We promise to keep your information safe
We have a separate privacy notice which explains how we manage your personal data whilst you use our online advance decision service.
How we process your data
This policy sets out how we process your data. It also explains your rights and options around how we use your personal information.
We collect information about you:
When you give it to us directly
For example, if you:
- interact with us online
- fill out a form on our website
- communicate with us
- make a donation
- apply to work or volunteer for us
- give us your personal information in any other way.
When you give it to us indirectly
This is when your personal information is given to us by third parties. These might be:
- websites such as JustGiving or FundraiseUp
- business partners
- sub-contractors in technical, payment and delivery services
- advertising networks
- analytics providers and search information providers.
When it’s available publicly
Some information about you may be in the public domain, using public registers such as Companies House, the electoral roll and press reports. For example:
- whether you have charitable interests
- to establish possible common connections between Compassion in Dying’s network and yours.
- Depending on your privacy settings for professional services such as LinkedIn.
When you visit this website
When you visit this website, we automatically collect the following personal information:
- technical information, including:
- the internet protocol (IP) address used to connect your computer to the internet
- your browser type and version
- your time zone setting
- browser plug-in types and versions
- your operating systems and platforms
- information about your visit to our website, including:
- the uniform resource locator (URL) clickstream to, through and from this site (including date and time)
- products/services you viewed and searched for
- page response times
- download errors
- length of visits to certain pages
- referral sources (how you arrived at the website)
- page interaction information (such as scrolling and clicks)
- methods used to browse away from the page.
We collect and use your personal information by using cookies on our website.
What is personal information?
We collect, store and use the following kinds of personal information:
- Your name and contact details, including postal address, telephone number, email address and, where applicable, social media profile URL
- Your date of birth
- Financial information, such as bank details or credit/debit card details, where you provide them to make a payment. We don’t store credit or debit card details, but we’re required to store bank details in some circumstances, including when they’re used for direct debit payments.
- Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location
- Information about our services which you use/which we consider of interest to you
- Information as to whether you are a tax payer so that we can claim Gift Aid.
What is sensitive personal information (special category data)?
The General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection.
For example, this includes information about your health, religious beliefs, ethnicity and political opinions.
In the course of providing our services, Compassion in Dying routinely processes sensitive personal data. In other limited cases, we may collect and/or use your sensitive personal information.
In each case, we will only do so if we have a valid reason and the GDPR permits it, as described in how and why we will we use your personal information.
How do we use your personal information?
We use your personal information to:
- provide you with services, products or information you’ve asked us for
- provide further information about our work, services, and activities
- process your donations
- further our charitable aims, including for fundraising activities
- research the impact and effectiveness of our work and services
- register and administer your participation in events you’ve registered for
- administer and keep our website safe and secure and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- improve your interactions with our website, for example by making sure that content is presented in the most relevant and effective manner for you and for your computer/mobile device
- report on the results and impact of our work, services and events
- analyse and improve our work, services, activities, products or information (including our website) or for our internal records
- use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you
- to process your application for a job or volunteer role with us
- training and/or quality control
- audit and/or administer our accounts
- satisfy legal obligations which are binding on us, for example arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work
- prevent fraud, misuse of services or money laundering and to perform due diligence in respect of larger donations;
- reduce credit risk
- communicate with you in any other way
- for the establishment, defence and/or enforcement of legal claims; and/or
Donations and other payments
When you use our secure online donation or payment pages, you’ll be directed to a specialist supplier company, who will receive your credit card number and contact information to process the transaction. We don’t retain your credit or debit card details.
How long do we keep your personal information?
When you contact us we will ask your permission to store your data for the purpose of monitoring and improving our service.
When we don’t have your permission to store your data, but are required to process your data to provide you with a service (such as sending you a form or assisting you to make end-of-life plans), we will remove your data three months after you provided it to us
We will also remove your data at any time if you ask us to.
What happens if you ask for your data to be removed?
If you ask to receive no further contact from us, we’ll keep some basic information about you to make sure we don’t send you unwanted materials in the future.
Our lawful grounds for processing your information
The GDPR requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are relevant.
- Where you’ve given your consent for us to use your personal information in a certain way.
- For example, we’ll ask for your consent to use your personal information to send you emails, and we may ask for your explicit consent to share sensitive personal information with us.
