We will use your personal data for the purpose or purposes outlined at the time you gave it to us. Your personal data may be collected and used to help us deliver our charitable activities, help us raise funds, or complete your order or request.
As a cancer support charity we use personal information to help us understand our supporters and potential supporters, tailor our communications and use our resources effectively.
3.1 The main ways we use your data
- To provide you with the services or information you have requested
- To maintain organisational records and ensure we have up-to-date marketing and communication preferences for individuals
- To send you information about our work
- To update you about any changes to our services
- To help us improve our services
- To invite you to participate in surveys or research
- To administer donations, including Gift Aid processing
- To support individuals’ fundraising activities
- To invite you to make donations to support our work
- To invite you to participate in fundraising activities and attend events
- To support our volunteers
- To ensure the safety of all that attend our events and activities
- To analyse and improve the operation of our website
- To analyse your use of our website
- To share your story to help further our work
- To make a purchase from our shop
- Hold dietary requirements for courses and events
- To administer your volunteering or employment application
- To contact you where you have been identified as a contact person for an organisation, such as a
Cancer Support Nurse
We conduct research and analysis on the information we hold which can in turn create further personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. The section Supporter Analysis (section 3.4) gives more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content. We use this information to identify ways in which you could support Penny Brohn UK and invite you do to so if appropriate.
This analysis may be carried out by us or by third party organisations working for us.
We carry out research with our supporters and donors to improve the experiences we offer and ensure we know what you find relevant and interesting. We carry out research with our clients, staff and volunteers to get feedback on their experience with us so that we can improve. This includes looking at quality assurance to develop our services for people with cancer, and to demonstrate the impact of our services to funders and supporters.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (for example, ethnicity, and cancer diagnosis). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate rather than individual level (for example, for reporting on equal opportunities).
3.3 Communicating with you
- Administrative communications
We will communicate with you using the contact details you have provided for essential administrative purposes, such as to administer a donation or provide you with information regarding a fundraising event you have asked to take part in.
We want to keep our supporters up to date with our fundraising and marketing activities. If you have given your consent to do so, we will contact you for marketing purposes by email, SMS message and telephone calls. We may also send you communications by post on the basis it is in our legitimate interests to do so, unless you ask us not to.
If you agree to receive marketing information from us you can always change your mind at a later date. For more on withdrawing your consent, please see the information in section 7 under Your data protection rights. We’ll never share your information with companies outside Penny Brohn UK who want to use it for their marketing.
- Marketing to young people
We won’t send marketing emails and letters or make marketing calls to people under 13. We won’t send any marketing communications requesting donations to young people aged between 13 and 17, but we will send them information on how to fundraise on our behalf if they specifically request this.
3.4 Supporter analysis
We know it’s important to our supporters that we use our resources in a responsible and cost-effective way. This is why we use automated profiling and targeting to help us understand our supporters and make sure that:
- our communications (for example, emails) and services (for example, our website) are relevant, personalised and interesting to you.
- our services meet the needs of our clients and supporters
- we only ask for further support and help from you if it’s appropriate
- we use our resources responsibly and keep our costs down
To do this we’ll analyse how you interact with us. For example, on our website we use both geographic and demographic information to let you know what’s happening in your local area and understand your interests. The personal information we collect includes transactional information for donations and event sign ups.
Much of the information we collect is aggregated, which means we look at it as a whole rather than at an individual level. However, we may also collect some personal data to personalise your experience, tailor our marketing campaigns to your interests, and ensure the website is functioning as we want it to.
If you’ve agreed we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example; updates to address and contact information, or publicly available information regarding your wealth, earnings and employment at an aggregate level.
Data Aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income.
We may also use personal data to create profiles which help us target our communications, to you and to other people. For example, we may use your personal data to find online users with a similar profile to you who may also be interested in our products or services.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in line with the requirements set out in the GDPR.
We won’t profile anyone under the age of 18.
We may participate in Facebook’s ‘Custom Audiences’ programme which enables us to display adverts to our existing supporters when they visit Facebook. We provide your email address, mobile number and address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Your data is sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account. Facebook’s data policy can be found here.
For more information click here. You can also read more here.
3.6 Location services
We use the location data provided by the devices you use to access our main website. You can change your location settings at any time in your device or computer settings.
3.7 Cookies and links to third party websites
- How do I change my cookie settings?
In your web browser you can control which types of cookies you allow. You can turn cookies on or off using your browser’s settings. You can also delete cookies and clear your browser’s cache (history).
Whether our cookies are used will depend on your browser settings, so you are in control. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please use the following links:
Links to other websites
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, they will have their own privacy policies for which we do not accept any responsibility or liability.
3.8 Recruitment and employment
If you work for us, or apply for a job with us, we will process your personal data, including sensitive personal data, to comply with our contractual, statutory and management obligations and responsibilities.
This data can include, but isn’t limited to, information relating to your health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data without explicit consent. You can find further information on the data we collect and why below.
- Our contractual responsibilities include those arising from a contract of employment. This includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay, leave, maternity pay, pension and emergency contacts.
- Our statutory responsibilities are those imposed by law on us as an employer. This includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits and equal opportunities monitoring.
- Our management responsibilities are those necessary for the way the organisation functions. This includes, but is not limited to, data relating to: contact details, terms of recruitment and employment, training and development, absence and disciplinary matters.
3.9 Managing volunteers
We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us.
This includes contacting you about a role you’ve applied for or which we think you might be interested in, processing expense claims you’ve made, recording shifts you’ve booked, recognising your contribution, asking for your opinions on your volunteering experience and next of kin details.
3.10 Use of sensitive personal data about employees and volunteers
As explained in Section 2, in certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee or volunteer.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consents.
(b) We will process data about, but not limited to, an employee’s or volunteers racial and ethnic origin, their sexual orientation and their religious beliefs, but only where they have volunteered such data and only for the purpose of monitoring and upholding our equality and diversity policy.