Privacy Policy

At Jo’s Cervical Cancer Trust we are committed to protecting any personal information that we collect about you and being transparent about what we do with it. This policy covers all the methods we use to collect information and covers what we collect, why we collect it and your rights regarding the information we hold for you.

We have written this policy in accordance with the Data Protection Act 1998, the General Data Protection Regulation and any subsequent policies. If you have any queries about it then please contact the Data team at Jo’s Cervical Cancer Trust, CAN Mezzanine, 7 - 14 Great Dover Street, London, SE1 4YR, email [email protected] or call us on 020 3096 8100. By using our website, forum, social media or providing your personal data to us you are consenting to our collection and use of the information as set out below.

• What information do we collect and why?
• What information do we collect?
• Links to third party websites
• How do we use this information?
• Who do we share your information with?
• Our support services
  • Our Forum
• Employees, volunteers and job applicants
• How do we store and protect your information?
• Brexit and transferring your data to countries in the European Economic Area (EEA)
• Your rights

What information do we collect and why?

We will only collect the information that we need, this may include information to help us operate and improve our services and information.

• We collect information when you give it to us directly, this includes when you use any or all of our support services, communicate with us to enquire about our work or fill out a form on our website e.g. to register for an event, tell your story, register for our newsletter, use our shop or make a donation. We also collect information from people we meet at events.
• We may also receive information about you from third parties, for example through fundraising sites such as Just Giving, event organisers including the London Marathon or Dream Challenges and through conferences or events you have attended where you have given your consent for your details to be passed on. We only receive this information with your consent, so check their Privacy Policy to understand how they will look after your data
• We sometimes get information about you from your family and friends, for example if they register you for an event
• Before contacting or meeting an individual or organisation we may seek information from publically available sources, e.g. the internet or companies house, so we can make the best use of their time. We may also seek information from publically available sources to demonstrate due diligence on accepting donations as set out by the Charity Commission, Fundraising Regulator and to ensure we are in line with our donation acceptace policy.
• Information we collect as you use our website, including your IP address (the location of the computer on the internet) and cookies. By using this website, your IP address can be stored and processed for security reasons. Your IP address may be saved in the server log files, CMS log files, CleanTalk Anti-Spam & Security log files, Google Analytics, Google Adwords. Our website uses the 3rd parties services such as the CleanTalk Anti-Spam & Security, Google Analytics, Google Adwords. They can store and process your IP address. CleanTalk can use Cookies to manage access to the website by the CleanTalk SpamFireWall Function, to secure and to protect this website from spam.  
  • We use cookies to help us monitor how our website is performing, who is using and how we can improve it. The use of cookies does not give us access to the rest of your computer and you can disable them if you don’t want them to be used. Find out more here >
• Information we collect as you use our online Forum. Find out more in the ‘Our Forum’ section.
• Depending on your settings or the privacy policies for social media platforms including Facebook or Twitter, you might give us permission to access information from those accounts or services.

What information do we collect?

We collect personal information which may include your name, date of birth, e-mail address, postal address, telephone number, fax number and credit/debit card details. We may also collect information relating to your health and your interests or hobbies. Non-personal information includes your IP address which helps us to understand how our website is performing, which pages are popular and how we can improve what we offer.

We may ask for sensitive information, including data related to your ethnicity, health, sex, gender and how you identify. This is to ensure we can provide the support and information you request and to ensure our work is reaching the people it needs to reach.

Links to third party websites

Our website contains links to other websites that we think may be of interest to our website users. We cannot be held responsible for the privacy policies for these websites.

How do we use this information?

The type and quantity of information that we ask for and how we use it depends on why you are providing it. We will use your personal information to:

• Provide you with the services, products or information that you have asked for
• Keep a record of our contact with you for administrative purposes or legal purposes, let you know about changes to our polices and if we need to respond to complaints or other issues
• Understand how we are performing and how we can improve our services to better support those who need us
• Process transactions, donations and claim Gift Aid
• Send direct marketing, including communications about our campaigns, fundraising and volunteering opportunities. This is only after you have told us that you would like to receive this information and you can change your mind at any time.
• Be able to carry out your wishes in relation to a gift in your will

If you become a media volunteer and share your story with us, we will never share identifiable details without your permission, but sometimes may use some of your story to secure opportunities.

We will only collect and use your personal information where we have a legal basis to do so and will always respect your rights. 

Where we use your information, it may be because you have consented to us doing so or because we consider we have a legitimate interest to do so.  Where we do rely on a legitimate interest to use your information, we promise never to do it in an intrusive way or to cause distress, and to always respect your rights.  Other reasons may include using information because we have a legal obligation to do so or because we have to fulfil contractual obligations. 

Who do we share your information with?

We will not sell your details, however may occasionally share your information with carefully chosen third parties who our working on our behalf, including mailing houses who distribute our information materials.

If you set up a direct debit  or use your credit or debit card to donate to us or to order from our shop, we pass your details securely to our processing partners to enable payments to be made. We do this in accordance with industry standards and do not store your card or bank details on our website. Our partners will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses.

We may also need to share your information if required to do so by law.

