At the Diabetes Research & Wellness Foundation we are committed to protecting your data and privacy and complying with relevant legislation and codes of practice while we carry out our essential work of raising awareness of diabetes and its related conditions and raising funds for research projects.
This notice sets out the Diabetes Research & Wellness Foundation's data processing practices, which will govern the processing of data that you provide to us and which we may obtain about you from other sources.
If you have any queries about this notice please contact the Diabetes Research & Wellness Foundation, Building 6000, Langstone Technology Park, Havant, Hampshire, PO9 1SA, or email email@example.com or telephone us on 023 9263 7808. We are registered as a company in England (company no. 03496304) and as a charity (charity no. 1070607). Our officer with responsibility for data protection is the charity Chief Executive.
How do we collect data?
We obtain personal data from you in a variety of ways including when you:
- enquire about our activities or service offerings,
- subscribe to the Diabetes Wellness Network,
- subscribe to one of our e-newsletters,
- make a donation to us,
- tell us your stories, or
- attend one of our awareness, educational or fundraising events.
We may also receive information about you from third parties, for example:
- from a friend or relative who wants to tell you about our charitable activities or support service offerings,
- from a friend or relative who wants give you a subscription to our Diabetes Wellness Network,
- from other organisations that have your consent to share your information with us, for example where you have consented to those other organisations passing your details to the Diabetes Research & Wellness Foundation in order that we may tell you about our activities and services, or
- from someone we run a joint event with.
If we receive information about you from these other sources, we will provide you with details of whom we received it from as soon as possible thereafter.
What data do we collect?
The types of data collected may include:
- your name,
- postal address,
- e-mail address,
- telephone number,
- payment details if you make a donation or payment, or
- stories about yourself, a relative or friend such as your fundraising activities or how you live with and manage diabetes.
If you apply to attend one of our educational events we may ask you to provide us with information about your health, so that we can provide an event that is relevant to you and make any adjustments you might need. For instance, we may ask whether you have Type 1 or Type 2 diabetes.
We will only collect personal data to the extent that it is required for the specific purpose notified to you or for the purpose that is clearly apparent from the circumstances in which you provide your data.
We will not carry out any data matching exercises to obtain information about you that you have not provided directly to us nor carry out any wealth screening. We do, however, analyse general trends and demographics of our supporters in order to ensure our communications and events are relevant and informative and we use our resources effectively. We also try to ensure that individual supporters receive a personalised response from us in acknowledgment of their support or donations.
How do we use this data?
Data processing will only take place where we are permitted to do so by the relevant data protection or privacy legislation or where you have given your consent to the processing.
We may use your personal data for the following purposes:
- to provide you with the services, products or information you have requested,
- to contact you about our future events and services where you have agreed that we may do so (as applicable),
- to administer our Wellness Network if you are a subscriber and invite you to relevant events,
- to manage our events,
- to contact you about fundraising initiatives where you have agreed that we may do so (as applicable),
- to process payment details if you make one or more donations (including administering Gift Aid nominations),
- to plan future activities,
- to further our legitimate charitable aims such as sending you information about how your donations are being spent or sending you an annual report or for other compatible purposes,
- to carry out internal administration and housekeeping activities including training our staff and volunteers,
- to maintain and improve our website and IT systems,
- as may be required under our legal or regulatory obligations e.g. liaising with the Charity Commission or HMRC, or
- for other purposes that are compatible with the above uses provided that your rights are appropriately protected.
Retention of your personal information
We will retain your personal information only for as long as we need it to provide you with the goods, services or information you have requested; to administer your relationship with us; to inform our awareness, educational support needs and research into the causes, treatment, self-management and prevention of diabetes and its associated complications; to manage the preferences of our supporters; or to comply with the law.
When we no longer need to retain this information, we will always dispose of it securely, using specialist companies if necessary to do this work for us. We have Information Security and Data Retention policies appropriate for all of our activities, which we review regularly.
We are required to retain some personal information to fulfil statutory obligations, such as where we claim Gift Aid on a donation. HMRC require the retention of Gift Aid declarations for a set period of time, however, you can withdraw your consent to any particular use of your data at any time.
