research with patients and members of the public
When we collect information for this purpose, we will always explain to you at the time we collect your information how it will be used and whether it will be held anonymously or not. If we will be using health or any other special category information in a way that could be connected to you personally, we will ask your permission to do so.
2.8To keep our offices and the people in them secure
We have CCTV in operation at the entrances to our London office for security purposes, to help us deter crime and protect our staff and visitors.
3. How we use your information to tell you about our work
3.1 To send you marketing communications by email, mobile messaging, or direct message on social media, where you have agreed to receive this
Where you have provided an email, mobile phone number, or details of your social media profile(s) and consented to being contacted in this way, we will send you information by those channels – including by direct message through social media – covering ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research, on our services and on our wider work. This may include promoting the work of a partner organisation that we believe will benefit us and our charitable cause.
3.2 To contact you by phone and post
Where it is appropriate and relevant, and you have provided us with a telephone number or a postal address, we will occasionally call or write to you to tell you about ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research, on our services and on our wider work. We do this as we consider it is a legitimate interest to promote our charitable cause and communicate with you about ways you can support us. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service, unless you have agreed to receive calls from us.
3.3 To manage your contact preferences
You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us using the details in the ‘Contacting us’ section above. We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
3.4 To make sure we speak to you in way that is relevant to you, and to understand our supporters more broadly
We try to ensure that our communications are as effective as possible so that we make the best use of the money we spend on them. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us directly, for example the record of your previous donations to us, your age or the type of activity you have been involved with, to tailor our communications with you about future activities. We will also use information about how you use our website or interact with our emails so we can make them more effective. For example, we will collect technical information, including the IP address used to connect your device to the internet, information about your visit such as the interactions you made with our website. We will also track whether you have opened or clicked a link in the emails which we send you.
In addition, when accessing our website or one of our apps, the settings on your device may provide us with statistical data and information about that device. We use this information to look at how our websites and apps perform on different devices and to help us make improvements to the user experience.
In certain circumstances we will use information about you from publicly available sources such as online registries, websites, media or social media, or personal introductions in order to understand more about your interests and preferences so that we can better tailor our communications – telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you. We may do this by looking at your career information, peer networks, demographic information, hobbies and interests or other information.
We will analyse data from our database so that we can understand our supporters and service users. For example, we use systems such as Mosaic to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.
Where you have given appropriate consent, we will use information about your health to send you communications which are relevant to your current health status such as specific volunteering opportunities; to better support you in an activity you are doing for us; or to ensure that we do not send you any communications or ask you to take part in any activity that would not be appropriate. If you would prefer we didn’t use your information in this way, then you have the right to tell us to stop and can do so by getting in touch with us using the details in the ‘Contacting us’ section above.
We may use your information to carry out market research, for example by sending you a survey or asking you to take part in a focus group. You have the right to ask us not to do this by getting in touch using the details in the ‘Contacting us’ section.
3.5 To target our digital and social media marketing
On occasion, we will use the information you provide us to target our digital and social media advertising effectively. This could include securely providing contact details such as your name and email address to digital advertising networks or social media companies such as Facebook, Google and Twitter. For example, we may use your information to enable us to display adverts to you, or to potential supporters who have similar characteristics to you.
Any information we share with social media companies will be shared in an encrypted format and will not be used for the social media companies’ own purposes. You can stop your information being used in this way by contacting us.
Where you have asked us not to use your information for targeted digital advertising, you may still see adverts related to us. This is because the social media site or advertising network may select you based on information they hold, such as your age and location, or websites you have visited, without using information that has been provided by us.
You can control the kind of advertising which you see through the relevant social media site:
3.6 Use any images, videos, or other information you share with us about how you have supported the charity
If you share information about the fundraising or campaigning activities you have done for us, or your personal experiences, by post, email or over social media, we may want to use this to help us promote our events, activities or services in the future. We will obtain the necessary permission to use this information.
Where you provide more detailed information we may want to use this in our communications including PR and media activity, digital and social media, campaigning, fundraising materials and internal communications, to help us raise awareness of breast cancer, breast cancer research and the issues affecting patients. We would never use your story without obtaining your consent first. If a suitable opportunity arises for us to use the information you have given us, we will contact you to discuss the use of your story in further detail. We will fully explain how we would like to use your information, and get in touch with you each time we would like to use it outside of the organisation, so that we may obtain your fully informed consent.
