Donate
Back to website

Talk to a nurse: 0808 801 0707

Privacy policy

Why we collect personal data and our promise to you

Pancreatic Cancer UK believe it’s important to be up front about what we do with your data – we’re committed to keeping it safe and treating it with respect.

This policy outlines everything you need to better understand how we collect and use the information that you either provide to us or which is provided to us about you by third parties or via publicly available sources.

For the purposes of the information we collect directly from you, we are the sole ‘Data Controller’ of your information. This means that only we determine the purpose for and the manner in which your information is used. We’ll never sell your personal information or share it with another organisation for their own marketing purposes.

Pancreatic cancer is a tough disease – tough to diagnose, tough to treat and tough to survive. We provide support, information, campaign and fund research. We wouldn’t be able to continue our fight against pancreatic cancer without your involvement and support.

Your personal data helps us to raise money in a more efficient and cost-effective way, helping us to better target our donation requests and create more meaningful direct marketing campaigns. It also helps us to improve the services we provide to people with pancreatic cancer and helps to change the way in which the disease is diagnosed, managed and treated.

If you’ve got any questions or if you don’t want us to process your information in the ways described, you can get in touch with us in the following ways:

By Post: FAO: Data Protection Officer, Pancreatic Cancer UK, Westminster Tower, 3 Albert Embankment, London SE1 7SP

By Email: dataprotection@pancreaticcancer.org.uk

By Telephone: 020 3535 7090

We directly receive personal information when people:

– Sign up to fundraise for Pancreatic Cancer UK (eg. a marathon or a skydive) or order fundraising materials from us;

– Let us know that they are holding a fundraising event;

– Fill in one of our online petitions;

– Let us know they want to support our work in a more practical way (eg. raising awareness of pancreatic cancer or volunteering for us);

– Make a donation or buy something through our online shop (eg. Christmas cards);

– Request health professional-related information from us or attend an event eg. our Annual Summit

– Submit a request for funding for a specific pancreatic cancer research project;

– Come along to one of our “Living with Pancreatic Cancer” support days, our online support sessions for people affected by pancreatic cancer or contact our confidential Support Line;

– Complete a survey;

– Register to join our online discussion forum; and

– Apply for a job

We indirectly receive personal information when:

– People sign up to participate in a fundraising event on our behalf through an independent third-party website (e.g. Just Giving, Virgin Money Giving);

– When people sign up to join a community fundraising event~

– When people start a fundraising activity for Pancreatic Cancer UK on Facebook

– We sometimes carry out research and analysis using publicly available sources in order to better understand our supporters.

We believe it’s crucial that we raise money in the most cost-effective ways possible. That’s why we sometimes take a closer look at the personal information of our supporters to better understand how they might be able to help in the future. This means we can better target our donation requests and deliver more cost-effective fundraising. See the “Profiling” section in this notice for more information.

Finally, we use Cookies on our website – a cookie is a small text file that we transfer to your computer that helps our website to remember you. Cookies help to improve your experience of using our website by making the interaction faster and easier eg. by automatically filling in your contact details in text fields.

Cookies also capture your IP Address* and information about the device or operating system you’re using. Cookies help us to improve how our website operates which, in turn, means that we can deliver a better online experience to our supporters. For more information on our use of cookies, please read our Cookies Policy.

* An IP address is a unique string of numbers separated by full stops. They are unique to each computer and identifies each device using the internet.

The data we collect and what we do with it

If you choose to support us either by volunteering, fundraising on our behalf, signing up for an event, campaigning alongside us or sharing your experiences of pancreatic cancer, or you submit an application for research funding we collect:

– Your name;

– References from third parties chosen by you if you apply as a volunteer;

– Your contact details (specifically your postal address, telephone number(s) and email address); and

– Where applicable or appropriate, details about your connection to pancreatic cancer.

If you donate or buy something through our online shop, we’ll ask you for your bank/credit card details.