The below summarizes how long we will retain the personal information of the different supporters that we engage with:
Supporters, Subscribers & Wellness Event attendees
If you support us financially by making donations, subscribing to our Diabetes Wellness Network or are a ‘regular giver’ in our Partners for the Cure programme, we will hold data for up to 6 years after your last transaction or donation to comply with our statutory obligations, unless there is evidence that you continue to actively engage with us. In this case, we will continue to hold your data for as long as we have your consent to do so, or you tell us that you wish to have no further contact with us.
If you support us via non-financial means we will continue to hold your data, so that we can communicate with you as long as there is evidence that you are continuing to have active engagements with us.
If you notify us that you are intending to leave a gift in your will, we will retain your data to ensure we can acknowledge your generosity at the appropriate time in the future. This may be more than 6 years after your last active engagement with us.
If you register to attend a Diabetes Wellness Event, we may ask you for additional health related information in order that we can provide an educational programme that best suits our delegates needs. This information will not be shared externally. It will be anonymised for the purposes of analysing delegate attendance and post event benefits. Health information will only be retained until such time as the event has taken place, at which point it will be confidentially disposed of.
If you notify us that you wish to have no further contact with us, we will hold your record as a suppression file to ensure that we do not approach you with future campaigns. The data held within suppression records will be reduced to the minimum necessary to suppress contact in the future, effectively. Suppression records are retained indefinitely for this purpose.
If you volunteer with us, we will keep the personal information that you provide to us for the duration that you remain a volunteer and for a period of 2 years following or until you tell us that you wish to have no further contact from us.
If you have applied for employment with us, we will retain the personal data you provide as part of the application process, along with the CV and application form documents you submit, for a period of 12 months from the point at which you last access your application.
Personal information provided by employees is subject to the data management and retention processes and policies as set out in our Company Handbook and terms of employment, all of which are reviewed regularly by retained HR specialists.
Lawful basis for processing
When we process your data we have to have a lawful basis to do so. The lawful basis of our processing varies depending on the use we are making of your data but typical examples include:
- Consent - where we ask if we can use your data in a certain way, and you agree to this e.g. to send you certain marketing materials
- Contract – where the processing is required in order to enter into or perform a contract e.g. you buy a subscription or product from us
- Legal obligation – where we need to use your data to comply with a legal or regulatory obligation e.g. liaising with the Charity Commission, Fundraising Regulator or Information Commissioner or providing information to HMRC in relation to a donation you have made to us
- Vital interests – where we need to use your data to protect your or other people's health or life e.g. if you were unfortunate enough to suffer an injury or need medical assistance when attending one of our events
- Legitimate interests - we may use your data if it is reasonably necessary for us (or others) to do so and it is in our/their “legitimate interests” (provided that what the data is used for is fair and does not unduly impact your rights) e.g. carrying out record administration, sharing relevant information with our US charitable arm or working with third parties on jointly run events and activities
Where use of your data includes special categories of data e.g. information about health, race, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information we must also have a further lawful basis:
- Explicit consent - if you provide us with specific information about your health in order for us to cater for your needs at an event or to send you relevant information about our services we can use it for those purposes
- Vital interests – where we need to use your information to protect your or other people's health or life e.g. if you were unfortunate enough to suffer an injury or need medical assistance when attending one of our events
- Public information – if you make information about for, example, your health condition public we can use that information
- Legal reasons – we may use this type of data if it is necessary to establish, exercise or defence legal claims
- Substantial public interest – we may use this data for safeguarding or insurance purposes, to prevent or detect unlawful activities or dishonesty, for research or statistical purposes or to help provide support and counselling for individuals with diabetes or at risk of developing diabetes
Will we disclose the information we collect to third parties?
We may need to share your data with organisations that provide us with data processing services, such as marketing fulfilment businesses, IT service providers, event organisers and payment processing suppliers. We have agreements in place to make sure these organisations only process your data according to our instructions, securely and in line with relevant legislation.
We may share your data with other specified organisations, where you have specifically agreed that we may do so, in order for those organisations to tell you about their activities and fundraising initiatives. We will not share your data if you have not agreed that we may do so.
If we run a joint event with other organisations, we will share necessary information with those other organisations in order to run that event. If the other organisations would like to use your information for other purposes this will be made clear to you and you will be given the opportunity to agree to this.