3.7 To communicate with professionals in order to further our charitable aims
We maintain a record of information relating to the people we work with in a professional capacity, including healthcare professionals, politicians and scientists. This includes contact details such as address, telephone number or email address and our communications with you. If you are a public official or MP, we will also keep a note of your public voting record, committee and group membership - we may also provide your professional contact details to supporters and members of the public for campaigning purposes.
4. Keeping your details up to date
We will use publicly available sources to ensure that the information we hold is accurate and up to date. For example, where you have signed up for a redirection service, we will use the Post Office’s National Change of Address database to keep in touch. We may use other services to cross-check the accuracy of the contact details we hold for you.
You can let us know if you move house or your details change by contacting us.
5. Sharing your information with other organisations
We will never share your information with third parties for their own purposes, unless this is explained to you at the time we collect your information, you give us your permission to, or we are legally required to do so, or we have another lawful basis for sharing such information.
For example, we are legally required to provide your data to the following types of organisation:
- HMRC if you have agreed to us claiming Gift Aid on your behalf
- Law enforcement and regulatory bodies and authorities such as the police, the ICO, the Charity Commission or the Fundraising Regulator
- Health and safety authorities and/or professionals where we believe such disclosure is necessary and appropriate to prevent harm
If we merge with another charity or restructure, we may also share your personal details with any successor charity, or any organisation which takes on the charity’s assets and liabilities, or another organisation within a successor charity’s group.
We also work with organisations who carry out certain functions on our behalf, for example, to manage communications; support the administration of our activities or to receive professional advice or consultancy services. When we share information with these organisations, we ensure that they are under a contractual obligation to only use your information in accordance with our instructions and for no other purposes.
6. Transferring your information outside the EEA
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA. A transfer out of the EEA may be to countries that are not subject to privacy regimes that are equivalent to the privacy regime in the EEA. In those circumstances, we will make sure that we have a valid reason for doing so under current data protection legislation. This could include ensuring the country where the data is held has been approved as having adequate data protection standards by the European Commission, or by including approved contract clauses to ensure your data is safeguarded. You can find out more about this by contacting us. We will always take such measures as are appropriate to ensure the confidentiality, integrity and availability of your information.
7. How long we keep your information
As a general rule, we will hold your information for a period of up to seven years from the end of your relationship with the charity in accordance with our data retention policy. In some circumstances, this will be shorter. For example, information related to unsuccessful job applications is destroyed after two years. In some circumstances, this will be longer, for example, pension information of former employees and information relating to the research grants we’ve made. If you would like to know how long we will hold any specific information, then please contact us and we can provide further details.
8. Your rights
Under the Data Protection Act 2018 you have the following rights:
- Information Right – You have the right to receive the information contained in this policy and our data collection forms about the way we process your personal data
- Personal Data Access Right – You have the right to know that we are processing your personal data and, in most circumstances, to have a copy of your personal data held by us. You can also ask for certain other details such as what purpose we process your data for and how long we hold it
- Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you
- Personal Data Erasure Right – Known as the ‘Right to be forgotten’. In certain circumstances you may request that we erase your personal data held by us
- Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example, if you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims or where we are relying on legitimate interests to process data
- Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests
- Data Portability Right – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances
8.1 Right to Withdraw Consent at any time
Where we use your personal information based on your prior consent, such information about your health, or where you have given us permission to send you marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting us.
If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. You can read more about how to make a complaint here. You also have the right to lodge a complaint about any use of your information with the Information Commissioner’s Office, the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
10. How we keep your information your secure
We take appropriate measures to ensure the confidentiality, integrity and availability of systems, which are regularly independently tested and reviewed.
A cookie is a small file of letters and numbers that we store on your device (for example, your computer or smartphone). It allows our website to recognise your device and store some information about your preferences or past actions.
We use the following cookies:
You can opt-out of each cookie category (except strictly necessary cookies) by clicking on the “cookie settings” button below: