This privacy policy is for the Cancer Research Wales website, contact-us@cancerresearchwales.org.uk and governs the privacy of its users who choose to use it. We advise that you read this privacy policy, as by using our website you will be bound by its terms.

This policy may change over time, so please check back regularly.

This policy tells you what to expect when Cancer Research Wales collects personal information via its Website. It applies to information we collect about:

  • Visitors to our website
  • People who subscribe to our newsletter
  • People who book onto our events
  • People who contact us via our contact form
  • People who contact us in person
  • People who contact us by mail
  • People who contact us over the telephone

 

What is Personal Information?

Personal information is any information that can be used to identify or contact you, such as your name, phone number, email address and IP address – in technical terms, it’s “information about any identified or identifiable living person”.

 

How do we acquire your personal information?

We may collect and store information which you give us through any forms on our site, or in your other correspondence with us, email or otherwise. We may also receive and store information automatically when you interact with us, such as your IP address, browser type and whether you’re looking at our site on a mobile device or not. Cancer Research Wales uses cookies to improve our website and user experiences. You can read more about how we use cookies on the following Cookies page.

 

What do we do with your personal information?

We use your personal information to give you the information, or services you ask for. We can also use your information for administrative purposes, to let you know about changes and to provide information on events you have booked onto. We may use your personal data to send you emails and other communications such as newsletters and details of our service which may be of interest to you. You may opt out from these communications at any time. We reserve the right to share your personal information if we are ever in a situation where we are legally obliged to. We will hold your personal information on our systems for the duration of the relevant activity, and for a period of 5 years after your last interaction with Cancer Research Wales, unless you should specify otherwise.

 

We may use IP addresses and other such personal data to recognise you when you visit or return to this site. Tracking this anonymous data allows us to understand how users interact with our site, which helps us to improve the site’s layout, performance and delivery. You can read more about how we do this on use in our cookies policy.

 

Direct Marketing

Following consultation with the ICO, the Institute of Fundraising has produced a set of guidelines to offer advice on how their members should work within GDPR.

 

Under GDPR a charity can only send direct marketing to individuals if they are able to do so under one of the lawful bases that GDPR sets out. There are 6 lawful bases, but in a fundraising context the two most relevant for charities will be ‘consent’ and ‘legitimate interest’.

 

Whereas consent requires someone to have said ‘yes’ in some form, legitimate interest allows a charity to send direct marketing as long as an individual hasn’t said ‘no’ and it does not cause harm or override an individual’s privacy rights. This means that a charity’s interests in sending direct marketing must be balanced against the interests of the individual.

 

Cancer Research Wales will therefore only contact you in the future if you have provided the charity with your consent, or we believe there is a legitimate interest in contacting you. If at any point you wish to remove consent, or would prefer that we do not contact you on the grounds of legitimate interest we will be happy to remove your details from our records.

 

How do we protect your personal data?

We take appropriate precautions to protect your personal data from loss, misuse, unauthorised access, alteration, disclosure and destruction in line with the Data Protection Act 1998. However we cannot guarantee that any data transfer is 100% secure and cannot guarantee the security of any information you transmit. You transfer data at your own risk.

Please be aware that email and other electronic communications are not secure if they are not encrypted, and that your communications may pass through servers in a number of country jurisdictions before they reach us. We cannot accept responsibility for any unauthorised access or loss of personal data that stems from a cause beyond our control, and we cannot be held responsible for the actions or omissions of third parties who may misuse your personal data if it is unlawfully collected from this site.

 

Privacy and comments on our blogs

The posting of personal information in a blog comment means your information is publicly accessible. Such information can be viewed online and collected by third parties. We are not responsible for the use of information by such third parties. We strongly recommend you avoid sharing any personal information that can be used to identify you (such as your name, age, address, name of employer).

 

Links to other websites

This privacy policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

 

What are your rights?

Under the GDPR, you have the right to access the information that we hold about you. If you’d like to learn more about your rights, please see the website of the Information Commissioner’s Office.

If you have any other queries or concerns, please don’t hesitate to contact us at contact-us@cancerresearchwales.org.uk or 02921 855050.

 

If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any information found to be incorrect.

 

How we will use your data?

Following consultation the ICO, the Institute of Fundraising has produced a set of guidelines, to offer advice on how their members should work within GDPR.

 

Under GDPR a charity can only send direct marketing to individuals if they are able to do so under one of the lawful bases that GDPR sets out. There are 6 lawful bases, but in a fundraising context the two most relevant for charities will be ‘consent’ and ‘legitimate interest’.

 

Whereas consent requires someone to have said ‘yes’ in some form, legitimate interest allows a charity to send direct marketing as long as an individual hasn’t said ‘no’ and it does not cause harm or override an individual’s privacy rights. This means that a charity’s interests in sending direct marketing must be balanced against the interests of the individual.

 

Cancer Research Wales will therefore only contact you in the future if you have provided the charity with your consent, or we believe there is a legitimate interest in contacting you. If at any point you wish to remove consent, or would prefer that we do not contact you on the grounds of legitimate interest we will be happy to remove your details from our records.