We are totally committed to protecting your information and using it responsibly. Please read our policy carefully to understand how we collect, use and store your information.
The processing of your information is carried out by or on behalf of Breast Cancer Now, a charitable company limited by guarantee in England and Wales (Company No. 9347608) and registered as a charity in England and Wales (No. 1160558), Scotland (No. SC045584) and the Isle of Man (No. 1200). Our registered office is at Fifth Floor, Ibex House, 42-47 Minories, London EC3N 1DY.
From time to time, Breast Cancer Now may also process your information using one of its subsidiaries: Breast Cancer Care, a registered charity and company limited by guarantee, Second Hope, a registered charity, or one of the commercial subsidiaries, BCN Trading Limited and BCN Research Limited, which are both private companies limited by shares (all are collectively referred to in this policy as Breast Cancer Now).
Supporter Care Team
Fifth Floor, Ibex House
London EC3N 1DY
or by emailing us at firstname.lastname@example.org or by calling 0333 20 70 300
1. Why we use your information
We will only use your information where we have a legal basis to do so and will always respect your rights. Unless we specify otherwise, our legal basis is legitimate interest. This means that it is necessary for us to use your information to carry out an activity which will help us achieve our aims as a charity. Where we rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive or cause distress, and that respects your rights. Other bases which we rely on include using information because you have consented to us doing so, we have a legal obligation to do so, or because we have to fulfil contractual obligations.
Some examples of how we use your information can be found below.
- We are using your information in pursuit of a legitimate interest, for example:
- To pursue our charitable purpose to deliver our mission and vision
- To raise vital funds for our work
- To ensure we meet our regulatory requirements as a charity
- To manage our ongoing relationships with our supporters, service users and anyone we work with
- To manage our financial transactions and prevent fraud
- You have given us your consent to use the information for a specified purpose, such as sending you marketing emails
- We have a legal obligation to use your information, for example to claim Gift Aid
- We need to use your information to fulfil a contract with you
2. How we use your information to fulfil your requests and support you
2.1 To facilitate our courses and to provide information and support through our services
Where you register for or enquire about attending one of our courses, take part in one of our patient programmes or access one of our services, including our Helpline or Ask Our Nurses service, we will use the information you give us to ensure we provide the appropriate information and support, and to meet internal reporting requirements. Where this includes special category information, such as information about your health, we will ask for consent to store and use your information.
Where it is not possible to get your consent, we will only store and use your special category information if we have another legal basis to do so, including:
- Where we are providing a confidential counselling service
- When you have chosen to make information about your health or other special category information public, such as by posting on our Forum
- Where we must use the information to protect a child or an adult at risk from harm
If a healthcare professional refers you to us, they will tell you how we will use your information and get in touch at the time.
2.2 To respond to or fulfil any requests, complaints or queries you make to us
If you contact us directly, we will use the information you give to us to handle your enquiry or request. This may include responding to your query or feedback, or sending you relevant information, such as health information or fundraising materials. We may also keep a record of conversations we have with you, feedback you provide and any materials we send out to you. Calls to our Supporter Care, Nursing and Services teams are recorded for training and monitoring purposes. This can help us to handle queries more efficiently.
2.3 To process any donations you make, claim any relevant Gift Aid and maintain a record of your past or potential future financial contributions
This includes keeping a record of any pledges, gift agreements or any other indications that you are planning to donate to us. We keep a record of any donations we receive for audit purposes, and as we are legally required to keep information related to Gift Aid. We may need to use your information to prevent fraud and maintain effective cyber security. We will also use your information to administer any lotteries or auctions you participate in, for example, contacting you to let you know you have won a prize.
We may receive this information when you contact us directly, or when you give to us through a payroll giving agency or a third party giving platform or website.
2.4 To provide you with information and support for any fundraising and campaigning events, activities or volunteering opportunities you sign up to
If you have completed a form or otherwise contacted us to register or enquire about an event or activity, or to sign up to one of our campaigns, we will consider this as a request to send you details about the event, activity or campaign.