- Where necessary so that we can comply with a legal obligation (for example, where we need to share your personal information with regulatory bodies which govern our work and services).
- Where it is in your/someone else’s vital interests (for example, in case of medical emergency).
- Where there is a legitimate interest in us doing so (for example, writing to supporters to let them know about our work and ways of supporting us).
What do we mean by ‘legitimate interests’?
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights.
Compassion in Dying’s legitimate interests
In broad terms, our “legitimate interests” means running Compassion in Dying as a charitable entity in pursuit of our aims and ideals. For example, by:
- providing information about our services
- processing donations
- administering events
- taking applications for staff and volunteers.
Your legitimate interests
“Legitimate interests” can also include your interests, such as when you have requested information or services from us, and those of third parties (for example, beneficiaries of our work and services).
How do we balance these interests?
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We won’t use your personal information for activities where our interests are overridden by the impact on you. For example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Processing sensitive personal data
The GDPR prohibits the processing of sensitive personal data (special category data) unless additional conditions are met.
We process this data in the process of providing services to you and in order to monitor and improve that service. When we do this we will ask your consent.
Will we share your personal information?
We never share, sell or rent your information to third parties for marketing purposes.
However, in general we may disclose your personal information to selected third parties in order to achieve the other purposes set out in this policy.
These may include (among others):
- business partners, suppliers and sub-contractors
- advertisers and advertising networks
- analytics and search engine providers
- IT service providers
- other beneficiaries, executors and legal advisers, when administering a legacy.
In particular, we reserve the right to disclose your personal information to third parties:
- if we are under any legal or regulatory duty to do so; and/or
- to protect the rights, property or safety of Compassion in Dying, its personnel, users, visitors or others.
Security, storage and access to your personal information
We promise to keep your personal information safe and secure.
We have appropriate and proportionate security policies and organisational and technical measures in place to help us do this. For example, we require specialist suppliers who process secure payments to comply with the Payment Card Industry Data Security Standard (PCI DSS) standards.
Who can see my personal information?
Only appropriately trained staff, volunteers and contractors can access your information. It is stored on secure servers with features to prevent unauthorised access.
Where is my personal information stored?
In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (“EEA”).
However, we use agencies and suppliers to process personal information on our behalf.
Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK or EEA who work for us or for one of our suppliers.
Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.
Where your personal information is transferred, stored and/or otherwise processed outside the EEA, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure.
These are your rights in relation to how we process your personal information:
Right to be informed
You have the right to be told how your personal information will be used. This policy and other policies and statements used on this website and in our communications provide you with a clear and transparent description of how your personal information may be used.
Right of access
You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information.
Provided we are satisfied that you are entitled to see the information requested and we’ve successfully confirmed your identity, we’ll give you your personal information (subject to any exceptions that apply).
Right of erasure
You have the right to ask us to delete your personal information, and we’ll do this when you ask us to. In many cases, we’ll check to see if you’re happy for us to make it anonymous first, rather than delete it completely.
Right of rectification
If you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.
You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
Right to object
You have the right to object to processing where we are:
- processing your personal information on the grounds of legitimate interests
- using your personal information for direct marketing or
- using your personal information statistical purposes.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.
This includes the right to ask us to stop using your personal information for marketing or fundraising by electronic means (for example to be unsubscribed from our email newsletter list).
Right to data portability
Where we are processing your personal information you may ask us to provide it to you – or another service provider – in a machine-readable format.
Rights related to automated decision-making
Where we take automated decisions (i.e. with no human involvement) in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision.
How to exercise your rights
- To exercise any of these rights, please send a description of the personal information in question using the contact details below. We reserve the right to ask for:
- personal identification
- further information.
- Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) or please contact us (see below).
- You have the right to make a complaint to the ICO about us or the way we have processed your personal information. Find further information on how to exercise this right, or contact them.
Changes to this Notice
We may update this Policy from time to time so please check back periodically. We will notify you of significant changes by placing a notice on our website. This Policy was last updated in May 2018.
Links and third parties
We link our website directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
How to contact us
Please let us know if you have any questions or concerns about this policy or about the way in which your personal information is being processed by contacting us at the following channels:
0800 999 2434
181 Oxford Street