At times, we also collect demographic information from publicly available sources. We ask for this information so that we can:

– Provide you with services and information you’ve requested – this includes sending you information about the fundraising activities/events you’ve taken part in on our behalf;

– Respond to any questions or feedback you might have about our work;

– Send you information about our work that we think you’ll be interested in;

– Process the donations you make to support our work, including Gift Aid;

– Keep up to date with the relationship you have with us. This includes a record of your engagement with us and how you prefer to be contacted;

– Better understand how we can deliver more cost-effective fundraising campaigns as well as improve the services that we offer to people who get in touch with us; and

– Detect and reduce fraud.

If you call our Support Line, our specialist nurses will ask you questions about your experiences of pancreatic cancer. We won’t keep a record of what’s been said during the call unless we have your permission and only the Support Line team will have access to it.

Finally, we ask supporters to give us more information about why they’ve chosen to support us. You don’t have to give us these details if you don’t want to.

Marketing

We rely on our legitimate interests (see The legal conditions we rely upon to process personal data section) to contact you by post and, unless you’re registered with the Telephone Preference Service (TPS), by phone to tell you about:

– Our research progress and campaigning activities;
– Ways in which you can support us from taking part in an event through to donating;
– The services we provide to people with pancreatic cancer.

If you’ve given us consent, we’ll also contact you by email and SMS (text message). You can withdraw your consent or change the way that we contact you any time, using the contact details below:

By Post: FAO: Fundraising Compliance Manager, Pancreatic Cancer UK, 6th Floor, Westminster Tower, 3 Albert Embankment, London SE1 7SP

By Email dataprotection@pancreaticcancer.org.uk

By Telephone: 020 3535 7090

Alternatively, you can fill in our Contact Preference Form.

We use “email tracking” to review the success of our email campaigns – an invisible pixel is embedded in the emails that we send which tells us how many people have opened the email. This process also logs destination email addresses, IP addresses and email client types. You can “opt out” of tracking by banning html emails.

Social Media/Digital Advertising

We use two techniques to keep in touch with you through digital channels:

Pixel-based retargeting

When you visit our website, a pixel (or JavaScript) is placed on your browser, making it “cookied”. When you subsequently leave our site, the cookie notifies “retargeting” platforms (like Facebook etc) to present you with adverts about our work and how you might be able to support us.

You can “switch off” this functionality by changing your browser settings – more information can be found in our Cookies Policy

List-based retargeting

If you have given us permission to receive email communications from us, we sometimes upload your email address (in an encrypted format) to social media platforms such as Facebook and Twitter. Those platforms will then show our digital advertising campaigns to you as well as identifying audiences with similar interests to yours.

If you don’t want to receive this type of targeted advertising on social media, you can opt out at any time by emailing dataprotection@pancreaticcancer.org.uk or by calling 020 3535 7090. Please note that if you do choose to opt out, it will not stop our advertisements being shown to you on a randomised basis.

Our use of profiling and targeted communications

As a supporter-focussed charity, we want to send you information that we think you’ll be interested in. We believe that this helps to improve your experience of being one of our supporters and also ensures that we’re using our resources in the most effective ways possible.

From time to time, we may use profiling and screening techniques to help us ensure communications are relevant and timely and to provide the best experience we can for you.

When building a profile, we (or our trusted service providers) may look at how you have supported us in the past, your connection to pancreatic cancer, through which channels they have accessed our services, and we analyse geographical, demographic and publicly-available information about you such as your age, financial circumstances, any previous donations that you made, where you live, listed Directorships and your estimated wealth to understand how likely it is you would be interested in supporting us further.

This also allows us to send communications based on the supporters’ individual circumstances which, in turn, means that we are able to target our resources more effectively – something that donors tell us is a key priority for them. There are no other consequences of the profiling activities that we conduct.

We may also use information about you from publicly available sources such as online registries, websites, media or social media, or personal introductions in order to understand more about your interests and preferences so that we can better tailor our communications such as telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you. We may do this by looking at your career information, peer networks, demographic information, hobbies and interests or other information.

We may analyse data from our database so that we can understand our supporters. For example, we use systems such as Mosaic to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.

