Our privacy policy

The British Lung Foundation is the only charity looking after the nation’s lungs. With your support, we’ll make sure that one day everyone breathes clean air with healthy lungs.

We are committed to protecting your personal information. We’re also committed to being transparent about what information we hold, and for what purpose.

This policy explains: 

This is our main privacy policy. We also have specific policies for:

The terms of this policy may change, so please check it from time to time. We updated it in April 2018.

If you have any queries about this policy please contact: The data protection officer, British Lung Foundation, 73-75 Goswell Road, London EC1V 7ER or email dataprotection@blf.org.uk

This policy is written in accordance with the General Data Protection Regulation (GDPR). We are registered with the Information Commissioner’s Office (ICO) as a data controller under number Z6901318.

How do we collect personal information

Personal information is information that can be used to identify you.

You give us this when you ask about our activities; register with us for an event, campaign or in a professional capacity; send or receive an email; make a donation; apply for a job; order products or services, such as publications; ask a question about our services; use our services, or provide information in other ways.

We may also get personal information about you from family members, friends or organisations who contact us on your behalf.

What information do we collect?

The information we collect may include your name, date of birth, email address, IP address (internet protocol address), postal address or telephone number.

We may also collect personal information recognised by data protection law as sensitive, such as information about your health. We’ll only do this where there is a clear reason to do so and we’ll always make these reasons clear to you.

We gather information about our websites, such as which pages users visit most often, and which services, events or facilities are most popular. We may also track which pages users visit when they click on links in our emails. Please see our full cookies policy.

Debit and credit card information

If you use your credit or debit card to donate to us, register for an event or buy something, online or over the phone, we will make sure this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). The payment will be processed by a third party and we will not store your card details.

Find out more about PCI DSS.

How do we use your information?

We use your personal information to give you the information, services, or products you ask for.  This could be to:

  • process a donation
  • take part in a fundraising event
  • process your order
  • communicate with you
  • give information and advice
  • handle a complaint
  • provide a service
  • carry out an obligation or contract
  • process a grant application
  • process a job application

For more detail, please see how we might use your information if you are:

Who do we share your information with?

We will not sell your details to any third parties. But we may sometimes share your information with:

  • our trusted service providers who are authorised to work on our behalf
  • our subsidiary trading companies
  • associated organisations with whom we jointly provide services
  • organisations who help us deliver our services or fundraising activities

All of them act either under a joint agreement or under our instruction and subject to contractual obligations. Both contain clear data protection clauses.

From time to time we may also exchange your personal information with other organisations to reduce fraud and credit risk. We may also share information with our financial and legal advisers to obtain advice and protect our legal rights.

How do we protect your information?

When we collect your personal information, we use strict procedures and security features to prevent unauthorised access. We also take appropriate measures to make sure the information disclosed to us is:

  • kept secure, accurate and up-to-date and
  • kept only for as long as it’s needed for the purposes for which it was intended

But while we aim to protect your personal information, we cannot guarantee the security of any information you post, email or transmit by other means to us. You do so at your own risk.

Processing your information outside the EU

Sometimes, for financial or technical reasons, we may use a supplier outside the European Economic Area (EEA). This means your personal information is transferred, processed and stored outside the EEA. Legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.

But we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier. For example, using the European Commission’s standard contractual clauses.

How long do we keep your information?

We regularly review how long we hold personal information. We must are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as needed by the relevant activity. If you asked us not to contact you again we would hold a record of that indefinitely. Where your information is no longer required we will dispose of it in a secure manner.

Your rights

You have the following rights in relation to your personal information:

  • to ask for a copy of the personal information we hold about you and for us to correct any inaccuracies
  • to request us to erase your personal information; to restrict our processing of your personal information, or to object to our processing of your personal information

If you want to exercise these rights, please email dataprotection@blf.org.uk with copies of 2 separate identification documents such as a passport, driving licence, or utility bill. The first should give photo identification and the second confirm your address. Please also give information about the nature of your contact with us, to help us locate your records. Alternatively, you can send the documents by post to: The data protection officer, British Lung Foundation, 73-75 Goswell Road, London EC1V 7ER

We will respond within 30 days, once we receive your written request and copies of your identification documents. 

We reserve the right to charge an administration fee for excessive or manifestly unfounded requests.

The data protection regulator

You can get more information and advice about data protection or reporting a concern about data protection from:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Helpline: 0303 123 1113
From outside the UK: +44 1625 545 745

ico.org.uk