Privacy Policy
INTRODUCTION
The Friends of The Royal Marsden, Chelsea (the “Friends”) raise money to support the patients and former patients of The Royal Marsden, a world-leading cancer centre We fund the purchase of medical equipment as well as patient services and amenities for the wellbeing of patients and staff at the hospital. To help us do this we may collect and process your personal data. This gives us a better understanding of our cost effectiveness as a charity, as well as being necessary for the administration of your donations.
We abide by the requirements of the General Data Protection Regulation 2018 (the “GDPR”) and respect any personal data you share with us. We will be clear about when we collect your data. Please read this policy carefully to understand how we collect, use and store your information.
We abide by the requirements of the General Data Protection Regulation 2018 (the “GDPR”) and respect any personal data you share with us. We will be clear about when we collect your data. Please read this policy carefully to understand how we collect, use and store your information.
contacting us
This privacy policy sets out how we process and store your personal information.
If you have any questions about this policy or the way we process your personal data, please contact us:
Data Protection and Privacy
Friends of The Royal Marsden, Chelsea
203 Fulham Road
London
SW3 6JJ
Telephone: 020 7352 3875
Email: [email protected]
Or you can use our Get in Touch Form.
If you have any questions about this policy or the way we process your personal data, please contact us:
Data Protection and Privacy
Friends of The Royal Marsden, Chelsea
203 Fulham Road
London
SW3 6JJ
Telephone: 020 7352 3875
Email: [email protected]
Or you can use our Get in Touch Form.
what personal information do we collect?
Personal information is information that can be used to identify you or tell us about you. We will only collect what we consider necessary. This may include the following:
Sensitive Data
Occasionally we may need to collect information that is considered to be sensitive. For example, Health information you have given us related to your support for us. On most occasions where we collect sensitive personal data we will obtain your consent and advise you of what we are collecting and why. You may withdraw such consent at any time by contacting us. Also see Your rights.
How do we collect personal information?
We will collect personal information directly from you when you:
We may collect personal data indirectly from you in the following ways:
Ensuring the accuracy of your information
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate, and either you advise us or we become otherwise aware, we will ensure it is amended and updated without delay. You can find our contact details here.
- Your name
- Your contact details
- Donations you make to us
- Gift Aid status
- Enquiries, feedback and complaints
- Date of birth and gender
- Logs of communications we’ve sent you and you’ve sent us
- Your communication preferences
- Your bank or credit/debit card details - if you use your credit or debit card to donate to us, buy something or pay online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard.
- Your personal and charitable interests
- Your professional activities
- Any relationships relevant to your support, e.g. a relationship to the hospital, the cause, or to another one of our donors
- Your photograph
- Employment history / health / convictions – (if a volunteer)
Sensitive Data
Occasionally we may need to collect information that is considered to be sensitive. For example, Health information you have given us related to your support for us. On most occasions where we collect sensitive personal data we will obtain your consent and advise you of what we are collecting and why. You may withdraw such consent at any time by contacting us. Also see Your rights.
How do we collect personal information?
We will collect personal information directly from you when you:
- Ask about our activities or register your interest in an event
- Make a donation to us
- Sign up, register or apply for an event
- Sign up to volunteer
- Sign up for communications
- Engage with our website
- Make an enquiry or complaint
- Write, email or talk to us on the phone or in person
We may collect personal data indirectly from you in the following ways:
- We collect contact details, financial transactions, gift aid status and communications preferences via third party fundraising platforms that support your fundraising (e.g. Virgin Money Giving)
- We collect contact details, financial transactions, gift aid status, communications preferences and your interests from organisations that support your fundraising events (e.g. skydiving, running and cycling events).
- We gather and observe data about supporters’ use of our websites, such as which pages are most visited and which events or activities are of most interest as well as feedback ratings and text. See Our Website and Cookie Policy
Ensuring the accuracy of your information
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate, and either you advise us or we become otherwise aware, we will ensure it is amended and updated without delay. You can find our contact details here.
why do we collect and how do we use, your information?
