World Cancer Research Fund International (WCRFI) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe.
We use the information we collect about you to process orders, information requests, manage donations, share our educational material and to help you enjoy a more personalised experience.
Developing a better understanding of our supporters through their personal data enables us to:
We have made improvements to this policy to make it more understandable to supporters.
Our marketing communications include information about our latest breakthroughs, campaigns and life-changing research. If you would like to opt in to receive these communications or change your current preferences then please contact us on:
Telephone: +44 20 7343 4200
This policy sets out how we process your data. It also explains your rights and options around how we use your personal information.
We collect information about you:
When you give it to us directly
This might be when you:
When you give it to us indirectly
This is when your personal information is given to us by third parties. These might be:
When you give permission to other organisations to share your information or it is available publicly
We may combine information you provide to us with information available from external sources. This is so we can gain a better understanding of our supporters to improve our products and services. The information we get from other organisations may depend on your privacy settings you have with them or the responses you give them. Therefore, it is advisable that you check your privacy settings with all organisations you are registered with on a regular basis. We collect your information for the following types of sources:
When you visit our website
When you visit our website, we automatically collect the following personal information:
We collect, store and use the following kinds of personal information:
The General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection.
For example, this includes information about your health, religious beliefs, ethnicity and political opinions.
In the course of liaising with our supporters, WCRFI may be informed of sensitive information. If this is the case, we will only record this information if we have a valid reason and the GDPR permits it, as described in how and why we will we use your personal information.
Where we collect and manage information from children, we aim to manage it in a way which is appropriate to the age of the child. Where possible and appropriate we will seek consent from a parent or guardian before collecting information about children. We don’t actively market to under 18s.
We use your personal information to:
When you use our secure online donation or payment pages, you will be directed to a payment gateway, who will receive your credit card number and contact information to process the transaction. We do not retain your credit or debit card details.
In general, if we no longer need your information for the reasons you gave it to us, we will remove it.
But we’ll remove it sooner if:
The GDPR requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are relevant.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights.
In broad terms, our “legitimate interests” means running WCRFI as a charitable entity in pursuit of our aims and ideals. For example, by:
“Legitimate interests” can also include your interests, such as when you have requested information or certain goods or services from us, and those of third parties (for example, beneficiaries of our work and services).
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We won’t use your personal information for activities where our interests are overridden by the impact on you. For example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
WCRFI does not share, sell or rent personal information to third parties for marketing purposes. Our promise to you is to take every reasonable effort to keep your personal information secure and will only share them with suppliers working on our behalf such as companies who manage our mailing.
WCRFI may provide aggregate statistics for our website about our visitors, orders, traffic patterns and related site information to reputable third- party vendors. These statistics will not include any personal information. We will only disclose personal information if required to do so by Government bodies and Law Enforcement agents.
However, in general we may disclose your personal information to selected third parties in order to achieve the other purposes set out in this policy.
These may include (among others):
We promise to keep your personal information safe and secure.
We have appropriate and proportionate security policies and organisational and technical measures, such as Cyber Essentials accreditation, in place to help us do this. For example, we require specialist suppliers who process secure payments to comply with the Payment Card Industry Data Security Standard (PCI DSS) standards.
We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to.
Only appropriately trained staff, volunteers and contractors can access your information. It is stored on secure servers with features to prevent unauthorised access.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by those authorised to do so..
The personal information that we collect from you will primarily be stored at a destination within the UK or European Economic Area (“EEA”).
However, we use agencies and suppliers in and outside the UK to process personal information on our behalf. Some of our suppliers run their operations outside the European Economic Area (EEA) and your personal information may therefore be transferred or stored outside the UK or EEA.
Although they may not be subject to same data protection laws as companies based in the UK, we’ll take all reasonable steps necessary to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
These are your rights in relation to how we process your personal information:
Right to be informed
You have the right to be told how your personal information will be used. This policy and other policies and statements used on our website and in our communications provide you with a clear and transparent description of how your personal information may be used.
Right of access
You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information.
Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will give you your personal information (subject to any exceptions that apply).
Right of Erasure
You have the right to ask us to erase/delete your personal information.
We aim to achieve this within 5 working days of receiving your request.
Where possible we will check with you to see if it is better for you to have your details suppressed rather than deleted.
By using your Right of Erasure, we cannot guarantee that you will not receive further mailings from us; for example if WCRFI purchases or rents a list of names after we have actioned your request for erasure and if your details are on this new list, you may will receive a communication from us.
This is because we check all new lists against our database and once a name has been erases/deleted from our database we have no way of checking if that name is on the new list and has previously requested not to be contacted.
Right of Suppression
You have the right to ask us to suppress your information so you do not receive further communications or contact from us.
We aim to achieve this within 5 working days from receiving your request.
Unlike Erasure, Suppression means we hide your history with us but can still see your name and address. Therefore, should WCRFI rent or purchase a new list of names after your request for suppression, we can cross reference this list with your details.
Should your details appear on the new list and because we still have your basic details on our database, we will know that you do not want to receive communications from us and because of this you will not receive communications.
Right of rectification
If you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.
You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
Right to object
You have the right to object to processing where we are:
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.
This includes the right to ask us to stop using your personal information for marketing or fundraising by electronic means (for example to be unsubscribed from our email newsletter list).
Right to data portability
Where we are processing your personal information:
you may ask us to provide it to you – or another service provider – in a machine-readable format.
Rights related to automated decision-making
Where we take automated decisions (ie with no human involvement) in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision.
How to exercise your rights
To exercise any of these rights, please send a description of the personal information in question using the contact details below. We reserve the right to ask for:
Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) or please contact us.
If your personal details change, please help us to keep your information up to date by notifying our Supporter Services department, details below.
Please let us know if you have any questions or concerns about this policy or about the way in which your personal information is being processed by contacting us at the following channels:
World Cancer Research Fund
140 Pentonville Road
London, N1 9FW
Telephone: +44 (0)20 7343 4200