Where you provide contact details, we will provide information and support by post, phone, mobile messaging, email, via social media, and any other channels for which you have provided your details. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
We may also receive information through event organisers or through third party giving platforms or websites so we know you are fundraising for us.
Where appropriate, we will use the information you provide to us or to a third party (see above) to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers.
2.5 To manage our recruitment
When applying for a role with us via our online recruitment portal and/or through a recruitment agency the personal data you provide as part of the recruitment process will only be held and processed for the purpose of the selection processes and in connection with any subsequent employment unless otherwise indicated. You will be asked to provide certain information including your name, contact details, employment history and qualifications, ethnicity, gender identity, religion and sexual orientation.
We will use this information to consider your application, communicate with you about your application and, where successful, follow up with references or meet our statutory and internal monitoring and reporting responsibilities, including monitoring equality of opportunity, diversity and inclusion. We may also view social media profiles of applicants, such as LinkedIn, to the extent that it is relevant to your application. Unsuccessful applicant data will be held confidentially within the recruitment system for a period of two years before it is deleted in order that you can access and re-use data in future applications and we can respond to statutory reporting requests.
2.6 To administer our research funding
Where professionals interact with our research department, we maintain a database of contact details, job details and where appropriate areas of scientific interest and qualifications as well as a record of opinions and peer-reviews provided by independent reviewers. We may find these details through industry guides, institution websites and publicly available databases such as ResearchGate and PubMed Central. We use the personal details supplied for the purposes of administering those relationships, including keeping such professionals informed about our research work, funding opportunities and events, and for the purposes of analysing the demographic characteristics of these professionals. When you apply for a grant from us, you will be provided with details of how your information will be used.
2.7 To conduct research with patients and members of the public
When we collect information for this purpose, we will always explain to you at the time we collect your information how it will be used and whether it will be held anonymously or not. If we will be using health or any other special category information in a way that could be connected to you personally, we will ask your permission to do so.
3. How we use your information to tell you about our work
3.1 To send you marketing communications by email, mobile messaging, or direct message on social media, where you have agreed to receive this
Where you have provided an email, mobile phone number, or details of your social media profile(s) and consented to being contacted in this way, we will send you information by those channels – including by direct message through social media – covering ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research, on our services and on our wider work. This may include promoting the work of a partner organisation that we believe will benefit us and our charitable cause.
3.2 To contact you by phone and post
Where it is appropriate and relevant, and you have provided us with a telephone number or a postal address, we will occasionally call or write to you to tell you about ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research, on our services and on our wider work. We do this as we consider it is a legitimate interest to promote our charitable cause and communicate with you about ways you can support us. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service, unless you have agreed to receive calls from us.
3.3 To manage your contact preferences
You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us using the details in the ‘Contacting us’ section above. We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
3.4 To make sure we speak to you in way that is relevant to you, and to understand our supporters more broadly
We try to ensure that our communications are as effective as possible so that we make the best use of the money we spend on them. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us directly, for example the record of your previous donations to us, your age or the type of activity you have been involved with, to tailor our communications with you about future activities. We will also use information about how you use our website or interact with our emails so we can make them more effective. For example, we will collect technical information, including the IP address used to connect your device to the internet, information about your visit such as the interactions you made with our website. We will also track whether you have opened or clicked a link in the emails which we send you.
In addition, when accessing our website or one of our apps, the settings on your device may provide us with statistical data and information about that device. We use this information to look at how our websites and apps perform on different devices and to help us make improvements to the user experience.
In certain circumstances we will use information about you from publicly available sources such as online registries, websites, media or social media, or personal introductions in order to understand more about your interests and preferences so that we can better tailor our communications – telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you. We may do this by looking at your career information, peer networks, demographic information, hobbies and interests or other information.
We will analyse data from our database so that we can understand our supporters and service users. For example, we use systems such as Mosaic to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.
Where you have given appropriate consent, we will use information about your health to send you communications which are relevant to your current health status such as specific volunteering opportunities; to better support you in an activity you are doing for us; or to ensure that we do not send you any communications or ask you to take part in any activity that would not be appropriate. If you would prefer we didn’t use your information in this way, then you have the right to tell us to stop and can do so by getting in touch with us using the details in the ‘Contacting us’ section above.