You can object to us processing your personal information this way by contacting dataprotection@pancreaticcancer.org.uk with your request and we’ll ensure that your wishes are respected.

Philanthropy

For a small number of our supporters, we may use basic research tools from time to time to estimate potential interest in supporting us further. This helps us identify who might have an interest in the work that we do and perhaps support our cause further by being involved in the events that we hold or by providing a substantial gift.

We process personal information on potential high value supporters in order to help us support more people that have been affected by pancreatic cancer.

Our research findings are only accessible by the Philanthropy and Partnerships team, are stored on the supporter record within our database and contain information found from sources such as Boardex and Companies House.

We sometimes ask existing supporters whether they would be prepared to open their networks up to us. An existing supporter may tell us about an individual previously unknown to us and facilitate an introduction. In this scenario we would advise our existing supporter about our data responsibilities and ask them to ensure that the individual in question is happy for an introduction to take place. Following the introduction, we would direct the individual to this privacy policy and confirm their marketing consent preferences before communicating with them further.

You can object to us processing your personal information this way by contacting dataprotection@pancreaticcancer.org.uk with your request and we’ll ensure that your wishes are respected.

Collaborative working

Less Survivable Cancers Taskforce

There are some cancers which have seen remarkable progress in survivability but others where survival rates are far too low and have not changed for decades. Together, they now make up nearly half of all common cancer deaths in the UK. In close collaboration with Action Against Heartburn, British Liver Trust, The Brain Tumour Charity, Core and Roy Castle Lung Foundation we have set up a Taskforce to close that gap.

The taskforce has 5 core objectives:

– Raise awareness of symptoms
– Speed up paths to treatment
– Remove barriers to treatment trials
– Set government-backed survival targets for each cancer
– Increase investments in research

As the “data controller” of the taskforce, we will treat the personal information that you give to us when you join in accordance with this Privacy Notice. You can opt out of being part of the taskforce at any time by emailing campaigning@pancreaticcancer.org.uk or by calling 020 3535 7090.

Unless you’re one of our existing supporters, you’ll only be contacted about the work of the taskforce and we will not share your details with the other charities involved in this project unless we have your specific consent to do so.

All-Party Parliamentary Group on Pancreatic Cancer (APPGPC)

The APPG on Pancreatic Cancer was set up in 2012 by a group of parliamentarians with an interest in making a difference to how the disease is diagnosed and treated in the UK. The APPG on Pancreatic Cancer is primarily an interest group and provides a forum for both MPs and Peers to meet and collaborate with key stakeholders – to share ideas about issues and discuss ways to change the political landscape for the disease. It therefore provides an excellent forum for keeping pancreatic cancer high on the political agenda eg. through debates and oral/written questions.

We are the Secretariat for the APPG on Pancreatic Cancer and we are supported by a range of other interested stakeholders that includes Pancreatic Cancer Action, Pancreatic Cancer Research Fund, NETS Patient Foundation, Pancreatic Cancer Scotland and the Pancreatic Society of Great Britain and Ireland.

As secretariat for the APPG on Pancreatic Cancer, Pancreatic Cancer UK is the “data processor” of the information that you provide when you sign up to become a member. We will therefore treat the personal information that you give to us when you become a member in accordance with this Privacy Notice.

Unless you’re one of Pancreatic Cancer UK’s existing supporters, you’ll only be contacted about the work of the APPGPC and we will not share your details with the other charities supporting it unless we have your specific consent to do so. You can opt out of being an APPGPC member at any time by emailing appgpc@pancreaticcancer.org.uk or by calling 020 3535 7090.

Purple Lights

Purple Lights is an annual campaign run by Pancreatic Cancer UK on ‘World Pancreatic Cancer Day’ and is supported by the following charities:

– Guts UK
– Pancreatic Cancer Action
– Planets Cancer Charity

As the “data controller” of this initiative, we will treat the personal information that you give to us when you join in accordance with the Purple Lights Privacy Notice https://purplelightsuk.org/privacy-policy/

Sharing experiences of pancreatic cancer

Some of our supporters choose to share their experiences of pancreatic cancer with us which not only gives invaluable insight into the impact of our work but also helps to highlight the urgent need for change to the way in which the disease is diagnosed and treated.

