Privacy Policy

 

 

About us 

Beatson Cancer Charity (“we”, “our”, “us, “the Charity), a charity registered in Scotland (Charity Number SC044442) and a company registered in Scotland (Company Number SC461242) recognise the need for appropriate protections and management of your personal information.  

When we collect and use your personal information in the way set out in this Privacy Notice, we are the controller for the purpose of Data Protection Legislation (defined below) and are responsible for your personal data 

This privacy notice also covers the rest of the Beatson Group. The Beatson Group is made up of: 

  • Beatson Cancer Charity, a charity registered in Scotland (Charity Number SC044442) and a company registered in Scotland (Company Number SC461242);
  • Beatson Trading Company Limited, a company registered in Scotland (Company Number SC511169);
  • Friends of the Beatson, a company registered in Scotland (Company Number SC155219); and 
  • Beatson Oncology Centre Fund, a company registered in Scotland (Company Number SC011740).

For the most part this privacy notice refers to the activities of the Beatson Cancer Charity but where your personal information is collected by, shared with and/or used by one of the other organisations in the Beatson Group, this is explained in this notice. 

 

Purpose

We respect your privacy and are committed to protecting your personal data.

This Privacy Notice will let you know how we collect and process your personal data when we interact with you (including when you donate to us or when you fundraise on our behalf or when you apply to work or volunteer with us) or provide services to you and when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

 

Key terms

When we refer to Data Protection Legislation, we mean the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Data Protection Act 2018. 

Personal information is information that can be used to identify or contact a specific individual, such as a name, address, telephone number, email address, etc., and online identifiers and location data such as IP addresses and mobile device IDs.  

Special category data means personal information revealing your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data; data related to your health; or data concerning your sex life or sexual orientation. 

Criminal convictions data is information relating to criminal convictions or your involvement in criminal proceedings.  

controller is someone who decides why personal data is to be collected and how it will be used and treated.  

Contact us

If you have any questions regarding this Privacy Notice you can contact us using the following details:  

Beatson Cancer Charity 

Beatson West of Scotland Cancer Centre 

1053 Great Western Road 

Glasgow  

G12 0YN 

dpo@beatsoncancercharity.org 

0141 212 0505 

If you are unhappy with how we handle your personal information you can write to us using the contact details noted above and / or notify the Information Commissioner’s Office (ICO) (please see: https://ico.org.uk/concerns/ for more information). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

What personal data do we collect about you? 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

Identity Data includes first name, last name or similar identifier (such as date of birth or patient ID). 

Contact Data includes personal or business address, personal or business e-mail address and personal or business telephone numbers. 

Financial Data includes bank account and payment card details as well as gift aid registration details. 

Technical Data includes internet protocol (IP) address, geographic location, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website]Where possible, we use aggregated data or anonymous information which does not identify individual visitors to our website. 

Usage Data includes information about how you use our website and services and includes information about your service preferences and survey responses (where applicable) 

Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences. 

Aggregated Data includes statistical data and/or data included within the NHS database for the purpose of public health reporting and research, however this will not identify you, either directly or indirectly and therefore is not considered personal data under the Data Protection Legislation. 

Health Data includes information about your health, for example your diagnosis and treatment status and/or any relevant medical conditions and/or dietary requirements. 

Employment Data includes information about your employment. 

We may from time to time collect Special Categories of Personal Data about you (this could include details about your race or ethnicity, religious or philosophical beliefs, health, sex life, sexual orientation, political opinions, trade union membership and genetic and biometric data) for example engagement with our Care Services team who handle assisting you with employer relationships who will collect some elements of this in supporting you through their relationship with you and your employer, which is kept only within the Care Services area of our systems.  

We also may collect data about any criminal convictions and offences, for example in some cases we carry out Protection of Vulnerable Groups (PVG) checks on those within our organisation who interact with patients or children and young people. This includes carrying out PVG checks on members of our Board, our fundraisers (where their role involves visiting schools for example), patient-facing voluntary roles and certain of our Directors.  

 

How do we use your personal  data and why?  

We may collect your personal data in the following ways: 

Direct interactions. You may give us your Identity, Contact, Employment and Financial Data (and Health Data) by filling in forms or by corresponding with us in person or by post, telephone, e-mail or otherwise. This includes personal data you provide when you: 

  • contact us about our services and/or enquire about our activities; 
  • use our care services; 
  • donate to us and/or fundraise on our behalf; 
  • participate in an event; 
  • agree to become an Ambassador for us; 
  • complete a survey and/or questionnaire; 
  • consent to us using your image, recording, voice or case study in our marketing materials; 
  • contact us on and/or visit our website; 
  • purchase or order our services and/or goods from our shop; 
  • request marketing or other communications to be sent to you; and 
  • give us feedback or otherwise contact us.  

