Privacy policy & data subject rights

Identity and contact details

Please click here to find out more about My Cancer My Choices. Our postal address is 46 Old Bath Rd, Charvil, Wokingham RG10 9QR.  Our telephone number is 0118 228 0960.  You can contact us by email using support@mycancermychoices.org. We are a registered charity in England and Wales (number 1162165).

Our designated supervisory authority under the General Data Protection Regulation (GDPR) is the Information Commissioner’s Office (ICO). We are based in the United Kingdom.

To contact the individual in charge of Data Protection in our company please our support@mycancermychoices.orgemail address.

What data we collect

The My Cancer My Choices processes personal data (we use the terms ‘data subjects’ or ‘individuals’ interchangeably to refer to personal data) on:

• Those using My Cancer My Choices services,
• Supporters and those interested in My Cancer My Choices,
• Staff (employees, contractors, volunteers and members of and advisors to the board),
• Suppliers and partners of My Cancer My Choices.

Those using My Cancer My Choices services

Provision of services

• We process information on data subjects that engage with us and use our services.
• We capture this information through our web forms, through referrals by health professionals, and by email, postal or telephone contact to us. We also capture this information through our hospital-based staff who capture the information direct from the data subject.
• The information we capture includes contact information such as name, physical address, email address and telephone number, as well as health information to provide a context for our services.
• We use a lawful basis of contract to process this data.
• We capture special category information, specifically information on the health of the individual, so that we can provide relevant services to these individuals.
• For processing the special category data, we use the grounds of “Health or social care purposes”.
• Further processing of special category data is carried out by the professional carrying out the therapy who is bound by a legal obligation of professional secrecy, meaning they must keep the information confidential due to their profession.
• We do not capture criminal offence data on those who engage and use our services.

Promotion

• We can process information on individuals that we have provided services for, and we can use this in our literature, newsletters and social media.
• This information is gathered through direct contact with the individual concerned.
• This information may include names, personal stories, photos, audio and video.
• We use a lawful basis of consent to capture, store and publish this information.
• We do not capture criminal offence data in this data processing. Because of the nature of our services, special category information is processed. We use the lawful basis of ‘Explicit consent’ to process this special category data.
• We do not capture criminal offence data on those who we have provided services for.

Supporters and those interested in My Cancer My Choices

Donations

• For supporters that make financial donations to My Cancer My Choices (‘donors’), we record information that enables us to process donations, such as name, contact details and financial details.
• We gather this information through web pages that have been set up to process donations, or will gather this data manually, on the telephone or by post.
• We will assume consent for us to process the data in this manner when a donation form is completed.
• We do not capture special category or criminal offence data in this data processing.

Fundraising – email communications

• We capture name, address and electronic contact details on data that we use for fundraising communications by email.
• We gather this information manually, or through our web pages or when in contact by telephone or post.
• We use the data to communicate electronically for fundraising purposes using a lawful basis of consent.
• We will retain an audit of where and when we received the consent to communicate with the donor about fundraising.
• We do not capture special category or criminal offence data in this data processing.

Fundraising – other communications

• We use the data on donors to communicate in other ways apart from electronically for fundraising purposes using a lawful basis of legitimate interests, as it is in our interests to raise money for running My Cancer My Choices.
• We capture name, address and other means of contacting individuals on this data.
• We have completed the specification, gate analysis and balancing tests to validate our use of legitimate interests to process this data.
• We do not capture special category or criminal offence information on this data.
• We note that we should consult the FPS (Fundraising Preference Service) when using this mechanism to evaluate legitimate interests in alignment with the Fundraising Regulator’s code of practice.

Financial profiling

• Where we hold data on individuals who we have identified as potential donors (which can include previous donors), we may profile these individuals so that we can evaluate their potential for giving to My Cancer My Choices. We also use financial profiling to carry out due diligence on sources of the funds that we raise.
• We capture name, address, and electronic contact details on this data.
• We may use additional information that is gathered non-intrusively, such as geographical information and measures of affluence. We may use external sources to assist us in gathering this information. We can also use publicly available information as well as data we already hold on individuals, such as past donations.
• We may use the services of external screening or profiling companies, and publicly available data from social media. It is in My Cancer My Choices’s legitimate interests to do this, and our interest is specifically in aiming to get the largest donation from the lowest overhead. 
• We have completed the specification, gate analysis and balancing tests specified under GDPR for this data.
• We do not capture special category or criminal offence information on data in this category.

Newsletters – email communications

• We capture name and electronic contact details on the data that we use for our newsletter communications.
• We gather this information manually, or through our web pages or when in contact by telephone or post.
• We use the data to send a regular newsletter on email to individuals and we use a lawful basis of consent.
• We will retain an audit of where and when we received the consent to communicate with the donor about fundraising.
• We do not capture special category or criminal offence data in this data processing.

Staff

There is a section in the staff handbook which covers more procedural elements of data protection and data handling. We ensure that this policy document and the information in the staff handbook co-ordinate.

We process information on staff in several ways. 

Contract

• We use the lawful basis of contract to process data for the purposes of a contract of employment or other work for My Cancer My Choices, or if individuals are taking steps to enter into a contract (for example for recruitment). This includes keeping track of the amount of time that staff spend on projects or performance evaluation or expenses claims.
• We capture this information during the recruitment process.
• We capture name, address, financial account details, and electronic contact details on this data.
• We can capture special category information as the processing of this data is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection.
• We capture special category information on these individuals when we carry out health checks so that they can provide or facilitate services to our target audience.
• We capture criminal offence information on this data when we carry out DBS checks.
• We maintain appropriate policies for this special category and criminal offence data.