Supporters who share their experiences may:

– agree to share their story with a journalist;
– give us permission to share their story on our social media channels and/or our website;
– share their story at special events run for patients;
– agree to share their experience when taking up opportunities as a member our Research Involvement Network.

If we have the person’s consent, we’ll share the information that they give to us at events, in materials promoting our campaigning and fundraising work, with journalists and/or in press releases and in publications like our annual report.

We also regularly review the types of supporter who provide us with their stories so that we can ensure the views and experiences we hear adequately represent the diverse pancreatic cancer community.

Support for people affected by pancreatic cancer

If you contact our Support Line and speak to one of our specialist nurses, they’ll ask you for information about your health or that of a loved one if they’ve got pancreatic cancer.

With your permission, we’ll keep a record of what you’ve spoken to us about. This means that if you contact the support line again, we can provide you with more personalised support.

We may also analyse, group and label the information so we can better understand your needs and improve and extend our services accordingly. This analysis will only be carried out on information relating to your connection to pancreatic cancer, i.e. if you tell us you have had a pancreatic cancer diagnosis. You can object to us processing your personal data this way by contacting suppotercare@pancreaticcancer.org.uk.

From time to time, people who contact our Support Line may be calling for support about a relative or a loved one. In these cases, we do not record identifiable information about the person being discussed but, with the consent of the individual in touch with the service, we will keep details about that person as well as some brief information about the content of the conversation. This helps us to provide a more tailored service.

This information will be stored in a confidential part of our database which can only be accessed by those who need the it to be able to improve our services and offer personalised support. It will be primarily used to provide you with support and information about pancreatic cancer. However, we’ll also use it on an anonymised basis to help improve the general services we provide and to help inform our wider policy and campaigning work.

Depending on the circumstances, the Support Line team might also ask if you’d like to receive updates about our work – for example, through our newsletter. In this case, you’ll need to provide your contact details so that you can be put on our mailing list. Alternatively, you might be directed to our website so you can sign up when (and if) you feel ready.

Online support sessions and webinars

We use ‘Zoom’ to run online support sessions and webinars for people affected by pancreatic cancer to provide support, information and the opportunity to meet others in a similar situation.

With the webinars we host, we ask people attending to register in advance by sharing some personal information with Zoom via one of our webinar registration forms. Upon registration, Zoom will share your personal information with us so that we can send out the relevant information you need to join the webinar.

With your consent we’ll keep a record of you attending the event along with your personal details in accordance with our data retention policy. Your personal information will be stored securely on our systems and will only be accessed by members of the Services team who organise the events.

If you would like more information on how Zoom processes your personal data, please see their privacy policy here.

Our Discussion Forum

Our online discussion forum provides a place for people affected by pancreatic cancer to share their experiences and receive support from other people in a similar situation. It’s a place where people can discuss everything from how to navigate the healthcare system to how to talk about pancreatic cancer with loved ones.

Please be aware that posts on the forum are visible not only to registered users, but to anyone visiting the site. You must be a registered user to post, but all posts are publicly viewable, and may show up in search engine results. We regularly monitor the forum to ensure that posts follow our community guidelines, but encourage users to be mindful of the information they share.

When signing up to the forum, as well as asking those registering to provide their name and email address, we also ask for their postcode and connection to pancreatic cancer so that we can get a better understanding of our regional reach and target our services where they’re most needed. Personal data provided when registering to the discussion forum will be stored within Invision (our forum platform) and on Pancreatic Cancer UK’s confidential database, and will only be accessed by staff working in the Services team. We will only use the information stored on this database for monitoring purposes, to understand more about people affected by pancreatic cancer and how they are using our services.

Tailored information and support emails

People can sign up to receive emails from us which provide tailored information about their cancer and the support available. When you sign up, we will ask you questions about your diagnosis and any information you provide will be processed with your explicit consent. We will use this information to provide you with information that is relevant to you and to tell you more about other ways we can support you.