We may use your information to carry out market research, for example by sending you a survey or asking you to take part in a focus group. You have the right to ask us not to do this by getting in touch using the details in the ‘Contacting us’ section.
3.5 To target our digital and social media marketing
On occasion, we will use the information you provide us to target our digital and social media advertising effectively. This could include securely providing contact details such as your name and email address to digital advertising networks or social media companies such as Facebook, Google and Twitter. For example, we may use your information to enable us to display adverts to you, or to potential supporters who have similar characteristics to you.
Any information we share with social media companies will be shared in an encrypted format and will not be used for the social media companies’ own purposes. You can stop your information being used in this way by contacting us.
Where you have asked us not to use your information for targeted digital advertising, you may still see adverts related to us. This is because the social media site or advertising network may select you based on information they hold, such as your age and location, or websites you have visited, without using information that has been provided by us.
You can control the kind of advertising which you see through the relevant social media site:
3.6 Use any images, videos, or other information you share with us about how you have supported the charity
If you share information about the fundraising or campaigning activities you have done for us, or your personal experiences, by post, email or over social media, we may want to use this to help us promote our events, activities or services in the future. We will obtain the necessary permission to use this information.
Where you provide more detailed information we may want to use this in our communications including PR and media activity, digital and social media, campaigning, fundraising materials and internal communications, to help us raise awareness of breast cancer, breast cancer research and the issues affecting patients. We would never use your story without obtaining your consent first. If a suitable opportunity arises for us to use the information you have given us, we will contact you to discuss the use of your story in further detail. We will fully explain how we would like to use your information, and get in touch with you each time we would like to use it outside of the organisation, so that we may obtain your fully informed consent.
3.7 To communicate with professionals in order to further our charitable aims
We maintain a record of information relating to the people we work with in a professional capacity, including healthcare professionals, politicians and scientists. This includes contact details such as address, telephone number or email address and our communications with you. If you are a public official or MP, we will also keep a note of your public voting record, committee and group membership - we may also provide your professional contact details to supporters and members of the public for campaigning purposes.
4. Keeping your details up to date
We will use publicly available sources to ensure that the information we hold is accurate and up to date. For example, where you have signed up for a redirection service, we will use the Post Office’s National Change of Address database to keep in touch. We may use other services to cross-check the accuracy of the contact details we hold for you.
You can let us know if you move house or your details change by contacting us.
5. Sharing your information with other organisations
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA or UK. A transfer out of the EEA or UK may be to countries that are not subject to privacy regimes that are equivalent to the privacy regime in the EEA or UK. In those circumstances, we will make sure that we have a valid reason for doing so under current data protection legislation. This could include ensuring the country where the data is held has been approved as having adequate data protection standards by the European Commission or the Information Commissioner’s Office, or by including approved contract clauses to ensure your data is kept safe. You can find out more about this by contacting us. We will always take appropriate measures to ensure your information is kept confidential, treated securely and only made available to those who need to access it.
6. Transferring your information outside the EEA
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA. A transfer out of the EEA may be to countries that are not subject to privacy regimes that are equivalent to the privacy regime in the EEA. In those circumstances, we will make sure that we have a valid reason for doing so under current data protection legislation.
This could include ensuring the country where the data is held has been approved as having adequate data protection standards by the European Commission, or by including approved contract clauses to ensure your data is safeguarded. You can find out more about this by contacting us. We will always take such measures as are appropriate to ensure the confidentiality, integrity and availability of your information.
7. How long we keep your information
As a general rule, we will hold your information for a period of up to seven years from the end of your relationship with the charity in accordance with our data retention policy. In some circumstances, this will be shorter. For example, information related to unsuccessful job applications is destroyed after two years. In some circumstances, this will be longer, for example, pension information of former employees and information relating to the research grants we’ve made. If you would like to know how long we will hold any specific information, then please contact us and we can provide further details.