Our support services

In order for us to run our services, including our Forum, Helpline, 1:1, email, Ask The Expert and Call back service , we collect personal and sensitive data. This is also the case when you sign up to our support events, either online or face to face. This information is managed separately to other data provided to the charity, stored confidentially and only accessed by trained staff. We collect this information to enable us to monitor these services, improve them, contact you about forthcoming internal events that may be of interest to you and provide additional support to those who request it.

Our Ask the Expert service is strictly confidential and identifiable details of service users are not passed to our medical panel volunteers. The details of service users and their queries are kept separately on our secure database with only members of the services team and main database administrator having access. Details of our Callback service users and 1:1 service users are also kept on our database in order to provide increased support at the request of our service users. As with all of our services, these details are kept strictly confidential.

Our Forum

We collect information from you when you register our Forum, such as your name and email address. This is because an account is required to post, however you may visit the Forum and read posts without signing up. Your email address will be verified by an email containing a unique link. If that link is visited, we know that you control the email address.

Email notifications about new posts or replies can be managed or turned off within the preferences section of your Forum account.

When registered and posting, we record the IP address that the post originated from. This is partly to keep the Forum safe and reduce spam posts. We also may retain server logs which include the IP address of every request to our server.

We will make a good faith effort to:

• Retain server logs containing the IP address of all requests to this server no more than 90 days.
• Retain the IP addresses associated with registered users and their posts no more than 5 years.

We use cookies to help us monitor how the Forum is performing and to help inform improvements. The use of cookies does not give us access to the rest of your computer and you can disable them if you don’t want them to be used. Find out more by reading our cookie policy. You can update your cookie settings for the Forum here >

Our Forum is moderated, however the information you provide is publically available so please avoid sharing identifiable information. You can read more about this in our Forum guidelines. We ask you to provide your email address when you register and may contact you about administrative issues and changes to the forum.

Employees, volunteers and job applicants

If you apply to work or volunteer at Jo’s Cervical Cancer Trust, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the charity – for example, if we need a reference, or need to get a 'disclosure' from the Criminal Records Bureau – we will make sure we tell you beforehand, unless we are required to disclose this information by law. 

If you are unsuccessful in your job application, we will hold your personal information for six months after we've finished recruiting the post you applied for. After this date we will destroy or delete your information.

When you start working for us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment. 

Once you stop working for us, we will keep this file according to our document retention policy. 

How do we store and protect your information?

We are committed to ensuring all personal data we collect is stored securely and have security measures in place to protect the data we collect and store. This includes using secure server software (SSL) to encrypt all financial details collected and ensuring only appropriately trained, authorised staff can access personal or sensitive data. We take every measure to ensure the information you give us is kept secure, accurate and up to date and that you are not contacted for any other reason than specified. We will only keep your information for as long as we need it and will always dispose of it securely when we do.

Some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as companies based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

While we will do our best to ensure your data is kept secure, we cannot accept any responsibility for any loss, disruption or damage to your data or your computer system while you are using our website.

Brexit and transferring your data to countries in the European Economic Area (EEA)

Post-Brexit, the UK will be a third country for GDPR purposes. This means any organisation based in the EEA that is transferring data to the UK will need to ensure the data is adequately protected to GDPR standards. Organisations in the UK processing the personal data of EU citizens will need to comply with both the UK data protection law (which includes the version of the GDPR implemented on 25 May 2018; “UK GDPR”) and the EU GDPR.

Jo’s Cervical Cancer Trust has considered the territorial scope of the GDPR and considers that the EU GDPR will not apply to it post-Brexit. This is because the charity is not offering goods or services to, or monitoring the behaviour of, EU data subjects. We will not appoint an EU representative because only a small percentage of our income comes from supporters living in the EU and the charity does not actively cultivate European donors or supporters.

We rely on a number of third party agencies to process income on our behalf such as Just Giving and Facebook. These third parties may make restricted transfers of data to us if any of their operations are based in the EU, and in such instances it is the third party’s responsibility to ensure that the personal data is protected.  

Upon receipt of the data, we will ensure that any EU data subjects’ personal data is protected under both the UK and EU GDPR and treat personal data with care and due diligence. Occasionally, we will need to upload data of UK data subjects to a third party’s site, and any transfer of data will be done securely.

Your rights

You have rights over your data and how we use it, this includes:

• The right to ask for a copy of the information we hold about you – please note we may charge £10 to cover the costs involved in sending this
• The right to have inaccurate information changed and for information to be erased or destroyed – we will do this if it is not necessary for the purpose you provided it to us for (e.g. making a donation or registering for an event)
• The right to stop your data being used for direct marketing
• If you would like to exercise these rights then please contact the Data team at Jo’s Cervical Cancer Trust, CAN Mezzanine, 7 - 14 Great Dover Street, London, SE1 4YR, email [email protected] or call us on 020 3096 8100.

If personal details change, please do let us know.

Changes to this policy

We may change this privacy notice from time to time. If we make any significant changes to this notice and the way we hold personal data, we will make this clear on the Jo’s Cervical Cancer Trust website or by contacting you directly.

Questions?

If you have any questions about this policy or how we use your data, please contact the Corporate Services team on 020 3096 8100 or by email [email protected]. For further information please see the Information Commissioner’s Guidance at https://ico.org.uk/