We will also collect your contact details so that we can send you the emails. We will keep a confidential record of your details, in accordance with our data retention policy. This information will be stored in a confidential part of our database which can only be accessed by those who need it to be able to improve our services and offer personalised support.

We may also analyse, group and label the information so we can better understand your needs and improve and extend our services accordingly. This analysis will only be carried out on information relating to your connection to pancreatic cancer, i.e. if you tell us you have had a pancreatic cancer diagnosis. You can object to us processing your personal data this way by contacting dataprotection@pancreaticcancer.org.uk

Information about pancreatic cancer

People can order our information in printed publications through our website. We will collect your contact details so that we can send you this information. If you give us your consent, we’ll keep a record of your order along with your personal details, in accordance with our data retention policy. This information will be stored securely on our website and database, which can only be accessed by those who need it to be able to monitor and improve our services.

Our app Medli

Pancreatic Cancer UK believe it’s important to be up front about what we do with your data – we’re committed to keeping it safe and treating it with respect. Medli is a mobile application for multiple health conditions and people affected by pancreatic cancer can use this and affiliate to Pancreatic Cancer UK. It will provide personalised supported and tailored information; and help with keeping track of symptoms, appointments, and treatments all in one place. The health data shared via Medli will also help in making a difference and contributing to research breakthroughs in the future.

Using our app, Medli

This statement outlines everything you need to better understand how we collect and use the information that is provided to us from Medli Health Limited (owners of Medli), once you’ve chosen to affiliate with Pancreatic Cancer UK within Medli.

Your personal data

If you choose to affiliate with Pancreatic Cancer UK through the Medli application, we will have access to your name, email address, connection to pancreatic cancer, UK county and date of affiliation with us for the following purposes:

  • To understand if we’re providing you with support or working with you in any capacity;
  • To understand who is using Medli, so that we can focus our marketing of the application in order to reach and help more people affected by pancreatic cancer;
  • And to send you emails from time to time about how to use Medli and get the best out of the application.

Your health data

By affiliating with Pancreatic Cancer UK through Medli, Medli will send Pancreatic Cancer UK pseudonymised data about how you are using the application. Pseudonymised data is personal data that can no longer be attributed to a specific person without the use of additional data which is kept entirely separate. In this case specifically, your name and any other directly identifiable personal information is replaced with a unique identifier.

The information being shared by Medli will include all information you choose to submit within the application, this includes:

  • Date of birth
  • Gender
  • Ethnicity
  • Tumour type and stage of cancer
  • The medication you are taking
  • Any treatments you have undertaken
  • Symptoms
  • Appointments you have with health professionals and the treatments offered by them
  • Completed condition trackers
  • Any other information you submit within the application, including that of other potential conditions you are living with.

This information is used to generate insights to help us understand pancreatic cancer better and make it a more survivable disease. This might also involve us using the pseudonymised data in our campaigning and fundraising activity to highlight particular aspects of the disease and patient experience. At no point will your data be identifiable when we use it in this way.

Technical measures have been put in place to ensure that Pancreatic Cancer UK are unable to identify you at any point using the health information you submit through Medli.

None of the personal information you share within the application (such as your name and contact details) will be shared with additional third parties and will only be processed in countries with adequate data protection laws in place.

Some of the information you submit into Medli about pancreatic cancer will be retained indefinitely for scientific and research purposes.

For information about your rights under data protection legislation and who you can contact if you have a concern, please review the section titled ‘Your rights under data protection legislation’ in our privacy policy.

Donations

We encrypt credit or debit card details on our online donation page which means that they can’t be intercepted and subsequently accessed. We redact all bank details that are provided to us during the course of setting up Direct Debits and do not store credit card details.

We use ‘Rapidata’ to process donations made to us online and via telephone. They retain a copy of the debit/credit card transaction securely on their systems.

Analysing how people use our website

Our website uses Google Analytics, to look at how people use the site. Google Analytics use “cookies” which are text files placed on your computer – they help us to see how long people stay on our site and which of our pages are the most popular as well as the least visited. This in turn helps us to make the site as relevant and as useful as possible.

