Skip to content
Home

Privacy policy

We promise to keep your information safe

Compassion in Dying is committed to protecting your privacy. We promise to respect any personal information you share with us and to keep it safe. This privacy policy explains how we manage your personal data whilst you use this website.

We have a separate privacy notice which explains how we manage your personal data whilst you use our online advance decision service.

How we process your data

This policy sets out how we process your data. It also explains your rights and options around how we use your personal information.

We collect information about you:

When you give it to us directly

For example, if you:

When you give it to us indirectly

This is when your personal information is given to us by third parties. These might be:

When it’s available publicly

Some information about you may be in the public domain, using public registers such as Companies House, the electoral roll and press reports. For example:

When you visit this website

When you visit this website, we automatically collect the following personal information:

We collect and use your personal information by using cookies on our website.

What is personal information?

We collect, store and use the following kinds of personal information:

What is sensitive personal information (special category data)?

The General Data Protection Regulation (“GDPR”)   recognises certain categories of personal information as sensitive and therefore requiring more protection.

For example, this includes information about your health, religious beliefs, ethnicity and political opinions.

In the course of providing our services, Compassion in Dying routinely processes sensitive personal data. In other limited cases, we may collect and/or use your sensitive personal information.

In each case, we will only do so if we have a valid reason and the GDPR permits it, as described in how and why we will we use your personal information.

How do we use your personal information?

We use your personal information to:

Donations and other payments

When you use our secure online donation or payment pages, you’ll be directed to a specialist supplier company, who will receive your credit card number and contact information to process the transaction. We don’t retain your credit or debit card details.

How long do we keep your personal information?

When you contact us we will ask your permission to store your data for the purpose of monitoring and improving our service.

When we don’t have your permission to store your data, but are required to process your data to provide you with a service (such as sending you a form or assisting you to make end-of-life plans), we will remove your data three months after you provided it to us

We will also remove your data at any time if you ask us to.

What happens if you ask for your data to be removed?

If you ask to receive no further contact from us, we’ll keep some basic information about you to make sure we don’t send you unwanted materials in the future.

Our lawful grounds for processing your information

The GDPR requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are relevant.

What do we mean by ‘legitimate interests’?

The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights.

Compassion in Dying’s legitimate interests

In broad terms, our “legitimate interests” means running Compassion in Dying as a charitable entity in pursuit of our aims and ideals. For example, by:

Your legitimate interests

“Legitimate interests” can also include your interests, such as when you have requested information or services from us, and those of third parties (for example, beneficiaries of our work and services).

How do we balance these interests?

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.

We won’t use your personal information for activities where our interests are overridden by the impact on you. For example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

Processing sensitive personal data

The GDPR prohibits the processing of sensitive personal data (special category data) unless additional conditions are met.

We process this data in the process of providing services to you and in order to monitor and improve that service. When we do this we will ask your consent.

Will we share your personal information?

We never share, sell or rent your information to third parties for marketing purposes.

However, in general we may disclose your personal information to selected third parties in order to achieve the other purposes set out in this policy.

These may include (among others):

In particular, we reserve the right to disclose your personal information to third parties:

Security, storage and access to your personal information

We promise to keep your personal information safe and secure.

We have appropriate and proportionate security policies and organisational and technical measures in place to help us do this. For example, we require specialist suppliers who process secure payments to comply with the Payment Card Industry Data Security Standard (PCI DSS) standards.

Who can see my personal information?

Only appropriately trained staff, volunteers and contractors can access your information. It is stored on secure servers with features to prevent unauthorised access.

Where is my personal information stored?

In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (“EEA”).

However, we use agencies and suppliers to process personal information on our behalf.

Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK or EEA who work for us or for one of our suppliers.

Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.

Where your personal information is transferred, stored and/or otherwise processed outside the EEA, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy.

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure.

Your rights

These are your rights in relation to how we process your personal information:

Right to be informed

You have the right to be told how your personal information will be used. This policy and other policies and statements used on this website and in our communications provide you with a clear and transparent description of how your personal information may be used.

Right of access

You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information.

Provided we are satisfied that you are entitled to see the information requested and we’ve successfully confirmed your identity, we’ll give you your personal information (subject to any exceptions that apply).

Right of erasure

You have the right to ask us to delete your personal information, and we’ll do this when you ask us to. In many cases, we’ll check to see if you’re happy for us to make it anonymous first, rather than delete it completely.

Right of rectification

If you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.

You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.

Right to restrict processing

You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.

Right to object

You have the right to object to processing where we are:

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.

This includes the right to ask us to stop using your personal information for marketing or fundraising by electronic means (for example to be unsubscribed from our email newsletter list).

Right to data portability

Where we are processing your personal information you may ask us to provide it to you – or another service provider – in a machine-readable format.

Rights related to automated decision-making

Where we take automated decisions (i.e. with no human involvement) in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision.

How to exercise your rights

Changes to this Notice

We may update this Policy from time to time so please check back periodically. We will notify you of significant changes by placing a notice on our website. This Policy was last updated in May 2018.

Links and third parties

We link our website directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.

How to contact us

Please let us know if you have any questions or concerns about this policy or about the way in which your personal information is being processed by contacting us at the following channels:

By email

info@compassionindying.org.uk

By phone

0800 999 2434

By Post

Compassion Dying
181 Oxford Street
London
W1D 2JT

Is this page useful?

This field is for validation purposes and should be left unchanged.