We may also disclose your data if we are permitted or required to do so by law, where we are enforcing our legal rights or where we merge with another entity.
We only use your personal data for direct marketing purposes if we are allowed to do this by law or if we have your consent.
If we already have an accurate record of your marketing preferences that complies with applicable legislation, we will assume that you are happy to continue to receive marketing information from us in line with those preferences if you do not indicate otherwise when we contact you or you contact us. However, you can change your direct marketing preferences at any time by contacting us using the details above or via any other unsubscribe mechanism we offer from time to time.
If you have not worked with us or supported us previously, please ensure you indicate your preferences in the relevant sections of the form when information is being collected otherwise we may not be able to keep you up to date with our activities and fundraising initiatives.
How do we protect personal data?
We have in place appropriate procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor such as a marketing fulfilment provider or IT supplier if it agrees to comply with those procedures and policies, or if it puts in place adequate measures itself.
If you tell us about your health, for example as part of your application to attend an educational event or programme, we will only store this data in a secure registration database with access only permitted to those of our staff with a legitimate need to access it. We securely destroy paper records once the details are entered into our database and your health data is removed from the database when we have finished organising and providing the relevant event.
We use a secure server when you make a donation via our website, via a virtual gateway operated by Barclaycard. Bank account details will only be retained if a direct debit is being set up. These details are stored on a secure server designed for data-content management and direct debit processing.
We require our data/payment processors to conform to PCI DSS standards for data security.
We also take appropriate measures to ensure that the data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We will take all reasonable steps to destroy or suppress, or erase from our systems, all data which is no longer required. We may also contact you from time to time in order to ensure that our records are correct and up-to-date including your marketing preferences.
We may from time to time transfer your data to countries or jurisdictions outside the EEA for the purposes set out in this privacy notice, for example to a third party IT provider or to our US charitable arm. If we do make such transfers, we will only do so in accordance with our obligations under applicable data protection legislation and will ensure that the transfers are carried out in a way that provides adequate protection of your personal data.
You have the right to ask for a copy of the data we hold about you (for which we may charge any relevant statutory fee) and to have any inaccuracies in your data corrected.
You also have the right to ask us to stop using your data for direct marketing purposes or prevent processing that is likely to cause you damage or distress or that you believe is no longer in our legitimate interests. This can include asking us to restrict the processing of your data and/or delete data that we hold about you.
If at any stage we process your data with your consent or in connection with a contract and we do this by automated means, you can ask us to provide you with a copy of your data in a structured, commonly used and machine readable format or arrange for this to be transmitted to a third party
We shall also comply with any additional rights given to data subjects under new or modified legislation.
Please be aware that your rights do not apply in all circumstances and we may not be obliged to comply with any requests.
If you have any queries or complaints about the way we process your personal data or would like to exercise any of your rights please contact us using the details above. We may ask you to provide identifying information in order for us to be sure who you are and that you are entitled to make the request.
Alternatively you may contact the Information Commissioner's Office at https://ico.org.uk/ for advice or to find out more about your rights as an individual.
We reserve the right to amend this privacy notice from time to time as our internal operations and objectives change or as may be permitted under applicable law. If we do so, we will post notice of the changes on our website and/or advise you of them by email. By continuing to use our website or services after any notification, you will be deemed to have accepted such changes.
Do we use 'Cookies'?
'Cookies' are small pieces of information stored on the hard drive of a user's computer which contain information about the user.
Diabetes Research & Wellness Foundation may store information about your user preferences (e.g. preferred text size) using cookies (files which are sent by us to your computer or other access device) which we can access when you visit our site in future. We do this to help enhance your interaction with our web site.
If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will have the file names ending in @drwf.org.uk.txt.
If you want to prevent our cookies being stored on your computer in future, you may do so by referring to your internet browser's instructions. You can do this by clicking on the "Help" menu. Please note, however, that if you disable our cookies you may not be able to access certain areas of our site. Further information on deleting or controlling cookies is available at www.AboutCookies.org.
We respect your wishes
If your personal details change and you want to continue to work with us and hear from us, please help us to keep your data up to date by notifying us using the details above.
If for any reason you wish to advise us that you no longer require our services or do not want us to contact you or do not want us to share your data with specified third parties for marketing purposes, please let us know by contacting us using the details above.