8. Your rights
Under the Data Protection Act 2018 you have the following rights:
- Information Right – You have the right to receive the information contained in this policy and our data collection forms about the way we process your personal data
- Personal Data Access Right – You have the right to know that we are processing your personal data and, in most circumstances, to have a copy of your personal data held by us. You can also ask for certain other details such as what purpose we process your data for and how long we hold it
- Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you
- Personal Data Erasure Right – Known as the ‘Right to be forgotten’. In certain circumstances you may request that we erase your personal data held by us
- Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example, if you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims or where we are relying on legitimate interests to process data
- Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests
- Data Portability Right – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances
8.1 Right to Withdraw Consent at any time
Where we use your personal information based on your prior consent, such information about your health, or where you have given us permission to send you marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting us.
If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. You can read more about how to make a complaint here. You also have the right to lodge a complaint about any use of your information with the Information Commissioner’s Office, the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
10. How we keep your information your secure
We take appropriate measures to ensure the confidentiality, integrity and availability of systems, which are regularly independently tested and reviewed.
A cookie is a small file of letters and numbers that we store on your device (for example, your computer or smartphone). It allows our website to recognise your device and store some information about your preferences or past actions.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into our website in order to post in the Forum.
- Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Preference cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your login details).
- Marketing cookies. These are used by our advertising partners (e.g. Facebook) to collect information about how you use our website (including visits to our cancer information pages) and show you associated adverts on other sites. The information that’s been used to build that profile may also be used to find other people with similar interests to yours so that our adverts can be shown to them too.
We monitor how people use our website so we can improve it. If you visit our website, we may record information including:
- The areas of the website you visit
- The amount of time you spend on the site
- Whether you are new to the site or have visited it before
- How you came to our website — for example, through an email link
- The type of device or browser you use
- How you use the website and the quality of your experience – for example, we may record a session or test different variations of a webpage to see how easy it is for you to find what you are looking for so we can improve the service.
All cookies have an 'owner' which can be identified by looking at the domain (i.e. the company or website name in the cookie). Cookies can either be first-party (i.e. they’re owned by the website who set them) or third-party (i.e. they’re not owned by the website who set them). We use both first-party and third-party cookies on our websites.
Hotjar/Crazy Egg is a website analytics tool we use to see how our supporters use our website and get feedback through surveys. This helps us to improve supporters’ experience.
Google cookies are used for web analytics and management of tags, pixels and cookies. We use the information from Google to improve our website experience for website visitors and to measure the effectiveness of our online advertising.
Visual Website Optimiser
Visual Website Optimiser (VWO) is a website analytics tool that allows us test out different variations of our web content and page layouts to see what our supporters prefer. It is sometimes used to create heatmaps to see how people are using the website.
Provide analytics for shop functionality.
Testing tool that allows us to test two different versions of a page to users to determine which one performs better. For on page optimisation.
Google Tag Manager
This is the tracking tag manager that the Google Analytics tracking sits in. All tags on the site are put into this so it loads asynchronously to not slow down page load time. The actual data that comes from these tags feed into Google Analytics.
Social Media Analytics & Marketing
Social Media Analytics & Marketing
We use Twitter for advertising. This cookie means we can track the effectiveness of this activity.
Social Media Analytics & Marketing
We use these to provide conversion / anonymous audience data to optimise spend on marketing and ensure the relevant people are targeted.
Social Media Analytics & Marketing
We use the DoubleClick cookie to measure the effectiveness of our online advertising and target future advertising to get best value for money. DoubleClick tracks anonymised conversion data so that we can measure advertising effectiveness. They are used to serve advertising enabling us to reach or exclude people who have visited our website. The cookie also allows us to limit the number of times a person sees our advertisement. DoubleClick cookies sometimes include a ‘pixel’ (similar to a cookie) from the advertising networks we work with. This allows us to target adverts effectively on their networks
We use PayPal to accept online donations on our site. The PayPal session cookies are required to identify irregular site behaviour, prevent fraudulent activity and improve security. It is also required for users to be able donate via PayPal on our website.
We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide Breast Cancer Now with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information.
This policy was last updated on 13th May 2021.