General Data Protection Regulation (GDPR) and other legislation relating to personal data is changing at the end of May 2018.
At UCARE will comply with the six principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner than ensures appropriate security.
We collect and store information in the following ways:
You may give us your information when you donate, are involved in one of our events, volunteer, purchase our products or communicate with us in any way where you give us your details.. We are responsible for your data at all times.
How we store it
We ensure that there are appropriate technical controls in place to protect your personal details. We use firewalls on our IT network for protection.. Personal data is managed through the Advanced NFP Donor Strategy system, a well-reputed system with its own built-in security measures.
Third Party Organisations
Social media is an important part of raising awareness, but we do not consult with third party organisations to provide us with other shared data.
If you give us permissions to follow you we may link into your Social Media sites, such as Twitter, LinkedIn and Facebook but we do not store information from those accounts or services. Nor do we store information available publicly about you which can be found on other web sites and in published media articles.
We may need to disclose your details if required by the police, regulatory bodies or legal advisors. In other circumstances we would have to get your explicit and informed consent.
Social networking platforms are commercial companies and we want to remind our users that information shared on timelines, on our page or in private messages could be used by them.
If you support us, for example make a donation, volunteer, register to fundraise, sign up for an event or buy something from us, are a grant holder, we will usually collect:
- Your name
- Your contact address
- Telephone and Email address [optional]
- The amount you have donated or given us through a sale, and the date
- What event etc you have supported
This information allows us to see what events have been popular for instance, or how sales are going.
We will use your data to:
We are not in the habit of sending out lots of mailings as you know. We send out 2-3 newsletters per year to keep you updated and use your data in the following way:
- Administer your donation, including processing gift aid
- Keep a record of any contact or preferences you give us
- Ensure we know how you prefer to be contacted
- Send you our newsletters
- Make a note of any relevant letter we might send you
When you make donations to UCARE, we keep a note of how the payment was made ie cash, cheque, CAF cheque, BACS but we never request your bank details directly. We never keep the details on cheques.. BACS payments can be made directly to our business bank , or via our secure online donation pages provided by Charity Checkout. See external sites below.
We comply to PCI DSS standards of the Payment Card Industry Data Security Standards. We do not store or keep your credit card details. Paper documents are shredded and computers have firewalls. Our office is within a security monitored building. Please note, we cannot guarantee the security of your personal computer or the internet.
Some people choose to tell us about their experiences with cancer to help further our work. They may take on a role as a patron or volunteer, attend our events or sit on our committees. They may take on a role as a patient advocate, attend our events. This may include telling a story which has information related to their health and family life in addition to their biographical and contact information.
We never use this information in our newsletters or on our web site without their/your specific permission.
We hold your information only as long as we have your permission and we will retain your data for up to seven years, in line with financial best practice for our accounting purposes.
If you decide not to support UCARE any longer, or request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future.
Under the General Data Protection Regulation (from May 2018) there are a number of lawful reasons that we can use (or ‘process’) your personal information. One of these lawful reasons is known as ‘Legitimate Interest’.
Broadly speaking, Legitimate Interest means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests. We believe that Legitimate Interest can be applied to our donors, grant holders, volunteers, and staff. We will review this regularly.
You can always change the way you hear from us or withdraw your permission for us to process your personal details at any time.
You have various legal rights in relation to the information you give or which is collected about you, as follows (UCARE does not share or buy any information with or from third parties):
- You have a right to access the information we hold about you free of charge, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
- You have the right to object to us using/storing your information for direct marketing purposes.