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

Use of Cookies. A cookie is a small file which can be placed on your computer’s hard drive, the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. This may prevent you from taking full advantage of the website. You can easily restrict or block the cookies used by this website through your browser settings, the Help function within your browser will provide detailed instruction of how to change these settings. You can find more information about cookies at www.aboutcookies.org, this site provides instructions on how to block cookies on all the major browsers and also explains how you can delete cookies that have already been stored on your computer.

You should be aware that most cookies are harmless and restricting them may impact on the functionality of the websites you visit.

Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

Technical Data from the following parties:

  • analytics providers such as Google based outside the EU; and
  • social media platforms such as Twitter, Facebook, Linked In or Instagram in regards to your interactions with us through those platforms.

Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

Contact, Financial and Usage Data from providers of technical, payment and delivery services such as Worldpay and Stripe based in the UK.

Identity, Contact, Financial and Usage Data from fundraising platforms such as Just Giving, Virgin Money Giving and CAF Charities Trust based in the UK.

Identity, Contact, Health and Usage Data from the NHS and your doctors, nurses and other medical practitioners where you have asked them to contact us or share information with us on your behalf.

Employment information or other information about you provided by a party providing a reference about you.

Identity and Contact information from our trading subsidiary where you make an enquiry of them which requires our input to answer or where you ask them to pass on your details to us.

We use your personal data on the following legal bases:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we have a contract with you or are taking steps to enter into a contract with you.
  • Where you have given your consent to the use of your data.

If we are processing Special Category Data or Criminal Convictions Data we may also rely on the following conditions in addition to the legal bases above:

  • Where you have given your consent to the use of your data.
  • Where we are required to process your data in the public interest for the purposes of safeguarding children and of individuals at risk or regulatory requirements relating to unlawful acts and dishonesty.
  • Where we are required to process your data in the public interest for the purposes of equal opportunities or treatment.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity 

Type of data 

Lawful basis for processing including basis of legitimate interest 

Patients who are engaged with Care Services. 

To provide our services to you. 

To discuss our services and service options with you. 

To assess whether our services are suitable for you and whether we need to make any changes to suit your health and treatment needs. 

To share your anonymised data with the NHS and other third parties, for these purposes. 

 

    a. Identity 

    b. Contact

    c. Aggregated

    d. Health 

    e. Employment 

  

For (a), (b), (d) and (e), we rely on the basis of contract or on the Charity’s legitimate interests in providing the care services through our Care Services teams, as requested by you. 

For (c) we rely on the Charity’s legitimate interests in furthering public health reporting and research.  

For (d) we also rely on your consent as this is a special category of personal data. 

We will not use your contact information for marketing purposes, unless you have asked us to do so. 

Donors/Supporters/Event Participants/Fundraisers 

To provide you with our support and to process your donation and keep you up to date on our work.  

To register and administer your participation in events. 

For health and safety assessments or to make dietary adjustments. 

    a. Identity 

    b. Contact

    c. Health

    d. Financial

    e. Marketing and    Communications 

We rely on our contract with you or on our legitimate interests for (a), (b), (c) and (d) in maintaining records, managing our giving and funding and running events. 

We use (c) based on your consent - as this is a special category of personal data. 

We only use (b) to contact you with marketing materials based on your consent (for email,) and based on our legitimate interests in marketing and promoting our charity and aims (for postal marketing and live calls). We also check telephone numbers against the Telephone Preference Service (TPS) and will only make telephone calls to you where your telephone number is listed on the TPS AND where you have specifically told us that you do not object to such calls and have consented to receive them. This is to allow us to further our charitable aims, including fundraising activities. 

We use (e) to ensure that we are complying with your preferences for direct marketing based on our legitimate interests in ensuring our marketing is relevant to you.  

Website Users 

To provide you with the best experience on our website, to answer your queries and ensure our services meet the needs of our customers/supporters. 

To tailor our website so that you see content relevant to you, to collect statistics, reports, responses to surveys and questionnaires and to analyse traffic patterns and related site information 

To provide you with the products, services and/or information that you have requested. 

   a. Identity

   b. Contact

   c. Technical

   d. Usage 

   e. Aggregated 

We aggregate this data and it does not identify any website users (except where you contact us with a question/query). We use this for our research analysis, testing, monitoring, risk management and administrative purposes and may disclose Aggregated data to third parties for advertising, marketing and promotional purposes.  