Legal obligation

• We process information on staff and can pass data on to specific parties because we are legally obliged to.
• We capture name, address, financial account details, and electronic contact details on this data.
• This information is derived from information that we already hold on staff and gathered in the course of recruitment or employment.
• For example, where we pass information to the HMRC on the amount that employees are paid.
• We do not capture special category information on data in this category.

Intermediary for contractual benefits

• We process information on staff and can pass data on to specific parties because we are acting as an intermediary to a contract between the member of staff and the third party. For example, where we organise pension payments for staff.
• This will include financial and contact details needed to fulfil the contract.
• This information is derived from information that we already hold on staff and gathered in the course of recruitment or employment.
• We use a lawful basis of contract to process this data.
• We do not capture special category or criminal offence information on data in this category.

Next of kin and other legitimate interest

• We process information on staff and their next of kin where it is in My Cancer My Choices’ interest to do so for operational purposes. For example, to keep staff up to date with My Cancer My Choices news, to maintain a list of the staff’s next of kin for communication in the event of an emergency, or to create business cards for staff.
• This information is either derived from information that we already hold on staff and gathered in the course of recruitment or employment, or captured specifically for the purpose.
• We capture name, address and electronic contact details on this data.
• We use the lawful basis of legitimate interests to process this data. We have completed the specification, gate analysis and balancing tests specified under GDPR for this data. 
• We do not capture special category or criminal offence information on this data.

Suppliers and partners

• We process information on suppliers so that we can purchase goods and services from them.
• We process information on partners, for example, NHS staff, so that we can maintain accurate contact details for them.
• We gather this information as we make an initial purchase from supplier or partner, and then we may store this data until required for subsequent engagement.
• We use a lawful basis of contract to process this data.
• We do not capture special category or criminal offence information on this data.

Any recipient or categories of recipients of the personal data

We will not transfer your data to countries outside the European Economic Area and the UK to destinations that are not considered ‘adequate’ by relevant legislation without further safeguards.

If we do transfer your data outside of countries specified as adequate, then we will complete an international data transfer assessment that evaluate the security of the transfer and outline additional safeguards that we may take. 

We have a separate list of processors and controllers which we maintain, along with summaries of international transfer assessments that we have undertaken.

Retention period or criteria used to determine the retention period

• Data relating to donors will be retained for as long as it is useful to My Cancer My Choices. We will not communicate electronically about fundraising with donors if they have not responded to our communications for 2 years.
• The health data, including the management and coordination of the services we provide to those receiving My Cancer My Choices services or treatments will be deleted 10 years after the end of the most recent record of involvement where the data is under our control.
• We will delete data relating to staff members 3 years after their contract or agreement is terminated or their application is unsuccessful.
• Data relating to suppliers or partners will be deleted 3 years after the end of the most recent communication with the supplier or prospect.

Where we have obtained consent for communication with an individual, we will expect this consent to be valid for two years unless either extended by the individual either explicitly or by interaction with our processing, or where the consent is withdrawn at any point by the individual.

If these data retention timescales clash with legal or contractual obligations then these other obligations will override the retention timescales outlined. For example, UK limited companies are required to retain records on tax paid for 6 years. 

All records are disposed of securely when deleted. 

How we look after data

We take reasonable technical and procedural precautions to prevent the loss, misuse or unauthorised alteration of personal data.

We store the personal data that we collect securely.

We do not publish the details of the safeguards we use to protect the personal data that we control as this could reduce the effectiveness of those safeguards.

Cookies

Cookies are text files placed on your computer to collect information about which pages you visit, and how long for. This information is used to track use of the website and to compile statistical reports on website activity.

When you visit our website you will be presented with a choice which will allow you to decide whether cookies are used or not. In a few cases some of our website features may not function if you choose not to allow cookies on our website.

Personal data may be shared with third parties to enable us to conduct web analytics to monitor use of our website.

How to Opt Out of Google Ads (including DoubleClick tracking):

Google Ad Settings:

• Go to https://adssettings.google.com/ and disable ad personalization.

YourAdChoices (NAI/DAA Opt-Out):

• Visit https://optout.aboutads.info/ to opt out of interest-based ads from Google and other networks.

Google’s Cookie Controls:

• Check https://safety.google/privacy/ads-and-data/ for more details on managing ad-related data.

Browser-Based Cookie Blocking:

• If you’re using Chrome, Firefox, or Edge, you can block third-party cookies or use browser extensions like Privacy Badger or uBlock Origin.

Artificial Intelligence (AI)

Our use of AI tools is covered in a separate policy.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites you should read their own privacy policies.

Your rights

My Cancer My Choices recognises the rights of individuals as defined in the General Data Protection Regulation (GDPR).

We will always seek to uphold those rights and the links provided will enable you to communicate with us to exercise those rights, where relevant.

• Your right to be informed (this page and further information in communications we might send to you)
• Your right of access
• Your right to rectification
• Your right of erasure (right to be forgotten)
• Your right of restriction of processing
• Your right to data portability
• Your right to object

My Cancer My Choices recognises your right to lodge a complaint with a supervisory authority. You can access the ICO’s website from this link.

The Charities Commission website is available here.