The information produced by the cookie about how you use the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. The company then uses this information to compile visitor reports for us about website activity.

Google will transfer this information to third parties if required by law, or where such third parties process the information on Google’s behalf. Google won’t link your IP address with any other information held by Google.

We also use behavioural analytics such as heatmaps and screen recordings to produce anonymous data in order to understand how certain pages of the website are being used and accessed by visitors. We use the anonymous data provided to measure trends and statistics so that we can improve the website and provide more meaningful content.

You can block cookies by selecting the appropriate settings on your browser. However, please remember that our website might not work as well as it should if you do this. For more details, please read our Cookies Policy.

We may also use custom URLs to track the source of conversions on our website, to help us ensure our communications are as relevant as possible.

Links to other websites

Our website provides links to websites operated by other organisations. These organisations have their own privacy policies so please review these if you want to find out more about how they protect your privacy.

Children’s data

Our campaigns don’t specifically target children. However, there might be occasions where children will get in touch with us. They might, for example want to fundraise for us, make a donation to support our work or get in touch to speak to one of our specialist pancreatic cancer information nurses.

Wherever possible, we aim to get consent from a parent or guardian before we collect information about children. However, in cases where we become aware that someone we are engaging with is below 16 only after we have already collected their data, we’ll ask for the consent of a parent/guardian to continue communicating. If we’re unable to get this, we’ll stop all contact with the child concerned and delete their information from our systems.

How we keep personal data safe

We’re committed to keeping any data you provide to us safe and secure. All of our staff therefore undergo comprehensive data protection training when they first start working for us.

All of our online forms are encrypted which means that the details on them can’t be accessed while the information is transferred to us. Our computer network is protected by Sophos anti-virus software and is routinely monitored by our IT Manager to prevent security breaches.

We use external companies (refer to the “Who we share personal data with” section) to deliver fundraising campaigns on our behalf. Before working with them, we carry out thorough checks to ensure that they’re compliant with data protection laws.

In cases where the companies we work with operate outside the European Economic Area (EEA) (Refer to the “transfers outside of the European Economic Area (EEA)” section) we make sure that they provide the same level of protection as required in the UK.

Data retention

We keep personal data only for as long as it’s necessary and in accordance with our internal data retention policy.

In some cases, we’re required by law to keep personal information for a specific length of time. For example, we’re required to keep information relating to our employees for a minimum of 6 years after they’ve left the charity. We are also under a statutory obligation to store financial records for 7 years.

We delete health information given to us by Support Line users after 18 months if they haven’t subsequently been in contact. However, their contact information is kept on or database in case the individual engages with us in another way eg. they choose to make a donation or take part in an event.

In cases where the law is less specific about how long data should be kept for, we carry out an assessment based on the following factors to determine how long we need to keep it:

– the type of personal data concerned (eg. is it “special category” data?);

– the nature and length of the relationship with the individual concerned; and

– the stated contact preferences of the individual.

Following that assessment, all personal information no longer required will be deleted. However, we’ll retain basic information (such as a supporter’s postcode and transactional history) and securely archive this. We believe it’s important to keep basic information of this kind in case someone leaves a gift in their Will to us and we’re required to evidence the nature of their support if it’s contested.

Who we share personal data with

We use external direct marketing companies to run campaigns on our behalf through the post and by phone. We also use the services of external mailing houses to send out information in the post on our behalf. We carry out checks to ensure that our suppliers will treat your data with respect and we have contracts in place with all of them which state that:

– they can only use the personal information we have sent to them for the purposes we’ve outlined;

– their employees must be subject to a “duty of confidence” when using that data;

– they must follow robust security measures to ensure that the data we share with them is kept secure;

– they must delete or return all data to the controller as requested at the end of the contract; and

– they consent to regular audits and inspections and provide us with any information we might need to ensure they’re re complying with data protection laws.

Some of our suppliers’ head offices are based outside the European Economic Area (EEA). Nevertheless, we’ve ensured that there are necessary safeguards in place which protect the personal data of our supporters.