We rely on our legitimate interests in operating and managing our website and online services. 

 

Ambassadors 

To share your story/experience to promote our activities. 

    a. Identity 

    b. Health

    c. Employment 

    d. Criminal Convictions Data

    e. Special Category Data 

We process your data on the basis of your contract with us (i.e. that you want to engage with us as an Ambassador to promote our charity). 

We only publish your information publicly on marketing materials etc. and only publish any data in relation to (b) in accordance with your consent. 

For (e) we are relying on contract to process your data, and on public interest (for the purposes of equality of opportunity or treatment) – as this is a special category of personal data. 

Customers 

To fulfil the contract we have with you to provide goods/services 

    a. Identity

    b. Contact 

    c. Financial 

Based on the contract we have with you.  

Funding Applicants 

To process your application for funding. 

    a. Identity 

    b. Contact

    c. Financial

    d. Employment 

    e. Health 

Based on the contract we have with you to provide our funding to you. 

For (e), we also rely on consent – as this is a special category of personal data. 

Consultants/Service Providers 

To engage with you to provide goods and/or services to us. 

    a. Identity 

    b. Contact 

    c. Financial 

Based on the contract we have with you to provide goods and/or services to us. 

Applicants (volunteers and staff) 

To review your application. 

To review your suitability for the role for which you have applied. 

    a. Identity 

    b. Contact 

    c. Employment 

    d. Criminal Convictions Data 

We use (a) to (e) on the basis of contract. 

For (d) we also rely on public interest (for the purposes of safeguarding children and individuals at risk or regulatory requirements relating to unlawful acts and dishonesty) – as this is a special category of personal data. 

Legacy donors and those managing legacy donations or the affairs of a legacy donor 

To maintain records of the legacy donation. 

To provide you with our support and to process the legacy donation and keep you up to date on our work.  

Please note that processing of this information may be carried out by or on behalf of one of the other Beatson Group organisations, for example, Friends of the Beatson or Beatson Oncology Centre Fund, if they are named in the legacy. 

   a. Identity

   b. Contact 

   c. Health 

   d. Financial 

   e. Marketing and     Communications 

We rely on our contract with you or on our legitimate interests for (a), (b), (c) and (d) in maintaining records and managing our giving and funding. 

We use (c) on the basis of your consent - as this is a special category of personal data. 

We only use (b) to contact you with marketing materials based on your consent (for email,) and based on our legitimate interests in marketing and promoting our charity and aims (for postal marketing and live calls). We also check telephone numbers against the Telephone Preference Service (TPS) and will only make telephone calls to you where your telephone number is listed on the TPS AND where you have specifically told us that you do not object to such calls and have consented to receive them. This is to allow us to further our charitable aims, including fundraising activities. 

We use (e) to ensure that we are complying with your preferences for direct marketing based on our legitimate interests in ensuring our marketing is relevant to you. 

Where we are relying on contractual obligation and/or legal obligation as a legal basis for collecting and processing your personal data, we will not be able to offer our services to you if you choose not to provide us with this information.  

 

How do we keep your personal information up to date?

Please contact us at the contact details above as soon as possible after there is any change to your personal details, including your contact details. 

 

Do we share personal information? 

We contract with third party service providers and suppliers to deliver certain services. We have data processing agreements in place with each of these providers so that they process your personal data in accordance with this Privacy Notice.

The following third parties may have access to your personal information and, in some circumstances, your special category data (if applicable), for the purposes noted below:

  • Microsoft hosts our email on Office 365;
  • our email mailing list provider, currently Mailchimp;
  • our archival and storage provider, who is currently (Office 365 for Digital, Safestore for paper-based archiving)
  • any other person who is authorised to act on your behalf (for example, the NHS and/or family members);
  • when you use our secure online donation or payment pages, you will be directed to a specialist supplier companies, who are currently Wordpay and Stripe, who will receive your credit card number and contact information to process the transaction. We do not retain your credit or debit card details.
  • our IT provider, who is currently NVT; our server provider, who provide our subscriptions and hosting services, who is currently Telehouse and Equinox;
  • our patient records system provider TM3, which is owned by BlueZinc;
  • our accounts system, currently Sage50;
  • our database provider ThankQ, which is owned by Access UK Ltd;
  • regulators, government departments, law enforcement authorities, tax authorities, professional advisors, financial institutions and insurance companies;
  • other Beatson Group entities, trading subsidiaries, suppliers or service providers only to provide the products and/or services that you have requested from one of the Beatson Group entities and/or our site(s) where for example we use a separate company to deliver goods to you or where you have made an enquiry to us which has to be passed to our trading subsidiary (e.g. a catering query).
  • any relevant dispute resolution body or the courts;
  • and persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business; and
  • third parties providing a reference about you, where you have agreed that we can request this or have asked us to request it.

