At Beechwood Cancer Care, we’re committed to protecting your privacy. We promise to respect any personal information you share with us (or that we receive from other organisations) at all times, and we promise to keep it safe.
This Policy sets out how we process your data. It also explains your rights and options around how we use your personal information.
…when you give it to us directly
This might be when you:
…when you give it to us indirectly
This is when your personal information is given to us by third parties. These might be:
You’ll always hear from them when this happens, and you’ll be told how and why we intend to use that information.
…when others give it to us
If you’re receiving care or support from Beechwood Cancer Care as a patient, we’re given personal information about you from your NHS healthcare team when you are referred to us by your district nurse, GP or hospital consultant.
This includes details of your health and any treatments of services you have received.
…when it’s available publicly
Some information about you may be in the public domain, using public registers such as Companies House, the electoral roll and press reports. For example:
…when you visit this website
When you visit this website, we automatically collect the following personal information:
We collect and use your personal information by using cookies on our website.
We collect, store and use the following kinds of personal information:
If you are receiving care from Beechwood Cancer Care as a patient:
The General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (DPA18) recognises certain categories of personal information as sensitive and therefore requiring more protection.
For example, this includes information about your health, religious beliefs, ethnicity and political opinions.
In the course of providing care to our patients, Beechwood Cancer Care routinely processes sensitive personal data. In other limited cases, we may collect and/or use your sensitive personal information.
In each case, we will only do so if we have a valid reason and the GDPR/DPA18 permits it, as described in how and why we will use your personal information.
We use your personal information to:
If you are receiving care from Beechwood Cancer Care as a patient, we use your personal information to:
We may use your personal information to create a record of your interests and preferences.
This means we can make our contact with you more relevant, timely and appropriate.
It also helps us understand the background of our supporters to help us make sure that what we’re asking is appropriate.
Before contacting you, we may use data analysis to interpret your data and predict how likely you are to be interested in or responsive to a particular campaign or fundraising message. Where we have identified that you have the capacity and/or affinity to support Beechwood Cancer Care at a higher level, we may collect additional information about you (see ‘How we use your information’) and combine, analyse and compile that information into a profile of you in order to assist us in engaging with you in a more personalised way.
We typically look at and combine information published in the media but other commonly used publicly available sources including company resources, the electoral roll and any data you choose to make public on LinkedIn such as your professional memberships and networks. We may also use any publicly available data that you share on social media. We may use additional information such as geographical information for measures of affluence where available. In order to do this efficiently, we may use trusted third-party specialist companies that collate and analyse information from public registers alongside statistical social-economic data to automate some of this work. This helps us to understand more about your interests and level of potential engagement or donation.
You can opt out of your data being combined and analysed for marketing purposes by contacting our Supporter Relations Team or our Data Protection Officer, whose details may be found at the end of this privacy notice.
Please note that before seeking or accepting major donations we are required to conduct a minimum level of due diligence. This is in accordance with our legal and regulatory obligations and our internal risk management policies and procedures. This means that if you opt out of analysis of your data, we may still conduct some analysis that is required to enable us to accept donations from you.
We use your details to give you information about our work, events, services and/or products which we think might interest you.
For example, we might contact you about goods or services you’ve purchased or used in the past, or send you updates about our fundraising appeals, volunteering opportunities and latest campaigns.
Where we do this via email, SMS or phone (if you are registered with the telephone preference service), we’ll only do this with your prior consent.
When you use our secure online donation or payment pages, you’ll be directed to a specialist supplier company, who will receive your credit card number and contact information to process the transaction. We don’t retain your credit or debit card details.
Where we capture children’s data online, we’ll seek parental consent for any children under 13. We won’t actively market to under 18s.
In general, if we no longer need your information for the reasons you gave it to us, we remove your personal information from our records six years after the date it was collected.
But we’ll remove it sooner if:
If you ask to receive no further contact from us, we’ll keep some basic information about you to make sure we don’t send you unwanted materials in the future.
Please note that special rules apply to health records, which may often be kept for longer than six years.
Where your personal information is used to support research, it is usually kept for longer and may be used in the future to help with further research as medical science advances.
The GDPR/DPA18 requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are relevant.
The GDPR/DPA18 allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights.
In broad terms, our “legitimate interests” means running Beechwood Cancer Care as a charitable entity in pursuit of our aims and ideals. For example, by:
“Legitimate interests” can also include your interests, such as when you have requested information or certain goods or services from us, and those of third parties (for example, beneficiaries of our work and services).
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We won’t use your personal information for activities where our interests are overridden by the impact on you. For example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
The GDPR/DPA18 prohibits the processing of sensitive personal data (special category data) unless additional conditions are met.
We think the following conditions are relevant, in each case in accordance with the relevant safeguards:
We never share, sell or rent your information to third parties for marketing purposes.
However, in general we may disclose your personal information to selected third parties in order to achieve the other purposes set out in this Policy.
These may include (among others):
In particular, we reserve the right to disclose your personal information to third parties:
We promise to keep your personal information safe and secure.
We have appropriate and proportionate security policies and organisational and technical measures in place to help us do this. For example, we require specialist suppliers who process secure payments to comply with the Payment Card Industry Data Security Standard (PCI DSS) standards.
Only appropriately trained staff, volunteers and contractors can access your information. It is stored on secure servers with features to prevent unauthorised access.
In general, the personal information that we collect from you will be stored at a destination within the UK.
However, we use agencies and suppliers to process personal information on our behalf.
Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK who work for us or for one of our suppliers.
Please note that some countries outside of the UK have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.
Where your personal information is transferred, stored and/or otherwise processed outside the UK, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure.
These are your rights in relation to how we process your personal information:
You have the right to be told how your personal information will be used. This Policy and other policies and statements used on this website and in our communications provide you with a clear and transparent description of how your personal information may be used.
You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information.
Provided we are satisfied that you are entitled to see the information requested and we’ve successfully confirmed your identity, we’ll give you your personal information (subject to any exceptions that apply).
You have the right to ask us to delete your personal information, and we’ll do this when you ask us to. In many cases, we’ll check to see if you’re happy for us to make it anonymous first, rather than delete it completely.
If you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.
You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.
You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
You have the right to object to processing where we are:
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.
This includes the right to ask us to stop using your personal information for marketing or fundraising by electronic means (for example to be unsubscribed from our email newsletter list).
Where we are processing your personal information:
you may ask us to provide it to you – or another service provider – in a machine-readable format.
Where we take automated decisions (ie with no human involvement) in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision.
We may update this Policy from time to time so please check back periodically. We will notify you of significant changes by placing a notice on our website. This Policy was last updated in March 2020.
We link our website directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.