The fundraising suppliers that we use vary from time to time. To request an up-to-date list of the suppliers that we’re currently working with, please email dataprotection@pancreaticcancer.org.uk.

We’ll never sell your data or share it with any third parties for their own marketing purposes.

We may need to share data under special circumstances eg. when you fill in an online petition, we will share mandatory personal details such as your name and postcode with the target of the petition. We will also need to share personal data we are under a legal obligation to do so. This includes disclosing your details if required to the police, regulatory bodies or legal advisors.

Transfers outside of the European Economic Area (EEA)

Our supporter database (Raiser’s Edge) is hosted by Blackbaud, a company based in the USA. We also use the services of Dot Digital, Funraising, Survey Monkey and Google Analytics (who are all based outside of the EEA).

Third parties we use who are based in the U.S are certified with the Privacy Shield which requires registered US companies to:

– better safeguard EU citizens’ data;
– provide clear privacy information; and
– limit the collection and use of data

The Privacy Shield also allows for more robust monitoring and enforcement by the US Department of Commerce and Federal Trade Commission (FTC) which includes increased co-operation with the European and Swiss Data Protection Authorities.

The legal conditions we rely on to process personal data

The General Data Protection Regulation (the GDPR) says we must have a lawful basis to process the personal information of our supporters. We rely on the following four legal conditions to process personal data:

Consent

We rely on consent to:

– send supporters information by email and SMS about our work

– process “special category data” (e.g. information relating to someone’s health or ethnicity).

– manage the relationships we have with our case studies – this ranges from the use of their photograph through to sharing their story with the media.

– conduct “Research Peer” reviews – by submitting applications to us for research funding, researchers consent to external peers and members of our Scientific Advisory Board reviewing those applications and approving them. The number of reviews we obtain for each application is proportionate to the funding amount requested and our peer reviews are conducted in line with the Association of Medical Research Charities [PM1] guidelines.

Consent can be withdrawn at any time.

Legitimate Interests

Under the GDPR, we can process personal information under the condition of “Legitimate Interests” providing that;

– the activity is necessary to fulfil our charitable objectives;

– the activity meets with the expectations of the person who the personal information relates to;

– the activity doesn’t override individual’s rights and freedoms; and

– the individual has been given an opportunity to object to the processing

Before carrying out any activity that relies on legitimate interests, we will complete an assessment to determine the potential impact and ensure that necessary safeguards are in place to protect your rights. Unless the law requires it, we won’t use the information you give to us for activities where the impact on you overrides our legitimate interests.

Pancreatic cancer is a tough one but we’re taking it on. It is tough to diagnose, tough to treat, tough to research and tough to survive. For too long this disease has been sidelined. We want to make sure that everyone affected by it gets all the help they need. These are our “Legitimate Interests”.

In order and to achieve our legitimate interests and long-term objectives, we believe it’s necessary to:

– contact supporters through post, phone and social media about our work – we believe we can cultivate long-term support for our work by keeping our supporters up to date with information about how they can support us by post and phone. You can opt out of hearing from us in these ways at any time and we don’t call people who are registered with the Telephone Preference Service (TPS);

– Contact researchers regularly by email with different opportunities for support and funding from PCUK and other relevant organisations

– respond to supporter enquiries, requests for information and acknowledge the donations we receive;

– process donations and payments;

– build profiles of our supporters– we believe it’s necessary not only to ensure that we target our resources in the most cost-effective way possible but that our supporters receive relevant and timely communications. We may therefore analyse and build profiles about supporters based on the nature of their support. For more info about our use of profiling, refer to the profiling section. You can opt out of us using your personal information in this way at any time;

– carry out market research to review the success of our campaigns;

– carry out quality assurance monitoring to ensure compliance with the Code of Fundraising Practice;

– contact prospective corporate supporters about supporting our work– this gives us the opportunity to raise vital funds more quickly and reach out to audiences who might not otherwise be aware of our work;

– contact MP’s about our work– this helps to ensure that improvements to the way in which pancreatic cancer is diagnosed and treated remains at the heart of the political agenda;

– co-operate with non-statutory third parties on complaint investigations– your data might need to be processed as part of an investigation undertaken by a non-statutory regulator (eg. the Fundraising Regulator) to review potential breaches of the Code;

– make improvements to our database

– manage staff usage of our IT systems

We believe that all of these activities are necessary for us to continue being an effective and efficient charity. This, in turn, will help us to achieve our charitable objectives more quickly.