Except as provided above, we will not share personal information with any other third parties without informing you beforehand, unless required by, or in connection with, law and / or regulatory requirements.

We will not sell, trade or lease your personal information to others.

 

European Economic Area

The data that we collect from you will usually be stored inside the UK or the European Economic Area (EEA) 

However, if you live or work outside of the UK or the EEA, we may need to transfer your personal data outside of the UK or the EEA to correspond with you.  Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. 

We also may transfer data outside the UK or the EEA where our, service providers host, process, or store data outside the UK or the EEA. Where we do this, we will ensure that the transfer is to a country covered by a decision of the European Commission or is otherwise made in circumstances where we have put appropriate safeguards are in place to protect your data in accordance with the Data Protection Law (e.g. standard contractual clauses, EU-US Privacy Shield compliant, etc.). 

 

Retention periods

We will not hold your personal information for any longer than is necessary for the uses outlined above, unless we are required to keep your personal data longer to comply with the law and any regulatory requirements. 

We generally apply the following retention periods if you fall under any of the named categories:  

Patients – 6 years from the discharge of the patient from provision of our services. 

Donors/Supporters/Fundraisers – 6 years from the end of the accounting period to which they relate, if the donor/supporter/fundraiser has not donated within this time. Otherwise, we retention your personal information for marketing purposes, where applicable, until you advise us that you no longer wish to be contacted in this manner. 

Legacy Donors  For the lifetime of the offered Legacy from inception to the eventual usage of the gift, as Legacy Gifts could potentially take a long time to come in this data is held onto until we are advised that either, the Legacy Giver chooses not to donate, or the gift is receive and at that stage it is 6 years from the end of the accounting period to which they relate. 

Ambassadors – 6 years from ending of Ambassador role. 

Funding Applicants – Between 1 month to 7 years depending on the type of Fund applied for 

Job or Volunteer Applicants – 6 months from the date on which we decide to appoint you or not to progress your application. 

To find out more information about our retention periods, you can request a copy of our Retention Schedule from us using the contact details given above. 

 

Under 18s 

We are committed to protecting the privacy of young people that engage with us through our support services, our website, at events and fundraising initiatives. When we collect information about a child or young person who is under 18, we will always make clear the reasons for collecting this information and how it will be used. 

In most cases we will only require information from an individual under the age of 18 in order to register their attendance at an event or to process a donation they wish to make. We may also send thank you letters following a donation or participation in a fundraising activity. 

Our fundraising events request specific information about the age of participants and therefore, where you are under 18 and would like to get involved, we request that you have consent from a parent/guardian before giving us your personal information. 

 

Your Rights 

You have certain rights under the Data Protection Legislation which can be exercised by contacting us using the contact details provided above, including: 

  • the right to access the personal data held about the you by making a subject access request in accordance with the Data Protection Legislation. We may charge a reasonable fee when a request is manifestly unfounded or excessive;  
  • the right to have your personal data rectified if it is inaccurate or incomplete;  
  • the right to request to have your personal data deleted in certain specific circumstances as set out in the Data Protection Legislation;  
  • the right to request to restrict the processing of your personal data in certain specific circumstances as set out in the Data Protection Legislation; 
  • the right to ask us not to process your personal data for marketing purposes (you may opt out of our marketing communications at any time by clicking the “unsubscribe” link at the end of our emails, sending us an “opt-out” text message and/or contacting our fundraising team at  fundraising@beatsoncancercharity.org), however we will maintain a suppression list with your name and contact details to ensure that we do not continue to contact you after you have asked us to stop, or for purposes based on our legitimate interests;  
  • the right to ask us to not undergo automated decision making; and  
  • where you have provided consent, to request to withdraw such consent at any time. 

 

Please note that if you choose to exercise your rights to have personal data restricted or deleted, then we may not be able to provide our services to you. 

Further details about your rights can be found on the ICO’s website at https://ico.org.uk/. 

 

Link To Other Websites 

This Privacy Notice only relates to the Charity. If you link to a third-party website from our main website, you should remember that this is not our website and therefore you should read the terms and conditions and Privacy Notice on those third party websites before continuing. 

We are not responsible for any use of your information that is made by other websites and/or organisations. 

 

Updates To This Privacy Notice 

We keep our Privacy Notice under regular review and the most current version can be found on our website or requested from us on the contact details given above. 

If we make any substantial changes we will notify you by posting a prominent notice on our website.