We take our responsibilities under the GDPR seriously. Our lawful bases for processing your data are as follows:
We process data where it is necessary for the performance of a contract. For example, we need your personal details in order for you to apply and complete your registration to become a volunteer with the Friends as well as to process any direct debits and/or standing orders.,. The categories of personal data we process on this basis include contact and information details as well as your bank details and financial transactions.
Legitimate interest
We process some of your personal data, in a manner that you would reasonably expect, to pursue our legitimate interests. We have carefully balanced your interests against our interests when deciding whether this is appropriate. Our legitimate interests and the purposes for processing that fall under each of them are as follows:
Processing and record keeping
Understanding and improving our products and services
Fundraising and marketing by post
Managing volunteers
Targeted digital or social media marketing
We may use the information you provide to ensure our digital and social media advertising is effective – this might include secure provision of contact details to digital advertising networks or to social media companies. This could mean your information allows us to show online ads to you and to others like you. Any information we share will be securely encrypted and you can ask us not to share your information in this way by getting in touch.
However, you should bear in mind that even when you have asked us not to share your information for this purpose, you may still see adverts relating to our cause. This will be because the ad network or social media site has selected you based on information they hold, or settings you have on your device or profile with them, without using any information provided by the Friends.
Consent
We may contact you for marketing purposes by email, telephone, mobile telephone or text but only with your explicit opt-in consent. It is your choice what type of communications and information you receive about us and the ways in which you can get involved.
We will also obtain your consent when we collect sensitive personal data from you, unless you have clearly and deliberately shared the relevant information in the public domain.
You can change your mind about consent or withdraw it at any time by contacting us.
Compliance with a legal obligation
We may send you service communications, for example, if you have made a donation by text. We require data in order to process Gift Aid claims and manage email and SMS text suppression (permanent exclusion) lists.
We are also required by law to protect against the possibility of charitable donations being used as part of criminal activity such as fraud or money laundering, which would need to be reported to the authorities. Such instances are rare but where a risk is highlighted, we are required to process personal data in order to carry out due diligence in order to be confident in accepting legitimate offers of support.
When necessary for the performance of a contract
We may communicate with you in order to be able to service any direct debit and/or standing orders.
We process data where it is necessary for the performance of a contract. For example, we need your personal details in order for you to apply and complete your registration to become a volunteer with the Friends as well as to process any direct debits and/or standing orders.,. The categories of personal data we process on this basis include contact and information details as well as your bank details and financial transactions.
- We have a legitimate interest in processing your data to run our registered charity effectively and efficiently. The personal data we may process on this basis includes contact and identification details, financial transactions, a record of interaction, relationships relevant to your support.
- We ask for your specific and informed consent to communicate with you by email, SMS and telephone for marketing and feedback purposes. The categories of personal data we process on this basis may include contact and identification details, your health condition and relationship with The Royal Marsden NHS Foundation Trust.
- We also process data to comply with legal obligations, for example when assessing your personal information for the purposes of credit risk reduction or fraud prevention. Charities are known to have been targeted for illegal purposes such as money laundering and so we are required to monitor financial activity and report suspected fraud to the appropriate authorities. The categories of personal data we process on this basis include contact and identification details, financial transactions and gift aid status, professional activities, records of interaction and any criminal convictions.
Legitimate interest
We process some of your personal data, in a manner that you would reasonably expect, to pursue our legitimate interests. We have carefully balanced your interests against our interests when deciding whether this is appropriate. Our legitimate interests and the purposes for processing that fall under each of them are as follows:
Processing and record keeping
- Processing your donation(s)
- Acknowledging any donation(s) we receive
- Managing feedback and complaints
- Keeping a record of your communications with us
- Supporting your fundraising activities
Understanding and improving our products and services
- Analysing and segmenting data
- Blocking disruptive use of our website, record website traffic, personalise the way our information is presented to you
Fundraising and marketing by post
- Provide you with updates and information about us
- Ask you to help us raise money or donate to us
- Invite you to participate in surveys or research
Managing volunteers
- Processing your application
- Managing rotas
- Keeping a record of communications
Targeted digital or social media marketing
We may use the information you provide to ensure our digital and social media advertising is effective – this might include secure provision of contact details to digital advertising networks or to social media companies. This could mean your information allows us to show online ads to you and to others like you. Any information we share will be securely encrypted and you can ask us not to share your information in this way by getting in touch.
