We are totally committed to protecting your information and using it responsibly. Please read our policy carefully to understand how we collect, use and store your information.
The processing of your information is carried out by or on behalf of Prostate Cancer Research, which is the working name of Prostate Cancer Research Centre, a registered charity in England and Wales (1156027).
Our registered office is Suite 2, 23-24 Great James Street, London WC1N 3ES.
Prostate Cancer Research, Suite 2, 23-24 Great James Street, London, WC1N 3ES
By emailing us at email@example.com or by calling us on 0203 7355 444.
1. Why we use your information?
We will only use your information where we have a legal basis to do so and will always respect your rights. Unless we specify otherwise, we use your information, because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive or cause distress, and that respects your rights. Other reasons may include using information because you have consented to us doing so, we have a legal obligation to do so or because we have to fulfil contractual obligations.
Some examples of how we use your information can be found below.
2. What personal information do we collect?
The personal information we collect from prostate cancer patients (and family members) and email subscribers may include some or all of the following:
- Your title, name, address and contact information (telephone number(s) and/or email address(es))
- Your date of birth
- Your gender and sexuality
- Your nationality and ethnicity
- Your background and family situation
- Medical information (see below: What about special category data?)
- Records of your communications with us
- Information gathered through surveys or forms you have filled out
- Your IP address(es) and related browsing information.
3. What about “special category” data?
For specific projects and where stated, we may collect health information.
Certain categories of personal information are recognised in law as sensitive, including health information and information regarding race, religious beliefs and political opinions (‘special category data’). Special category data of patients can sometimes assist us in our scientific research, and we only collect it when we have a legal basis to do so and we will only use it as specified below.
We do not routinely collect such information about our email subscribers unless you have made that information publicly available (for example, where you have published your political opinions/affiliations).
4. How do we collect your personal information?
4.1 When you give it to us directly:
We collect personal information that you may provide to us including when you:
- agree to participate in a research project;
- complete a survey;
- agree to be interviewed about your experiences for the purposes of informing our research strategy;
- confirm your subscription to receive our newsletter emails; or
- respond to any invitations included in those emails.
4.2 When you give it to us indirectly:
- This may include data for which you have given consent to an other organisation to share for the purposes of research.
- We collect information about the services you use and how you use them in a number of ways, including:
- We may automatically collect information relating to what pages have been viewed and any information volunteered by you when your browse our website.
- We may automatically collect information about your equipment, browsing actions and patterns.
- We may also track if you are opening and engaging with the service emails we send you such as when you view and interact with our emails and content.
5. How do we use your information?
We will only process your information if we have a legal basis for doing so, including:
5.1 Where you have granted us consent, for example:
- Where any health data (or other special category data) is involved in our research, we rely on your explicit consent for processing that information. We will ask you to tick a box to confirm that you give your consent for us to collect this data;
- To contact you if you subscribe to our mailing list with marketing emails, newsletters and updates, and/or information on our research activities; or
- To let you know about our programmes and any events that we may be hosting.
5.2 Where we have a legitimate interest, for example:
- To administer our internal operations, including the administration of activities involving our partners; or
- To improve our services to ensure that any content is presented to you in the most effective manner for you.
5.3 We also use the information you provide in an anonymised form for the following purposes:
- To carry out research projects;
- To assist us in selecting new research projects;
- To monitor and evaluate the impact of our programmes;
- To refine and improve our services;
- To produce reports such as our annual report or reports for donors; and
- To carry out work that falls within the overall mission of the organisation.
6. What other organisations do we share your information with?
We may share your personal data with partner organisations that work with us to deliver a service you have signed up for or with partner organisations that are working with us to deliver a research project. This may include, but is not limited to, universities, research institutes, biotechnology companies, pharmaceutical companies, other charities and charitable organisations. When we do share your data with partner organisations they will not be able to identify you by name as we will never share your name, address, contact information or date of birth with these organisations.
We may also share your personal information with our service providers/data processors so that they can carry out work on our behalf. Whenever we engage a third party to act on our behalf, we ensure that the contract we enter into with them require them to comply with relevant data protection laws, to process your information only for the purposes we specify and to make sure they have the appropriate controls in place to protect the security of your information.
For our email subscribers, we share your personal information with our email distribution service provider that sends out and helps us tailor our emails, and we will not share it with any other third parties without your explicit consent.
Where we are under a legal or regulatory duty to do so, we may disclose your details to the police, regulatory bodies or legal advisors, and/or, where we consider this necessary, to protect the rights, property or safety of Prostate Cancer Research, its personnel, visitors, users or others.
7. How long do we keep your information?
We retain the personal information including contact information we collect on you for as long as we require it. We will also keep any health or special category data that we collect on your for as long as we require it.
If you unsubscribe from our emails, we retain a minimal amount of data (name and email address) in case a request is received to re-subscribe, to track the consent and communication history of the individual, or to get in touch for administrative purposes.
8. What are my rights?
Under the Data Protection Act 2018 you have the following rights:
- Information Right – the right to receive the information contained in this policy and our data collection forms about the way we process your personal data.
- Personal Data Access Right – the right to know that we are processing your personal data and, in most circumstances, to have a copy of the personal data of yours that we hold. You can also ask for certain other details such as what purpose we process your data for and how long we hold it (see below our Subject Access Request process).
- Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
- Personal Data Erasure Right – Known as the Right to be forgotten. In certain circumstances you may request that we erase your personal data held by us.
- Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example if: you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
- Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests or on the performance of a task in the public interest.
- Data Portability Right – You have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances.
For a more detailed explanation of these rights, please refer to the ICO’s guidance.
9. Can you withdraw your consent for us to keep and use your data?
If at any point you withdraw your consent for us to use your data in our work you can write to us at firstname.lastname@example.org and state that you withdraw your consent for us to use your data. We will then endeavour to delete any personal information and health or special category data that we have on you that is identifiable to you. However, any of your data that has already been anonymised will remain with us and we will continue to use it as we will be unable to delete this anonymised data due to the fact that it has already been anonymised and mixed with other anonymised data so it would not be possible for us to find it and delete it.
10. Subject Access Request
You can ask us to confirm if we are keeping any personal information about you and you can also request to receive a copy of that personal information – this is called a Subject Access Request.
To make a Subject Access Request you will need to provide adequate proof of identity such as a copy of your passport, birth certificate, or driving license before your request can be processed. Please try to be as clear as possible about the information you are seeking, as this will help us respond to your request more efficiently. Once we have received your Subject Access Request and proof of identity, you will receive a response from us within a month unless circumstances permit us to extend that deadline.
If you would like to submit a Subject Access Request or exercise any of the other rights referred to above, please email us at email@example.com. You can write to us at Prostate Cancer Research, Suite 2, 23-24 Great James Street, London, WC1N 3ES. You can also telephone us on 0203 735 5444. More information on how to submit a Subject Access Request is available from the Information Commissioner’s Office here.
If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. Read more about how to make a complaint. You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office, the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
12. How do we keep your information secure?
We take such measure as are appropriate to ensure the confidentiality, integrity and availability of systems and to protect your data in line with industry standards. We take appropriate security measures to protect your data against unauthorised access, alteration, disclosure or destruction. When sharing your data with third parties, we do so securely, including taking the following safeguards:
• Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
• Firewalls and encryption. We use industry-standard and up-to-date firewall and encryption technology.
• Secure data transfers. When transferring your data we ensure it is protected by using a secure data transfer site.
• Restricted access. Access to personal data is permitted to authorised staff only.
• Secure storage. Our data storage is assessed through a secure physical and electronic process.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we will use adequate procedures and security features to try to prevent unauthorised access.