Contractual necessity

We process data to fulfil the following contractual obligations:

– creating and managing staff IT accounts;

– awarding grants for specific pancreatic cancer research programmes;

– sending items purchased through our online shop to customers and claiming direct debit and standing order donations on days specified by the donor;

– employee relationship management – this includes dealing with issues like grievances and disciplinaries, flexible working, performance and appraisals, paying salaries and staff benefits (eg. season ticket loans, childcare vouchers etc), ensuring that requirements for new starters/leavers are met and developing staff and volunteers through training and development programmes;

– employee recruitment and resourcing – this includes shortlisting, interviewing, offers of employment and reference checking;

– paying invoices sent to us by third-party suppliers for services they have carried out on our behalf; and

– monitoring ‘Discussion Forum’ posts to ensure that users are abiding by the forum’s community guidelines

Legal obligation

We process data to fulfil the following legal obligations:

– co-operating with statutory third-party regulators (eg. Charity Commission or Information Commissioner’s Office) on investigations;

– administration of legacies – including contacting solicitors, funeral directors as well as the individual’s families;

– responding to supporters who want to exercise their data protection rights;

– Processing Gift Aid claims –including giving necessary information to HMRC;

– Health and Safety –this involves training staff on health and safety regulations and speaking to them about obtaining tailored equipment to satisfy their needs if required.

– Income Reconciliation – we need to make sure that the money we receive is matched to the corresponding supporter information.

– Statutory Registers and Returns – we’re required to keep statutory registers up to date for organisations like the Charity Commission and Companies House.

Your rights under data protection legislation

Data Protection legislation gives you more control over what happens to your personal information. Under this legislation you have the right to:

– be given clear, transparent and free information about how your data will be used;

– access your personal data so that you can see how your personal information is being used by us;

– have your personal information updated and corrected;

– obtain and reuse the personal data you have given to us for your own purposes;

– request that we permanently delete or remove your information where there is no “compelling” reason for us to keep it; and

– request that we don’t use your personal data for specific purposes and, unless we are under a legal or contractual obligation, we must respect your wishes;

Data Protection legislation also prohibits us from using solely automated technologies to build profiles and make decisions about people who support us which will have “legal or similarly significant effects”, unless:

– it’s necessary to fulfil a contract;
– it’s been authorised by a Union or Member state law; or
– you’ve given your explicit consent for your information to be used in this way

When carrying out other types of profiling, we need to tell you about how your information will be used and you can object if you don’t want to be included in that process. We’ve outlined our approach to profiling and ways in which you can opt out.

If you’d like to exercise any of the rights outlined above, please email us. We’ll respond to your request within 3 working days with an outline of the next steps.

Raising concerns with us

If you’ve got any concerns or questions about how we use personal data, please don’t hesitate to contact us in one of the following ways:

By Post: FAO: Data Protection Officer, Pancreatic Cancer UK, 6th Floor, Westminster Tower, 3 Albert Embankment, London SE1 7SP.

By Email: dataprotection@pancreaticcancer.org.uk

Or

By Telephone: 020 3535 7090

If you’d prefer to contact an independent authority about your concerns, please contact the Information Commissioner’s Office (ICO). The ICO has been set up by government to uphold the public’s information rights and can be contacted in the following ways:

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Telephone: 0303 123 1113

Email: https://ico.org.uk/global/contact-us/email/

We’ll fully co-operate with the ICO to address any concerns you might have about how we use your data.

Changes to this notice

If we make any significant changes to the way in which we process your information, we’ll make the required changes to this Privacy Notice and will notify you so that you can raise any concerns or objections with us.

When making less impactful changes, we’ll update this notice and post a summary of the changes on our website.