However, you should bear in mind that even when you have asked us not to share your information for this purpose, you may still see adverts relating to our cause. This will be because the ad network or social media site has selected you based on information they hold, or settings you have on your device or profile with them, without using any information provided by the Friends.
Consent
We may contact you for marketing purposes by email, telephone, mobile telephone or text but only with your explicit opt-in consent. It is your choice what type of communications and information you receive about us and the ways in which you can get involved.
We will also obtain your consent when we collect sensitive personal data from you, unless you have clearly and deliberately shared the relevant information in the public domain.
You can change your mind about consent or withdraw it at any time by contacting us.
Compliance with a legal obligation
We may send you service communications, for example, if you have made a donation by text. We require data in order to process Gift Aid claims and manage email and SMS text suppression (permanent exclusion) lists.
We are also required by law to protect against the possibility of charitable donations being used as part of criminal activity such as fraud or money laundering, which would need to be reported to the authorities. Such instances are rare but where a risk is highlighted, we are required to process personal data in order to carry out due diligence in order to be confident in accepting legitimate offers of support.
When necessary for the performance of a contract
We may communicate with you in order to be able to service any direct debit and/or standing orders.
information sharing and disclosure
We will not, without your consent, supply any of your personal data to any third party except for the following reasons:
Law enforcement
We will disclose your personal information to third parties if we are required to do so through a legal obligation (this would include but not be exclusively HMRC, Information Commissioner’s Office, Charity Commission, Companies House, the police or government bodies); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.
The Royal Marsden
We manage our volunteers and work closely with the hospital. It is necessary for us to disclose information to The Royal Marsden in the following ways:
Use of third parties
We will use third party companies as trusted partner organisations that work with us in connection with our charitable purposes. We will work with organisations that support us to deliver fundraising appeals, campaigns, conduct research surveys or store your personal information on our behalf. While the specific list of suppliers will change, the following categories of organisations will remain relatively constant. We share personal data with the following:
We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance. They are only permitted to use the data in accordance with the GDPR.
- We are required to do so by law enforcement or regulatory bodies where this is required or allowed under the relevant legislation
- We share personal data with The Royal Marsden for volunteer management and, when required, for supporter stewardship
- We use third-party companies (e.g. Virgin Money Giving) from time-to-time to support our fundraising activities and carry out data processing operations on our behalf
Law enforcement
We will disclose your personal information to third parties if we are required to do so through a legal obligation (this would include but not be exclusively HMRC, Information Commissioner’s Office, Charity Commission, Companies House, the police or government bodies); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.
The Royal Marsden
We manage our volunteers and work closely with the hospital. It is necessary for us to disclose information to The Royal Marsden in the following ways:
- Volunteers: We will share your contact details and other relevant information with the hospital to enable them to support your volunteer experience, including training where necessary. The hospital will be the data controller of any personal or sensitive data provided with regards to your work in the hospital e.g. your occupational health data.
- Fundraising: We may share information about your fundraising activity with the hospital. This information will only be held for the duration of the relationship and we will be the data controller for all personal data related to your support.
Use of third parties
We will use third party companies as trusted partner organisations that work with us in connection with our charitable purposes. We will work with organisations that support us to deliver fundraising appeals, campaigns, conduct research surveys or store your personal information on our behalf. While the specific list of suppliers will change, the following categories of organisations will remain relatively constant. We share personal data with the following:
- Organisations that operate fundraising platforms to give you choice about the way you can fundraise for us
- Third party companies that manage events (e.g. runs, bike rides and dog walks ) that you have registered for
- Organisations that help us support our fundraising e.g. mailing houses and printers
- As part of a corporate relationship with your employer to support your fundraising and volunteering activities
We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance. They are only permitted to use the data in accordance with the GDPR.
under 16s
If you are aged 16 or under, and would like to participate in an event, make a donation or get involved with us, please make sure that you have your parent or guardian’s permission before giving us your personal information. When we collect information about a child or young person, we will make it clear as to the reasons for collecting this information and how it will be used. We will not communicate with under 16s directly beyond fulfilling the relevant service i.e. acknowledging the gift, sending out event details. You can withdraw consent at any time by contacting us.
Vulnerable circumstances policy
We recognise the importance of protecting our vulnerable supporters and donors fairly. We believe this helps to support our staff, volunteers and fundraisers who come into contact with supporters in providing high quality customer care, ensuring anyone donating to us is in a position to make a free and informed decision.
STORING YOUR INFORMATION
We will keep all your information in a confidential record that is specific to you. We use a database which means that we can keep the information secure and are able to see the history and relevant details of your relationship with us. We take information security very seriously. No one is allowed access to our system or files unless they need this in order to provide a service to you or for one of the other purposes discussed in this notice.
We will only keep your information for as long as needed to ensure that we can effectively carry out your wishes, for example process your donation, respond to your enquiry and make sure that we are only sending you communications that are relevant to you and are in line with your preferences. If you have supported us with a donation we will keep your contact, donation and communication details, as well as why you have donated if you have decided to give us this information.
If we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time. You can request for us to delete this information at any time and we will do so immediately.
We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
We will not use your information for marketing purposes if you have asked us not to. However, we will retain your contact details on a suppression (permanent exclusion) list to help ensure we do not continue to contact you.
We will only keep your information for as long as needed to ensure that we can effectively carry out your wishes, for example process your donation, respond to your enquiry and make sure that we are only sending you communications that are relevant to you and are in line with your preferences. If you have supported us with a donation we will keep your contact, donation and communication details, as well as why you have donated if you have decided to give us this information.
If we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time. You can request for us to delete this information at any time and we will do so immediately.
We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
We will not use your information for marketing purposes if you have asked us not to. However, we will retain your contact details on a suppression (permanent exclusion) list to help ensure we do not continue to contact you.
OUR WEBSITE
To make full use of our website you need to accept cookies. Without cookies you can still visit our website but some features won't work. More information on cookies can be found in our Cookies Policy.
Our website is hosted on a secure server. Any information you send to us over the internet is encrypted using secure socket layer technology (SSL). Although we cannot 100 per cent guarantee the security of any information you transmit to us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.
Our website contains links to other websites belonging to third parties and we participate in social networking sites including but not limited to Twitter, YouTube, Instagram and Facebook. We may also include content from sites such as these on our website. However, we would advise you that we do not have any control over the privacy practices of these other sites. You should make sure when you leave our site to visit another site that you have read and understood that site’s privacy policy, in addition to our own.
Our website is hosted on a secure server. Any information you send to us over the internet is encrypted using secure socket layer technology (SSL). Although we cannot 100 per cent guarantee the security of any information you transmit to us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.
Our website contains links to other websites belonging to third parties and we participate in social networking sites including but not limited to Twitter, YouTube, Instagram and Facebook. We may also include content from sites such as these on our website. However, we would advise you that we do not have any control over the privacy practices of these other sites. You should make sure when you leave our site to visit another site that you have read and understood that site’s privacy policy, in addition to our own.
YOUR RIGHTS
You have the right to:
If you wish obtain a copy of the information we hold about you, please contact us as follows:
Friends of The Royal Marsden, Chelsea,
203 Fulham Road
London SW3 6JJ
Or via telephone on 020 7352 3875 or email: [email protected]
Or you can use our online form
We hope that you will not have cause to complain about us. If you have any concerns or complaints that cannot be resolved by us, you can contact the Information Commissioner here.
- request a copy of the information we hold about you, and to transmit that copy to another data controller
- update or amend the information we hold about you if it is wrong
- change your communication preferences at any time including withdrawing consent to be contacted by email, phone or SMS, or deleting any sensitive information you have given us
- ask us to remove your personal information from our records
- object to the processing of your information for marketing purposes
- raise a concern or complaint about the way in which your information is being used
If you wish obtain a copy of the information we hold about you, please contact us as follows:
Friends of The Royal Marsden, Chelsea,
203 Fulham Road
London SW3 6JJ
Or via telephone on 020 7352 3875 or email: [email protected]
Or you can use our online form
We hope that you will not have cause to complain about us. If you have any concerns or complaints that cannot be resolved by us, you can contact the Information Commissioner here.